packages/openjdk-11
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openjdk-11/8268427-Improve-AlgorithmConstraints-checkAlgorithm-.patch

243 lines
10 KiB
Diff
Raw Normal View History

I4AKKS: New features of Bisheng JDK 11.0.12
2021-09-17 18:51:45 +08:00
From e3d9485d01941cfbbe01dc8dcea7b913c2e8469d Mon Sep 17 00:00:00 2001
From: chenshanyao <chenshanyao@huawei.com>
Date: Tue, 14 Sep 2021 11:43:18 +0800
Subject: [PATCH 8/8] 8268427: Improve AlgorithmConstraints:checkAlgorithm
performance
Summary: <java> : performance
LLT: jdk_security
Patch Type: backport
Bug url: https://bugs.openjdk.java.net/browse/JDK-8268427
---
.../util/AbstractAlgorithmConstraints.java | 39 +++++------
.../util/DisabledAlgorithmConstraints.java | 28 ++++----
.../util/LegacyAlgorithmConstraints.java | 2 +-
.../security/AlgorithmConstraintsPermits.java | 66 +++++++++++++++++++
4 files changed, 95 insertions(+), 40 deletions(-)
create mode 100644 test/micro/org/openjdk/bench/java/security/AlgorithmConstraintsPermits.java
diff --git a/src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java b/src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
index 8d8c5d6fe..3f5678950 100644
--- a/src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
+++ b/src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
@@ -32,6 +32,7 @@ import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
+import java.util.TreeSet;
import java.util.List;
import java.util.Set;
@@ -48,7 +49,7 @@ public abstract class AbstractAlgorithmConstraints
}
// Get algorithm constraints from the specified security property.
- static List<String> getAlgorithms(String propertyName) {
+ static Set<String> getAlgorithms(String propertyName) {
String property = AccessController.doPrivileged(
new PrivilegedAction<String>() {
@Override
@@ -72,38 +73,30 @@ public abstract class AbstractAlgorithmConstraints
// map the disabled algorithms
if (algorithmsInProperty == null) {
- return Collections.emptyList();
+ return Collections.emptySet();
}
- return new ArrayList<>(Arrays.asList(algorithmsInProperty));
+ Set<String> algorithmsInPropertySet = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
+ algorithmsInPropertySet.addAll(Arrays.asList(algorithmsInProperty));
+ return algorithmsInPropertySet;
}
- static boolean checkAlgorithm(List<String> algorithms, String algorithm,
+ static boolean checkAlgorithm(Set<String> algorithms, String algorithm,
AlgorithmDecomposer decomposer) {
if (algorithm == null || algorithm.isEmpty()) {
throw new IllegalArgumentException("No algorithm name specified");
}
- Set<String> elements = null;
- for (String item : algorithms) {
- if (item == null || item.isEmpty()) {
- continue;
- }
-
- // check the full name
- if (item.equalsIgnoreCase(algorithm)) {
- return false;
- }
+ if (algorithms.contains(algorithm)) {
+ return false;
+ }
- // decompose the algorithm into sub-elements
- if (elements == null) {
- elements = decomposer.decompose(algorithm);
- }
+ // decompose the algorithm into sub-elements
+ Set<String> elements = decomposer.decompose(algorithm);
- // check the items of the algorithm
- for (String element : elements) {
- if (item.equalsIgnoreCase(element)) {
- return false;
- }
+ // check the element of the elements
+ for (String element : elements) {
+ if (algorithms.contains(element)) {
+ return false;
}
}
diff --git a/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java b/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
index 3ee431e62..efc6d339f 100644
--- a/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
+++ b/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
@@ -85,6 +85,9 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
private static final String PROPERTY_DISABLED_EC_CURVES =
"jdk.disabled.namedCurves";
+ private static final Pattern INCLUDE_PATTERN = Pattern.compile("include " +
+ PROPERTY_DISABLED_EC_CURVES, Pattern.CASE_INSENSITIVE);
+
private static class CertPathHolder {
static final DisabledAlgorithmConstraints CONSTRAINTS =
new DisabledAlgorithmConstraints(PROPERTY_CERTPATH_DISABLED_ALGS);
