# HG changeset patch # User alanb # Date 1289329032 0 # Node ID 03d19396adb9037d65583d9f739e60c9fb6cb9a6 # Parent 0113db4feebca26654582e3885f2c5f0b6c9287a# Parent 19571999a46a615186349cdb8a9fb51cfcfd76b0 Merge diff -r 0113db4feebc -r 03d19396adb9 jdk/make/Makefile --- a/jdk/make/Makefile Tue Nov 09 18:56:39 2010 +0000 +++ b/jdk/make/Makefile Tue Nov 09 18:57:12 2010 +0000 @@ -1,5 +1,5 @@ # -# Copyright (c) 1995, 2007, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 1995, 2010, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -243,6 +243,11 @@ SUBDIRS_tools = launchers SUBDIRS_misc = org sunw jpda mkdemo mksample +# Alternate classes implementation +ifndef OPENJDK + SUBDIRS_misc += altclasses +endif + include $(BUILDDIR)/common/Subdirs.gmk all build:: diff -r 0113db4feebc -r 03d19396adb9 jdk/make/altclasses/Makefile --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/make/altclasses/Makefile Tue Nov 09 18:57:12 2010 +0000 @@ -0,0 +1,84 @@ +# +# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. Oracle designates this +# particular file as subject to the "Classpath" exception as provided +# by Oracle in the LICENSE file that accompanied this code. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +# +# Makefile for building alternate runtime classes (not used by default) +# + +BUILDDIR = .. + +PRODUCT = altclasses + +include $(BUILDDIR)/common/Defs.gmk + +# Root of alternate class sources + +ALTCLASSES_SRCDIR = $(CLOSED_SRC)/share/altclasses + +# Alternate runtime classes + +ALTRT_JAR_FILE = $(LIBDIR)/alt-rt.jar +ALTRT_JAR_SOURCE_FILE = $(TEMPDIR)/alt-rt.jarsrclist +ALTRT_JAR_SOURCES = $(wildcard $(ALTCLASSES_SRCDIR)/java/*/*.java) + +# Use a special file suffix for the file that holds the source list + +.SUFFIXES: .jarsrclist + +# Build rules + +all build: + @if [ -d $(ALTCLASSES_SRCDIR) ] ; then \ + $(MAKE) $(ALTRT_JAR_FILE); \ + fi + +# Source list file creation + +$(ALTRT_JAR_SOURCE_FILE): $(ALTRT_JAR_SOURCES) FRC + $(prep-target) + $(ECHO) $(ALTRT_JAR_SOURCES) > $@ + +clean clobber:: + $(RM) $(ALTRT_JAR_FILE) $(ALTRT_JAR_SOURCE_FILE) + $(RM) -r $(ALTRT_JAR_SOURCE_FILE).classes + +include $(BUILDDIR)/common/Classes.gmk + +# Pattern rule to turn a source list file into a jar file +$(LIBDIR)/%.jar : $(TEMPDIR)/%.jarsrclist + $(prep-target) + $(RM) -r $(<).classes + $(MKDIR) -p $(<).classes + $(JAVAC_CMD) -implicit:none -d $(<).classes @$< + $(BOOT_JAR_CMD) cf $@ -C $(<).classes . $(BOOT_JAR_JFLAGS) + +# Force target + +FRC: + +# Non file targets + +.PHONY: all build clean clobber + diff -r 0113db4feebc -r 03d19396adb9 jdk/src/share/classes/sun/security/krb5/KrbKdcReq.java --- a/jdk/src/share/classes/sun/security/krb5/KrbKdcReq.java Tue Nov 09 18:56:39 2010 +0000 +++ b/jdk/src/share/classes/sun/security/krb5/KrbKdcReq.java Tue Nov 09 18:57:12 2010 +0000 @@ -36,8 +36,7 @@ import java.security.Security; import java.util.Locale; import sun.security.krb5.internal.Krb5; -import sun.security.krb5.internal.UDPClient; -import sun.security.krb5.internal.TCPClient; +import sun.security.krb5.internal.NetClient; import java.io.IOException; import java.net.SocketTimeoutException; import java.util.StringTokenizer; @@ -349,12 +348,16 @@ byte[] ibuf = null; - if (useTCP) { - TCPClient kdcClient = new TCPClient(kdc, port); + for (int i=1; i <= retries; i++) { + String proto = useTCP?"TCP":"UDP"; + NetClient kdcClient = NetClient.getInstance( + proto, kdc, port, timeout); if (DEBUG) { System.out.println(">>> KDCCommunication: kdc=" + kdc - + " TCP:" - + port + + " " + proto + ":" + + port + ", timeout=" + + timeout + + ",Attempt =" + i + ", #bytes=" + obuf.length); } try { @@ -366,51 +369,19 @@ * And get a response. */ ibuf = kdcClient.receive(); + break; + } catch (SocketTimeoutException se) { + if (DEBUG) { + System.out.println ("SocketTimeOutException with " + + "attempt: " + i); + } + if (i == retries) { + ibuf = null; + throw se; + } } finally { kdcClient.close(); } - - } else { - // For each KDC we try defaultKdcRetryLimit times to - // get the response - for (int i=1; i <= retries; i++) { - UDPClient kdcClient = new UDPClient(kdc, port, timeout); - - if (DEBUG) { - System.out.println(">>> KDCCommunication: kdc=" + kdc - + (useTCP ? " TCP:":" UDP:") - + port + ", timeout=" - + timeout - + ",Attempt =" + i - + ", #bytes=" + obuf.length); - } - try { - /* - * Send the data to the kdc. - */ - - kdcClient.send(obuf); - - /* - * And get a response. - */ - try { - ibuf = kdcClient.receive(); - break; - } catch (SocketTimeoutException se) { - if (DEBUG) { - System.out.println ("SocketTimeOutException with " + - "attempt: " + i); - } - if (i == retries) { - ibuf = null; - throw se; - } - } - } finally { - kdcClient.close(); - } - } } return ibuf; } diff -r 0113db4feebc -r 03d19396adb9 jdk/src/share/classes/sun/security/krb5/internal/NetClient.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/src/share/classes/sun/security/krb5/internal/NetClient.java Tue Nov 09 18:57:12 2010 +0000 @@ -0,0 +1,221 @@ +/* + * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * + * (C) Copyright IBM Corp. 1999 All Rights Reserved. + * Copyright 1997 The Open Group Research Institute. All rights reserved. + */ + +package sun.security.krb5.internal; + +import java.io.*; +import java.net.*; + +public abstract class NetClient { + public static NetClient getInstance(String protocol, String hostname, int port, + int timeout) throws IOException { + if (protocol.equals("TCP")) { + return new TCPClient(hostname, port, timeout); + } else { + return new UDPClient(hostname, port, timeout); + } + } + + abstract public void send(byte[] data) throws IOException; + + abstract public byte[] receive() throws IOException; + + abstract public void close() throws IOException; +} + +class TCPClient extends NetClient { + + private Socket tcpSocket; + private BufferedOutputStream out; + private BufferedInputStream in; + + TCPClient(String hostname, int port, int timeout) + throws IOException { + tcpSocket = new Socket(hostname, port); + out = new BufferedOutputStream(tcpSocket.getOutputStream()); + in = new BufferedInputStream(tcpSocket.getInputStream()); + tcpSocket.setSoTimeout(timeout); + } + + @Override + public void send(byte[] data) throws IOException { + byte[] lenField = new byte[4]; + intToNetworkByteOrder(data.length, lenField, 0, 4); + out.write(lenField); + + out.write(data); + out.flush(); + } + + @Override + public byte[] receive() throws IOException { + byte[] lenField = new byte[4]; + int count = readFully(lenField, 4); + + if (count != 4) { + if (Krb5.DEBUG) { + System.out.println( + ">>>DEBUG: TCPClient could not read length field"); + } + return null; + } + + int len = networkByteOrderToInt(lenField, 0, 4); + if (Krb5.DEBUG) { + System.out.println( + ">>>DEBUG: TCPClient reading " + len + " bytes"); + } + if (len <= 0) { + if (Krb5.DEBUG) { + System.out.println( + ">>>DEBUG: TCPClient zero or negative length field: "+len); + } + return null; + } + + byte data[] = new byte[len]; + count = readFully(data, len); + if (count != len) { + if (Krb5.DEBUG) { + System.out.println( + ">>>DEBUG: TCPClient could not read complete packet (" + + len + "/" + count + ")"); + } + return null; + } else { + return data; + } + } + + @Override + public void close() throws IOException { + tcpSocket.close(); + } + + /** + * Read requested number of bytes before returning. + * @return The number of bytes actually read; -1 if none read + */ + private int readFully(byte[] inBuf, int total) throws IOException { + int count, pos = 0; + + while (total > 0) { + count = in.read(inBuf, pos, total); + + if (count == -1) { + return (pos == 0? -1 : pos); + } + pos += count; + total -= count; + } + return pos; + } + + /** + * Returns the integer represented by 4 bytes in network byte order. + */ + private static int networkByteOrderToInt(byte[] buf, int start, + int count) { + if (count > 4) { + throw new IllegalArgumentException( + "Cannot handle more than 4 bytes"); + } + + int answer = 0; + + for (int i = 0; i < count; i++) { + answer <<= 8; + answer |= ((int)buf[start+i] & 0xff); + } + return answer; + } + + /** + * Encodes an integer into 4 bytes in network byte order in the