Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8250248

Address reliance on default constructors in security libs

    XMLWordPrintable

Details

    • CSR
    • Resolution: Approved
    • P4
    • 16
    • security-libs
    • None
    • behavioral
    • minimal
    • Deprecated constructor added.
    • Java API
    • SE

    Description

      Summary

      Replace implicit default constructors with explicit declare constructors across security libraries.

      Problem

      Default constructors considered harmful.

      Solution

      Add the explicit constructors to the affected classes. One class appears to new need a constructor so it is declared as terminally deprecated.

      Specification

      --- old/src/java.base/share/classes/java/security/AlgorithmParameterGeneratorSpi.java   2020-07-23 19:54:25.439597194 -0700
      +++ new/src/java.base/share/classes/java/security/AlgorithmParameterGeneratorSpi.java   2020-07-23 19:54:25.075597194 -0700
      @@ -61,6 +61,11 @@
       public abstract class AlgorithmParameterGeneratorSpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public AlgorithmParameterGeneratorSpi() {}
      +
      +    /**
            * Initializes this parameter generator for a certain size
            * and source of randomness.
            *
      --- old/src/java.base/share/classes/java/security/AlgorithmParametersSpi.java   2020-07-23 19:54:26.111597194 -0700
      +++ new/src/java.base/share/classes/java/security/AlgorithmParametersSpi.java   2020-07-23 19:54:25.731597194 -0700
      @@ -51,6 +51,11 @@
       public abstract class AlgorithmParametersSpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public AlgorithmParametersSpi() {}
      +
      +    /**
            * Initializes this parameters object using the parameters
            * specified in {@code paramSpec}.
            *
      --- old/src/java.base/share/classes/java/security/KeyFactorySpi.java    2020-07-23 19:54:26.815597194 -0700
      +++ new/src/java.base/share/classes/java/security/KeyFactorySpi.java    2020-07-23 19:54:26.415597194 -0700
      @@ -70,6 +70,11 @@
       public abstract class KeyFactorySpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public KeyFactorySpi() {}
      +
      +    /**
            * Generates a public key object from the provided key
            * specification (key material).
            *
      --- old/src/java.base/share/classes/java/security/KeyPairGeneratorSpi.java  2020-07-23 19:54:27.503597194 -0700
      +++ new/src/java.base/share/classes/java/security/KeyPairGeneratorSpi.java  2020-07-23 19:54:27.147597194 -0700
      @@ -59,6 +59,11 @@
       public abstract class KeyPairGeneratorSpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public KeyPairGeneratorSpi() {}
      +
      +    /**
            * Initializes the key pair generator for a certain keysize, using
            * the default parameter set.
            *
      --- old/src/java.base/share/classes/java/security/KeyStoreSpi.java  2020-07-23 19:54:28.187597194 -0700
      +++ new/src/java.base/share/classes/java/security/KeyStoreSpi.java  2020-07-23 19:54:27.803597194 -0700
      @@ -54,6 +54,11 @@
       public abstract class KeyStoreSpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public KeyStoreSpi() {}
      +
      +    /**
            * Returns the key associated with the given alias, using the given
            * password to recover it.  The key must have been associated with
            * the alias by a call to {@code setKeyEntry},
      --- old/src/java.base/share/classes/java/security/MessageDigestSpi.java 2020-07-23 19:54:28.863597194 -0700
      +++ new/src/java.base/share/classes/java/security/MessageDigestSpi.java 2020-07-23 19:54:28.495597194 -0700
      @@ -55,6 +55,11 @@
           private byte[] tempArray;
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public MessageDigestSpi() {}
      +
      +    /**
            * Returns the digest length in bytes.
            *
            * <p>This concrete method has been added to this previously-defined
      --- old/src/java.base/share/classes/java/security/PermissionCollection.java 2020-07-23 19:54:29.583597194 -0700
      +++ new/src/java.base/share/classes/java/security/PermissionCollection.java 2020-07-23 19:54:29.215597194 -0700
      @@ -103,6 +103,11 @@
           private volatile boolean readOnly;
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public PermissionCollection() {}
      +
      +    /**
            * Adds a permission object to the current collection of permission objects.
            *
            * @param permission the Permission object to add.
      --- old/src/java.base/share/classes/java/security/Policy.java   2020-07-23 19:54:30.319597194 -0700
      +++ new/src/java.base/share/classes/java/security/Policy.java   2020-07-23 19:54:29.907597194 -0700
      @@ -88,6 +88,11 @@
       public abstract class Policy {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public Policy() {}
      +
      +    /**
            * A read-only empty PermissionCollection instance.
            * @since 1.6
            */
      --- old/src/java.base/share/classes/java/security/PolicySpi.java    2020-07-23 19:54:31.043597194 -0700
      +++ new/src/java.base/share/classes/java/security/PolicySpi.java    2020-07-23 19:54:30.663597194 -0700
      @@ -45,6 +45,11 @@
       public abstract class PolicySpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public PolicySpi() {}
