Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 3
Star 2
Fork 0
D
dragonwell8_jdk

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 319ca7a7 编写于 作者: T tbell
浏览文件
操作

Merge

上级 86e30b0e fe6868a5
展开全部 隐藏空白更改
内联 并排
Showing with 994 addition and 1010 deletion
make/com/sun/jmx/Makefile
浏览文件 @ 319ca7a7
......@@ -41,7 +41,15 @@ include $(BUILDDIR)/common/Defs.gmk
# Note : some targets are double colon rules and some single colon rules
# within common included gmk files : that is why the following for loop
# has been duplicated.
SUBDIRS = snmp
# When building the openjdk, build snmp only if importing binary plugs,
ifdef OPENJDK
ifeq ($(IMPORT_BINARY_PLUGS),true)
SUBDIRS = snmp
endif
else
SUBDIRS = snmp
endif
all build:
$(SUBDIRS-loop)
......
make/docs/Makefile
浏览文件 @ 319ca7a7
#
# Copyright 1997-2008 Sun Microsystems, Inc. All Rights Reserved.
# Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
......@@ -204,6 +204,9 @@ JDI_DOCTITLE = "Java$(TRADEMARK) Debug Interface"
JDI_HEADER = "Java Debug Interface"
# JDI_PKGS is located in NON_CORE_PKGS.gmk
# Variables used by security components
SECURITYAPI_JAVADOCBOTTOM = '<font size="-1"><a href="http://bugs.sun.com/services/bugreport/index.jsp">Report a bug or request a feature.</a><br>Copyright $(THIS_YEAR) Sun Microsystems, Inc. All Rights Reserved. Use is subject to license terms.</font>'
#
# Variables used by JAAS target
#
......@@ -221,6 +224,7 @@ JAAS_JAVADOCFLAGS = $(COMMON_JAVADOCFLAGS) \
-windowtitle $(JAAS_WINDOWTITLE) \
-doctitle $(JAAS_DOCTITLE) \
-header $(JAAS_JAVADOCHEADER) \
-bottom $(SECURITYAPI_JAVADOCBOTTOM) \
-linkoffline ../../../../../api $(DOCSDIR)/api/ \
-overview $(TOPDIR)/src/share/classes/com/sun/security/auth/jaas-overview.html
JAAS_WINDOWTITLE = "Java Authentication and Authorization Service "
......@@ -243,6 +247,7 @@ JGSS_JAVADOCFLAGS = $(COMMON_JAVADOCFLAGS) \
-windowtitle $(JGSS_WINDOWTITLE) \
-doctitle $(JGSS_DOCTITLE) \
-header $(JGSS_JAVADOCHEADER) \
-bottom $(SECURITYAPI_JAVADOCBOTTOM) \
-linkoffline ../../../../../api $(DOCSDIR)/api/ \
-overview $(JGSS_SOURCEPATH)/com/sun/security/jgss/jgss-overview.html
......@@ -266,6 +271,7 @@ SMARTCARDIO_JAVADOCFLAGS = $(COMMON_JAVADOCFLAGS) \
-windowtitle $(SMARTCARDIO_WINDOWTITLE) \
-doctitle $(SMARTCARDIO_DOCTITLE) \
-header $(SMARTCARDIO_JAVADOCHEADER) \
-bottom $(SECURITYAPI_JAVADOCBOTTOM) \
-linkoffline ../../../../../api $(DOCSDIR)/api/
SMARTCARDIO_WINDOWTITLE = "Java Smart Card I/O"
......
make/java/java/FILES_java.gmk
浏览文件 @ 319ca7a7
......@@ -449,7 +449,6 @@ JAVA_JAVA_java = \
sun/misc/Service.java \
sun/misc/JavaLangAccess.java \
sun/misc/JavaIOAccess.java \
sun/misc/JavaIODeleteOnExitAccess.java \
sun/misc/JavaIOFileDescriptorAccess.java \
sun/misc/JavaNioAccess.java
......
make/java/management/Makefile
浏览文件 @ 319ca7a7
......@@ -46,6 +46,8 @@ include $(BUILDDIR)/common/Mapfile-vers.gmk
#
include FILES_c.gmk
# We don't need snmp here.
AUTO_JAVA_PRUNE = snmp
AUTO_FILES_JAVA_DIRS = java/lang/management com/sun/management sun/management
include Exportedfiles.gmk
......
make/javax/management/Makefile
浏览文件 @ 319ca7a7
......@@ -35,6 +35,7 @@ include $(BUILDDIR)/common/Defs.gmk
#
# Files to compile
#
AUTO_JAVA_PRUNE = snmp
AUTO_FILES_JAVA_DIRS = javax/management com/sun/jmx com/sun/management/jmx
#
......
make/sun/management/Makefile
浏览文件 @ 319ca7a7
......@@ -35,7 +35,16 @@ MGMT_LIB_SRC = $(SHARE_SRC)/lib/management
all build:: properties aclfile jmxremotefiles
SUBDIRS = snmp jmxremote
# When building the openjdk, build snmp only if importing binary plugs,
ifdef OPENJDK
ifeq ($(IMPORT_BINARY_PLUGS),true)
SUBDIRS = snmp
endif
else
SUBDIRS = snmp
endif
SUBDIRS += jmxremote
all build clean clobber::
$(SUBDIRS-loop)
......
src/share/classes/java/io/Console.java
浏览文件 @ 319ca7a7
......@@ -503,6 +503,21 @@ public final class Console implements Flushable
// Set up JavaIOAccess in SharedSecrets
static {
// Add a shutdown hook to restore console's echo state should
// it be necessary.
sun.misc.SharedSecrets.getJavaLangAccess()
.registerShutdownHook(0 /* shutdown hook invocation order */,
new Runnable() {
public void run() {
try {
if (echoOff) {
echo(true);
}
} catch (IOException x) { }
}
});
sun.misc.SharedSecrets.setJavaIOAccess(new sun.misc.JavaIOAccess() {
public Console console() {
if (istty()) {
......@@ -513,20 +528,6 @@ public final class Console implements Flushable
return null;
}
// Add a shutdown hook to restore console's echo state should
// it be necessary.
public Runnable consoleRestoreHook() {
return new Runnable() {
public void run() {
try {
if (echoOff) {
echo(true);
}
} catch (IOException x) {}
}
};
}
public Charset charset() {
// This method is called in sun.security.util.Password,
// cons already exists when this method is called
......