buffer + * supplied. + */ + private static void intToNetworkByteOrder(int num, byte[] buf, + int start, int count) { + if (count > 4) { + throw new IllegalArgumentException( + "Cannot handle more than 4 bytes"); + } + + for (int i = count-1; i >= 0; i--) { + buf[start+i] = (byte)(num & 0xff); + num >>>= 8; + } + } +} + +class UDPClient extends NetClient { + InetAddress iaddr; + int iport; + int bufSize = 65507; + DatagramSocket dgSocket; + DatagramPacket dgPacketIn; + + UDPClient(String hostname, int port, int timeout) + throws UnknownHostException, SocketException { + iaddr = InetAddress.getByName(hostname); + iport = port; + dgSocket = new DatagramSocket(); + dgSocket.setSoTimeout(timeout); + } + + @Override + public void send(byte[] data) throws IOException { + DatagramPacket dgPacketOut = new DatagramPacket(data, data.length, + iaddr, iport); + dgSocket.send(dgPacketOut); + } + + @Override + public byte[] receive() throws IOException { + byte ibuf[] = new byte[bufSize]; + dgPacketIn = new DatagramPacket(ibuf, ibuf.length); + try { + dgSocket.receive(dgPacketIn); + } + catch (SocketException e) { + dgSocket.receive(dgPacketIn); + } + byte[] data = new byte[dgPacketIn.getLength()]; + System.arraycopy(dgPacketIn.getData(), 0, data, 0, + dgPacketIn.getLength()); + return data; + } + + @Override + public void close() { + dgSocket.close(); + } +} diff -r 0113db4feebc -r 03d19396adb9 jdk/src/share/classes/sun/security/krb5/internal/TCPClient.java --- a/jdk/src/share/classes/sun/security/krb5/internal/TCPClient.java Tue Nov 09 18:56:39 2010 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,155 +0,0 @@ -/* - * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * - * (C) Copyright IBM Corp. 1999 All Rights Reserved. - * Copyright 1997 The Open Group Research Institute. All rights reserved. - */ - -package sun.security.krb5.internal; - -import java.io.*; -import java.net.*; - -public class TCPClient { - - private Socket tcpSocket; - private BufferedOutputStream out; - private BufferedInputStream in; - - public TCPClient(String hostname, int port) throws IOException { - tcpSocket = new Socket(hostname, port); - out = new BufferedOutputStream(tcpSocket.getOutputStream()); - in = new BufferedInputStream(tcpSocket.getInputStream()); - } - - public void send(byte[] data) throws IOException { - byte[] lenField = new byte[4]; - intToNetworkByteOrder(data.length, lenField, 0, 4); - out.write(lenField); - - out.write(data); - out.flush(); - } - - public byte[] receive() throws IOException { - byte[] lenField = new byte[4]; - int count = readFully(lenField, 4); - - if (count != 4) { - if (Krb5.DEBUG) { - System.out.println( - ">>>DEBUG: TCPClient could not read length field"); - } - return null; - } - - int len = networkByteOrderToInt(lenField, 0, 4); - if (Krb5.DEBUG) { - System.out.println( - ">>>DEBUG: TCPClient reading " + len + " bytes"); - } - if (len <= 0) { - if (Krb5.DEBUG) { - System.out.println( - ">>>DEBUG: TCPClient zero or negative length field: "+len); - } - return null; - } - - byte data[] = new byte[len]; - count = readFully(data, len); - if (count != len) { - if (Krb5.DEBUG) { - System.out.println( - ">>>DEBUG: TCPClient could not read complete packet (" + - len + "/" + count + ")"); - } - return null; - } else { - return data; - } - } - - public void close() throws IOException { - tcpSocket.close(); - } - - /** - * Read requested number of bytes before returning. - * @return The number of bytes actually read; -1 if none read - */ - private int readFully(byte[] inBuf, int total) throws IOException { - int count, pos = 0; - - while (total > 0) { - count = in.read(inBuf, pos, total); - - if (count == -1) { - return (pos == 0? -1 : pos); - } - pos += count; - total -= count; - } - return pos; - } - - /** - * Returns the integer represented by 4 bytes in network byte order. - */ - private static final int networkByteOrderToInt(byte[] buf, int start, - int count) { - if (count > 4) { - throw new IllegalArgumentException( - "Cannot handle more than 4 bytes"); - } - - int answer = 0; - - for (int i = 0; i < count; i++) { - answer <<= 8; - answer |= ((int)buf[start+i] & 0xff); - } - return answer; - } - - /** - * Encodes an integer into 4 bytes in network byte order in the buffer - * supplied. - */ - private static final void intToNetworkByteOrder(int num, byte[] buf, - int start, int count) { - if (count > 4) { - throw new IllegalArgumentException( - "Cannot handle more than 4 bytes"); - } - - for (int i = count-1; i >= 0; i--) { - buf[start+i] = (byte)(num & 0xff); - num >>>= 8; - } - } -} diff -r 0113db4feebc -r 03d19396adb9 jdk/src/share/classes/sun/security/krb5/internal/UDPClient.java --- a/jdk/src/share/classes/sun/security/krb5/internal/UDPClient.java Tue Nov 09 18:56:39 2010 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,99 +0,0 @@ -/* - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * - * (C) Copyright IBM Corp. 1999 All Rights Reserved. - * Copyright 1997 The Open Group Research Institute. All rights reserved. - */ - -package sun.security.krb5.internal; - -import java.io.*; -import java.net.*; - -public class UDPClient { - InetAddress iaddr; - int iport; - int bufSize = 65507; - DatagramSocket dgSocket; - DatagramPacket dgPacketIn; - - public UDPClient(InetAddress newIAddr, int port) - throws SocketException { - iaddr = newIAddr; - iport = port; - dgSocket = new DatagramSocket(); - } - - public UDPClient(String hostname, int port) - throws UnknownHostException, SocketException { - iaddr = InetAddress.getByName(hostname); - iport = port; - dgSocket = new DatagramSocket(); - } - - public UDPClient(String hostname, int port, int timeout) - throws UnknownHostException, SocketException { - iaddr = InetAddress.getByName(hostname); - iport = port; - dgSocket = new DatagramSocket(); - dgSocket.setSoTimeout(timeout); - } - - public void setBufSize(int newBufSize) { - bufSize = newBufSize; - } - - public InetAddress getInetAddress() { - if (dgPacketIn != null) - return dgPacketIn.getAddress(); - return null; - } - - public void send(byte[] data) throws IOException { - DatagramPacket dgPacketOut = new DatagramPacket(data, data.length, - iaddr, iport); - dgSocket.send(dgPacketOut); - } - - public byte[] receive() throws IOException { - byte ibuf[] = new byte[bufSize]; - dgPacketIn = new DatagramPacket(ibuf, ibuf.length); - try { - dgSocket.receive(dgPacketIn); - } - catch (SocketException e) { - dgSocket.receive(dgPacketIn); - } - byte[] data = new byte[dgPacketIn.getLength()]; - System.arraycopy(dgPacketIn.getData(), 0, data, 0, - dgPacketIn.getLength()); - return data; - } - - public void close() { - dgSocket.close(); - } -} diff -r 0113db4feebc -r 03d19396adb9 jdk/src/solaris/classes/sun/net/www/protocol/http/NTLMAuthentication.java --- a/jdk/src/solaris/classes/sun/net/www/protocol/http/NTLMAuthentication.java Tue Nov 09 18:56:39 2010 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,427 +0,0 @@ -/* - * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.net.www.protocol.http; - -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.net.InetAddress; -import java.net.PasswordAuthentication; -import java.net.UnknownHostException; -import java.net.URL; -import java.security.GeneralSecurityException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import javax.crypto.Cipher; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.DESKeySpec; - -import sun.net.www.HeaderParser; - -/** - * NTLMAuthentication: - * - * @author Michael McMahon - */ - -/* - * NTLM authentication is nominally based on the framework defined in RFC2617, - * but differs from the standard (Basic & Digest) schemes as follows: - * - * 1. A complete authentication requires three request/response transactions - * as shown below: - * REQ -------------------------------> - * <---- 401 (signalling NTLM) -------- - * - * REQ (with type1 NTLM msg) ---------> - * <---- 401 (with type 2 NTLM msg) --- - * - * REQ (with type3 NTLM msg) ---------> - * <---- OK --------------------------- - * - * 2. The scope of the authentication is the TCP connection (which must be kept-alive) - * after the type2 response is received. This means that NTLM does not