RFR: 8257858: [macOS]: Remove JNF dependency from libosxsecurity/KeystoreImpl.m [v2]

Phil Race prr at openjdk.java.net
Fri Jan 29 21:19:48 UTC 2021 

On Fri, 29 Jan 2021 14:57:56 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> This fix covers both
>> 
>> - [[macOS]: Remove JNF dependency from libosxsecurity/KeystoreImpl.m](https://bugs.openjdk.java.net/browse/JDK-8257858)
>> - [[macOS]: Remove JNF dependency from libosxkrb5/SCDynamicStoreConfig.m](https://bugs.openjdk.java.net/browse/JDK-8257860)
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   same behavior as before -- empty realm map

make/modules/java.security.jgss/Lib.gmk line 84:

> 82:             $(call SET_SHARED_LIBRARY_ORIGIN), \
> 83:         LIBS := -framework Cocoa -framework SystemConfiguration \
> 84:             -framework Kerberos -ljava, \

The need to add -ljava is interesting. It implies we were getting something from the platform that usually we'd expect to come from the JDK itself ??

src/java.base/macosx/classes/apple/security/KeychainStore.java line 820:

> 818:     private void createKeyEntry(String alias, long creationDate, long secKeyRef,
> 819:                                 long[] secCertificateRefs, byte[][] rawCertData) {
> 820:         KeyEntry ke = new KeyEntry();

removing these exceptions is presumably just clean up - not directly related ??

src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m line 28:

> 26: #import "apple_security_KeychainStore.h"
> 27: #include "jni.h"
> 28: #include "jni_util.h"

jni_util.h includes jni.h so I don't understand the need for this change.
Also why did you change import to include ? import is the Obj-C norm ...

src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m line 619:

> 617:             (*env)->ReleaseCharArrayElements(env, passwordObj, passwordChars,
> 618:                 JNI_ABORT);
> 619:         }

Although you have it in the later code, here you are missing
 @catch (NSException *e) { 
     NSLog(@"%@", [e callStackSymbols]); 
 }

src/java.security.jgss/macosx/native/libosxkrb5/SCDynamicStoreConfig.m line 41:

> 39:     if ([keys count] == 0) return;
> 40:     if (![keys containsObject:KERBEROS_DEFAULT_REALMS] && ![keys containsObject:KERBEROS_DEFAULT_REALM_MAPPINGS]) return;
> 41:     //    JNFPerformEnvBlock(JNFThreadDetachOnThreadDeath | JNFThreadSetSystemClassLoaderOnAttach | JNFThreadAttachAsDaemon, ^(JNIEnv *env) {

remove commented out code

src/java.security.jgss/macosx/native/libosxkrb5/SCDynamicStoreConfig.m line 57:

> 55:         }
> 56:     }
> 57:     (*localVM)->DetachCurrentThread(localVM);

I think you only want to detach if you actually attached ! you don't want to be detaching VM threads.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1845

More information about the security-dev mailing list