src/share/classes/java/io/DeleteOnExitHook.java
浏览文件 @ 319ca7a7
......@@ -34,17 +34,18 @@ import java.io.File;
*/
class DeleteOnExitHook {
private static DeleteOnExitHook instance = null;
static {
sun.misc.SharedSecrets.getJavaLangAccess()
.registerShutdownHook(2 /* Shutdown hook invocation order */,
new Runnable() {
public void run() {
runHooks();
}
});
}
private static LinkedHashSet<String> files = new LinkedHashSet<String>();
static DeleteOnExitHook hook() {
if (instance == null)
instance = new DeleteOnExitHook();
return instance;
}
private DeleteOnExitHook() {}
static synchronized void add(String file) {
......@@ -54,7 +55,7 @@ class DeleteOnExitHook {
files.add(file);
}
void run() {
static void runHooks() {
LinkedHashSet<String> theFiles;
synchronized (DeleteOnExitHook.class) {
......
src/share/classes/java/io/File.java
浏览文件 @ 319ca7a7
......@@ -2147,18 +2147,6 @@ public class File
/** use serialVersionUID from JDK 1.0.2 for interoperability */
private static final long serialVersionUID = 301077366599181567L;
// Set up JavaIODeleteOnExitAccess in SharedSecrets
// Added here as DeleteOnExitHook is package-private and SharedSecrets cannot easily access it.
static {
sun.misc.SharedSecrets.setJavaIODeleteOnExitAccess(
new sun.misc.JavaIODeleteOnExitAccess() {
public void run() {
DeleteOnExitHook.hook().run();
}
}
);
}
// -- Integration with java.nio.file --
private volatile transient Path filePath;
......
src/share/classes/java/lang/ApplicationShutdownHooks.java
浏览文件 @ 319ca7a7
......@@ -34,19 +34,19 @@ import java.util.*;
* @see java.lang.Runtime#removeShutdownHook
*/
class ApplicationShutdownHooks implements Runnable {
private static ApplicationShutdownHooks instance = null;
class ApplicationShutdownHooks {
static {
Shutdown.add(1 /* shutdown hook invocation order */,
new Runnable() {
public void run() {
runHooks();
}
});
}
/* The set of registered hooks */
private static IdentityHashMap<Thread, Thread> hooks = new IdentityHashMap<Thread, Thread>();
static synchronized ApplicationShutdownHooks hook() {
if (instance == null)
instance = new ApplicationShutdownHooks();
return instance;
}
private ApplicationShutdownHooks() {}
/* Add a new shutdown hook. Checks the shutdown state and the hook itself,
......@@ -82,7 +82,7 @@ class ApplicationShutdownHooks implements Runnable {
* to run in. Hooks are run concurrently and this method waits for
* them to finish.
*/
public void run() {
static void runHooks() {
Collection<Thread> threads;
synchronized(ApplicationShutdownHooks.class) {
threads = hooks.keySet();
......
src/share/classes/java/lang/Shutdown.java
浏览文件 @ 319ca7a7
......@@ -25,8 +25,6 @@
package java.lang;
import java.util.ArrayList;
/**
* Package-private utility class containing data structures and logic
......@@ -47,8 +45,13 @@ class Shutdown {
/* Should we run all finalizers upon exit? */
private static boolean runFinalizersOnExit = false;
/* The set of registered, wrapped hooks, or null if there aren't any */
private static ArrayList<Runnable> hooks = new ArrayList<Runnable>();
// The system shutdown hooks are registered with a predefined slot.
// The list of shutdown hooks is as follows:
// (0) Console restore hook
// (1) Application hooks
// (2) DeleteOnExit hook
private static final int MAX_SYSTEM_HOOKS = 10;
private static final Runnable[] hooks = new Runnable[MAX_SYSTEM_HOOKS];
/* The preceding static fields are protected by this lock */
private static class Lock { };
......@@ -68,33 +71,18 @@ class Shutdown {
/* Add a new shutdown hook. Checks the shutdown state and the hook itself,
* but does not do any security checks.
*/
static void add(Runnable hook) {
static void add(int slot, Runnable hook) {
synchronized (lock) {
if (state > RUNNING)
throw new IllegalStateException("Shutdown in progress");
hooks.add(hook);
}
}
if (hooks[slot] != null)
throw new InternalError("Shutdown hook at slot " + slot + " already registered");
/* Remove a previously-registered hook. Like the add method, this method
* does not do any security checks.
*/
static boolean remove(Runnable hook) {
synchronized (lock) {
if (state > RUNNING)
throw new IllegalStateException("Shutdown in progress");
if (hook == null) throw new NullPointerException();
if (hooks == null) {
return false;
} else {
return hooks.remove(hook);
}
hooks[slot] = hook;
}
}
/* Run all registered shutdown hooks
*/
private static void runHooks() {
......@@ -103,7 +91,7 @@ class Shutdown {
*/
for (Runnable hook : hooks) {
try {
hook.run();
if (hook != null) hook.run();
} catch(Throwable t) {
if (t instanceof ThreadDeath) {
ThreadDeath td = (ThreadDeath)t;
......
src/share/classes/java/lang/System.java
浏览文件 @ 319ca7a7
......@@ -34,7 +34,6 @@ import java.security.AllPermission;
import java.nio.channels.Channel;
import java.nio.channels.spi.SelectorProvider;
import sun.nio.ch.Interruptible;
import sun.net.InetAddressCachePolicy;
import sun.reflect.Reflection;
import sun.security.util.SecurityConstants;
import sun.reflect.annotation.AnnotationType;
......@@ -310,7 +309,6 @@ public final class System {
}
security = s;
InetAddressCachePolicy.setIfNotSet(InetAddressCachePolicy.FOREVER);
}
/**
......@@ -1121,14 +1119,6 @@ public final class System {
// Setup Java signal handlers for HUP, TERM, and INT (where available).
Terminator.setup();
// The order in with the hooks are added here is important as it
// determines the order in which they are run.
// (1)Console restore hook needs to be called first.
// (2)Application hooks must be run before calling deleteOnExitHook.
