RFR: 8261534: Test sun/security/pkcs11/KeyAgreeme
Locked
RFR: 8261534: Test sun/security/pkcs11/KeyAgreeme
 
|
Fix exception in test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java:
java.security.AccessControlException: access denied ("java.security.SecurityPermission" "removeProvider.SUN") at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.base/java.security.AccessController.checkPermission(AccessController.java:1036) at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408) at java.base/java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1521) at java.base/java.security.Security.check(Security.java:832) at java.base/java.security.Security.removeProvider(Security.java:444) at IllegalPackageAccess.main(IllegalPackageAccess.java:81) at PKCS11Test.premain(PKCS11Test.java:171) at PKCS11Test.testNSS(PKCS11Test.java:568) at PKCS11Test.main(PKCS11Test.java:207) at IllegalPackageAccess.main(IllegalPackageAccess.java:69) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127) at java.base/java.lang.Thread.run(Thread.java:831) Root cause is that the test materializes and installs a policy by [obtaining the current policy](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/test/jdk/sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java#L46). At the time it [tries to remove a provider](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/test/jdk/sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java#L80), the materialized policy is used for an access check, due to some intricacies of the [java.security.Policy implementation](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/src/java.base/share/classes/java/security/Policy.java#L293). This policy does not allow the removal of a provider. On platforms where the test runs through [PKCS11Test::fetchNssLib](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/test/jdk/sun/security/pkcs11/PKCS11Test.java#L859), the default policy is reset which makes the test work. But if we don't pass there, the test fails. The fix is to unconditionally call Policy.setPolicy(null); in IllegalPackageAccess before installing MyPolicy. ------------- Commit messages: - JDK-8261534 Changes: https://git.openjdk.java.net/jdk/pull/2518/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=2518&range=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8261534 Stats: 1 line in 1 file changed: 1 ins; 0 del; 0 mod Patch: https://git.openjdk.java.net/jdk/pull/2518.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/2518/head:pull/2518 PR: https://git.openjdk.java.net/jdk/pull/2518 |
Re: RFR: 8261534: Test sun/security/pkcs11/KeyAgreeme
|
|
On Wed, 10 Feb 2021 23:29:14 GMT, Christoph Langer <[hidden email]> wrote:
> Fix exception in test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java: > > java.security.AccessControlException: access denied ("java.security.SecurityPermission" "removeProvider.SUN") > at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at java.base/java.security.AccessController.checkPermission(AccessController.java:1036) > at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408) > at java.base/java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1521) > at java.base/java.security.Security.check(Security.java:832) > at java.base/java.security.Security.removeProvider(Security.java:444) > at IllegalPackageAccess.main(IllegalPackageAccess.java:81) > at PKCS11Test.premain(PKCS11Test.java:171) > at PKCS11Test.testNSS(PKCS11Test.java:568) > at PKCS11Test.main(PKCS11Test.java:207) > at IllegalPackageAccess.main(IllegalPackageAccess.java:69) > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78) > at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.base/java.lang.reflect.Method.invoke(Method.java:566) > at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127) > at java.base/java.lang.Thread.run(Thread.java:831) > > Root cause is that the test materializes and installs a policy by [obtaining the current policy](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/test/jdk/sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java#L46). At the time it [tries to remove a provider](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/test/jdk/sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java#L80), the materialized policy is used for an access check, due to some intricacies of the [java.security.Policy implementation](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/src/java.base/share/classes/java/security/Policy.java#L293). This policy does not allow the removal of a provider. > On platforms where the test runs through [PKCS11Test::fetchNssLib](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/test/jdk/sun/security/pkcs11/PKCS11Test.java#L859), the default policy is reset which makes the test work. But if we don't pass there, the test fails. > > The fix is to unconditionally call Policy.setPolicy(null); in IllegalPackageAccess before installing MyPolicy. LGTM ------------- Marked as reviewed by mbaesken (Reviewer). PR: https://git.openjdk.java.net/jdk/pull/2518 |
Re: RFR: 8261534: Test sun/security/pkcs11/KeyAgreeme
|
|
On Fri, 12 Feb 2021 11:05:22 GMT, Matthias Baesken <[hidden email]> wrote:
