# HG changeset patch # User tbell # Date 1259537072 28800 # Node ID 0b2523baa546ec5d96cc2ad4403412eef852923b # Parent aba524fe54db88b61e1184f3c7ead0f59f3e8edf# Parent f36521ae16db5fdd4603f9c6e64155404cbabebd Merge diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java --- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java Sun Nov 29 15:24:32 2009 -0800 @@ -26,6 +26,7 @@ package com.sun.jmx.mbeanserver; import java.lang.annotation.Annotation; +import java.lang.ref.SoftReference; import java.lang.reflect.AnnotatedElement; import java.lang.reflect.Constructor; import java.lang.reflect.Method; @@ -33,8 +34,13 @@ import java.lang.reflect.Proxy; import java.lang.reflect.UndeclaredThrowableException; import java.util.Arrays; +import java.util.Collections; import java.util.HashMap; +import java.util.List; +import java.util.LinkedList; +import java.util.Locale; import java.util.Map; +import java.util.WeakHashMap; import javax.management.Descriptor; import javax.management.DescriptorKey; @@ -506,11 +512,25 @@ } else { // Java Beans introspection // - BeanInfo bi = java.beans.Introspector.getBeanInfo(complex.getClass()); - PropertyDescriptor[] pds = bi.getPropertyDescriptors(); - for (PropertyDescriptor pd : pds) - if (pd.getName().equals(element)) - return pd.getReadMethod().invoke(complex); + Class clazz = complex.getClass(); + Method readMethod = null; + if (BeansHelper.isAvailable()) { + Object bi = BeansHelper.getBeanInfo(clazz); + Object[] pds = BeansHelper.getPropertyDescriptors(bi); + for (Object pd: pds) { + if (BeansHelper.getPropertyName(pd).equals(element)) { + readMethod = BeansHelper.getReadMethod(pd); + break; + } + } + } else { + // Java Beans not available so use simple introspection + // to locate method + readMethod = SimpleIntrospector.getReadMethod(clazz, element); + } + if (readMethod != null) + return readMethod.invoke(complex); + throw new AttributeNotFoundException( "Could not find the getter method for the property " + element + " using the Java Beans introspector"); @@ -524,4 +544,235 @@ new AttributeNotFoundException(e.getMessage()), e); } } + + /** + * A simple introspector that uses reflection to analyze a class and + * identify its "getter" methods. This class is intended for use only when + * Java Beans is not present (which implies that there isn't explicit + * information about the bean available). + */ + private static class SimpleIntrospector { + private SimpleIntrospector() { } + + private static final String GET_METHOD_PREFIX = "get"; + private static final String IS_METHOD_PREFIX = "is"; + + // cache to avoid repeated lookups + private static final Map,SoftReference>> cache = + Collections.synchronizedMap( + new WeakHashMap,SoftReference>> ()); + + /** + * Returns the list of methods cached for the given class, or {@code null} + * if not cached. + */ + private static List getCachedMethods(Class clazz) { + // return cached methods if possible + SoftReference> ref = cache.get(clazz); + if (ref != null) { + List cached = ref.get(); + if (cached != null) + return cached; + } + return null; + } + + /** + * Returns {@code true} if the given method is a "getter" method (where + * "getter" method is a public method of the form getXXX or "boolean + * isXXX") + */ + static boolean isReadMethod(Method method) { + // ignore static methods + int modifiers = method.getModifiers(); + if (Modifier.isStatic(modifiers)) + return false; + + String name = method.getName(); + Class[] paramTypes = method.getParameterTypes(); + int paramCount = paramTypes.length; + + if (paramCount == 0 && name.length() > 2) { + // boolean isXXX() + if (name.startsWith(IS_METHOD_PREFIX)) + return (method.getReturnType() == boolean.class); + // getXXX() + if (name.length() > 3 && name.startsWith(GET_METHOD_PREFIX)) + return (method.getReturnType() != void.class); + } + return false; + } + + /** + * Returns the list of "getter" methods for the given class. The list + * is ordered so that isXXX methods appear before getXXX methods - this + * is for compatability with the JavaBeans Introspector. + */ + static List getReadMethods(Class clazz) { + // return cached result if available + List cachedResult = getCachedMethods(clazz); + if (cachedResult != null) + return cachedResult; + + // get list of public methods, filtering out methods that have + // been overridden to return a more specific type. + List methods = + StandardMBeanIntrospector.getInstance().getMethods(clazz); + methods = MBeanAnalyzer.eliminateCovariantMethods(methods); + + // filter out the non-getter methods + List result = new LinkedList(); + for (Method m: methods) { + if (isReadMethod(m)) { + // favor isXXX over getXXX + if (m.getName().startsWith(IS_METHOD_PREFIX)) { + result.add(0, m); + } else { + result.add(m); + } + } + } + + // add result to cache + cache.put(clazz, new SoftReference>(result)); + + return result; + } + + /** + * Returns the "getter" to read the given property from the given class or + * {@code null} if no method is found. + */ + static Method getReadMethod(Class clazz, String property) { + // first character in uppercase (compatability with JavaBeans) + property = property.substring(0, 1).toUpperCase(Locale.ENGLISH) + + property.substring(1); + String getMethod = GET_METHOD_PREFIX + property; + String isMethod = IS_METHOD_PREFIX + property; + for (Method m: getReadMethods(clazz)) { + String name = m.getName(); + if (name.equals(isMethod) || name.equals(getMethod)) { + return m; + } + } + return null; + } + } + + /** + * A class that provides access to the JavaBeans Introspector and + * PropertyDescriptors without creating a static dependency on java.beans. + */ + private static class BeansHelper { + private static final Class introspectorClass = + getClass("java.beans.Introspector"); + private static final Class beanInfoClass = + (introspectorClass == null) ? null : getClass("java.beans.BeanInfo"); + private static final Class getPropertyDescriptorClass = + (beanInfoClass == null) ? null : getClass("java.beans.PropertyDescriptor"); + + private static final Method getBeanInfo = + getMethod(introspectorClass, "getBeanInfo", Class.class); + private static final Method getPropertyDescriptors = + getMethod(beanInfoClass, "getPropertyDescriptors"); + private static final Method getPropertyName = + getMethod(getPropertyDescriptorClass, "getName"); + private static final Method getReadMethod = + getMethod(getPropertyDescriptorClass, "getReadMethod"); + + private static Class getClass(String name) { + try { + return Class.forName(name, true, null); + } catch (ClassNotFoundException e) { + return null; + } + } + private static Method getMethod(Class clazz, + String name, + Class... paramTypes) + { + if (clazz != null) { + try { + return clazz.getMethod(name, paramTypes); + } catch (NoSuchMethodException e) { + throw new AssertionError(e); + } + } else { + return null; + } + } + + private BeansHelper() { } + + /** + * Returns {@code true} if java.beans is available. + */ + static boolean isAvailable() { + return introspectorClass != null; + } + + /** + * Invokes java.beans.Introspector.getBeanInfo(Class) + */ + static Object getBeanInfo(Class clazz) throws Exception { + try { + return getBeanInfo.invoke(null, clazz); + } catch (InvocationTargetException e) { + Throwable cause = e.getCause(); + if (cause instanceof Exception) + throw (Exception)cause; + throw new AssertionError(e); + } catch (IllegalAccessException iae) { + throw new AssertionError(iae); + } + } + + /** + * Invokes java.beans.BeanInfo.getPropertyDescriptors() + */ + static Object[] getPropertyDescriptors(Object bi) { + try { + return (Object[])getPropertyDescriptors.invoke(bi); + } catch (InvocationTargetException e) { + Throwable cause = e.getCause(); + if (cause instanceof RuntimeException) + throw (RuntimeException)cause; + throw new AssertionError(e); + } catch (IllegalAccessException iae) { + throw new AssertionError(iae); + } + } + + /** + * Invokes java.beans.PropertyDescriptor.getName() + */ + static String getPropertyName(Object pd) { + try { + return (String)getPropertyName.invoke(pd); + } catch (InvocationTargetException e) { + Throwable cause = e.getCause(); + if (cause instanceof RuntimeException) + throw (RuntimeException)cause; + throw new AssertionError(e); + } catch (IllegalAccessException iae) { + throw new AssertionError(iae); + } + } + + /** + * Invokes java.beans.PropertyDescriptor.getReadMethod() + */ + static Method getReadMethod(Object pd) { + try { + return (Method)getReadMethod.invoke(pd); + } catch (InvocationTargetException e) { + Throwable cause = e.getCause(); + if (cause instanceof RuntimeException) + throw (RuntimeException)cause; + throw new AssertionError(e); + } catch (IllegalAccessException iae) { + throw new AssertionError(iae); + } + } + } } diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanIntrospector.java --- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanIntrospector.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanIntrospector.java Sun Nov 29 15:24:32 2009 -0800 @@ -175,7 +175,7 @@ /** * Get the methods to be analyzed to build the MBean interface. */ - List getMethods(final Class mbeanType) throws Exception { + List getMethods(final Class mbeanType) { return Arrays.asList(mbeanType.getMethods()); } diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java --- a/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java Sun Nov 29 15:24:32 2009 -0800 @@ -99,4 +99,58 @@ */ public Object inquireSecContext(InquireType type) throws GSSException; + + /** + * Requests that the delegation policy be respected. When a true value is + * requested, the underlying context would use the delegation policy + * defined by the environment as a hint to determine whether credentials + * delegation should be performed. This request can only be made on the + * context initiator's side and it has to be done prior to the first + * call to initSecContext. + *