Shutdown.add(sun.misc.SharedSecrets.getJavaIOAccess().consoleRestoreHook());
Shutdown.add(ApplicationShutdownHooks.hook());
Shutdown.add(sun.misc.SharedSecrets.getJavaIODeleteOnExitAccess());
// Initialize any miscellenous operating system settings that need to be
// set for the class libraries. Currently this is no-op everywhere except
// for Windows where the process-wide error mode is set before the java.io
......@@ -1174,6 +1164,9 @@ public final class System {
public void blockedOn(Thread t, Interruptible b) {
t.blockedOn(b);
}
public void registerShutdownHook(int slot, Runnable r) {
Shutdown.add(slot, r);
}
});
}
......
src/share/classes/java/nio/file/SecureDirectoryStream.java
浏览文件 @ 319ca7a7
......@@ -5,7 +5,7 @@
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classname" exception as provided
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
......
src/share/classes/java/util/regex/Pattern.java
浏览文件 @ 319ca7a7
......@@ -2567,7 +2567,8 @@ loop: for(int x=0, offset=0; x<nCodePoints; x++, offset+=len) {
break;
case '<': // (?<xxx) look behind
ch = read();
if (Character.isLetter(ch)) { // named captured group
if (ASCII.isLower(ch) || ASCII.isUpper(ch) || ASCII.isDigit(ch)) {
// named captured group
String name = groupname(ch);
if (namedGroups().containsKey(name))
throw error("Named capturing group <" + name
......
src/share/classes/sun/management/Agent.java
浏览文件 @ 319ca7a7
......@@ -31,9 +31,9 @@ import java.io.FileInputStream;
import java.io.BufferedInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.text.MessageFormat;
import java.util.Properties;
import java.util.Enumeration;
import java.util.ResourceBundle;
import java.util.MissingResourceException;
import java.lang.management.ManagementFactory;
......@@ -41,7 +41,6 @@ import java.lang.reflect.Method;
import javax.management.remote.JMXConnectorServer;
import sun.management.snmp.AdaptorBootstrap;
import sun.management.jmxremote.ConnectorBootstrap;
import static sun.management.AgentConfigurationError.*;
import sun.misc.VMSupport;
......@@ -69,6 +68,9 @@ public class Agent {
private static final String LOCAL_CONNECTOR_ADDRESS_PROP =
"com.sun.management.jmxremote.localConnectorAddress";
private static final String SNMP_ADAPTOR_BOOTSTRAP_CLASS_NAME =
"sun.management.snmp.AdaptorBootstrap";
// invoked by -javaagent or -Dcom.sun.management.agent.class
public static void premain(String args) throws Exception {
agentmain(args);
......@@ -128,7 +130,7 @@ public class Agent {
try {
if (snmpPort != null) {
AdaptorBootstrap.initialize(snmpPort, props);
loadSnmpAgent(snmpPort, props);
}
/*
......@@ -204,6 +206,36 @@ public class Agent {
return mgmtProps;
}
private static void loadSnmpAgent(String snmpPort, Properties props) {
try {
// invoke the following through reflection:
// AdaptorBootstrap.initialize(snmpPort, props);
final Class<?> adaptorClass =
Class.forName(SNMP_ADAPTOR_BOOTSTRAP_CLASS_NAME,true,null);
final Method initializeMethod =
adaptorClass.getMethod("initialize",
String.class, Properties.class);
initializeMethod.invoke(null,snmpPort,props);
} catch (ClassNotFoundException x) {
// The SNMP packages are not present: throws an exception.
throw new UnsupportedOperationException("Unsupported management property: " + SNMP_PORT,x);
} catch (NoSuchMethodException x) {
// should not happen...
throw new UnsupportedOperationException("Unsupported management property: " + SNMP_PORT,x);
} catch (InvocationTargetException x) {
final Throwable cause = x.getCause();
if (cause instanceof RuntimeException)
throw (RuntimeException) cause;
else if (cause instanceof Error)
throw (Error) cause;
// should not happen...
throw new UnsupportedOperationException("Unsupported management property: " + SNMP_PORT,cause);
} catch (IllegalAccessException x) {
// should not happen...
throw new UnsupportedOperationException("Unsupported management property: " + SNMP_PORT,x);
}
}
// read config file and initialize the properties
private static void readConfiguration(String fname, Properties p) {
if (fname == null) {
......
src/share/classes/sun/misc/JavaIOAccess.java
浏览文件 @ 319ca7a7
......@@ -29,6 +29,5 @@ import java.nio.charset.Charset;
public interface JavaIOAccess {
public Console console();
public Runnable consoleRestoreHook();
public Charset charset();
}
src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java 已删除 100644 → 0
浏览文件 @ 86e30b0e
/*
* Copyright 2005 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package sun.misc;
public interface JavaIODeleteOnExitAccess extends Runnable {
public void run();
}
src/share/classes/sun/misc/JavaLangAccess.java
浏览文件 @ 319ca7a7
......@@ -54,4 +54,7 @@ public interface JavaLangAccess {
/** Set thread's blocker field. */
void blockedOn(Thread t, Interruptible b);
/** register shutdown hook */
void registerShutdownHook(int slot, Runnable r);
}
src/share/classes/sun/misc/SharedSecrets.java
浏览文件 @ 319ca7a7
......@@ -44,7 +44,6 @@ public class SharedSecrets {
private static JavaUtilJarAccess javaUtilJarAccess;
private static JavaLangAccess javaLangAccess;
private static JavaIOAccess javaIOAccess;
private static JavaIODeleteOnExitAccess javaIODeleteOnExitAccess;
private static JavaNetAccess javaNetAccess;
private static JavaNioAccess javaNioAccess;
private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
......@@ -103,17 +102,6 @@ public class SharedSecrets {
return javaIOAccess;
}
public static void setJavaIODeleteOnExitAccess(JavaIODeleteOnExitAccess jida) {
javaIODeleteOnExitAccess = jida;
}
public static JavaIODeleteOnExitAccess getJavaIODeleteOnExitAccess() {
if (javaIODeleteOnExitAccess == null) {
unsafe.ensureClassInitialized(File.class);
}
return javaIODeleteOnExitAccess;
}
public static void setJavaIOFileDescriptorAccess(JavaIOFileDescriptorAccess jiofda) {
javaIOFileDescriptorAccess = jiofda;
}
......
src/share/classes/sun/security/jgss/spnego/NegTokenInit.java
浏览文件 @ 319ca7a7
/*
* Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -66,11 +66,11 @@ public class NegTokenInit extends SpNegoToken {
private byte[] mechTypes = null;
private Oid[] mechTypeList = null;
private byte[] reqFlags = null;
private BitArray reqFlags = null;
private byte[] mechToken = null;
private byte[] mechListMIC = null;
NegTokenInit(byte[] mechTypes, byte[] flags,
NegTokenInit(byte[] mechTypes, BitArray flags,
byte[] token, byte[] mechListMIC)
{
super(NEG_TOKEN_INIT_ID);
......@@ -101,7 +101,7 @@ public class NegTokenInit extends SpNegoToken {
// write context flags with CONTEXT 01
if (reqFlags != null) {
DerOutputStream flags = new DerOutputStream();
flags.putBitString(reqFlags);
flags.putUnalignedBitString(reqFlags);
initToken.write(DerValue.createTag(DerValue.TAG_CONTEXT,
true, (byte) 0x01), flags);
}
......@@ -237,7 +237,7 @@ public class NegTokenInit extends SpNegoToken {
return mechTypeList;
}
byte[] getReqFlags() {
BitArray getReqFlags() {
return reqFlags;
}
......
src/share/classes/sun/security/jgss/spnego/SpNegoContext.java
浏览文件 @ 319ca7a7
/*
* Copyright 2005-2008 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -53,13 +53,6 @@ public class SpNegoContext implements GSSContextSpi {
private int state = STATE_NEW;
private static final int CHECKSUM_DELEG_FLAG = 1;
private static final int CHECKSUM_MUTUAL_FLAG = 2;
private static final int CHECKSUM_REPLAY_FLAG = 4;
private static final int CHECKSUM_SEQUENCE_FLAG = 8;
private static final int CHECKSUM_CONF_FLAG = 16;
private static final int CHECKSUM_INTEG_FLAG = 32;
/*
* Optional features that the application can set and their default
* values.
