RFR: 8286779: javax.crypto.CryptoPolicyParser#isConsistent always returns 'true' [v2]
Sean Mullan
mullan at openjdk.java.net
Fri Jun 10 15:31:07 UTC 2022
On Thu, 9 Jun 2022 22:54:20 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/CryptoPolicyParser.java line 202:
>>
>>> 200: if (!processedPermissions.isEmpty()) {
>>> 201: throw new ParsingException(st.lineno(), "Inconsistent policy");
>>> 202: }
>>
>> Instead of setting the `allPermEntryFound` flag, what if you instead put an entry for `CryptoAllPermission.ALG_NAME` in `processedPermissions` here. Then if there are more entries after this, I think `isConsistent` will catch it in the following code:
>>
>>
>> if (processedPermissions.containsKey(CryptoAllPermission.ALG_NAME)) {
>> return false;
>> }
>
> Yes, with the `allPermEntryFound` flag, the current fix would not require to put the `javax.crypto.CryptoAllPermission` entry in `processedPermissions`. So `processedPermissions` will be used to keep `javax.crypto.CryptoPermission` entries and is updated by `isConsistent()`, and no need to deal with `javax.crypto.CryptoAllPermission` entry. I’d like to keep it as-is if there is no objection.
Sure, I think that's reasonable.
-------------
PR: https://git.openjdk.org/jdk/pull/8985
More information about the security-dev
mailing list