Skip to content

Commit

Permalink
8254711: Add java.security.Provider.getService JFR Event
Browse files Browse the repository at this point in the history
8294673: JFR: Add SecurityProviderService#threshold to TestActiveSettingEvent.java

Reviewed-by: mbaesken
Backport-of: bc2af47e1e4e6e96020e03a60ce098ddd17f63ba
  • Loading branch information
GoeLin committed Oct 25, 2023
1 parent 129e856 commit 2835c6a
Showing 10 changed files with 286 additions and 9 deletions.
29 changes: 20 additions & 9 deletions src/java.base/share/classes/java/security/Provider.java
Original file line number Diff line number Diff line change
@@ -25,6 +25,8 @@

package java.security;

import jdk.internal.event.SecurityProviderServiceEvent;

import java.io.*;
import java.util.*;
import static java.util.Locale.ENGLISH;
@@ -1278,19 +1280,28 @@ public Service getService(String type, String algorithm) {
key = new ServiceKey(type, algorithm, false);
previousKey = key;
}
Service s = null;
if (!serviceMap.isEmpty()) {
Service s = serviceMap.get(key);
if (s != null) {
return s;
}
s = serviceMap.get(key);
}
synchronized (this) {
ensureLegacyParsed();
if (legacyMap != null && !legacyMap.isEmpty()) {
return legacyMap.get(key);
if (s == null) {
synchronized (this) {
ensureLegacyParsed();
if (legacyMap != null && !legacyMap.isEmpty()) {
s = legacyMap.get(key);
}
}
}
return null;

if (s != null && SecurityProviderServiceEvent.isTurnedOn()) {
var e = new SecurityProviderServiceEvent();
e.provider = getName();
e.type = type;
e.algorithm = algorithm;
e.commit();
}

return s;
}

// ServiceKey from previous getService() call
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

package jdk.internal.event;

/**
* Event recording details of Provider.getService(String type, String algorithm) calls
*/

public final class SecurityProviderServiceEvent extends Event {
private final static SecurityProviderServiceEvent EVENT = new SecurityProviderServiceEvent();

/**
* Returns {@code true} if event is enabled, {@code false} otherwise.
*/
public static boolean isTurnedOn() {
return EVENT.isEnabled();
}

public String type;
public String algorithm;
public String provider;
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

package jdk.jfr.events;

import jdk.jfr.Category;
import jdk.jfr.Description;
import jdk.jfr.Label;
import jdk.jfr.Name;
import jdk.jfr.internal.MirrorEvent;

@Category({"Java Development Kit", "Security"})
@Label("Security Provider Instance Request")
@Name("jdk.SecurityProviderService")
@Description("Details of Provider.getInstance(String type, String algorithm) calls")
@MirrorEvent(className = "jdk.internal.event.SecurityProviderServiceEvent")
public final class SecurityProviderServiceEvent extends AbstractJDKEvent {
@Label("Type of Service")
public String type;

@Label("Algorithm Name")
public String algorithm;

@Label("Security Provider")
public String provider;
}
Original file line number Diff line number Diff line change
@@ -39,6 +39,7 @@
import jdk.jfr.events.FileWriteEvent;
import jdk.jfr.events.DeserializationEvent;
import jdk.jfr.events.SecurityPropertyModificationEvent;
import jdk.jfr.events.SecurityProviderServiceEvent;
import jdk.jfr.events.SocketReadEvent;
import jdk.jfr.events.SocketWriteEvent;
import jdk.jfr.events.TLSHandshakeEvent;
@@ -57,6 +58,7 @@ public final class JDKEvents {
private static final Class<?>[] mirrorEventClasses = {
DeserializationEvent.class,
SecurityPropertyModificationEvent.class,
SecurityProviderServiceEvent.class,
TLSHandshakeEvent.class,
X509CertificateEvent.class,
X509ValidationEvent.class
@@ -75,6 +77,7 @@ public final class JDKEvents {
ActiveRecordingEvent.class,
jdk.internal.event.DeserializationEvent.class,
jdk.internal.event.SecurityPropertyModificationEvent.class,
jdk.internal.event.SecurityProviderServiceEvent.class,
jdk.internal.event.TLSHandshakeEvent.class,
jdk.internal.event.X509CertificateEvent.class,
jdk.internal.event.X509ValidationEvent.class
5 changes: 5 additions & 0 deletions src/jdk.jfr/share/conf/jfr/default.jfc
Original file line number Diff line number Diff line change
@@ -613,6 +613,11 @@
<setting name="stackTrace">true</setting>
</event>

