8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.lang.reflect.*;
29 import java.util.*;
30 import java.util.concurrent.ConcurrentHashMap;
31 import java.io.*;
32 import java.net.URL;
33 import sun.security.util.Debug;
34 import sun.security.util.PropertyExpander;
35
36 import sun.security.jca.*;
37
38 /**
39 * <p>This class centralizes all security properties and common security
40 * methods. One of its primary uses is to manage providers.
41 *
42 * <p>The default values of security properties are read from an
43 * implementation-specific location, which is typically the properties file
44 * {@code conf/security/java.security} in the Java installation directory.
45 *
46 * @author Benjamin Renaud
47 */
48
49 public final class Security {
50
51 /* Are we debugging? -- for developers */
52 private static final Debug sdebug =
783 * if a security manager exists and its {@link
784 * java.lang.SecurityManager#checkPermission} method
785 * denies access to set the specified security property value
786 * @throws NullPointerException if key or datum is null
787 *
788 * @see #getProperty
789 * @see java.security.SecurityPermission
790 */
791 public static void setProperty(String key, String datum) {
792 check("setProperty."+key);
793 props.put(key, datum);
794 invalidateSMCache(key); /* See below. */
795 }
796
797 /*
798 * Implementation detail: If the property we just set in
799 * setProperty() was either "package.access" or
800 * "package.definition", we need to signal to the SecurityManager
801 * class that the value has just changed, and that it should
802 * invalidate it's local cache values.
803 *
804 * Rather than create a new API entry for this function,
805 * we use reflection to set a private variable.
806 */
807 private static void invalidateSMCache(String key) {
808
809 final boolean pa = key.equals("package.access");
810 final boolean pd = key.equals("package.definition");
811
812 if (pa || pd) {
813 AccessController.doPrivileged(new PrivilegedAction<>() {
814 public Void run() {
815 try {
816 /* Get the class via the bootstrap class loader. */
817 Class<?> cl = Class.forName(
818 "java.lang.SecurityManager", false, null);
819 Field f = null;
820 boolean accessible = false;
821
822 if (pa) {
823 f = cl.getDeclaredField("packageAccessValid");
824 accessible = f.isAccessible();
825 f.setAccessible(true);
826 } else {
827 f = cl.getDeclaredField("packageDefinitionValid");
828 accessible = f.isAccessible();
829 f.setAccessible(true);
830 }
831 f.setBoolean(f, false);
832 f.setAccessible(accessible);
833 }
834 catch (Exception e1) {
835 /* If we couldn't get the class, it hasn't
836 * been loaded yet. If there is no such
837 * field, we shouldn't try to set it. There
838 * shouldn't be a security execption, as we
839 * are loaded by boot class loader, and we
840 * are inside a doPrivileged() here.
841 *
842 * NOOP: don't do anything...
843 */
844 }
845 return null;
846 } /* run */
847 }); /* PrivilegedAction */
848 } /* if */
849 }
850
851 private static void check(String directive) {
852 SecurityManager security = System.getSecurityManager();
853 if (security != null) {
854 security.checkSecurityAccess(directive);
855 }
856 }
857
858 private static void checkInsertProvider(String name) {
859 SecurityManager security = System.getSecurityManager();
860 if (security != null) {
861 try {
862 security.checkSecurityAccess("insertProvider");
863 } catch (SecurityException se1) {
864 try {
865 security.checkSecurityAccess("insertProvider." + name);
866 } catch (SecurityException se2) {
867 // throw first exception, but add second to suppressed
868 se1.addSuppressed(se2);
|
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.util.*;
29 import java.util.concurrent.ConcurrentHashMap;
30 import java.io.*;
31 import java.net.URL;
32
33 import jdk.internal.misc.SharedSecrets;
34 import sun.security.util.Debug;
35 import sun.security.util.PropertyExpander;
36
37 import sun.security.jca.*;
38
39 /**
40 * <p>This class centralizes all security properties and common security
41 * methods. One of its primary uses is to manage providers.
42 *
43 * <p>The default values of security properties are read from an
44 * implementation-specific location, which is typically the properties file
45 * {@code conf/security/java.security} in the Java installation directory.
46 *
47 * @author Benjamin Renaud
48 */
49
50 public final class Security {
51
52 /* Are we debugging? -- for developers */
53 private static final Debug sdebug =
784 * if a security manager exists and its {@link
785 * java.lang.SecurityManager#checkPermission} method
786 * denies access to set the specified security property value
787 * @throws NullPointerException if key or datum is null
788 *
789 * @see #getProperty
790 * @see java.security.SecurityPermission
791 */
792 public static void setProperty(String key, String datum) {
793 check("setProperty."+key);
794 props.put(key, datum);
795 invalidateSMCache(key); /* See below. */
796 }
797
798 /*
799 * Implementation detail: If the property we just set in
800 * setProperty() was either "package.access" or
801 * "package.definition", we need to signal to the SecurityManager
802 * class that the value has just changed, and that it should
803 * invalidate it's local cache values.
804 */
805 private static void invalidateSMCache(String key) {
806
807 final boolean pa = key.equals("package.access");
808 final boolean pd = key.equals("package.definition");
809
810 if (pa || pd) {
811 SharedSecrets.getJavaLangAccess().invalidatePackageAccessCache();
812 }
813 }
814
815 private static void check(String directive) {
816 SecurityManager security = System.getSecurityManager();
817 if (security != null) {
818 security.checkSecurityAccess(directive);
819 }
820 }
821
822 private static void checkInsertProvider(String name) {
823 SecurityManager security = System.getSecurityManager();
824 if (security != null) {
825 try {
826 security.checkSecurityAccess("insertProvider");
827 } catch (SecurityException se1) {
828 try {
829 security.checkSecurityAccess("insertProvider." + name);
830 } catch (SecurityException se2) {
831 // throw first exception, but add second to suppressed
832 se1.addSuppressed(se2);
|