search

eclipse-openj9 / openj9

Eclipse OpenJ9: A Java Virtual Machine for OpenJDK that's optimized for small footprint, fast start-up, and high throughput. Builds on Eclipse OMR (https://github.com/eclipse/omr) and combines with the Extensions for OpenJDK for OpenJ9 repo.
Other
3.28k stars 720 forks source link

Profiles name without version part but have same beginnings of the profile name will be treated as one profile but different versions #20518

Open taoliult opened 5 hours ago

taoliult commented 5 hours ago

If there are two profiles, example below, without the version but all are the base profile, and all as default profile.

#
# Test-Profile-PolicySunset
# Test property - policy sunset
#
RestrictedSecurity.Test-Profile-PolicySunset.desc.name = Test-Profile-PolicySunset
RestrictedSecurity.Test-Profile-PolicySunset.desc.default = true
RestrictedSecurity.Test-Profile-PolicySunset.desc.fips = true
RestrictedSecurity.Test-Profile-PolicySunset.desc.hash = SHA256:e71c49d65fd291efe75993ccbe6999e6cfb26bf9ef3e8424cb086c7e2a225ce6
RestrictedSecurity.Test-Profile-PolicySunset.desc.number = Certificate #XXX
RestrictedSecurity.Test-Profile-PolicySunset.desc.policy = https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/
RestrictedSecurity.Test-Profile-PolicySunset.desc.sunsetDate = 2023-09-21
RestrictedSecurity.Test-Profile-PolicySunset.fips.mode = 140-3

RestrictedSecurity.Test-Profile-PolicySunset.jce.provider.1 = com.ibm.crypto.plus.provider.OpenJCEPlusFIPS

RestrictedSecurity.Test-Profile-PolicySunset.securerandom.provider = OpenJCEPlusFIPS
RestrictedSecurity.Test-Profile-PolicySunset.securerandom.algorithm = SHA512DRBG

#
# Test-Profile-PolicySunsetFormat
# Test property - policy sunset format
#
RestrictedSecurity.Test-Profile-PolicySunsetFormat.desc.name = Test-Profile-PolicySunsetFormat
RestrictedSecurity.Test-Profile-PolicySunsetFormat.desc.default = true
RestrictedSecurity.Test-Profile-PolicySunsetFormat.desc.fips = true
RestrictedSecurity.Test-Profile-PolicySunsetFormat.desc.hash = SHA256:e71c49d65fd291efe75993ccbe6999e6cfb26bf9ef3e8424cb086c7e2a225ce6
RestrictedSecurity.Test-Profile-PolicySunsetFormat.desc.number = Certificate #XXX
RestrictedSecurity.Test-Profile-PolicySunsetFormat.desc.policy = https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/
RestrictedSecurity.Test-Profile-PolicySunsetFormat.desc.sunsetDate = 09-21-2024
RestrictedSecurity.Test-Profile-PolicySunsetFormat.fips.mode = 140-3

RestrictedSecurity.Test-Profile-PolicySunsetFormat.jce.provider.1 = com.ibm.crypto.plus.provider.OpenJCEPlusFIPS

RestrictedSecurity.Test-Profile-PolicySunsetFormat.securerandom.provider = OpenJCEPlusFIPS
RestrictedSecurity.Test-Profile-PolicySunsetFormat.securerandom.algorithm = SHA512DRBG

When try to load one profile, for example the “RestrictedSecurity.Test-Profile-PolicySunset” profile in method “private static void getProfileID(Properties props)”. It will go into the “without version part” codes. And in that part of codes, we used the “key.startsWith(potentialProfileID)”, the “startsWith” check. So, the profile “RestrictedSecurity.Test-Profile-PolicySunset” and “RestrictedSecurity.Test-Profile-PolicySunsetFormat” will be treated as one profile but different versions. And due to both of them set as default profile, then the multiple default error will happen.

taoliult commented 5 hours ago

Working on it and will create the PR shortly.

github-actions[bot] commented 5 hours ago

Issue Number: 20518 Status: Open Recommended Components: comp:test, comp:vm, comp:build Recommended Assignees: hangshao0, pshipton, adambrousseau