>> Fix exception in test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java: >> >> java.security.AccessControlException: access denied ("java.security.SecurityPermission" "removeProvider.SUN") >> at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) >> at java.base/java.security.AccessController.checkPermission(AccessController.java:1036) >> at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408) >> at java.base/java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1521) >> at java.base/java.security.Security.check(Security.java:832) >> at java.base/java.security.Security.removeProvider(Security.java:444) >> at IllegalPackageAccess.main(IllegalPackageAccess.java:81) >> at PKCS11Test.premain(PKCS11Test.java:171) >> at PKCS11Test.testNSS(PKCS11Test.java:568) >> at PKCS11Test.main(PKCS11Test.java:207) >> at IllegalPackageAccess.main(IllegalPackageAccess.java:69) >> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78) >> at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.base/java.lang.reflect.Method.invoke(Method.java:566) >> at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127) >> at java.base/java.lang.Thread.run(Thread.java:831) >> >> Root cause is that the test materializes and installs a policy by [obtaining the current policy](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/test/jdk/sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java#L46). At the time it [tries to remove a provider](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/test/jdk/sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java#L80), the materialized policy is used for an access check, due to some intricacies of the [java.security.Policy implementation](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/src/java.base/share/classes/java/security/Policy.java#L293). This policy does not allow the removal of a provider. >> On platforms where the test runs through [PKCS11Test::fetchNssLib](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/test/jdk/sun/security/pkcs11/PKCS11Test.java#L859), the default policy is reset which makes the test work. But if we don't pass there, the test fails. >> >> The fix is to unconditionally call Policy.setPolicy(null); in IllegalPackageAccess before installing MyPolicy. > > LGTM I'm not a JDK main line reviewer but the proposed fix looks good to me as well. ------------- PR: https://git.openjdk.java.net/jdk/pull/2518 |
Re: RFR: 8261534: Test sun/security/pkcs11/KeyAgreeme
|
|
On Fri, 12 Feb 2021 19:10:36 GMT, Martin Balao <[hidden email]> wrote:
>> LGTM > > I'm not a JDK main line reviewer but the proposed fix looks good to me as well. Thanks for the reviews! ------------- PR: https://git.openjdk.java.net/jdk/pull/2518 |
Integrated: 8261534: Test sun/security/pkcs11/KeyAgreeme
|
|
In reply to this post by Christoph Langer
On Wed, 10 Feb 2021 23:29:14 GMT, Christoph Langer <[hidden email]> wrote:
> Fix exception in test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java: > > java.security.AccessControlException: access denied ("java.security.SecurityPermission" "removeProvider.SUN") > at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at java.base/java.security.AccessController.checkPermission(AccessController.java:1036) > at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408) > at java.base/java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1521) > at java.base/java.security.Security.check(Security.java:832) > at java.base/java.security.Security.removeProvider(Security.java:444) > at IllegalPackageAccess.main(IllegalPackageAccess.java:81) > at PKCS11Test.premain(PKCS11Test.java:171) > at PKCS11Test.testNSS(PKCS11Test.java:568) > at PKCS11Test.main(PKCS11Test.java:207) > at IllegalPackageAccess.main(IllegalPackageAccess.java:69) > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78) > at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.base/java.lang.reflect.Method.invoke(Method.java:566) > at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127) > at java.base/java.lang.Thread.run(Thread.java:831) > > Root cause is that the test materializes and installs a policy by [obtaining the current policy](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/test/jdk/sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java#L46). At the time it [tries to remove a provider](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/test/jdk/sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java#L80), the materialized policy is used for an access check, due to some intricacies of the [java.security.Policy implementation](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/src/java.base/share/classes/java/security/Policy.java#L293). This policy does not allow the removal of a provider. > On platforms where the test runs through [PKCS11Test::fetchNssLib](https://github.com/openjdk/jdk/blob/4be2173478bd1e84946bd903b350ce466bddb36b/test/jdk/sun/security/pkcs11/PKCS11Test.java#L859), the default policy is reset which makes the test work. But if we don't pass there, the test fails. > > The fix is to unconditionally call Policy.setPolicy(null); in IllegalPackageAccess before installing MyPolicy. This pull request has now been integrated. Changeset: dc46aa85 Author: Christoph Langer <[hidden email]> URL: https://git.openjdk.java.net/jdk/commit/dc46aa85 Stats: 1 line in 1 file changed: 1 ins; 0 del; 0 mod 8261534: Test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java fails on platforms where no nsslib artifacts are defined Reviewed-by: mbaesken ------------- PR: https://git.openjdk.java.net/jdk/pull/2518 |
«
Return to OpenJDK Security Development
|
1 view|%1 views
| Free forum by Nabble | Edit this page |