RFR: 8284490: Remove finalizer method in java.security.jgss [v8]
Weijun Wang
weijun at openjdk.java.net
Tue Apr 26 15:47:03 UTC 2022
On Mon, 25 Apr 2022 06:07:00 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> Please review the update to remove finalizer method in the java.security.jgss module. It is one of the efforts to clean up the use of finalizer method in JDK.
>
> Xue-Lei Andrew Fan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 10 commits:
>
> - Merge and resovle merge conflict
> - change the calling order in dispose()
> - More code cleanup
> - re-org the code per feedback
> - Update to set context method
> - add test cases
> - Merge
> - Update copyright year
> - the object reference issue for Cleaner
> - 8284490: Remove finalizer method in java.security.jgss
Can you try out this test?
diff --git a/test/jdk/sun/security/krb5/auto/Cleaners.java b/test/jdk/sun/security/krb5/auto/Cleaners.java
new file mode 100644
index 00000000000..0eac7c21ee6
--- /dev/null
+++ b/test/jdk/sun/security/krb5/auto/Cleaners.java
@@ -0,0 +1,180 @@
+/*
+ * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8284490
+ * @summary Remove finalizer method in java.security.jgss
+ * @library /test/lib
+ * @compile -XDignore.symbol.file Cleaners.java
+ * @run main/othervm Cleaners launcher
+ */
+
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.nio.file.attribute.PosixFilePermission;
+import java.util.Arrays;
+import java.util.Set;
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.Platform;
+import jdk.test.lib.process.Proc;
+import org.ietf.jgss.Oid;
+import sun.security.krb5.Config;
+
+public class Cleaners {
+
+ private static final String CONF = "krb5.conf";
+ private static final String KTAB_S = "server.ktab";
+ private static final String KTAB_B = "backend.ktab";
+
+ private static final String HOST = "localhost";
+ private static final String SERVER = "server/" + HOST;
+ private static final String BACKEND = "backend/" + HOST;
+ private static final String USER = "user";
+ private static final char[] PASS = "password".toCharArray();
+ private static final String REALM = "REALM";
+
+ private static final byte[] MSG = "12345678".repeat(128)
+ .getBytes(StandardCharsets.UTF_8);
+
+ public static void main(String[] args) throws Exception {
+
+ Oid oid = new Oid("1.2.840.113554.1.2.2");
+ byte[] token, msg;
+
+ switch (args[0]) {
+ case "launcher" -> {
+ KDC kdc = KDC.create(REALM, HOST, 0, true);
+ kdc.addPrincipal(USER, PASS);
+ kdc.addPrincipalRandKey("krbtgt/" + REALM);
+ kdc.addPrincipalRandKey(SERVER);
+ kdc.addPrincipalRandKey(BACKEND);
+
+ // Native lib might do some name lookup
+ KDC.saveConfig(CONF, kdc,
+ "dns_lookup_kdc = no",
+ "ticket_lifetime = 1h",
+ "dns_lookup_realm = no",
+ "dns_canonicalize_hostname = false",
+ "forwardable = true");
+ System.setProperty("java.security.krb5.conf", CONF);
+ Config.refresh();
+
+ // Create kaytab and ccache files for native clients
+ kdc.writeKtab(KTAB_S, false, SERVER);
+ kdc.writeKtab(KTAB_B, false, BACKEND);
+ kdc.kinit(USER, "ccache");
+ if (!Platform.isWindows()) {
+ Files.setPosixFilePermissions(Paths.get("ccache"),
+ Set.of(PosixFilePermission.OWNER_READ,
+ PosixFilePermission.OWNER_WRITE));
+ }
+ Proc pc = proc("client")
+ .env("KRB5CCNAME", "FILE:ccache")
+ .env("KRB5_KTNAME", "none") // Do not try system ktab if ccache fails
+ .start();
+ Proc ps = proc("server")
+ .env("KRB5_KTNAME", KTAB_S)
+ .start();
+ Proc pb = proc("backend")
+ .env("KRB5_KTNAME", KTAB_B)
+ .start();
+
+ // Client and server
+ ps.println(pc.readData()); // AP-REQ
+ pc.println(ps.readData()); // AP-REP, mutual auth
+ ps.println(pc.readData()); // wrap msg