<event name="jdk.SecurityProviderService">
<setting name="enabled">false</setting>
<setting name="stackTrace">true</setting>
</event>

<event name="jdk.TLSHandshake">
<setting name="enabled">false</setting>
<setting name="stackTrace">true</setting>
5 changes: 5 additions & 0 deletions src/jdk.jfr/share/conf/jfr/profile.jfc
Original file line number Diff line number Diff line change
@@ -613,6 +613,11 @@
<setting name="stackTrace">true</setting>
</event>

<event name="jdk.SecurityProviderService">
<setting name="enabled">false</setting>
<setting name="stackTrace">true</setting>
</event>

<event name="jdk.TLSHandshake">
<setting name="enabled">false</setting>
<setting name="stackTrace">true</setting>
Original file line number Diff line number Diff line change
@@ -174,6 +174,7 @@ private static Document createDocument(String content) throws ParserConfiguratio
insertSetting(doc, EventNames.JavaExceptionThrow, "threshold", "0 ns");
insertSetting(doc, EventNames.JavaErrorThrow, "threshold", "0 ns");
insertSetting(doc, EventNames.SecurityProperty, "threshold", "0 ns");
insertSetting(doc, EventNames.SecurityProviderService, "threshold", "0 ns");
insertSetting(doc, EventNames.TLSHandshake, "threshold", "0 ns");
insertSetting(doc, EventNames.X509Certificate, "threshold", "0 ns");
insertSetting(doc, EventNames.X509Validation, "threshold", "0 ns");
1 change: 1 addition & 0 deletions test/jdk/jdk/jfr/event/runtime/TestActiveSettingEvent.java
Original file line number Diff line number Diff line change
@@ -206,6 +206,7 @@ private static void testSettingConfiguration(String configurationName) throws Ex
settingValues.put(EventNames.X509Certificate + "#threshold", "0 ns");
settingValues.put(EventNames.X509Validation + "#threshold", "0 ns");
settingValues.put(EventNames.Deserialization + "#threshold", "0 ns");
settingValues.put(EventNames.SecurityProviderService + "#threshold", "0 ns");

try (Recording recording = new Recording(c)) {
Map<Long, EventType> eventTypes = new HashMap<>();
157 changes: 157 additions & 0 deletions test/jdk/jdk/jfr/event/security/TestSecurityProviderServiceEvent.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

package jdk.jfr.event.security;

import java.security.*;
import java.security.cert.CertPathBuilder;
import java.util.Collections;
import java.util.List;
import java.util.function.*;

import jdk.jfr.Recording;
import jdk.jfr.consumer.RecordedEvent;
import jdk.test.lib.Asserts;
import jdk.test.lib.jfr.Events;
import jdk.test.lib.jfr.EventNames;

import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;