      +
      +    /**
            * Check whether the policy has granted a Permission to a ProtectionDomain.
            *
            * @param domain the ProtectionDomain to check.
      --- old/src/java.base/share/classes/java/security/SignatureSpi.java 2020-07-23 19:54:31.747597194 -0700
      +++ new/src/java.base/share/classes/java/security/SignatureSpi.java 2020-07-23 19:54:31.343597194 -0700
      @@ -53,6 +53,11 @@
       public abstract class SignatureSpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public SignatureSpi() {}
      +
      +    /**
            * Application-specified source of randomness.
            */
           protected SecureRandom appRandom = null;
      --- old/src/java.base/share/classes/java/security/cert/CertificateFactorySpi.java   2020-07-23 19:54:32.479597194 -0700
      +++ new/src/java.base/share/classes/java/security/cert/CertificateFactorySpi.java   2020-07-23 19:54:32.099597194 -0700
      @@ -66,6 +66,11 @@
       public abstract class CertificateFactorySpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public CertificateFactorySpi() {}
      +
      +    /**
            * Generates a certificate object and initializes it with
            * the data read from the input stream {@code inStream}.
            *
      --- old/src/java.base/share/classes/java/security/cert/X509CRLEntry.java    2020-07-23 19:54:33.207597194 -0700
      +++ new/src/java.base/share/classes/java/security/cert/X509CRLEntry.java    2020-07-23 19:54:32.795597194 -0700
      @@ -68,6 +68,11 @@
       public abstract class X509CRLEntry implements X509Extension {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public X509CRLEntry() {}
      +
      +    /**
            * Compares this CRL entry for equality with the given
            * object. If the {@code other} object is an
            * {@code instanceof} {@code X509CRLEntry}, then
      --- old/src/java.base/share/classes/javax/crypto/CipherSpi.java 2020-07-23 19:54:33.963597194 -0700
      +++ new/src/java.base/share/classes/javax/crypto/CipherSpi.java 2020-07-23 19:54:33.539597194 -0700
      @@ -230,6 +230,11 @@
       public abstract class CipherSpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public CipherSpi() {}
      +
      +    /**
            * Sets the mode of this cipher.
            *
            * @param mode the cipher mode
      --- old/src/java.base/share/classes/javax/crypto/ExemptionMechanismSpi.java 2020-07-23 19:54:34.715597194 -0700
      +++ new/src/java.base/share/classes/javax/crypto/ExemptionMechanismSpi.java 2020-07-23 19:54:34.327597194 -0700
      @@ -46,6 +46,11 @@
       public abstract class ExemptionMechanismSpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public ExemptionMechanismSpi() {}
      +
      +    /**
            * Returns the length in bytes that an output buffer would need to be in
            * order to hold the result of the next
            * {@link #engineGenExemptionBlob(byte[], int) engineGenExemptionBlob}
      --- old/src/java.base/share/classes/javax/crypto/KeyAgreementSpi.java   2020-07-23 19:54:35.475597194 -0700
      +++ new/src/java.base/share/classes/javax/crypto/KeyAgreementSpi.java   2020-07-23 19:54:35.071597194 -0700
      @@ -63,6 +63,11 @@
       public abstract class KeyAgreementSpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public KeyAgreementSpi() {}
      +
      +    /**
            * Initializes this key agreement with the given key and source of
            * randomness. The given key is required to contain all the algorithm
            * parameters required for this key agreement.
      --- old/src/java.base/share/classes/javax/crypto/KeyGeneratorSpi.java   2020-07-23 19:54:36.199597194 -0700
      +++ new/src/java.base/share/classes/javax/crypto/KeyGeneratorSpi.java   2020-07-23 19:54:35.799597194 -0700
      @@ -56,6 +56,11 @@
       public abstract class KeyGeneratorSpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public KeyGeneratorSpi() {}
      +
      +    /**
            * Initializes the key generator.
            *
            * @param random the source of randomness for this generator
      --- old/src/java.base/share/classes/javax/crypto/MacSpi.java    2020-07-23 19:54:36.915597194 -0700
      +++ new/src/java.base/share/classes/javax/crypto/MacSpi.java    2020-07-23 19:54:36.519597194 -0700
      @@ -47,6 +47,11 @@
       public abstract class MacSpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public MacSpi() {}
      +
      +    /**
            * Returns the length of the MAC in bytes.
            *
            * @return the MAC length in bytes.
      --- old/src/java.base/share/classes/javax/crypto/SecretKeyFactorySpi.java   2020-07-23 19:54:37.627597194 -0700
      +++ new/src/java.base/share/classes/javax/crypto/SecretKeyFactorySpi.java   2020-07-23 19:54:37.247597194 -0700
      @@ -54,6 +54,11 @@
       public abstract class SecretKeyFactorySpi {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public SecretKeyFactorySpi() {}
      +
      +    /**
            * Generates a <code>SecretKey</code> object from the
            * provided key specification (key material).
            *
      --- old/src/java.base/share/classes/javax/security/auth/login/ConfigurationSpi.java 2020-07-23 19:54:38.383597194 -0700
      +++ new/src/java.base/share/classes/javax/security/auth/login/ConfigurationSpi.java 2020-07-23 19:54:37.987597194 -0700
      @@ -44,6 +44,11 @@
      
