RFR: 8315487: Security Providers Filter [v9]

Francisco Ferrari Bihurriet fferrari at openjdk.org
Fri Nov 29 19:25:45 UTC 2024 

On Mon, 4 Nov 2024 19:46:07 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Martin Balao has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains eight commits:
>> 
>>  - Remove -Xdebug from commented-out debug command
>>    
>>    This is unnecessary, see 842d6329cf5a3da8df7eddb195b5fcb7baadbdc3.
>>  - Merge 'openjdk/master' into JDK-8315487
>>    
>>    Resolved conflicts:
>>      src/java.base/share/classes/java/security/Provider.java
>>      src/java.base/share/classes/javax/crypto/Cipher.java
>>      src/java.base/share/classes/sun/security/jca/ProviderList.java
>>      src/java.base/share/conf/security/java.security
>>      src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
>>    
>>    Additional fixes:
>>      src/java.base/share/classes/java/security/Security.java
>>        Import sun.security.jca.ProvidersFilter, since the sun.security.jca.*
>>        import was removed in c6f1d5f374bfa9bde75765391d5dae0e8e28b4ab.
>>      src/java.base/share/classes/sun/security/jca/GetInstance.java
>>        Adjust GetInstance::getCipherServices return type to Iterator<Service>.
>>      src/java.base/share/classes/sun/security/jca/ProvidersFilter.java
>>        Rename CipherServiceList to CipherServiceIterator in comment.
>>  - Minor changes to align with the JEP.
>>    
>>    Co-authored-by: Francisco Ferrari Bihurriet <fferrari at redhat.com>
>>    Co-authored-by: Martin Balao <mbalao at redhat.com>
>>  - ProvidersFilterTest extended to cover all JCA service types.
>>    
>>    Co-authored-by: Francisco Ferrari Bihurriet <fferrari at redhat.com>
>>    Co-authored-by: Martin Balao <mbalao at openjdk.org>
>>  - Support for cipher transformations and JEP alignment
>>    of the java.security documentation.
>>    
>>    Co-authored-by: Francisco Ferrari Bihurriet <fferrari at redhat.com>
>>    Co-authored-by: Martin Balao <mbalao at redhat.com>
>>  - Copyright dates update.
>>  - More clear text in invalid pattern exception.
>>  - 8315487: Security Providers Filter
>>    
>>    Co-authored-by: Francisco Ferrari Bihurriet <fferrari at redhat.com>
>>    Co-authored-by: Martin Balao <mbalao at redhat.com>
>
> This update is really too big to review in details.  There are 5512 lines changed, 4881 ins and 631 del per the webrev data.  If I read the description and code right, there are three types of update in this PR:
> 1. bug fixes of the current OpenJDK code.
> 2. A provider filter API design to check if a service is allowed in a certain circumstances.
> 3. A provider filter implementation in java.security to perform the service checking.
> 
> I may use multiple PR for this purpose:
> 1. Multiple pull requests to fix bugs.
> 2. Design a public API to check if a service is allowed and update the JDK code accordingly.  A public API design will allow third party to define their own service restriction policy, without depends on the java.security.
> 3. Implement the provider filter with java security property.
> 
> The 1st and 2nd one should be small enough, straightforward to implementation and easy to integrate.  The 3rd one could big, but it will be an implementation details, and it can even be optional.  As would make it easy to review and backport.
> 
> Just for your reference.

Hi @XueleiFan,

Is not a goal of this proposal to allow different filter implementations, for this reason, there isn't a pluggable filter API design. The only publicly API exposed by the filter is the `jdk.security.providers.filter` security property, overridable through a system property with the same name. Any other APIs are for JCA internal use only. More details can be found in the [proposed JEP draft](https://openjdk.org/jeps/8325511).

We agree that this pull request is too large to review, and for this reason @martinuy has created [JDK-8345139: Fix bugs and inconsistencies in the Provider services map](https://bugs.openjdk.org/browse/JDK-8345139) and [JDK-8345221: Replace legacy with new Provider APIs in SunNativeGSS](https://bugs.openjdk.org/browse/JDK-8345221). We already moved changes from this pull request to [JDK-8345221](https://bugs.openjdk.org/browse/JDK-8345221 "Replace legacy with new Provider APIs in SunNativeGSS") (#22461), and we'll be moving changes to [JDK-8345139](https://bugs.openjdk.org/browse/JDK-8345139 "Fix bugs and inconsistencies in the Provider services map") in the coming days.

Unlike [JDK-8345221](https://bugs.openjdk.org/browse/JDK-8345221 "Replace legacy with new Provider APIs in SunNativeGSS"), [JDK-8345139](https://bugs.openjdk.org/browse/JDK-8345139 "Fix bugs and inconsistencies in the Provider services map") will be a dependency for this pull request. In order to minimize future conflicts, we'll wait for #15539 to be integrated. Then, we'll base [JDK-8345139](https://bugs.openjdk.org/browse/JDK-8345139 "Fix bugs and inconsistencies in the Provider services map") on HEAD code including it.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/15539#issuecomment-2508434358

More information about the core-libs-dev mailing list