......@@ -697,25 +690,17 @@ public class SpNegoContext implements GSSContextSpi {
/**
* get the context flags
*/
private byte[] getContextFlags() {
int flags = 0;
if (getCredDelegState())
flags |= CHECKSUM_DELEG_FLAG;
if (getMutualAuthState())
flags |= CHECKSUM_MUTUAL_FLAG;
if (getReplayDetState())
flags |= CHECKSUM_REPLAY_FLAG;
if (getSequenceDetState())
flags |= CHECKSUM_SEQUENCE_FLAG;
if (getIntegState())
flags |= CHECKSUM_INTEG_FLAG;
if (getConfState())
flags |= CHECKSUM_CONF_FLAG;
byte[] temp = new byte[1];
temp[0] = (byte)(flags & 0xff);
return temp;
private BitArray getContextFlags() {
BitArray out = new BitArray(7);
if (getCredDelegState()) out.set(0, true);
if (getMutualAuthState()) out.set(1, true);
if (getReplayDetState()) out.set(2, true);
if (getSequenceDetState()) out.set(3, true);
if (getConfState()) out.set(5, true);
if (getIntegState()) out.set(6, true);
return out;
}
private void setContextFlags() {
......
src/share/classes/sun/security/provider/certpath/OCSPResponse.java
浏览文件 @ 319ca7a7
/*
* Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -28,8 +28,6 @@ package sun.security.provider.certpath;
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CRLReason;
import java.security.cert.X509Certificate;
......@@ -335,7 +333,7 @@ class OCSPResponse {
// Check whether the cert returned by the responder is trusted
if (x509Certs != null && x509Certs[0] != null) {
X509Certificate cert = x509Certs[0];
X509CertImpl cert = x509Certs[0];
// First check if the cert matches the responder cert which
// was set locally.
......@@ -344,8 +342,8 @@ class OCSPResponse {
// Next check if the cert was issued by the responder cert
// which was set locally.
} else if (cert.getIssuerDN().equals(
responderCert.getSubjectDN())) {
} else if (cert.getIssuerX500Principal().equals(
responderCert.getSubjectX500Principal())) {
// Check for the OCSPSigning key purpose
List<String> keyPurposes = cert.getExtendedKeyUsage();
......@@ -360,6 +358,43 @@ class OCSPResponse {
"OCSP responses");
}
// check the validity
try {
Date dateCheckedAgainst = params.getDate();
if (dateCheckedAgainst == null) {
cert.checkValidity();
} else {
cert.checkValidity(dateCheckedAgainst);
}
} catch (GeneralSecurityException e) {
if (DEBUG != null) {
DEBUG.println("Responder's certificate is not " +
"within the validity period.");
}
throw new CertPathValidatorException(
"Responder's certificate not within the " +
"validity period");
}
// check for revocation
//
// A CA may specify that an OCSP client can trust a
// responder for the lifetime of the responder's
// certificate. The CA does so by including the
// extension id-pkix-ocsp-nocheck.
//
Extension noCheck =
cert.getExtension(PKIXExtensions.OCSPNoCheck_Id);
if (noCheck != null) {
if (DEBUG != null) {
DEBUG.println("Responder's certificate includes " +
"the extension id-pkix-ocsp-nocheck.");
}
} else {
// we should do the revocating checking of the
// authorized responder in a future update.
}
// verify the signature
try {
cert.verify(responderCert.getPublicKey());
......@@ -369,6 +404,14 @@ class OCSPResponse {
} catch (GeneralSecurityException e) {
responderCert = null;
}
} else {
if (DEBUG != null) {
DEBUG.println("Responder's certificate is not " +
"authorized to sign OCSP responses.");
}
throw new CertPathValidatorException(
"Responder's certificate not authorized to sign " +
"OCSP responses");
}
}
......
src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java
浏览文件 @ 319ca7a7
/*
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -143,11 +143,15 @@ class PKIXMasterCertPathValidator {
}
} catch (CertPathValidatorException cpve) {
// Throw the saved OCSP exception
// (when the CRL check has also failed)
// Throw the saved OCSP exception unless the CRL
// checker has determined that the cert is revoked
if (ocspCause != null &&
currChecker instanceof CrlRevocationChecker) {
throw ocspCause;
currChecker instanceof CrlRevocationChecker) {
if (cpve.getReason() == BasicReason.REVOKED) {
throw cpve;
} else {
throw ocspCause;
}
}
/*
* Handle failover from OCSP to CRLs
......
src/share/classes/sun/security/tools/KeyTool.java
浏览文件 @ 319ca7a7
......@@ -875,6 +875,18 @@ public final class KeyTool {
if (filename != null) {
inStream = new FileInputStream(filename);
}
// Read the full stream before feeding to X509Factory,
// otherwise, keytool -gencert | keytool -importcert
// might not work properly, since -gencert is slow
// and there's no data in the pipe at the beginning.
ByteArrayOutputStream bout = new ByteArrayOutputStream();
byte[] b = new byte[4096];
while (true) {
int len = inStream.read(b);
if (len < 0) break;
bout.write(b, 0, len);
}
inStream = new ByteArrayInputStream(bout.toByteArray());
try {
String importAlias = (alias!=null)?alias:keyAlias;
if (keyStore.entryInstanceOf(importAlias, KeyStore.PrivateKeyEntry.class)) {
......
src/share/classes/sun/security/x509/OCSPNoCheckExtension.java 0 → 100644
浏览文件 @ 319ca7a7
/*
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package sun.security.x509;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Enumeration;
import sun.security.util.*;
/**
* Represent the OCSP NoCheck Extension from RFC2560.
* <p>
* A CA may specify that an OCSP client can trust a responder for the
* lifetime of the responder's certificate. The CA does so by including
* the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical
* extension. The value of the extension should be NULL. CAs issuing
* such a certificate should realized that a compromise of the
* responder's key, is as serious as the compromise of a CA key used to
* sign CRLs, at least for the validity period of this certificate. CA's
* may choose to issue this type of certificate with a very short
* lifetime and renew it frequently.
