Skip to content

Commit

Permalink
8254711: Add java.security.Provider.getService JFR Event
Browse files Browse the repository at this point in the history
Reviewed-by: mullan, valeriep, jpai
  • Loading branch information
coffeys authored and lutkerd committed Jul 18, 2024
1 parent fd378e4 commit 0fff401
Show file tree
Hide file tree
Showing 10 changed files with 280 additions and 9 deletions.
22 changes: 14 additions & 8 deletions src/java.base/share/classes/java/security/Provider.java
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@

package java.security;

import jdk.internal.event.SecurityProviderServiceEvent;

import java.io.*;
import java.util.*;
import static java.util.Locale.ENGLISH;
Expand Down Expand Up @@ -1280,18 +1282,22 @@ public Service getService(String type, String algorithm) {
}

Service s = serviceMap.get(key);
if (s != null) {
return s;
if (s == null) {
s = legacyMap.get(key);
if (s != null && !s.isValid()) {
legacyMap.remove(key, s);
}
}

s = legacyMap.get(key);
if (s != null && !s.isValid()) {
legacyMap.remove(key, s);
} else {
return s;
if (s != null && SecurityProviderServiceEvent.isTurnedOn()) {
var e = new SecurityProviderServiceEvent();
e.provider = getName();
e.type = type;
e.algorithm = algorithm;
e.commit();
}

return null;
return s;
}

// ServiceKey from previous getService() call
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

package jdk.internal.event;

/**
* Event recording details of Provider.getService(String type, String algorithm) calls
*/

public final class SecurityProviderServiceEvent extends Event {
private final static SecurityProviderServiceEvent EVENT = new SecurityProviderServiceEvent();

/**
* Returns {@code true} if event is enabled, {@code false} otherwise.
*/
public static boolean isTurnedOn() {
return EVENT.isEnabled();
}

public String type;
public String algorithm;
public String provider;
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

package jdk.jfr.events;

import jdk.jfr.Category;
import jdk.jfr.Description;
import jdk.jfr.Label;
import jdk.jfr.Name;
import jdk.jfr.internal.MirrorEvent;

@Category({"Java Development Kit", "Security"})
@Label("Security Provider Instance Request")
@Name("jdk.SecurityProviderService")
@Description("Details of Provider.getInstance(String type, String algorithm) calls")
@MirrorEvent(className = "jdk.internal.event.SecurityProviderServiceEvent")
public final class SecurityProviderServiceEvent extends AbstractJDKEvent {
@Label("Type of Service")
public String type;

@Label("Algorithm Name")
public String algorithm;

@Label("Security Provider")
public String provider;
}
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Properties;

import jdk.internal.access.SharedSecrets;
Expand All @@ -50,6 +49,7 @@
import jdk.jfr.events.InitialSecurityPropertyEvent;
import jdk.jfr.events.ProcessStartEvent;
import jdk.jfr.events.SecurityPropertyModificationEvent;
import jdk.jfr.events.SecurityProviderServiceEvent;
import jdk.jfr.events.SocketReadEvent;
import jdk.jfr.events.SocketWriteEvent;
import jdk.jfr.events.TLSHandshakeEvent;
Expand All @@ -70,6 +70,7 @@ public final class JDKEvents {
DeserializationEvent.class,
ProcessStartEvent.class,
SecurityPropertyModificationEvent.class,
SecurityProviderServiceEvent.class,
TLSHandshakeEvent.class,
X509CertificateEvent.class,
X509ValidationEvent.class
Expand All @@ -89,6 +90,7 @@ public final class JDKEvents {
jdk.internal.event.DeserializationEvent.class,
jdk.internal.event.ProcessStartEvent.class,
jdk.internal.event.SecurityPropertyModificationEvent.class,
jdk.internal.event.SecurityProviderServiceEvent.class,
jdk.internal.event.TLSHandshakeEvent.class,
jdk.internal.event.X509CertificateEvent.class,
jdk.internal.event.X509ValidationEvent.class,
Expand Down
5 changes: 5 additions & 0 deletions src/jdk.jfr/share/conf/jfr/default.jfc
Original file line number Diff line number Diff line change
Expand Up @@ -719,6 +719,11 @@
<setting name="stackTrace">true</setting>
</event>

<event name="jdk.SecurityProviderService">
<setting name="enabled">false</setting>
<setting name="stackTrace">true</setting>
</event>

<event name="jdk.TLSHandshake">
<setting name="enabled">false</setting>
<setting name="stackTrace">true</setting>
Expand Down
5 changes: 5 additions & 0 deletions src/jdk.jfr/share/conf/jfr/profile.jfc
Original file line number Diff line number Diff line change
Expand Up @@ -719,6 +719,11 @@
<setting name="stackTrace">true</setting>
</event>

<event name="jdk.SecurityProviderService">
<setting name="enabled">false</setting>
<setting name="stackTrace">true</setting>
</event>