+ ps.println(pc.readData()); // mic msg
+
+
+ // Server and backend
+ pb.println(ps.readData()); // AP-REQ
+ ps.println(pb.readData()); // wrap msg
+ ps.println(pb.readData()); // mic msg
+ ensureCleanersCalled(pc);
+ ensureCleanersCalled(ps);
+ ensureCleanersCalled(pb);
+ }
+ case "client" -> {
+ Context c = Context.fromThinAir();
+ c.startAsClient(SERVER, oid);
+ c.x().requestCredDeleg(true);
+ c.x().requestMutualAuth(true);
+ Proc.binOut(c.take(new byte[0])); // AP-REQ
+ c.take(Proc.binIn()); // AP-REP
+ Proc.binOut(c.wrap(MSG, true));
+ Proc.binOut(c.getMic(MSG));
+ }
+ case "server" -> {
+ Context s = Context.fromThinAir();
+ s.startAsServer(oid);
+ token = Proc.binIn(); // AP-REQ
+ Proc.binOut(s.take(token)); // AP-REP
+ msg = s.unwrap(Proc.binIn(), true);
+ Asserts.assertTrue(Arrays.equals(msg, MSG));
+ s.verifyMic(Proc.binIn(), msg);
+ Context s2 = s.delegated();
+ s2.startAsClient(BACKEND, oid);
+ s2.x().requestMutualAuth(false);
+ Proc.binOut(s2.take(new byte[0])); // AP-REQ
+ msg = s2.unwrap(Proc.binIn(), true);
+ Asserts.assertTrue(Arrays.equals(msg, MSG));
+ s2.verifyMic(Proc.binIn(), msg);
+ }
+ case "backend" -> {
+ Context b = Context.fromThinAir();
+ b.startAsServer(oid);
+ token = b.take(Proc.binIn()); // AP-REQ
+ Asserts.assertTrue(token == null);
+ Proc.binOut(b.wrap(MSG, true));
+ Proc.binOut(b.getMic(MSG));
+ }
+ }
+ System.out.println("Prepare for GC");
+ for (int i = 0; i < 10; i++) {
+ System.gc();
+ Thread.sleep(100);
+ }
+ }
+
+ private static void ensureCleanersCalled(Proc p) throws Exception {
+ p.output()
+ .shouldHaveExitValue(0)
+ .stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_deleteContext")
+ .stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseName")
+ .stdoutShouldMatch("Prepare for GC(.|\\n)*GSSLibStub_releaseCred");
+ }
+
+ private static Proc proc(String type) throws Exception {
+ return Proc.create("Cleaners")
+ .args(type)
+ .debug(type)
+ .env("KRB5_CONFIG", CONF)
+ .env("KRB5_TRACE", Platform.isWindows() ? "CON" : "/dev/stderr")
+ .prop("sun.security.jgss.native", "true")
+ .prop("javax.security.auth.useSubjectCredsOnly", "false")
+ .prop("sun.security.nativegss.debug", "true");
+ }
+}
diff --git a/test/lib/jdk/test/lib/process/Proc.java b/test/lib/jdk/test/lib/process/Proc.java
index 3541f34144f..574e5761d03 100644
--- a/test/lib/jdk/test/lib/process/Proc.java
+++ b/test/lib/jdk/test/lib/process/Proc.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -123,6 +123,7 @@ public class Proc {
private String debug; // debug flag, controller will show data
// transfer between procs. If debug is set,
// it MUST be different between Procs.
+ private final StringBuilder stdout = new StringBuilder();
final private static String PREFIX = "PROCISFUN:";
@@ -358,6 +359,9 @@ public class Proc {
// Reads a line from stdout of proc
public String readLine() throws IOException {
String s = br.readLine();
+ if (s != null) {
+ stdout.append(s).append('\n');
+ }
if (debug != null) {
System.out.println("PROC: " + debug + " readline: " +
(s == null ? "<EOF>" : s));
@@ -402,6 +406,16 @@ public class Proc {
}
return p.waitFor();
}
+
+ // Returns an OutputAnalyzer
+ public OutputAnalyzer output() throws Exception {
+ int exitCode = waitFor();
+ Path stderr = Path.of(getId("stderr"));
+ return new OutputAnalyzer(stdout.toString(),
+ Files.exists(stderr) ? Files.readString(stderr) : "",
+ exitCode);
+ }
+
// Wait for process end with expected exit code
public void waitFor(int expected) throws Exception {
if (p.waitFor() != expected) {
-------------
PR: https://git.openjdk.java.net/jdk/pull/8136
More information about the security-dev
mailing list