* <pre>
* id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
* </pre>
*
* @author Xuelei Fan
* @see Extension
* @see CertAttrSet
*/
public class OCSPNoCheckExtension extends Extension
implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
public static final String IDENT =
"x509.info.extensions.OCSPNoCheck";
/**
* Attribute names.
*/
public static final String NAME = "OCSPNoCheck";
/**
* Create a OCSPNoCheckExtension
*/
public OCSPNoCheckExtension() throws IOException {
this.extensionId = PKIXExtensions.OCSPNoCheck_Id;
this.critical = false;
this.extensionValue = new byte[0];
}
/**
* Create the extension from the passed DER encoded value.
*
* @param critical true if the extension is to be treated as critical.
* @param value an array of DER encoded bytes of the actual value.
* @exception IOException on error.
*/
public OCSPNoCheckExtension(Boolean critical, Object value)
throws IOException {
this.extensionId = PKIXExtensions.OCSPNoCheck_Id;
this.critical = critical.booleanValue();
// the value should be null, just ignore it here.
this.extensionValue = new byte[0];
}
/**
* Set the attribute value.
*/
public void set(String name, Object obj) throws IOException {
throw new IOException("No attribute is allowed by " +
"CertAttrSet:OCSPNoCheckExtension.");
}
/**
* Get the attribute value.
*/
public Object get(String name) throws IOException {
throw new IOException("No attribute is allowed by " +
"CertAttrSet:OCSPNoCheckExtension.");
}
/**
* Delete the attribute value.
*/
public void delete(String name) throws IOException {
throw new IOException("No attribute is allowed by " +
"CertAttrSet:OCSPNoCheckExtension.");
}
/**
* Return an enumeration of names of attributes existing within this
* attribute.
*/
public Enumeration<String> getElements() {
return (new AttributeNameEnumeration()).elements();
}
/**
* Return the name of this attribute.
*/
public String getName() {
return NAME;
}
}
src/share/classes/sun/security/x509/OIDMap.java
浏览文件 @ 319ca7a7
......@@ -100,6 +100,8 @@ public class OIDMap {
DeltaCRLIndicatorExtension.NAME;
private static final String FRESHEST_CRL = ROOT + "." +
FreshestCRLExtension.NAME;
private static final String OCSPNOCHECK = ROOT + "." +
OCSPNoCheckExtension.NAME;
private static final int NetscapeCertType_data[] =
{ 2, 16, 840, 1, 113730, 1, 1 };
......@@ -161,6 +163,8 @@ public class OIDMap {
"sun.security.x509.DeltaCRLIndicatorExtension");
addInternal(FRESHEST_CRL, PKIXExtensions.FreshestCRL_Id,
"sun.security.x509.FreshestCRLExtension");
addInternal(OCSPNOCHECK, PKIXExtensions.OCSPNoCheck_Id,
"sun.security.x509.OCSPNoCheckExtension");
}
/**
......
src/share/classes/sun/security/x509/PKIXExtensions.java
浏览文件 @ 319ca7a7
/*
* Copyright 1997-2005 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -74,6 +74,8 @@ public class PKIXExtensions {
private static final int AuthInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 1};
private static final int SubjectInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 11};
private static final int FreshestCRL_data [] = { 2, 5, 29, 46 };
private static final int OCSPNoCheck_data [] = { 1, 3, 6, 1, 5, 5, 7,
48, 1, 5};
/**
* Identifies the particular public key used to sign the certificate.
......@@ -216,6 +218,12 @@ public class PKIXExtensions {
*/
public static final ObjectIdentifier FreshestCRL_Id;
/**
* Identifies the OCSP client can trust the responder for the
* lifetime of the responder's certificate.
*/
public static final ObjectIdentifier OCSPNoCheck_Id;
static {
AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data);
SubjectKey_Id = ObjectIdentifier.newInternal(SubjectKey_data);
......@@ -257,5 +265,6 @@ public class PKIXExtensions {
SubjectInfoAccess_Id =
ObjectIdentifier.newInternal(SubjectInfoAccess_data);
FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data);
OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data);
}
}
src/solaris/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java
浏览文件 @ 319ca7a7
......@@ -16,7 +16,7 @@
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA conne02110-1301 USA.
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
......
src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java
浏览文件 @ 319ca7a7
......@@ -16,7 +16,7 @@
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA conne02110-1301 USA.
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
......
test/com/sun/jmx/snmp/SnmpOidHashCode.java
浏览文件 @ 319ca7a7
/*
* Copyright 2003 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -28,7 +28,8 @@
* @build SnmpOidHashCode
* @run main SnmpOidHashCode
*/
import com.sun.jmx.snmp.SnmpOid;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
public class SnmpOidHashCode {
public static final String[] oids = {
......@@ -57,16 +58,81 @@ public class SnmpOidHashCode {
".39."+0xFFFFFFFFL
};
// We use an SnmpOidBuilder in order to adapt this test case to a
// configuration where the SNMP packages are not present in rt.jar.
//
public static final class SnmpOidBuilder {
public static final String SNMP_OID_CLASS_NAME =
"com.sun.jmx.snmp.SnmpOid";
private static final Class<?> SNMP_OID_CLASS;
private static final Constructor<?> SNMP_OID_CTOR;
static {
Class<?> snmpOidClass;
try {
snmpOidClass =
Class.forName(SNMP_OID_CLASS_NAME, true, null);
} catch (ClassNotFoundException x) {
snmpOidClass = null;
System.err.println("WARNING: can't load "+SNMP_OID_CLASS_NAME);
} catch (NoClassDefFoundError x) {
snmpOidClass = null;
System.err.println("WARNING: can't load "+SNMP_OID_CLASS_NAME);
}
SNMP_OID_CLASS = snmpOidClass;
if (SNMP_OID_CLASS != null) {
try {
SNMP_OID_CTOR = snmpOidClass.getConstructor(String.class);
} catch (Exception x) {
throw new ExceptionInInitializerError(x);
}
} else {
SNMP_OID_CTOR = null;
}
}
public static boolean isSnmpPresent() {
System.out.println(SnmpOidHashCode.class.getName()+
": Testing for SNMP Packages...");
return SNMP_OID_CLASS != null;
}
public static Object newSnmpOid(String oid)
throws InstantiationException,
IllegalAccessException,
InvocationTargetException {
return SNMP_OID_CTOR.newInstance(oid);
}
}
private static Object newSnmpOid(String oid) throws Exception {
try {
return SnmpOidBuilder.newSnmpOid(oid);
} catch (InvocationTargetException x) {
final Throwable cause = x.getCause();
if (cause instanceof Exception) throw (Exception)cause;
if (cause instanceof Error) throw (Error)cause;
throw x;
}
}
public static void main(String args[]) {
if (!SnmpOidBuilder.isSnmpPresent()) {
System.err.println("WARNING: "+
SnmpOidBuilder.SNMP_OID_CLASS_NAME+" not present.");
System.err.println(SnmpOidHashCode.class.getName()+
": test skipped.");
return;
}
try {
int errCount=0;
int collisions=0;
for (int i=0;i<oids.length;i++) {
System.out.println("Testing " + oids[i]);
final SnmpOid o1 = new SnmpOid(oids[i]);
final Object o1 = newSnmpOid(oids[i]);
final int startCount=errCount;
for (int j=0;j<oids.length;j++) {
final SnmpOid o2 = new SnmpOid(oids[j]);
final Object o2 = newSnmpOid(oids[j]);
if (o1.equals(o2)) {
if (!(oids[i].equals(oids[j]))) {
System.err.println("OIDs differ but " +
......