/*
* @test
* @bug 8254711
* @summary Add JFR events for security crypto algorithms
* @key jfr
* @requires vm.hasJFR
* @library /test/lib
* @modules jdk.jfr/jdk.jfr.events
* @run main/othervm jdk.jfr.event.security.TestSecurityProviderServiceEvent
*/
public class TestSecurityProviderServiceEvent {

public static void main(String[] args) throws Exception {
testAlg(cipherFunc, "AES", "SunJCE",
"SunEC", "Cipher", 1, Collections.emptyList());
testAlg(signatureFunc, "SHA256withRSA", "SunRsaSign",
"SunEC", "Signature", 2, List.of("MessageDigest"));
testAlg(messageDigestFunc, "SHA-512", "SUN",
"SunEC", "MessageDigest", 1, Collections.emptyList());
testAlg(keystoreFunc, "PKCS12", "SUN",
"SunEC", "KeyStore", 1, Collections.emptyList());
testAlg(certPathBuilderFunc, "PKIX", "SUN",
"SunEC", "CertPathBuilder", 2, List.of("CertificateFactory"));
}

private static void testAlg(BiFunction<String, String, Provider> bif, String alg,
String workingProv, String brokenProv, String algType,
int expected, List<String> other) throws Exception {
// bootstrap security Provider services
Provider p = bif.apply(alg, workingProv);

try (Recording recording = new Recording()) {
recording.enable(EventNames.SecurityProviderService);
recording.start();
p = bif.apply(alg, workingProv);
bif.apply(alg, brokenProv);
recording.stop();
List<RecordedEvent> events = Events.fromRecording(recording);
Asserts.assertEquals(events.size(), expected, "Incorrect number of events");
assertEvent(events, algType, alg, p.getName(), other);
}
}

private static BiFunction<String, String, Provider> cipherFunc = (s1, p1 ) -> {
Cipher c;
try {
c = Cipher.getInstance(s1, p1);
return c.getProvider();
} catch (NoSuchAlgorithmException | NoSuchPaddingException | NoSuchProviderException e) {
// expected
}
return null;
};

private static BiFunction<String, String, Provider> signatureFunc = (s1, p1 ) -> {
Signature s;
try {
s = Signature.getInstance(s1, p1);
return s.getProvider();
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
// expected
}
return null;
};

private static BiFunction<String, String, Provider> messageDigestFunc = (s1, p1 ) -> {
MessageDigest md;
try {
md = MessageDigest.getInstance(s1, p1);
return md.getProvider();
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
// expected
}
return null;
};

private static BiFunction<String, String, Provider> keystoreFunc = (s1, p1 ) -> {
KeyStore ks;
try {
ks = KeyStore.getInstance(s1, p1);
return ks.getProvider();
} catch (NoSuchProviderException | KeyStoreException e) {
// expected
}
return null;
};

private static BiFunction<String, String, Provider> certPathBuilderFunc = (s1, p1 ) -> {
CertPathBuilder cps;
try {
cps = CertPathBuilder.getInstance(s1, p1);
return cps.getProvider();
} catch (NoSuchProviderException | NoSuchAlgorithmException e) {
// expected
}
return null;
};

private static void assertEvent(List<RecordedEvent> events, String type,
String alg, String workingProv, List<String> other) {
boolean secondaryEventOK = other.isEmpty() ? true : false;
for (RecordedEvent e : events) {
if (other.contains(e.getValue("type"))) {
// secondary operation in service stack while constructing this request
secondaryEventOK = true;
continue;
}
Events.assertField(e, "provider").equal(workingProv);
Events.assertField(e, "type").equal(type);
Events.assertField(e, "algorithm").equal(alg);
}
if (!secondaryEventOK) {
throw new RuntimeException("Secondary events missing");
}

}
}
1 change: 1 addition & 0 deletions test/lib/jdk/test/lib/jfr/EventNames.java
Original file line number Diff line number Diff line change
@@ -175,6 +175,7 @@ public class EventNames {
public final static String X509Certificate = PREFIX + "X509Certificate";
public final static String X509Validation = PREFIX + "X509Validation";
public final static String SecurityProperty = PREFIX + "SecurityPropertyModification";
public final static String SecurityProviderService = PREFIX + "SecurityProviderService";
public final static String Deserialization = PREFIX + "Deserialization";

// Flight Recorder

1 comment on commit 2835c6a

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.