work end-to-end - * through a proxy, rather between client and proxy, or between client and server (with no proxy) - */ - -class NTLMAuthentication extends AuthenticationInfo { - private static final long serialVersionUID = -2403849171106437142L; - - private byte[] type1; - private byte[] type3; - - private SecretKeyFactory fac; - private Cipher cipher; - private MessageDigest md4; - private String hostname; - private static String defaultDomain; /* Domain to use if not specified by user */ - - static { - defaultDomain = java.security.AccessController.doPrivileged( - new sun.security.action.GetPropertyAction("http.auth.ntlm.domain", - "domain")); - }; - - static boolean supportsTransparentAuth () { - return false; - } - - private void init0() { - type1 = new byte[256]; - type3 = new byte[256]; - System.arraycopy (new byte[] {'N','T','L','M','S','S','P',0,1}, 0, type1, 0, 9); - type1[12] = (byte) 3; - type1[13] = (byte) 0xb2; - type1[28] = (byte) 0x20; - System.arraycopy (new byte[] {'N','T','L','M','S','S','P',0,3}, 0, type3, 0, 9); - type3[12] = (byte) 0x18; - type3[14] = (byte) 0x18; - type3[20] = (byte) 0x18; - type3[22] = (byte) 0x18; - type3[32] = (byte) 0x40; - type3[60] = (byte) 1; - type3[61] = (byte) 0x82; - - try { - hostname = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { - public String run() { - String localhost; - try { - localhost = InetAddress.getLocalHost().getHostName().toUpperCase(); - } catch (UnknownHostException e) { - localhost = "localhost"; - } - return localhost; - } - }); - int x = hostname.indexOf ('.'); - if (x != -1) { - hostname = hostname.substring (0, x); - } - fac = SecretKeyFactory.getInstance ("DES"); - cipher = Cipher.getInstance ("DES/ECB/NoPadding"); - md4 = sun.security.provider.MD4.getInstance(); - } catch (NoSuchPaddingException e) { - assert false; - } catch (NoSuchAlgorithmException e) { - assert false; - } - }; - - PasswordAuthentication pw; - String username; - String ntdomain; - String password; - - /** - * Create a NTLMAuthentication: - * Username may be specified as domainusername in the application Authenticator. - * If this notation is not used, then the domain will be taken - * from a system property: "http.auth.ntlm.domain". - */ - public NTLMAuthentication(boolean isProxy, URL url, PasswordAuthentication pw) { - super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, - AuthScheme.NTLM, - url, - ""); - init (pw); - } - - private void init (PasswordAuthentication pw) { - this.pw = pw; - String s = pw.getUserName(); - int i = s.indexOf ('\\'); - if (i == -1) { - username = s; - ntdomain = defaultDomain; - } else { - ntdomain = s.substring (0, i).toUpperCase(); - username = s.substring (i+1); - } - password = new String (pw.getPassword()); - init0(); - } - - /** - * Constructor used for proxy entries - */ - public NTLMAuthentication(boolean isProxy, String host, int port, - PasswordAuthentication pw) { - super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, - AuthScheme.NTLM, - host, - port, - ""); - init (pw); - } - - /** - * @return true if this authentication supports preemptive authorization - */ - boolean supportsPreemptiveAuthorization() { - return false; - } - - /** - * @return the name of the HTTP header this authentication wants set - */ - String getHeaderName() { - if (type == SERVER_AUTHENTICATION) { - return "Authorization"; - } else { - return "Proxy-authorization"; - } - } - - /** - * Not supported. Must use the setHeaders() method - */ - String getHeaderValue(URL url, String method) { - throw new RuntimeException ("getHeaderValue not supported"); - } - - /** - * Check if the header indicates that the current auth. parameters are stale. - * If so, then replace the relevant field with the new value - * and return true. Otherwise return false. - * returning true means the request can be retried with the same userid/password - * returning false means we have to go back to the user to ask for a new - * username password. - */ - boolean isAuthorizationStale (String header) { - return false; /* should not be called for ntlm */ - } - - /** - * Set