test/com/sun/jmx/snmp/TimeTicksWrapping.java
浏览文件 @ 319ca7a7
/*
* Copyright 2003 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -29,33 +29,158 @@
* @build TimeTicksWrapping
* @run main TimeTicksWrapping
*/
import com.sun.jmx.snmp.SnmpTimeticks;
import com.sun.jmx.snmp.SnmpUnsignedInt;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
public class TimeTicksWrapping {
// We use an SnmpTimeticksBuilder in order to adapt this test case to a
// configuration where the SNMP packages are not present in rt.jar.
//
public static final class SnmpTimeticksBuilder {
public static final long MAX_VALUE = 0x0ffffffffL;
public static final String SNMP_TIME_TICKS_CLASS_NAME =
"com.sun.jmx.snmp.SnmpTimeticks";
private static final Class<?> SNMP_TIME_TICKS_CLASS;
private static final Constructor<?> SNMP_long_CTOR;
private static final Constructor<?> SNMP_LONG_CTOR;
private static final Method SNMP_LONG_VALUE;
static {
Class<?> snmpTimeTicksClass;
try {
snmpTimeTicksClass =
Class.forName(SNMP_TIME_TICKS_CLASS_NAME, true, null);
} catch (ClassNotFoundException x) {
snmpTimeTicksClass = null;
System.err.println("WARNING: can't load "+
SNMP_TIME_TICKS_CLASS_NAME);
} catch (NoClassDefFoundError x) {
snmpTimeTicksClass = null;
System.err.println("WARNING: can't load "+
SNMP_TIME_TICKS_CLASS_NAME);
}
SNMP_TIME_TICKS_CLASS = snmpTimeTicksClass;
if (SNMP_TIME_TICKS_CLASS != null) {
try {
SNMP_long_CTOR =
SNMP_TIME_TICKS_CLASS.getConstructor(long.class);
} catch (Exception x) {
throw new ExceptionInInitializerError(x);
}
} else {
SNMP_long_CTOR = null;
}
if (SNMP_TIME_TICKS_CLASS != null) {
try {
SNMP_LONG_CTOR =
SNMP_TIME_TICKS_CLASS.getConstructor(Long.class);
} catch (Exception x) {
throw new ExceptionInInitializerError(x);
}
} else {
SNMP_LONG_CTOR = null;
}
if (SNMP_TIME_TICKS_CLASS != null) {
try {
SNMP_LONG_VALUE =
SNMP_TIME_TICKS_CLASS.getMethod("longValue");
} catch (Exception x) {
throw new ExceptionInInitializerError(x);
}
} else {
SNMP_LONG_VALUE = null;
}
}
private final Object timeticks;
public SnmpTimeticksBuilder(long ticks) throws Exception {
timeticks = newSnmpTimeticks(ticks);
}
public SnmpTimeticksBuilder(Long ticks) throws Exception {
timeticks = newSnmpTimeticks(ticks);
}
public long longValue() throws Exception {
return longValue(timeticks);
}
public static boolean isSnmpPresent() {
System.out.println(TimeTicksWrapping.class.getName()+
": Testing for SNMP Packages...");
return SNMP_TIME_TICKS_CLASS != null;
}
private static Object newSnmpTimeticks(long time)
throws Exception {
try {
return SNMP_long_CTOR.newInstance(time);
} catch (InvocationTargetException x) {
final Throwable cause = x.getCause();
if (cause instanceof Exception) throw (Exception) cause;
if (cause instanceof Error) throw (Error) cause;
throw x;
}
}
private static Object newSnmpTimeticks(Long time)
throws Exception {
try {
return SNMP_LONG_CTOR.newInstance(time);
} catch (InvocationTargetException x) {
final Throwable cause = x.getCause();
if (cause instanceof Exception) throw (Exception) cause;
if (cause instanceof Error) throw (Error) cause;
throw x;
}
}
private static long longValue(Object o)
throws Exception {
try {
return ((Long)SNMP_LONG_VALUE.invoke(o)).longValue();
} catch (InvocationTargetException x) {
final Throwable cause = x.getCause();
if (cause instanceof Exception) throw (Exception) cause;
if (cause instanceof Error) throw (Error) cause;
throw x;
}
}
}
public static final long[] oks = {
0L, 1L, (long)Integer.MAX_VALUE, (long)Integer.MAX_VALUE*2,
(long)Integer.MAX_VALUE*2+1L, (long)Integer.MAX_VALUE*2+2L,
(long)Integer.MAX_VALUE*3,
SnmpUnsignedInt.MAX_VALUE, SnmpUnsignedInt.MAX_VALUE+1L,
SnmpUnsignedInt.MAX_VALUE*3-1L, Long.MAX_VALUE
SnmpTimeticksBuilder.MAX_VALUE, SnmpTimeticksBuilder.MAX_VALUE+1L,
SnmpTimeticksBuilder.MAX_VALUE*3-1L, Long.MAX_VALUE
};
public static final long[] kos = {
-1L, (long)Integer.MIN_VALUE, (long)Integer.MIN_VALUE*2,
(long)Integer.MIN_VALUE*2-1L, (long)Integer.MIN_VALUE*3,
-SnmpUnsignedInt.MAX_VALUE, -(SnmpUnsignedInt.MAX_VALUE+1L),
-(SnmpUnsignedInt.MAX_VALUE*3-1L), Long.MIN_VALUE
-SnmpTimeticksBuilder.MAX_VALUE, -(SnmpTimeticksBuilder.MAX_VALUE+1L),
-(SnmpTimeticksBuilder.MAX_VALUE*3-1L), Long.MIN_VALUE
};
public static void main(String args[]) {
if (!SnmpTimeticksBuilder.isSnmpPresent()) {
System.err.println("WARNING: "+
SnmpTimeticksBuilder.SNMP_TIME_TICKS_CLASS_NAME+
" not present.");
System.err.println(TimeTicksWrapping.class.getName()+
": test skipped.");
return;
}
try {
SnmpTimeticks t;
SnmpTimeticksBuilder t = null;
for (int i=0;i<oks.length;i++) {
final long t1,t2,t3;
t1 = (new SnmpTimeticks(oks[i])).longValue();
t2 = (new SnmpTimeticks(new Long(oks[i]))).longValue();
t1 = (new SnmpTimeticksBuilder(oks[i])).longValue();
t2 = (new SnmpTimeticksBuilder(new Long(oks[i]))).longValue();
t3 = oks[i]%0x0100000000L;
if (t1 != t3)
throw new Exception("Value should have wrapped: " +
......@@ -64,16 +189,16 @@ public class TimeTicksWrapping {
throw new Exception("Value should have wrapped: " +
"Long("+oks[i]+") expected: " + t3);
if (t1 > SnmpUnsignedInt.MAX_VALUE)
if (t1 > SnmpTimeticksBuilder.MAX_VALUE)
throw new Exception("Value should have wrapped " +
"for " + oks[i] + ": " +
t1 + " exceeds max: " +
SnmpUnsignedInt.MAX_VALUE);
if (t2 > SnmpUnsignedInt.MAX_VALUE)
SnmpTimeticksBuilder.MAX_VALUE);
if (t2 > SnmpTimeticksBuilder.MAX_VALUE)
throw new Exception("Value should have wrapped " +
"for " + oks[i] + ": " +
t2 + " exceeds max: " +
SnmpUnsignedInt.MAX_VALUE);
SnmpTimeticksBuilder.MAX_VALUE);
if (t1 < 0)
throw new Exception("Value should have wrapped: " +
......@@ -90,14 +215,14 @@ public class TimeTicksWrapping {
for (int i=0;i<kos.length;i++) {
try {
t = new SnmpTimeticks(kos[i]);
t = new SnmpTimeticksBuilder(kos[i]);
throw new Exception("Value should have been rejected: " +
kos[i]);
} catch (IllegalArgumentException x) {
// OK!
}
try {
