eclipse-openj9 / openj9

Eclipse OpenJ9: A Java Virtual Machine for OpenJDK that's optimized for small footprint, fast start-up, and high throughput. Builds on Eclipse OMR (https://github.com/eclipse/omr) and combines with the Extensions for OpenJDK for OpenJ9 repo.
Other
3.28k stars 722 forks source link

Profiles name without version part but have same beginnings of the profile name will be treated as one profile but different versions #20518

Open taoliult opened 2 weeks ago

taoliult commented 2 weeks ago

If there are two profiles, example below, without the version but all are the base profile, and all as default profile.

#
# Test-Profile-SameStartWithoutVersion
# Test property - Same beginnings of the profile name without version
#
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.name = Test-Profile-SameStartWithoutVersion
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.default = true
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.fips = true
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.hash = SHA256:2c893d75043da09c3dba8d8b24cb71dc1c7ceac5fb8bf362a35847418a933a06
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.number = Certificate #XXX
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.policy = https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.desc.sunsetDate = 2026-09-21
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.fips.mode = 140-3

RestrictedSecurity.Test-Profile-SameStartWithoutVersion.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.jce.provider.3 = sun.security.ssl.SunJSSE

RestrictedSecurity.Test-Profile-SameStartWithoutVersion.securerandom.provider = OpenJCEPlusFIPS
RestrictedSecurity.Test-Profile-SameStartWithoutVersion.securerandom.algorithm = SHA512DRBG

RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.desc.name = Test-Profile-SameStartWithoutVersionPart
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.desc.default = true
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.desc.fips = true
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.desc.hash = SHA256:2c893d75043da09c3dba8d8b24cb71dc1c7ceac5fb8bf362a35847418a933a06
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.desc.number = Certificate #XXX
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.desc.policy = https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.desc.sunsetDate = 2026-09-21
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.fips.mode = 140-3

RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.jce.provider.1 = sun.security.provider.Sun
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.jce.provider.2 = com.sun.crypto.provider.SunJCE
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.jce.provider.3 = sun.security.ssl.SunJSSE

RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.securerandom.provider = OpenJCEPlusFIPS
RestrictedSecurity.Test-Profile-SameStartWithoutVersionPart.securerandom.algorithm = SHA512DRBG

When try to load one profile, for example the “RestrictedSecurity.Test-Profile-PolicySunset” profile in method “private static void getProfileID(Properties props)”. It will go into the “without version part” codes. And in that part of codes, we used the “key.startsWith(potentialProfileID)”, the “startsWith” check. So, the profile “RestrictedSecurity.Test-Profile-PolicySunset” and “RestrictedSecurity.Test-Profile-PolicySunsetFormat” will be treated as one profile but different versions. And due to both of them set as default profile, then the multiple default error will happen.

taoliult commented 2 weeks ago

Working on it and will create the PR shortly.

github-actions[bot] commented 2 weeks ago

Issue Number: 20518 Status: Open Recommended Components: comp:test, comp:vm, comp:build Recommended Assignees: hangshao0, pshipton, adambrousseau

keithc-ca commented 2 weeks ago

The tests proposed in https://github.com/ibmruntimes/openj9-openjdk-jdk/pull/871 should be augmented to verify this situation is handled properly.