Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add checks in Provider put() method in Java Security Restricted Mode #610

Merged
merged 1 commit into from
Jul 6, 2023
Merged

Add checks in Provider put() method in Java Security Restricted Mode #610

merged 1 commit into from
Jul 6, 2023

Conversation

taoliult
Copy link
Contributor

@taoliult taoliult commented Jun 5, 2023

Signed-off-by: Tao Liu [email protected]

This PR is for adding the services check in Provider legacy "put()" method and debug info in Java Security Restricted Mode.

The legacy “put()” method is for adding the services and it is used by provider SUN and SunEC in Semeru OpenJDK8. From OpenJDK11 and above versions, all those usages of “put()” method changed to "putService()" method. But we still need to check the services which are added by the legacy “put()” method in Java Security Restricted Mode. So, updated the codes for checking the registered services, only allowed the needed services be stored in the "legacyMap".

@taoliult taoliult marked this pull request as draft June 7, 2023 15:09
@taoliult taoliult marked this pull request as ready for review June 7, 2023 19:15
@taoliult
Copy link
Contributor Author

@keithc-ca Please help to review and advise.

@keithc-ca keithc-ca self-requested a review June 26, 2023 20:23
@keithc-ca keithc-ca self-assigned this Jun 26, 2023
@taoliult taoliult force-pushed the fips branch 3 times, most recently from e0a1b84 to 790fd00 Compare June 30, 2023 14:31
@keithc-ca
Copy link
Member

In the future, please put more information in the commit message. All, or most, of the description should be there so someone reviewing this in the future can understand (at least most of) the context and motivation for the change without needing to consult this pull request.

@keithc-ca
Copy link
Member

Jenkins test sanity.openjdk amac jdknext

@keithc-ca
Copy link
Member

Jenkins test sanity.openjdk amac jdknext depends ibmruntimes/openj9-openjdk-jdk#openj9-staging

@keithc-ca
Copy link
Member

This will have to wait until the openj9 branch advances to include

so it will compile in the presence of eclipse-openj9/openj9#17722.

@pshipton
Copy link
Member

Started a new acceptance build https://openj9-jenkins.osuosl.org/job/Pipeline-OpenJDK-Acceptance/490/

@pshipton
Copy link
Member

That build has promoted.

@keithc-ca
Copy link
Member

Jenkins test sanity.openjdk amac jdknext

@keithc-ca
Copy link
Member

The security-related failures are known:

@keithc-ca keithc-ca merged commit 47761ae into ibmruntimes:openj9 Jul 6, 2023
@taoliult
Copy link
Contributor Author

@keithc-ca For backport this PR, which JDK version needed? JDK11, JDK17 and JDK20?

@keithc-ca
Copy link
Member

If you want to back-port this, the sequence would be jdk21, jdk17, jdk11 and jdk8. There will be no more releases of jdk20.

@taoliult taoliult mentioned this pull request Jul 19, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keithc-ca keithc-ca keithc-ca approved these changes

Assignees

@keithc-ca keithc-ca

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@taoliult @keithc-ca @pshipton