[Jython-checkins] jython: Treat illegal reflective access in test_java_visibility.

jeff.allen jython-checkins at python.org
Tue Oct 23 03:05:16 EDT 2018 

https://hg.python.org/jython/rev/677009e86ce2
changeset:   8188:677009e86ce2
user:        Jeff Allen <ja.py at farowl.co.uk>
date:        Sun Oct 21 14:04:07 2018 +0100
summary:
  Treat illegal reflective access in test_java_visibility.

The test is testing python.security.respectJavaAccessibility=false, but from
Java 9 the JVM produces ugly warnings about the access that follows. These are
suppressed in the test by appropriate --add-opens options.

Since --add-opens is only valid from Java 9, this change also requires
test.test_support.get_java_version to support JEP-223 version numbers.

files:
  Lib/test/test_java_visibility.py |  32 ++++++++++++++++++-
  Lib/test/test_ssl.py             |   4 +-
  Lib/test/test_support.py         |  24 ++++++++++-----
  3 files changed, 47 insertions(+), 13 deletions(-)


diff --git a/Lib/test/test_java_visibility.py b/Lib/test/test_java_visibility.py
--- a/Lib/test/test_java_visibility.py
+++ b/Lib/test/test_java_visibility.py
@@ -239,12 +239,38 @@
 
 class RespectJavaAccessibilityTest(unittest.TestCase):
 
+    def setUp(self):
+        self.command = [sys.executable]
+
+    # NOTE: from Java 9 onwards, the JVM will complain about (but by default still allow)
+    # reflective access that does not respect Java accessibility rules. In order to avoid:
+    #   WARNING: Illegal reflective access by org.python.core.PyJavaType ... 
+    # and a threat that "illegal access operations will be denied in a future release",
+    # we add --add-opens specifications for all the packages needed in this test.
+
+    def add_opens(self, module, package):
+        self.command.append("-J--add-opens")
+        self.command.append("-J{}/{}=ALL-UNNAMED".format(module, package))
+
     def run_accessibility_script(self, script, error=AttributeError):
         fn = test_support.findfile(script)
+        # Check expected error in current environment
         self.assertRaises(error, execfile, fn)
-        self.assertEquals(subprocess.call([sys.executable, "-J-Dpython.cachedir.skip=true",
-            "-J-Dpython.security.respectJavaAccessibility=false", fn]),
-            0)
+
+        # Prepare to break the rules
+        self.command.append("-J-Dpython.cachedir.skip=true")
+        self.command.append("-J-Dpython.security.respectJavaAccessibility=false")
+        if test_support.get_java_version() >= (9,):
+            # See all the cases for which we have forgotten --add-opens
+            self.command.append("-J--illegal-access=warn")
+            # Open the packages used in the scripts
+            self.add_opens("java.desktop", "java.awt.geom")
+            for package in ("lang", "util", "nio", "nio.charset"):
+                self.add_opens("java.base", "java." + package)
+
+        self.command.append(fn)
+        self.assertEquals(subprocess.call(self.command), 0)
+
 
     def test_method_access(self):
         self.run_accessibility_script("call_protected_method.py")
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -337,7 +337,7 @@
         self.assertRaisesRegexp(ValueError,
                         "certfile must be specified for server-side operations",
                         ssl.wrap_socket, sock, server_side=True, certfile="")
-        if support.get_java_version() < (1, 9):
+        if support.get_java_version() < (9,):
             # Possible FIXME similar issue as seen in
             # test_load_cert_chain - apparently this RSA 1024 cert is too weak and gets a
             # java.security.KeyStoreException: Key protection  algorithm not found before the
@@ -786,7 +786,7 @@
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
         # Combined key and cert in a single file
         ctx.load_cert_chain(CERTFILE, keyfile=None)
-        if support.get_java_version() < (1, 9):
+        if support.get_java_version() < (9,):
             # Possible FIXME we may be skipping this test on Java 9 unnecessarily.
             # CERTFILE as generated uses RSA 1024, which is considered too weak.
             # This may be why this raises an error on Java 9:
diff --git a/Lib/test/test_support.py b/Lib/test/test_support.py
--- a/Lib/test/test_support.py
+++ b/Lib/test/test_support.py
@@ -56,16 +56,24 @@
 
 if is_jython:
     def get_java_version(version=None):
-        # returns (1, 8, 0, 121) for version = "1.8.0_121", meaning
-        # Java 8 update 121, etc.. Conforms to:
-        # http://www.oracle.com/technetwork/java/javase/versioning-naming-139433.html
-        # and not yet http://openjdk.java.net/jeps/223 .
+        """return a tuple of int encoding the Java version (as in java.version).
+
+        "1.8.0_121" -> (1, 8, 0, 121)
+        "9.0.4" -> (9, 0, 4)
+        "11" -> (11,)
+        "12-ea" -> (12,)
+        This parses strings (java.version properties) that conform to:
+        http://www.oracle.com/technetwork/java/javase/versioning-naming-139433.html
+        and http://openjdk.java.net/jeps/223 (but doesn't validate them).
+        """
         if version is None:
             version = platform.java_ver()[0]
-        parse = re.match("(\d+)\.(\d+)\.(\d+)_(\d+)", version)
-        if parse:
-            return tuple((int(x) for x in parse.groups()))
-        else:
+        version = version.split('-')[0]     # discard optional pre-release indicator
+        parts = version.split('_')          # pre-JEP-223 format like 1.8.0_121
+        parts[0:1] = parts[0].split('.')
+        try:
+            return tuple(int(x) for x in parts)
+        except:
             return ()
 
 

-- 
Repository URL: https://hg.python.org/jython

More information about the Jython-checkins mailing list