<event name="jdk.TLSHandshake">
<setting name="enabled">false</setting>
<setting name="stackTrace">true</setting>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@ private static Document createDocument(String content) throws ParserConfiguratio
insertSetting(doc, EventNames.JavaExceptionThrow, "threshold", "0 ns");
insertSetting(doc, EventNames.JavaErrorThrow, "threshold", "0 ns");
insertSetting(doc, EventNames.SecurityProperty, "threshold", "0 ns");
insertSetting(doc, EventNames.SecurityProviderService, "threshold", "0 ns");
insertSetting(doc, EventNames.TLSHandshake, "threshold", "0 ns");
insertSetting(doc, EventNames.X509Certificate, "threshold", "0 ns");
insertSetting(doc, EventNames.X509Validation, "threshold", "0 ns");
Expand Down
1 change: 1 addition & 0 deletions test/jdk/jdk/jfr/event/runtime/TestActiveSettingEvent.java
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,7 @@ private static void testSettingConfiguration(String configurationName) throws Ex
settingValues.put(EventNames.X509Validation + "#threshold", "0 ns");
settingValues.put(EventNames.ProcessStart + "#threshold", "0 ns");
settingValues.put(EventNames.Deserialization + "#threshold", "0 ns");
settingValues.put(EventNames.SecurityProviderService + "#threshold", "0 ns");

try (Recording recording = new Recording(c)) {
Map<Long, EventType> eventTypes = new HashMap<>();
Expand Down
157 changes: 157 additions & 0 deletions test/jdk/jdk/jfr/event/security/TestSecurityProviderServiceEvent.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

package jdk.jfr.event.security;

import java.security.*;
import java.security.cert.CertPathBuilder;
import java.util.Collections;
import java.util.List;
import java.util.function.*;

import jdk.jfr.Recording;
import jdk.jfr.consumer.RecordedEvent;
import jdk.test.lib.Asserts;
import jdk.test.lib.jfr.Events;
import jdk.test.lib.jfr.EventNames;

import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;

/*
* @test
* @bug 8254711
* @summary Add JFR events for security crypto algorithms
* @key jfr
* @requires vm.hasJFR
* @library /test/lib
* @modules jdk.jfr/jdk.jfr.events
* @run main/othervm jdk.jfr.event.security.TestSecurityProviderServiceEvent
*/
public class TestSecurityProviderServiceEvent {

public static void main(String[] args) throws Exception {
testAlg(cipherFunc, "AES", "SunJCE",
"SunEC", "Cipher", 1, Collections.emptyList());
testAlg(signatureFunc, "SHA256withRSA", "SunRsaSign",
"SunEC", "Signature", 2, List.of("MessageDigest"));
testAlg(messageDigestFunc, "SHA-512", "SUN",
"SunEC", "MessageDigest", 1, Collections.emptyList());
testAlg(keystoreFunc, "PKCS12", "SUN",
"SunEC", "KeyStore", 1, Collections.emptyList());
testAlg(certPathBuilderFunc, "PKIX", "SUN",
"SunEC", "CertPathBuilder", 2, List.of("CertificateFactory"));
}

private static void testAlg(BiFunction<String, String, Provider> bif, String alg,
String workingProv, String brokenProv, String algType,
int expected, List<String> other) throws Exception {
// bootstrap security Provider services
Provider p = bif.apply(alg, workingProv);

try (Recording recording = new Recording()) {
recording.enable(EventNames.SecurityProviderService);
recording.start();
p = bif.apply(alg, workingProv);
bif.apply(alg, brokenProv);
recording.stop();
List<RecordedEvent> events = Events.fromRecording(recording);
Asserts.assertEquals(events.size(), expected, "Incorrect number of events");
assertEvent(events, algType, alg, p.getName(), other);
}
}

private static BiFunction<String, String, Provider> cipherFunc = (s1, p1 ) -> {
Cipher c;
try {
c = Cipher.getInstance(s1, p1);
return c.getProvider();
} catch (NoSuchAlgorithmException | NoSuchPaddingException | NoSuchProviderException e) {
// expected
}
return null;
};

private static BiFunction<String, String, Provider> signatureFunc = (s1, p1 ) -> {
Signature s;
try {
s = Signature.getInstance(s1, p1);
return s.getProvider();
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
// expected
}
return null;
};

private static BiFunction<String, String, Provider> messageDigestFunc = (s1, p1 ) -> {
MessageDigest md;
try {
md = MessageDigest.getInstance(s1, p1);
return md.getProvider();
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
// expected
}
return null;
};

private static BiFunction<String, String, Provider> keystoreFunc = (s1, p1 ) -> {
KeyStore ks;
try {
ks = KeyStore.getInstance(s1, p1);
return ks.getProvider();
} catch (NoSuchProviderException | KeyStoreException e) {
// expected
}
return null;
};

private static BiFunction<String, String, Provider> certPathBuilderFunc = (s1, p1 ) -> {
CertPathBuilder cps;
try {
cps = CertPathBuilder.getInstance(s1, p1);
return cps.getProvider();
} catch (NoSuchProviderException | NoSuchAlgorithmException e) {
// expected
}
return null;
};

private static void assertEvent(List<RecordedEvent> events, String type,
String alg, String workingProv, List<String> other) {
boolean secondaryEventOK = other.isEmpty() ? true : false;
for (RecordedEvent e : events) {
if (other.contains(e.getValue("type"))) {
// secondary operation in service stack while constructing this request
secondaryEventOK = true;
continue;
}
Events.assertField(e, "provider").equal(workingProv);
Events.assertField(e, "type").equal(type);
Events.assertField(e, "algorithm").equal(alg);
}
if (!secondaryEventOK) {
throw new RuntimeException("Secondary events missing");
}

}
}
1 change: 1 addition & 0 deletions test/lib/jdk/test/lib/jfr/EventNames.java
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,7 @@ public class EventNames {
public static final String X509Validation = PREFIX + "X509Validation";
public static final String InitialSecurityProperty = PREFIX + "InitialSecurityProperty";
public static final String SecurityProperty = PREFIX + "SecurityPropertyModification";
public final static String SecurityProviderService = PREFIX + "SecurityProviderService";
public static final String DirectBufferStatistics = PREFIX + "DirectBufferStatistics";
public static final String Deserialization = PREFIX + "Deserialization";

Expand Down

0 comments on commit 0fff401

Please sign in to comment.