       public abstract class ConfigurationSpi {
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public ConfigurationSpi() {}
      +
      +    /**
            * Retrieve the AppConfigurationEntries for the specified {@code name}.
            *
            * @param name the name used to index the Configuration.
      --- old/src/java.base/share/classes/javax/security/cert/Certificate.java    2020-07-23 19:54:39.107597194 -0700
      +++ new/src/java.base/share/classes/javax/security/cert/Certificate.java    2020-07-23 19:54:38.695597194 -0700
      @@ -66,6 +66,11 @@
       public abstract class Certificate {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public Certificate() {}
      +
      +    /**
            * Compares this certificate for equality with the specified
            * object. If the {@code other} object is an
            * {@code instanceof} {@code Certificate}, then
      --- old/src/java.base/share/classes/javax/security/cert/X509Certificate.java    2020-07-23 19:54:39.891597194 -0700
      +++ new/src/java.base/share/classes/javax/security/cert/X509Certificate.java    2020-07-23 19:54:39.455597194 -0700
      @@ -131,6 +131,11 @@
       public abstract class X509Certificate extends Certificate {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public X509Certificate() {}
      +
      +    /**
            * Constant to lookup in the Security properties file.
            * In the Security properties file the default implementation
            * for X.509 v3 is given as:
      --- old/src/java.security.jgss/share/classes/org/ietf/jgss/GSSManager.java  2020-07-23 19:54:40.639597194 -0700
      +++ new/src/java.security.jgss/share/classes/org/ietf/jgss/GSSManager.java  2020-07-23 19:54:40.215597194 -0700
      @@ -139,6 +139,11 @@
       public abstract class GSSManager {
      
           /**
      +     * Constructor for subclasses to call.
      +     */
      +    public GSSManager() {}
      +
      +    /**
            * Returns the default GSSManager implementation.
            *
            * @return a GSSManager implementation
      --- old/src/jdk.security.auth/share/classes/com/sun/security/auth/module/JndiLoginModule.java   2020-07-23 19:54:41.419597194 -0700
      +++ new/src/jdk.security.auth/share/classes/com/sun/security/auth/module/JndiLoginModule.java   2020-07-23 19:54:40.995597194 -0700
      @@ -196,6 +196,11 @@
           private static final String PWD = "javax.security.auth.login.password";
      
