Skip to content

Commit

Permalink
Don't try to read inaccessible field before setting it accessible.
Browse files Browse the repository at this point in the history
This also attempts to make this hackery happen only once, in case
this logic is called from many places (e.g. many JRuby instances
in the same JVM).

See #4101.
headius committed Aug 29, 2016
1 parent 4c91a86 commit 0c345e1
Showing 1 changed file with 14 additions and 11 deletions.
25 changes: 14 additions & 11 deletions core/src/main/java/org/jruby/util/SecurityHelper.java
Original file line number Diff line number Diff line change
@@ -10,11 +10,13 @@
public abstract class SecurityHelper {

private static final Logger LOG = LoggerFactory.getLogger(SecurityHelper.class);
private static boolean attempted = false;

// attempt to enable unlimited-strength crypto on OracleJDK
public static void checkCryptoRestrictions(final Ruby runtime) {
if ( isOracleJRE() ) {
if ( isOracleJRE() && !attempted) {
setNonRestricted();
attempted = true;
// NOTE: this is not 'really' enough and there's more to be done :
// JceSecurity#defaultPolicy should add: javax.crypto.CryptoAllPermission
//
@@ -27,17 +29,18 @@ private static boolean setNonRestricted() {
try {
Class jceSecurity = Class.forName("javax.crypto.JceSecurity");
Field isRestricted = jceSecurity.getDeclaredField("isRestricted");
if ( Boolean.TRUE.equals(isRestricted.get(null)) ) {
if ( Modifier.isFinal(isRestricted.getModifiers()) ) {
Field modifiers = Field.class.getDeclaredField("modifiers");
modifiers.setAccessible(true);
modifiers.setInt(isRestricted, isRestricted.getModifiers() & ~Modifier.FINAL);
}
isRestricted.setAccessible(true);
isRestricted.setBoolean(null, false); // isRestricted = false;
isRestricted.setAccessible(false);
return true;

if ( Modifier.isFinal(isRestricted.getModifiers()) ) {
Field modifiers = Field.class.getDeclaredField("modifiers");
modifiers.setAccessible(true);
modifiers.setInt(isRestricted, isRestricted.getModifiers() & ~Modifier.FINAL);
}

isRestricted.setAccessible(true);
isRestricted.setBoolean(null, false); // isRestricted = false;
isRestricted.setAccessible(false);

return true;
}
catch (ClassNotFoundException e) {
LOG.info("unable un-restrict jce security: " + e);

0 comments on commit 0c345e1

Please sign in to comment.