RFR: 8286779: javax.crypto.CryptoPolicyParser#isConsistent always returns 'true' [v2]
Hai-May Chao
hchao at openjdk.java.net
Thu Jun 9 22:58:03 UTC 2022
On Thu, 9 Jun 2022 21:00:55 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - Inconsistent entries test
>> - Inconsistent entries test
>
> src/java.base/share/classes/javax/crypto/CryptoPolicyParser.java line 202:
>
>> 200: if (!processedPermissions.isEmpty()) {
>> 201: throw new ParsingException(st.lineno(), "Inconsistent policy");
>> 202: }
>
> Instead of setting the `allPermEntryFound` flag, what if you instead put an entry for `CryptoAllPermission.ALG_NAME` in `processedPermissions` here. Then if there are more entries after this, I think `isConsistent` will catch it in the following code:
>
>
> if (processedPermissions.containsKey(CryptoAllPermission.ALG_NAME)) {
> return false;
> }
Yes, with the `allPermEntryFound` flag, the current fix would not require to put the `javax.crypto.CryptoAllPermission` entry in `processedPermissions`. So `processedPermissions` will be used to keep `javax.crypto.CryptoPermission` entries and is updated by `isConsistent()`, and no need to deal with `javax.crypto.CryptoAllPermission` entry. I’d like to keep it as-is if there is no objection.
-------------
PR: https://git.openjdk.org/jdk/pull/8985
More information about the security-dev
mailing list