git: openjdk/leyden: hermetic-java-runtime: 3 new changesets

duke duke at openjdk.org
Mon Nov 27 23:34:28 UTC 2023 

Changeset: 0dfb6314
Author:    Jiangli Zhou <jianglizhou at google.com>
Date:      2023-08-30 15:57:00 +0000
URL:       https://git.openjdk.org/leyden/commit/0dfb6314221009881ebc35d0e5db75a7a348110b

Initial support for accessing hermetic JAR packaged JDK resource files via java.home in JDK.

A jdk.internal.misc.JavaHome class is introduced to encapsulate the hermetic JAR packaging details and provide a set of APIs for accessing the JDK resource files via java.home.

The current change handles the access to the following files within the JDK code. Other JDK resource files will be handled by follow up CL(s).

- <jdk>/conf/logging.properties
- <jdk>/conf/net.properties
- <jdk>/conf/security/java.security
- <jdk>/conf/security/java.policy
- <jdk>/lib/security/blacklisted.certs
- <jdk>/lib/security/cacerts
- <jdk>/lib/security/default.policy
- <jdk>/lib/security/public_suffix_list.dat
- <jdk>/lib/psfont.properties.ja
- <jdk>/lib/psfontj2d.properties

Handle the following entry with file:${java.home} URL pattern in java.security, e.g.:
- file:${java.home}/conf/security/java.policy

Change jdk.internal.jimage.ImageReaderFactory.getImageReader() to use the jar path if a jar file is the java home.

Split the main logic of java.security.KeyStore.getInstance(File, char[], LoadStoreParameter, boolean) into a private helper method, which is used by the original getInstance() method and sun.security.tools.KeyStoreUtil.getCacertsKeyStore() via reflection:

    private static final KeyStore getInstance(InputStream in, char[] password,
        LoadStoreParameter param, boolean hasPassword)

! src/java.base/share/classes/java/security/KeyStore.java
! src/java.base/share/classes/java/security/Security.java
! src/java.base/share/classes/jdk/internal/jimage/ImageReaderFactory.java
+ src/java.base/share/classes/jdk/internal/misc/JavaHome.java
! src/java.base/share/classes/sun/net/NetProperties.java
! src/java.base/share/classes/sun/security/provider/PolicyFile.java
! src/java.base/share/classes/sun/security/tools/KeyStoreUtil.java
! src/java.base/share/classes/sun/security/util/DomainName.java
! src/java.base/share/classes/sun/security/util/UntrustedCertificates.java
! src/java.desktop/share/classes/sun/print/PSPrinterJob.java
! src/java.logging/share/classes/java/util/logging/LogManager.java

Changeset: de2cfdda
Author:    Jiangli Zhou <jianglizhou at google.com>
Date:      2023-08-31 12:21:19 +0000
URL:       https://git.openjdk.org/leyden/commit/de2cfdda4b3e4850529d10009688df10a01068fa

Support hermetic JAR packaged conf/security/policy/{limited|unlimited} cryptography extension policy files.

! src/java.base/share/classes/javax/crypto/JceSecurity.java.template

Changeset: f442ea65
Author:    Jiangli Zhou <jianglizhou at google.com>
Date:      2023-08-31 18:39:26 +0000
URL:       https://git.openjdk.org/leyden/commit/f442ea65a8fd3faf8c09991f92e5bc3cd99e2ec5

Support runtime accessing for hermetic JAR packaged JDK-bundled fonts (<jdk>/lib/fonts/*.ttf) and <jdk>/lib/fontconfig.<os>.properties.

In sun.awt.FontConfiguration, we use JavaHome.getJDKResource API to access hermetic JAR packaged fontconfig property file.

With this, we can now support hermetic JDK-bundled fonts files specified by fontconfig property using $JRE_LIB_FONTS path.  sun.font.SunFontManager.registerFontFile() implements the support for hermetic case using java.awt.Font.createFont(int, InputStream) API, which can handle font file as a JAR resource.

Font file path using $JRE_LIB_FONTS in fontconfig properties is mapped to JAR URL for hermetic packaged JDK fonts, e.g.:

$JRE_LIB_FONTS/Font file path using $JRE_LIB_FONTS in fontconfig properties is mapped to JAR URL for hermetic packaged JDK fonts, e.g.:

  $JRE_LIB_FONTS/<font>.ttf

map to:

  jar:file:///<hermetic_jdk>/lib/fonts/<font>.ttf

For non-hermetic case, the font file is still mapped to normal file path.

! src/java.desktop/share/classes/sun/awt/FontConfiguration.java
! src/java.desktop/share/classes/sun/font/SunFontManager.java
! src/java.desktop/unix/classes/sun/font/MFontConfiguration.java
! src/java.desktop/windows/classes/sun/awt/Win32FontManager.java

More information about the leyden-dev mailing list