t = new SnmpTimeticks(new Long(kos[i]));
t = new SnmpTimeticksBuilder(new Long(kos[i]));
throw new Exception("Value should have been rejected: " +
"Long("+kos[i]+")");
} catch (IllegalArgumentException x) {
......
test/java/awt/Frame/FrameSize/TestFrameSize.java
浏览文件 @ 319ca7a7
......@@ -15,6 +15,10 @@
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
......
test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java 0 → 100644
浏览文件 @ 319ca7a7
/*
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/**
* @test
* @bug 6383095
* @summary CRL revoked certificate failures masked by OCSP failures
*
* Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to
* Dec 1 14:55:35 2028 GMT, please update it with newer certificate if
* expires.
*
* @author Xuelei Fan
*/
/*
* Certificates used in the test.
*
* end entity certificate:
* Data:
* Version: 3 (0x2)
* Serial Number: 25 (0x19)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Mar 16 14:55:35 2009 GMT
* Not After : Dec 1 14:55:35 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client,
* CN=localhost
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69:
* 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f:
* 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7:
* 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21:
* 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41:
* 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10:
* ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9:
* 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba:
* 75:8d:f5:82:ac:43:92:44:1b
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Basic Constraints:
* CA:FALSE
* X509v3 Key Usage:
* Digital Signature, Non Repudiation, Key Encipherment
* X509v3 Subject Key Identifier:
* CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
* Signature Algorithm: md5WithRSAEncryption
*
*
* trusted certificate authority:
* Data:
* Version: 3 (0x2)
* Serial Number: 0 (0x0)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Validity
* Not Before: Dec 8 02:43:36 2008 GMT
* Not After : Aug 25 02:43:36 2028 GMT
* Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org
* Subject Public Key Info:
* Public Key Algorithm: rsaEncryption
* RSA Public Key: (1024 bit)
* Modulus (1024 bit):
* 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d:
* d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53:
* 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9:
* 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f:
* 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7:
* 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee:
* f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee:
* 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97:
* 89:2a:95:12:4c:d8:09:2a:e9
* Exponent: 65537 (0x10001)
* X509v3 extensions:
* X509v3 Subject Key Identifier:
* FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
* X509v3 Authority Key Identifier:
* keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
* DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org
* X509v3 Basic Constraints:
* CA:TRUE
* Signature Algorithm: md5WithRSAEncryption
*
* CRL:
* Certificate Revocation List (CRL):
* Version 2 (0x1)
* Signature Algorithm: md5WithRSAEncryption
* Issuer: /C=US/ST=Some-State/L=Some-City/O=Some-Org
* Last Update: Mar 16 16:27:14 2009 GMT
* Next Update: May 15 16:27:14 2028 GMT
* CRL extensions:
* X509v3 CRL Number:
* 2
* Revoked Certificates:
* Serial Number: 19
* Revocation Date: Mar 16 16:22:08 2009 GMT
* CRL entry extensions:
* X509v3 CRL Reason Code:
* Superseded
* Signature Algorithm: md5WithRSAEncryption
*/
import java.io.*;
import java.net.SocketException;
import java.util.*;
import java.security.Security;
import java.security.cert.*;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.CertPathValidatorException.BasicReason;
public class FailoverToCRL {
static String trusedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
"EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" +
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +
"gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" +
"4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" +
"7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" +
"A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" +
"hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" +
"U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" +
"DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" +
"ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" +
"LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" +
"6Mvf0r1PNTY2hwTJLJmKtg==\n" +
"-----END CERTIFICATE-----";
static String targetCertStr =
"-----BEGIN CERTIFICATE-----\n" +
"MIICizCCAfSgAwIBAgIBGTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
"MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
"EwhTb21lLU9yZzAeFw0wOTAzMTYxNDU1MzVaFw0yODEyMDExNDU1MzVaMHIxCzAJ\n" +
"BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
"dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" +
"VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" +
"JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" +
"8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" +
"ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjWjBYMAkGA1UdEwQCMAAw\n" +
"CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" +
"HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDANBgkqhkiG9w0BAQQFAAOBgQBv\n" +
"p7JjCDOrMBNun46xs4Gz7Y4ygM5VHaFP0oO7369twvRSu0pCuIdZd5OIMPFeRqQw\n" +
"PA68ZdhYVR0pG5W7isV+jB+Dfge/IOgOA85sZ/6FlP3PBRW+YMQKKdRr5So3ook9\n" +
"PimQ7rbxRAofPECv20IUKFBbOUkU+gFcn+WbTKYxBw==\n" +
"-----END CERTIFICATE-----";
static String crlStr =
"-----BEGIN X509 CRL-----\n" +
"MIIBRTCBrwIBATANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzETMBEGA1UE\n" +
"CBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQKEwhTb21l\n" +
