changeset 41471:18c0f074ed97

8165275: Replace the reflective call to the implUpdate method in HandshakeMessage::digestKey Summary: Replaced the reflection calls with the new sun.security.util.MessageDigestSpi2 interface Reviewed-by: xuelei, mchung
author valeriep
date Tue, 11 Oct 2016 00:04:35 +0000
parents 0875007901f7
children ca054ba21d38
files jdk/src/java.base/share/classes/java/security/MessageDigest.java jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java jdk/src/java.base/share/classes/sun/security/util/MessageDigestSpi2.java jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11Digest.java
diffstat 4 files changed, 71 insertions(+), 60 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/src/java.base/share/classes/java/security/MessageDigest.java	Wed Jul 05 22:19:47 2017 +0200
+++ b/jdk/src/java.base/share/classes/java/security/MessageDigest.java	Tue Oct 11 00:04:35 2016 +0000
@@ -32,10 +32,13 @@
 import java.io.PrintStream;
 import java.io.InputStream;
 import java.io.ByteArrayInputStream;
-
+import java.security.InvalidKeyException;
 import java.nio.ByteBuffer;
 
 import sun.security.util.Debug;
+import sun.security.util.MessageDigestSpi2;
+
+import javax.crypto.SecretKey;
 
 /**
  * This MessageDigest class provides applications the functionality of a
@@ -548,7 +551,7 @@
      * and its original parent (Object).
      */
 
-    static class Delegate extends MessageDigest {
+    static class Delegate extends MessageDigest implements MessageDigestSpi2 {
 
         // The provider implementation (delegate)
         private MessageDigestSpi digestSpi;
@@ -601,6 +604,14 @@
             digestSpi.engineUpdate(input);
         }
 
+        public void engineUpdate(SecretKey key) throws InvalidKeyException {
+            if (digestSpi instanceof MessageDigestSpi2) {
+                ((MessageDigestSpi2)digestSpi).engineUpdate(key);
+            } else {
+                throw new UnsupportedOperationException
+                ("Digest does not support update of SecretKey object");
+            }
+        }
         protected byte[] engineDigest() {
             return digestSpi.engineDigest();
         }
--- a/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java	Wed Jul 05 22:19:47 2017 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java	Tue Oct 11 00:04:35 2016 +0000
@@ -49,6 +49,7 @@
 import sun.security.ssl.CipherSuite.*;
 import static sun.security.ssl.CipherSuite.PRF.*;
 import sun.security.util.KeyUtil;
+import sun.security.util.MessageDigestSpi2;
 import sun.security.provider.certpath.OCSPResponse;
 
 /**
@@ -2124,63 +2125,14 @@
         md.update(temp);
     }
 
-    private static final Class<?> delegate;
-    private static final Field spiField;
-
-    static {
-        try {
-            delegate = Class.forName("java.security.MessageDigest$Delegate");
-            spiField = delegate.getDeclaredField("digestSpi");
-        } catch (Exception e) {
-            throw new RuntimeException("Reflection failed", e);
-        }
-        makeAccessible(spiField);
-    }
-
-    private static void makeAccessible(final AccessibleObject o) {
-        AccessController.doPrivileged(new PrivilegedAction<Object>() {
-            @Override
-            public Object run() {
-                o.setAccessible(true);
-                return null;
-            }
-        });
-    }
-
-    // ConcurrentHashMap does not allow null values, use this marker object
-    private static final Object NULL_OBJECT = new Object();
-
-    // cache Method objects per Spi class
-    // Note that this will prevent the Spi classes from being GC'd. We assume
-    // that is not a problem.
-    private static final Map<Class<?>,Object> methodCache =
-                                        new ConcurrentHashMap<>();
-
     private static void digestKey(MessageDigest md, SecretKey key) {
         try {
-            // Verify that md is implemented via MessageDigestSpi, not
-            // via JDK 1.1 style MessageDigest subclassing.
-            if (md.getClass() != delegate) {
-                throw new Exception("Digest is not a MessageDigestSpi");
-            }
-            MessageDigestSpi spi = (MessageDigestSpi)spiField.get(md);
-            Class<?> clazz = spi.getClass();
-            Object r = methodCache.get(clazz);
-            if (r == null) {
-                try {
-                    r = clazz.getDeclaredMethod("implUpdate", SecretKey.class);
-                    makeAccessible((Method)r);
-                } catch (NoSuchMethodException e) {
-                    r = NULL_OBJECT;
-                }
-                methodCache.put(clazz, r);
-            }
-            if (r == NULL_OBJECT) {
+            if (md instanceof MessageDigestSpi2) {
+                ((MessageDigestSpi2)md).engineUpdate(key);
+            } else {
                 throw new Exception(
                     "Digest does not support implUpdate(SecretKey)");
             }
-            Method update = (Method)r;
-            update.invoke(spi, key);
         } catch (Exception e) {
             throw new RuntimeException(
                 "Could not obtain encoded key and "
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/util/MessageDigestSpi2.java	Tue Oct 11 00:04:35 2016 +0000
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.security.InvalidKeyException;
+import javax.crypto.SecretKey;
+
+/**
+ * Special interface for additional MessageDigestSpi method(s).
+ */
+public interface MessageDigestSpi2 {
+
+    /**
+     * Updates the digest using the specified key.
+     * This is used for SSL 3.0 only, we may deprecate and remove the support
+     * of this in the future
+     *
+     * @param key  the key whose value is to be digested.
+     */
+    void engineUpdate(SecretKey key) throws InvalidKeyException;
+}
--- a/jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11Digest.java	Wed Jul 05 22:19:47 2017 +0200
+++ b/jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11Digest.java	Tue Oct 11 00:04:35 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,8 @@
 
 import sun.nio.ch.DirectBuffer;
 
+import sun.security.util.MessageDigestSpi2;
+
 import sun.security.pkcs11.wrapper.*;
 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
 
@@ -49,7 +51,8 @@
  * @author  Andreas Sterbenz
  * @since   1.5
  */
-final class P11Digest extends MessageDigestSpi implements Cloneable {
+final class P11Digest extends MessageDigestSpi implements Cloneable,
+    MessageDigestSpi2 {
 
     /* fields initialized, no session acquired */
     private final static int S_BLANK    = 1;
@@ -233,10 +236,11 @@
     }
 
     // Called by SunJSSE via reflection during the SSL 3.0 handshake if
-    // the master secret is sensitive. We may want to consider making this
-    // method public in a future release.
-    protected void implUpdate(SecretKey key) throws InvalidKeyException {
-
+    // the master secret is sensitive.
+    // Note: Change to protected after this method is moved from
+    // sun.security.util.MessageSpi2 interface to
+    // java.security.MessageDigestSpi class
+    public void engineUpdate(SecretKey key) throws InvalidKeyException {
         // SunJSSE calls this method only if the key does not have a RAW
         // encoding, i.e. if it is sensitive. Therefore, no point in calling
         // SecretKeyFactory to try to convert it. Just verify it ourselves.