[refactor] drop security restriction JCE work-around

kares · kares · commit 56f887f97b65 · 2024-04-22T08:38:20.000+02:00
diff --git a/src/main/java/org/jruby/ext/openssl/OpenSSL.java b/src/main/java/org/jruby/ext/openssl/OpenSSL.java
@@ -30,6 +30,7 @@
 import org.jruby.*;
 import org.jruby.anno.JRubyMethod;
 import org.jruby.anno.JRubyModule;
+import org.jruby.common.IRubyWarnings;
 import org.jruby.runtime.ThreadContext;
 import org.jruby.runtime.Visibility;
 import org.jruby.runtime.builtin.IRubyObject;
@@ -194,18 +195,14 @@ public static IRubyObject set_fips_mode(ThreadContext context, IRubyObject self,
     // internal (package-level) helpers :
 
     /**
-     * PRIMARILY MEANT FOR TESTING ONLY, USAGE IS DISCOURAGED!
-     * @see org.jruby.ext.openssl.util.CryptoSecurity
+     * @deprecated
      */
     @JRubyMethod(name = "_disable_security_restrictions!", visibility = Visibility.PRIVATE, meta = true)
     public static IRubyObject _disable_security_restrictions(ThreadContext context, IRubyObject self) {
-        Boolean unrestrict = org.jruby.ext.openssl.util.CryptoSecurity.unrestrictSecurity();
-        Boolean allPerm = org.jruby.ext.openssl.util.CryptoSecurity.setAllPermissionPolicy();
-        if ( unrestrict == null || allPerm == null ) return context.nil;
-        return context.runtime.newBoolean( unrestrict && allPerm );
+        warnDeprecated(context, "OpenSSL._disable_security_restrictions! is deprecated for removal");
+        return context.nil;
     }
 
-
     private static boolean debug;
 
     // on by default, warnings can be disabled using -Djruby.openssl.warn=false
@@ -251,7 +248,6 @@ public static void debugStackTrace(final Ruby runtime, final CharSequence msg, f
             }
         }
     }
-
     static void warn(final ThreadContext context, final CharSequence msg) {
         if ( warn ) warn(context, RubyString.newString(context.runtime, msg));
     }
@@ -264,6 +260,12 @@ static void warn(final ThreadContext context, final IRubyObject msg) {
         if ( warn ) context.runtime.getModule("OpenSSL").callMethod(context, "warn", msg);
     }
 
+    public static void warnDeprecated(final ThreadContext context, final CharSequence msg) {
+        if ( warn ) {
+            context.runtime.getWarnings().warn(IRubyWarnings.ID.DEPRECATED_METHOD, msg.toString());
+        }
+    }
+
     private static String javaVersion(final String def, final int len) {
         String javaVersion = SafePropertyAccessor.getProperty("java.version", def);
         if ( "0".equals(javaVersion) ) javaVersion = "1.7.0"; // Android
diff --git a/src/main/java/org/jruby/ext/openssl/util/CryptoSecurity.java b/src/main/java/org/jruby/ext/openssl/util/CryptoSecurity.java
diff --git a/src/test/ruby/dsa/test_dsa.rb b/src/test/ruby/dsa/test_dsa.rb
@@ -5,8 +5,6 @@ class TestDSA < TestCase
 
   def setup
     super
-    self.class.disable_security_restrictions!
-    require 'base64'
   end
 
   def test_dsa_param_accessors
diff --git a/src/test/ruby/ec/test_ec.rb b/src/test/ruby/ec/test_ec.rb
@@ -250,7 +250,6 @@ def convert16bit(key)
 
   def setup
     super
-    self.class.disable_security_restrictions!
 
     @groups = []; @keys = []
 
diff --git a/src/test/ruby/oaep/test_oaep.rb b/src/test/ruby/oaep/test_oaep.rb
@@ -5,7 +5,7 @@ class TestOaep < TestCase
 
   def setup
     super
-    self.class.disable_security_restrictions!
+
     require 'base64'
   end
 
diff --git a/src/test/ruby/rsa/test_rsa.rb b/src/test/ruby/rsa/test_rsa.rb
@@ -5,7 +5,7 @@ class TestRSA < TestCase
 
   def setup
     super
-    self.class.disable_security_restrictions!
+
     require 'base64'
   end
 
diff --git a/src/test/ruby/ssl/test_context.rb b/src/test/ruby/ssl/test_context.rb
@@ -110,8 +110,6 @@ def test_context_minmax_version
   end if RUBY_VERSION > '2.3'
 
   def test_context_ciphers
-    self.class.disable_security_restrictions
-
     context = OpenSSL::SSL::SSLContext.new
     context.ciphers = "ALL"
 
diff --git a/src/test/ruby/test_cipher.rb b/src/test/ruby/test_cipher.rb
@@ -3,11 +3,6 @@
 
 class TestCipher < TestCase
 
-  def setup
-    super
-    self.class.disable_security_restrictions!
-  end
-
   def test_cipher_new
     OpenSSL::Cipher.new 'AES-256-CBC'
     # NOTE: MRI 1.9.3 raises RuntimeError :
diff --git a/src/test/ruby/test_helper.rb b/src/test/ruby/test_helper.rb
@@ -101,26 +101,6 @@ def assert_not_same(expected, actual)
     end
   end
 
-  def self.disable_security_restrictions!; end # do nothing on MRI
-
-  @@security_restrictions = ''
-
-  def self.disable_security_restrictions!
-    debug = OpenSSL.debug
-    begin
-      OpenSSL.debug = true
-      #org.jruby.ext.openssl.util.CryptoSecurity.unrestrictSecurity
-      #org.jruby.ext.openssl.util.CryptoSecurity.setAllPermissionPolicy
-      @@security_restrictions = OpenSSL.send :_disable_security_restrictions!
-    ensure
-      OpenSSL.debug = debug
-    end
-  end if defined? JRUBY_VERSION
-
-  def self.disable_security_restrictions
-    disable_security_restrictions! if @@security_restrictions.eql?('')
-  end
-
   def self.java8?; java_version.last.to_i == 8 end
 
   def self.java_version