"LU9yZxcNMDkwMzE2MTYyNzE0WhcNMjgwNTE1MTYyNzE0WjAiMCACARkXDTA5MDMx\n" +
"NjE2MjIwOFowDDAKBgNVHRUEAwoBBKAOMAwwCgYDVR0UBAMCAQIwDQYJKoZIhvcN\n" +
"AQEEBQADgYEAMixJI9vBwYpOGosn46+T/MTEtlm2S5pIVT/xPDrHkCPfw8l4Zrgp\n" +
"dGPuUkglWdrGdxY9MNRUj2YFNfdZi6zZ7JF6XbkDHYOAKYgPDJRjS/0VcBntn5RJ\n" +
"sQfZsBqc9fFSP8gknRRn3LT41kr9xNRxTT1t3YYjv7J3zkMYyInqeUA=\n" +
"-----END X509 CRL-----";
private static CertPath generateCertificatePath()
throws CertificateException {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is =
new ByteArrayInputStream(targetCertStr.getBytes());
Certificate targetCert = cf.generateCertificate(is);
// generate certification path
List<Certificate> list = Arrays.asList(new Certificate[] {targetCert});
return cf.generateCertPath(list);
}
private static Set<TrustAnchor> generateTrustAnchors()
throws CertificateException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is =
new ByteArrayInputStream(trusedCertStr.getBytes());
Certificate trusedCert = cf.generateCertificate(is);
// generate a trust anchor
TrustAnchor anchor = new TrustAnchor((X509Certificate)trusedCert, null);
return Collections.singleton(anchor);
}
private static CertStore generateCertificateStore() throws Exception {
// generate CRL from CRL string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is =
new ByteArrayInputStream(crlStr.getBytes());
// generate a cert store
Collection<? extends CRL> crls = cf.generateCRLs(is);
return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(crls));
}
public static void main(String args[]) throws Exception {
CertPath path = generateCertificatePath();
Set<TrustAnchor> anchors = generateTrustAnchors();
CertStore crls = generateCertificateStore();
PKIXParameters params = new PKIXParameters(anchors);
// add the CRL store
params.addCertStore(crls);
// Activate certificate revocation checking
params.setRevocationEnabled(true);
// Activate OCSP
Security.setProperty("ocsp.enable", "true");
System.setProperty("com.sun.security.enableCRLDP", "true");
// Ensure that the ocsp.responderURL property is not set.
if (Security.getProperty("ocsp.responderURL") != null) {
throw new
Exception("The ocsp.responderURL property must not be set");
}
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
try {
validator.validate(path, params);
} catch (CertPathValidatorException cpve) {
if (cpve.getReason() != BasicReason.REVOKED) {
throw new Exception(
"unexpect exception, should be a REVOKED CPVE", cpve);
}
}
}
}
test/java/util/regex/RegExTest.java
浏览文件 @ 319ca7a7
......@@ -3389,6 +3389,11 @@ public class RegExTest {
"gname",
"yyy");
check(Pattern.compile("x+(?<8gname>y+)z+"),
"xxxyyyzzz",
"8gname",
"yyy");
//backref
Pattern pattern = Pattern.compile("(a*)bc\\1");
check(pattern, "zzzaabcazzz", true); // found "abca"
......
test/javax/script/Test3.java
浏览文件 @ 319ca7a7
......@@ -4,7 +4,6 @@
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
......
test/sun/security/krb5/auto/SpnegoReqFlags.java 0 → 100644
浏览文件 @ 319ca7a7
/*
* Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/*
* @test
* @bug 6815182
* @summary GSSAPI/SPNEGO does not work with server using MIT Kerberos library
*/
import sun.security.jgss.GSSUtil;
import sun.security.util.BitArray;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
public class SpnegoReqFlags {
public static void main(String[] args)
throws Exception {
// Create and start the KDC
new OneKDC(null).writeJAASConf();
new SpnegoReqFlags().go();
}
void go() throws Exception {
Context c = Context.fromJAAS("client");
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
byte[] token = c.doAs(new Action() {
@Override
public byte[] run(Context me, byte[] input) throws Exception {
me.x().requestCredDeleg(true);
me.x().requestReplayDet(false);
me.x().requestSequenceDet(false);
return me.x().initSecContext(new byte[0], 0, 0);
}
}, null);
DerValue d = new DerValue(token); // GSSToken
DerInputStream ins = d.data; // OID + mech token
d.data.getDerValue(); // skip OID
d = d.data.getDerValue(); // NegTokenInit
d = d.data.getDerValue(); // The SEQUENCE inside
boolean found = false;
// Go through all fields inside NegTokenInit. The reqFlags field
// is optional. It's even not recommended in RFC 4178.
while (d.data.available() > 0) {
DerValue d2 = d.data.getDerValue();
if (d2.isContextSpecific((byte)1)) {
found = true;
System.out.println("regFlags field located.");
BitArray ba = d2.data.getUnalignedBitString();
if (ba.length() != 7) {
throw new Exception("reqFlags should contain 7 bits");
}
if (!ba.get(0)) {
throw new Exception("delegFlag should be true");
}
if (ba.get(2) || ba.get(3)) {
throw new Exception("replay/sequenceFlag should be false");
}
}
}
if (!found) {
System.out.println("Warning: regFlags field not found, too new?");
}
c.dispose();
}
}
test/sun/security/tools/keytool/importreadall.sh 0 → 100644
浏览文件 @ 319ca7a7
#
# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
# CA 95054 USA or visit www.sun.com if you need additional information or
# have any questions.
#
# @test
# @bug 6819272
# @summary keytool -importcert should read the whole input
#
# @run shell importreadall.sh
# set a few environment variables so that the shell-script can run stand-alone
# in the source directory
if [ "${TESTSRC}" = "" ] ; then
TESTSRC="."
fi
if [ "${TESTJAVA}" = "" ] ; then
JAVA_CMD=`which java`
TESTJAVA=`dirname $JAVA_CMD`/..
fi
# set platform-dependent variables
OS=`uname -s`
case "$OS" in
Windows_* )
FS="\\"
;;
* )
FS="/"
;;
esac
KEYTOOL="${TESTJAVA}${FS}bin${FS}keytool -keystore importreadall.jks -storepass changeit -keypass changeit"
# In case the test is run twice in the same directory
$KEYTOOL -delete -alias a
$KEYTOOL -delete -alias ca
$KEYTOOL -genkeypair -alias a -dname CN=a || exit 1
$KEYTOOL -genkeypair -alias ca -dname CN=ca || exit 2
$KEYTOOL -certreq -alias a | $KEYTOOL -gencert -alias ca | $KEYTOOL -importcert -alias a
exit $?
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册