@@ -95,7 +98,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
new DisabledAlgorithmConstraints(PROPERTY_JAR_DISABLED_ALGS);
}
- private final List<String> disabledAlgorithms;
+ private final Set<String> disabledAlgorithms;
private final Constraints algorithmConstraints;
public static DisabledAlgorithmConstraints certPathConstraints() {
@@ -130,21 +133,14 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
disabledAlgorithms = getAlgorithms(propertyName);
// Check for alias
- int ecindex = -1, i = 0;
for (String s : disabledAlgorithms) {
- if (s.regionMatches(true, 0,"include ", 0, 8)) {
- if (s.regionMatches(true, 8, PROPERTY_DISABLED_EC_CURVES, 0,
- PROPERTY_DISABLED_EC_CURVES.length())) {
- ecindex = i;
- break;
- }
+ Matcher matcher = INCLUDE_PATTERN.matcher(s);
+ if (matcher.matches()) {
+ disabledAlgorithms.remove(matcher.group());
+ disabledAlgorithms.addAll(
+ getAlgorithms(PROPERTY_DISABLED_EC_CURVES));
+ break;
}
- i++;
- }
- if (ecindex > -1) {
- disabledAlgorithms.remove(ecindex);
- disabledAlgorithms.addAll(ecindex,
- getAlgorithms(PROPERTY_DISABLED_EC_CURVES));
}
algorithmConstraints = new Constraints(propertyName, disabledAlgorithms);
}
@@ -323,8 +319,8 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
"denyAfter\\s+(\\d{4})-(\\d{2})-(\\d{2})");
}
- public Constraints(String propertyName, List<String> constraintArray) {
- for (String constraintEntry : constraintArray) {
+ public Constraints(String propertyName, Set<String> constraintSet) {
+ for (String constraintEntry : constraintSet) {
if (constraintEntry == null || constraintEntry.isEmpty()) {
continue;
}
diff --git a/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java b/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
index e4e5cedc1..550173080 100644
--- a/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
+++ b/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
@@ -40,7 +40,7 @@ public class LegacyAlgorithmConstraints extends AbstractAlgorithmConstraints {
public static final String PROPERTY_TLS_LEGACY_ALGS =
"jdk.tls.legacyAlgorithms";
- private final List<String> legacyAlgorithms;
+ private final Set<String> legacyAlgorithms;
public LegacyAlgorithmConstraints(String propertyName,
AlgorithmDecomposer decomposer) {
diff --git a/test/micro/org/openjdk/bench/java/security/AlgorithmConstraintsPermits.java b/test/micro/org/openjdk/bench/java/security/AlgorithmConstraintsPermits.java
new file mode 100644
index 000000000..3cb9567b9
--- /dev/null
+++ b/test/micro/org/openjdk/bench/java/security/AlgorithmConstraintsPermits.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package org.openjdk.bench.java.security;
+
+import org.openjdk.jmh.annotations.Benchmark;
+import org.openjdk.jmh.annotations.BenchmarkMode;
+import org.openjdk.jmh.annotations.Fork;
+import org.openjdk.jmh.annotations.Mode;
+import org.openjdk.jmh.annotations.OutputTimeUnit;
+import org.openjdk.jmh.annotations.Param;
+import org.openjdk.jmh.annotations.Scope;
+import org.openjdk.jmh.annotations.Setup;
+import org.openjdk.jmh.annotations.State;
+import sun.security.util.DisabledAlgorithmConstraints;
+
+import java.security.AlgorithmConstraints;
+import java.security.CryptoPrimitive;
+import java.util.concurrent.TimeUnit;
+import java.util.EnumSet;
+import java.util.Set;
+
+import static sun.security.util.DisabledAlgorithmConstraints.PROPERTY_TLS_DISABLED_ALGS;
+
+@BenchmarkMode(Mode.AverageTime)
+@OutputTimeUnit(TimeUnit.NANOSECONDS)
+@Fork(jvmArgsAppend = {"--add-exports", "java.base/sun.security.util=ALL-UNNAMED"})
+@State(Scope.Thread)
+public class AlgorithmConstraintsPermits {
+
+ AlgorithmConstraints tlsDisabledAlgConstraints;
+ Set<CryptoPrimitive> primitives = EnumSet.of(CryptoPrimitive.KEY_AGREEMENT);
+
+ @Param({"SSLv3", "DES", "NULL", "TLS1.3"})
+ String algorithm;
+
+ @Setup
+ public void setup() {
+ tlsDisabledAlgConstraints = new DisabledAlgorithmConstraints(PROPERTY_TLS_DISABLED_ALGS);
+ }
+
+ @Benchmark
+ public boolean permits() {
+ return tlsDisabledAlgConstraints.permits(primitives, algorithm, null);
+ }
+}
+
--
2.22.0
Reference in New Issue Copy Permalink