header(s) on the given connection. - * @param conn The connection to apply the header(s) to - * @param p A source of header values for this connection, not used because - * HeaderParser converts the fields to lower case, use raw instead - * @param raw The raw header field. - * @return true if all goes well, false if no headers were set. - */ - synchronized boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw) { - - try { - String response; - if (raw.length() < 6) { /* NTLM */ - response = buildType1Msg (); - } else { - String msg = raw.substring (5); /* skip NTLM */ - response = buildType3Msg (msg); - } - conn.setAuthenticationProperty(getHeaderName(), response); - return true; - } catch (IOException e) { - return false; - } catch (GeneralSecurityException e) { - return false; - } - } - - private void copybytes (byte[] dest, int destpos, String src, String enc) { - try { - byte[] x = src.getBytes(enc); - System.arraycopy (x, 0, dest, destpos, x.length); - } catch (UnsupportedEncodingException e) { - assert false; - } - } - - private String buildType1Msg () { - int dlen = ntdomain.length(); - type1[16]= (byte) (dlen % 256); - type1[17]= (byte) (dlen / 256); - type1[18] = type1[16]; - type1[19] = type1[17]; - - int hlen = hostname.length(); - type1[24]= (byte) (hlen % 256); - type1[25]= (byte) (hlen / 256); - type1[26] = type1[24]; - type1[27] = type1[25]; - - copybytes (type1, 32, hostname, "ISO8859_1"); - copybytes (type1, hlen+32, ntdomain, "ISO8859_1"); - type1[20] = (byte) ((hlen+32) % 256); - type1[21] = (byte) ((hlen+32) / 256); - - byte[] msg = new byte [32 + hlen + dlen]; - System.arraycopy (type1, 0, msg, 0, 32 + hlen + dlen); - String result = "NTLM " + (new B64Encoder()).encode (msg); - return result; - } - - - /* Convert a 7 byte array to an 8 byte array (for a des key with parity) - * input starts at offset off - */ - private byte[] makeDesKey (byte[] input, int off) { - int[] in = new int [input.length]; - for (int i=0; i> 1)); - out[2] = (byte)(((in[off+1] << 6) & 0xFF) | (in[off+2] >> 2)); - out[3] = (byte)(((in[off+2] << 5) & 0xFF) | (in[off+3] >> 3)); - out[4] = (byte)(((in[off+3] << 4) & 0xFF) | (in[off+4] >> 4)); - out[5] = (byte)(((in[off+4] << 3) & 0xFF) | (in[off+5] >> 5)); - out[6] = (byte)(((in[off+5] << 2) & 0xFF) | (in[off+6] >> 6)); - out[7] = (byte)((in[off+6] << 1) & 0xFF); - return out; - } - - private byte[] calcLMHash () throws GeneralSecurityException { - byte[] magic = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; - byte[] pwb = password.toUpperCase ().getBytes(); - byte[] pwb1 = new byte [14]; - int len = password.length(); - if (len > 14) - len = 14; - System.arraycopy (pwb, 0, pwb1, 0, len); /* Zero padded */ - - DESKeySpec dks1 = new DESKeySpec (makeDesKey (pwb1, 0)); - DESKeySpec dks2 = new DESKeySpec (makeDesKey (pwb1, 7)); - - SecretKey key1 = fac.generateSecret (dks1); - SecretKey key2 = fac.generateSecret (dks2); - cipher.init (Cipher.ENCRYPT_MODE, key1); - byte[] out1 = cipher.doFinal (magic, 0, 8); - cipher.init (Cipher.ENCRYPT_MODE, key2); - byte[] out2 = cipher.doFinal (magic, 0, 8); - - byte[] result = new byte [21]; - System.arraycopy (out1, 0, result, 0, 8); - System.arraycopy (out2, 0, result, 8, 8); - return result; - } - - private byte[] calcNTHash () throws GeneralSecurityException { - byte[] pw = null; - try { - pw = password.getBytes ("UnicodeLittleUnmarked"); - } catch (UnsupportedEncodingException e) { - assert false; - } - byte[] out = md4.digest (pw); - byte[] result = new byte [21]; - System.arraycopy (out, 0, result, 0, 16); - return result; - } - - /* key is a 21 byte array. Split it into 3 7 byte chunks, - * Convert each to 8 byte DES keys, encrypt the text arg with - * each key and return the three results in a sequential [] - */ - private byte[] calcResponse (byte[] key, byte[] text) - throws GeneralSecurityException { - assert key.length == 21; - DESKeySpec dks1 = new DESKeySpec (makeDesKey (key, 0)); - DESKeySpec dks2 = new DESKeySpec (makeDesKey (key, 7)); - DESKeySpec dks3 = new DESKeySpec (makeDesKey (key, 14)); - SecretKey