           /**
      +     * Creates a {@code JndiLoginModule}.
      +     */
      +    public JndiLoginModule() {}
      +
      +    /**
            * Initialize this {@code LoginModule}.
            *
            * @param subject the {@code Subject} to be authenticated.
      --- old/src/jdk.security.auth/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java   2020-07-23 19:54:42.175597194 -0700
      +++ new/src/jdk.security.auth/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java   2020-07-23 19:54:41.759597194 -0700
      @@ -162,6 +162,11 @@
           private boolean token = false;
           private boolean protectedPath = false;
      
      +    /**
      +     * Creates a {@code KeyStoreLoginModule}.
      +     */
      +    public KeyStoreLoginModule() {}
      +
           /* -- Methods -- */
      
           /**
      --- old/src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java   2020-07-23 19:54:42.951597194 -0700
      +++ new/src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java   2020-07-23 19:54:42.527597194 -0700
      @@ -420,6 +420,11 @@
           private static final String PWD = "javax.security.auth.login.password";
      
           /**
      +     * Creates a {@code Krb5LoginModule}.
      +     */
      +    public Krb5LoginModule() {}
      +
      +    /**
            * Initialize this {@code LoginModule}.
            *
            * @param subject the {@code Subject} to be authenticated.
      --- old/src/jdk.security.auth/share/classes/com/sun/security/auth/module/LdapLoginModule.java   2020-07-23 19:54:43.719597194 -0700
      +++ new/src/jdk.security.auth/share/classes/com/sun/security/auth/module/LdapLoginModule.java   2020-07-23 19:54:43.319597194 -0700
      @@ -356,6 +356,11 @@
           private SearchControls constraints = null;
      
           /**
      +     * Creates an {@code LdapLoginModule}.
      +     */
      +    public LdapLoginModule() {}
      +
      +    /**
            * Initialize this {@code LoginModule}.
            *
            * @param subject the {@code Subject} to be authenticated.
      --- old/src/jdk.security.auth/share/classes/com/sun/security/auth/module/NTLoginModule.java 2020-07-23 19:54:44.527597194 -0700
      +++ new/src/jdk.security.auth/share/classes/com/sun/security/auth/module/NTLoginModule.java 2020-07-23 19:54:44.079597194 -0700
      @@ -84,6 +84,11 @@
           private NTNumericCredential iToken;                 // impersonation token
      
           /**
      +     * Creates an {@code NTLoginModule}.
      +     */
      +    public NTLoginModule() {}
      +
      +    /**
            * Initialize this {@code LoginModule}.
            *
            * @param subject the {@code Subject} to be authenticated.
      --- old/src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixLoginModule.java   2020-07-23 19:54:45.299597194 -0700
      +++ new/src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixLoginModule.java   2020-07-23 19:54:44.875597194 -0700
      @@ -73,6 +73,11 @@
                       new LinkedList<>();
      
           /**
      +     * Creates a {@code UnixLoginModule}.
      +     */
      +    public UnixLoginModule() {}
      +
      +    /**
            * Initialize this {@code LoginModule}.
            *
            * @param subject the {@code Subject} to be authenticated.
      --- old/src/jdk.security.jgss/share/classes/com/sun/security/jgss/GSSUtil.java  2020-07-23 19:54:46.083597194 -0700
      +++ new/src/jdk.security.jgss/share/classes/com/sun/security/jgss/GSSUtil.java  2020-07-23 19:54:45.659597194 -0700
      @@ -34,6 +34,11 @@
        * implementation of Java GSS-API.
        */
       public class GSSUtil {
      +    /**
      +     * Do not call.
      +     */
      +    @Deprecated(since="16", forRemoval=true)
      +    public GSSUtil() {}
      
           /**
            * Use this method to convert a GSSName and GSSCredential into a

      Attachments

        Issue Links

          Activity

            People

              darcy Joe Darcy
              darcy Joe Darcy
              Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: