6682411: JCK test failed w/ ArrayIndexOutOfBoundException (-1) when decrypting with no data
Summary: Fixed PKCS5Padding class with additional check and throw BadPaddingException if the check failed
Reviewed-by: wetmore
.'" t
."
." Copyright 2004-2006 Sun Microsystems, Inc. All Rights Reserved.
." DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
."
." This code is free software; you can redistribute it and/or modify it
." under the terms of the GNU General Public License version 2 only, as
." published by the Free Software Foundation.
."
." This code is distributed in the hope that it will be useful, but WITHOUT
." ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
." FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
." version 2 for more details (a copy is included in the LICENSE file that
." accompanied this code).
."
." You should have received a copy of the GNU General Public License version
." 2 along with this work; if not, write to the Free Software Foundation,
." Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
."
." Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
." CA 95054 USA or visit www.sun.com if you need additional information or
." have any questions.
."
." `
.TH jstatd 1 "05 Aug 2006"
." Generated by html2roff
.LP
.SH NAME
jstatd \- Virtual Machine jstat Daemon
.LP
.SH "SYNOPSIS"
.LP
.LP
.nf
\f3
.fl
jstatd [ \fP\f4options\fP\f3 ]\fP
.br
\f3
.fl
\fP
.fi
.LP
.SH "PARAMETERS"
.LP
.LP
.TP 3
options
Command\-line options. The options may be in any order. If there are redundant or contradictory options, the last option specified will take precedence.
.LP
.SH "DESCRIPTION"
.LP
.LP
.LP
The \f3jstatd\fP tool is an RMI server application that monitors for the creation and termination of instrumented HotSpot Java virtual machines (JVMs) and provides a interface to allow remote monitoring tools to attach to JVMs running on the local host.
.LP
.LP
The \f3jstatd\fP server requires the presence of an RMI registry on the local host. The \f3jstatd\fP server will attempt to attach to the RMI registry on the default port, or on the port indicated by the \f2\-p port\fP option. If an RMI registry is not found, one will be created within the \f3jstatd\fP application bound to the port indicated by the \f2\-p port\fP option or to the default RMI registry port if \f2\-p port\fP is omitted. Creation of an internal RMI registry can be inhibited by specifying the \f2\-nr\fP option.
.LP
.LP
\f3NOTE:\fP This utility is unsupported and may or may not be available in future versions of the JDK. It is not currently available on the Windows 98 and Windows ME platforms.
.LP
.SH "OPTIONS"
.LP
.LP
.LP
The \f3jstatd\fP command supports the following options:
.LP
.TP 3
\-nr
Do not attempt to create an internal RMI registry within the \f2jstatd\fP process when an existing RMI registry is not found.
.TP 3
\-p\ port
Port number where the RMI registry is expected to be found, or, if not found, created if \f2\-nr\fP is not specified.
.TP 3
\-n\ rminame
Name to which the remote RMI object is bound in the RMI registry. The default name is \f2JStatRemoteHost\fP. If multiple \f3jstatd\fP servers are started on the same host, the name of the exported RMI object for each server can be made unique by by specifying this option. However, doing so will require that the unique server name be included in the monitoring client's \f2hostid\fP and \f2vmid\fP strings.
.TP 3
\-Joption
Pass \f2option\fP to the \f3java\fP launcher called by \f3javac\fP. For example, \f3\-J\-Xms48m\fP sets the startup memory to 48 megabytes. It is a common convention for \f3\-J\fP to pass options to the underlying VM executing applications written in Java.
.LP
.SH "SECURITY"
.LP
.LP
.LP
The \f3jstatd\fP server can only monitor JVMs for which it has the appropriate native access permissions. Therefor the \f3jstatd\fP process must be running with the same user credentials as the target JVMs. Some user credentials, such as the \f2root\fP user in UNIX(TM) based systems, have permission to access the instrumentation exported by any JVM on the system. A \f3jstatd\fP process running with such credentials can monitor any JVM on the system, but introduces additional security concerns.
.LP
.LP
The \f3jstatd\fP server does not provide any authentication of remote clients. Therefore, running a \f3jstatd\fP server process exposes the instrumentation export by all JVMs for which the \f3jstatd\fP process has access permissions to any user on the network. This exposure may be undesireable in your environment and local security policies should be considered before starting the \f3jstatd\fP process, particularly in production environments or on unsecure networks.
.LP
.LP
The \f3jstatd\fP server installs an instance of RMISecurityPolicy if no other security manager has been installed and therefore requires a security policy file to be specified. The policy file must conform to the default policy implementation's
.na
\f2Policy File Syntax\fP @
.fi
http://java.sun.com/javase/6/docs/technotes/guides/security/PolicyFiles.html.
.LP
.LP
The following policy file will allow the \f3jstatd\fP server to run without any security exceptions. This policy is less liberal then granting all permissions to all codebases, but is more liberal than a policy that grants the minimal permissions to run the \f3jstatd\fP server.
.LP
.nf
\f3
.fl
grant codebase "file:${java.home}/../lib/tools.jar" {\fP
.br
\f3
.fl
permission java.security.AllPermission;\fP
.br
\f3
.fl
};\fP
.br
\f3
.fl
\fP
.fi
.LP
.LP
To use this policy, copy the text into a file called \f2jstatd.all.policy\fP and run the \f3jstatd\fP server as follows:
.LP
.nf
\f3
.fl
jstatd \-J\-Djava.security.policy=jstatd.all.policy\fP
.br
\f3
.fl
\fP
.fi
.LP
.LP
For sites with more restrictive security practices, it is possible to use a custom policy file to limit access to specific trusted hosts or networks, though such techniques are subject to IP addreess spoofing attacks. If your security concerns cannot be addressed with a customized policy file, then the safest action is to not run the \f3jstatd\fP server and use the \f3jstat\fP and \f3jps\fP tools locally.
.LP
.SH "REMOTE
INTERFACE"
.LP
.LP
.LP
The interface exported by the \f3jstatd\fP process is proprietary and is guaranteed to change. Users and developers are discouraged from writing to this interface.
.LP
.SH "EXAMPLES"
.LP
.LP
.LP
Here are some examples of starting \f3jstatd\fP. Note that the \f3jstatd\fP scripts automatically start the server in the background.
.LP
.SS
Using Internal RMI
Registry
.LP
.LP
This example demonstrates starting \f3jstatd\fP with an internal RMI registry. This example assumes that no other server is bound to the default RMI Registry port (port 1099).
.LP
.nf
\f3
.fl
jstatd \-J\-Djava.security.policy=all.policy
.fl
\fP
.fi
.LP
.SS
Using
External RMI Registry
.LP
.LP
This example demonstrates starting \f3jstatd\fP with a external RMI registry.
.LP
.nf
\f3
.fl
rmiregistry&
.fl
jstatd \-J\-Djava.security.policy=all.policy
.fl
\fP
.fi
.LP
.LP
This example demonstrates starting \f3jstatd\fP with an external RMI registry server on port 2020.
.LP
.nf
\f3
.fl
rmiregistry 2020&
.fl
jstatd \-J\-Djava.security.policy=all.policy \-p 2020
.fl
\fP
.fi
.LP
.LP
This example demonstrates starting \f3jstatd\fP with an external RMI registry on port 2020, bound to name AlternateJstatdServerName.
.LP
.nf
\f3
.fl
rmiregistry 2020&
.fl
jstatd \-J\-Djava.security.policy=all.policy \-p 2020 \-n AlternateJstatdServerName
.fl
\fP
.fi
.LP
.SS
Inhibiting creation of an in\-process RMI
registry
.LP
.LP
This example demonstrates starting \f3jstatd\fP such that it will not create a RMI registry if one is not found. This example assumes an RMI registry is already running. If it is not, an appropriate error message is emitted.
.LP
.nf
\f3
.fl
jstatd \-J\-Djava.security.policy=all.policy \-nr
.fl
\fP
.fi
.LP
.SS
Enabling RMI
logging capabilities.
.LP
.LP
This example demonstrates starting \f3jstatd\fP with RMI logging capabilities enabled. This technique is useful as a troubleshooting aid or for monitoring server activities.
.LP
.nf
\f3
.fl
jstatd \-J\-Djava.security.policy=all.policy \-J\-Djava.rmi.server.logCalls=true
.fl
\fP
.fi
.LP
.SH "SEE ALSO"
.LP
.RS 3
.TP 2
*
java \- the Java Application Launcher
.TP 2
*
jps \- the Java Process Status Application
.TP 2
*
jstat \- the Java Virtual Machine Statistics Monitoring Tool
.TP 2
*
rmiregistry \- the Java Remote Object Registry
.RE
.LP
.LP