key1 = fac.generateSecret (dks1); - SecretKey key2 = fac.generateSecret (dks2); - SecretKey key3 = fac.generateSecret (dks3); - cipher.init (Cipher.ENCRYPT_MODE, key1); - byte[] out1 = cipher.doFinal (text, 0, 8); - cipher.init (Cipher.ENCRYPT_MODE, key2); - byte[] out2 = cipher.doFinal (text, 0, 8); - cipher.init (Cipher.ENCRYPT_MODE, key3); - byte[] out3 = cipher.doFinal (text, 0, 8); - byte[] result = new byte [24]; - System.arraycopy (out1, 0, result, 0, 8); - System.arraycopy (out2, 0, result, 8, 8); - System.arraycopy (out3, 0, result, 16, 8); - return result; - } - - private String buildType3Msg (String challenge) throws GeneralSecurityException, - IOException { - /* First decode the type2 message to get the server nonce */ - /* nonce is located at type2[24] for 8 bytes */ - - byte[] type2 = (new sun.misc.BASE64Decoder()).decodeBuffer (challenge); - byte[] nonce = new byte [8]; - System.arraycopy (type2, 24, nonce, 0, 8); - - int ulen = username.length()*2; - type3[36] = type3[38] = (byte) (ulen % 256); - type3[37] = type3[39] = (byte) (ulen / 256); - int dlen = ntdomain.length()*2; - type3[28] = type3[30] = (byte) (dlen % 256); - type3[29] = type3[31] = (byte) (dlen / 256); - int hlen = hostname.length()*2; - type3[44] = type3[46] = (byte) (hlen % 256); - type3[45] = type3[47] = (byte) (hlen / 256); - - int l = 64; - copybytes (type3, l, ntdomain, "UnicodeLittleUnmarked"); - type3[32] = (byte) (l % 256); - type3[33] = (byte) (l / 256); - l += dlen; - copybytes (type3, l, username, "UnicodeLittleUnmarked"); - type3[40] = (byte) (l % 256); - type3[41] = (byte) (l / 256); - l += ulen; - copybytes (type3, l, hostname, "UnicodeLittleUnmarked"); - type3[48] = (byte) (l % 256); - type3[49] = (byte) (l / 256); - l += hlen; - - byte[] lmhash = calcLMHash(); - byte[] lmresponse = calcResponse (lmhash, nonce); - byte[] nthash = calcNTHash(); - byte[] ntresponse = calcResponse (nthash, nonce); - System.arraycopy (lmresponse, 0, type3, l, 24); - type3[16] = (byte) (l % 256); - type3[17] = (byte) (l / 256); - l += 24; - System.arraycopy (ntresponse, 0, type3, l, 24); - type3[24] = (byte) (l % 256); - type3[25] = (byte) (l / 256); - l += 24; - type3[56] = (byte) (l % 256); - type3[57] = (byte) (l / 256); - - byte[] msg = new byte [l]; - System.arraycopy (type3, 0, msg, 0, l); - String result = "NTLM " + (new B64Encoder()).encode (msg); - return result; - } - -} - - -class B64Encoder extends sun.misc.BASE64Encoder { - /* to force it to to the entire encoding in one line */ - protected int bytesPerLine () { - return 1024; - } -} diff -r 0113db4feebc -r 03d19396adb9 jdk/test/java/lang/reflect/Generics/Probe.java --- a/jdk/test/java/lang/reflect/Generics/Probe.java Tue Nov 09 18:56:39 2010 +0000 +++ b/jdk/test/java/lang/reflect/Generics/Probe.java Tue Nov 09 18:57:12 2010 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -47,9 +47,6 @@ "java.util.WeakHashMap$EntryIterator", "java.util.WeakHashMap$KeyIterator", "java.util.WeakHashMap$ValueIterator", - "java.util.TreeMap$EntryIterator", - "java.util.TreeMap$KeyIterator", - "java.util.TreeMap$ValueIterator", "java.util.HashMap$EntryIterator", "java.util.HashMap$KeyIterator", "java.util.HashMap$ValueIterator", diff -r 0113db4feebc -r 03d19396adb9 jdk/test/java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java --- a/jdk/test/java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java Tue Nov 09 18:56:39 2010 +0000 +++ b/jdk/test/java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java Tue Nov 09 18:57:12 2010 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 4684810 + * @bug 4684810 6994717 * @summary Verify that RFC822 name constraints are checked correctly */ @@ -38,6 +38,7 @@ import java.util.ArrayList; import java.util.Collections; +import java.util.Date; import java.util.List; import java.util.Set; @@ -100,6 +101,9 @@ Set anchors = Collections.singleton(anchor); params = new PKIXParameters(anchors); params.setRevocationEnabled(false); + // The certificates expired on 10/22/10, so set the validity date to + // 05/01/2009 to avoid expiration failures + params.setDate(new Date(1243828800000l)); } /* diff -r 0113db4feebc -r 03d19396adb9 jdk/test/java/util/NavigableMap/LockStep.java --- a/jdk/test/java/util/NavigableMap/LockStep.java Tue Nov 09 18:56:39 2010 +0000 +++ b/jdk/test/java/util/NavigableMap/LockStep.java Tue Nov 09 18:57:12 2010 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,9 @@ * @test * @bug 6420753 6242436 6691185 * @summary Compare NavigableMap implementations for identical behavior + * @run main LockStep + * @run main/othervm -XX:+AggressiveOpts LockStep + * @run main/othervm -XX:+AggressiveOpts -Dthorough=true LockStep * @author Martin Buchholz */ diff -r 0113db4feebc -r 03d19396adb9 jdk/test/sun/security/krb5/auto/TcpTimeout.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/krb5/auto/TcpTimeout.java Tue Nov 09 18:57:12 2010 +0000 @@ -0,0 +1,138 @@ +/* + * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 6952519 + * @run main/timeout=40/othervm TcpTimeout + * @summary kdc_timeout is not being honoured when using TCP + */ + +import java.io.*; +import java.net.ServerSocket; +import sun.security.krb5.Config; + +public class TcpTimeout { + public static void main(String[] args) + throws Exception { + + System.setProperty("sun.security.krb5.debug", "true"); + final int p1 = 10000 + new java.util.Random().nextInt(10000); + final int p2 = 20000 + new java.util.Random().nextInt(10000); + final int p3 = 30000 + new java.util.Random().nextInt(10000); + + KDC k = new KDC(OneKDC.REALM, OneKDC.KDCHOST, p3, true); + k.addPrincipal(OneKDC.USER, OneKDC.PASS); + k.addPrincipalRandKey("krbtgt/" + OneKDC.REALM); + + // Start two listener that does not communicate, simulate timeout + new Thread() { + public void run() { + try { + new ServerSocket(p1).accept(); + } catch (Exception e) { + }} + }.start(); + new Thread() { + public void run() { + try { + new ServerSocket(p2).accept(); + } catch (Exception e) { + }} + }.start(); + + FileWriter fw = new FileWriter("alternative-krb5.conf"); + + fw.write("[libdefaults]\n" + + "udp_preference_limit = 1\n" + + "max_retries = 2\n" + + "default_realm = " + OneKDC.REALM + "\n" + + "kdc_timeout = 5000\n"); + fw.write("[realms]\n" + OneKDC.REALM + " = {\n" + + "kdc = " + OneKDC.KDCHOST + ":" + p1 + "\n" + + "kdc = " + OneKDC.KDCHOST + ":" + p2 + "\n" + + "kdc = " + OneKDC.KDCHOST + ":" + p3 + "\n" + + "}\n"); + + fw.close(); + System.setProperty("java.security.krb5.conf", "alternative-krb5.conf"); + Config.refresh(); + + // The correct behavior should be: + // 5 sec on p1, 5 sec on p1, fail + // 5 sec on p2, 5 sec on p2, fail + // p3 ok, p3 ok again for preauth. + // The total time should be 20sec + 2x. x is processing time for AS-REQ. + int count = 6; + long start = System.nanoTime(); + + ByteArrayOutputStream bo = new ByteArrayOutputStream(); + PrintStream oldout = System.out; + System.setOut(new PrintStream(bo)); + Context c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); + System.setOut(oldout); + + String[] lines = new String(bo.toByteArray()).split("\n"); + for (String line: lines) { + if (line.startsWith(">>> KDCCommunication")) { + System.out.println(line); + count--; + } + } + if (count != 0) { + throw new Exception("Retry count is " + count + " less"); + } + + long end = System.nanoTime(); + if ((end - start)/1000000000L < 20) { + throw new Exception("Too fast? " + (end - start)/1000000000L); + } + } + + private static KDC on(int p) throws Exception { + KDC k = new KDC(OneKDC.REALM, OneKDC.KDCHOST, p, true); + k.addPrincipal(OneKDC.USER, OneKDC.PASS); + k.addPrincipalRandKey("krbtgt/" + OneKDC.REALM); + return k; + } + + private static void addFakeKDCs() + throws Exception { + BufferedReader fr = new BufferedReader(new FileReader(OneKDC.KRB5_CONF)); + FileWriter fw = new FileWriter("alternative-krb5.conf"); + while (true) { + String s = fr.readLine(); + if (s == null) { + break; + } + if (s.trim().startsWith("kdc = ")) { + fw.write(" kdc = localhost:33333\n"); + fw.write(" kdc = localhost:22222\n"); + } + fw.write(s + "\n"); + } + fr.close(); + fw.close(); + sun.security.krb5.Config.refresh(); + } +}