+ * When this flag is false, delegation will only be tried when the + * {@link GSSContext#requestCredDeleg(boolean) credentials delegation flag} + * is true. + *

+ * When this flag is true but the + * {@link GSSContext#requestCredDeleg(boolean) credentials delegation flag} + * is false, delegation will be only tried if the delegation policy permits + * delegation. + *

+ * When both this flag and the + * {@link GSSContext#requestCredDeleg(boolean) credentials delegation flag} + * are true, delegation will be always tried. However, if the delegation + * policy does not permit delegation, the value of + * {@link #getDelegPolicyState} will be false, even + * if delegation is performed successfully. + *

+ * In any case, if the delegation is not successful, the value returned + * by {@link GSSContext#getCredDelegState()} is false, and the value + * returned by {@link #getDelegPolicyState()} is also false. + *

+ * Not all mechanisms support delegation policy. Therefore, the + * application should check to see if the request was honored with the + * {@link #getDelegPolicyState() getDelegPolicyState} method. When + * delegation policy is not supported, requestDelegPolicy + * should return silently without throwing an exception. + *

+ * Note: for the Kerberos 5 mechanism, the delegation policy is expressed + * through the OK-AS-DELEGATE flag in the service ticket. When it's true, + * the KDC permits delegation to the target server. In a cross-realm + * environment, in order for delegation be permitted, all cross-realm TGTs + * on the authentication path must also have the OK-AS-DELAGATE flags set. + * @param state true if the policy should be respected + * @throws GSSException containing the following + * major error codes: + * {@link GSSException#FAILURE GSSException.FAILURE} + */ + public void requestDelegPolicy(boolean state) throws GSSException; + + /** + * Returns the delegation policy response. Called after a security context + * is established. This method can be only called on the initiator's side. + * See {@link ExtendedGSSContext#requestDelegPolicy}. + * @return the delegation policy response + */ + public boolean getDelegPolicyState(); } diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/com/sun/tools/hat/internal/model/JavaStatic.java --- a/jdk/src/share/classes/com/sun/tools/hat/internal/model/JavaStatic.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/com/sun/tools/hat/internal/model/JavaStatic.java Sun Nov 29 15:24:32 2009 -0800 @@ -57,7 +57,10 @@ id = ((JavaObjectRef)value).getId(); } value = value.dereference(snapshot, field); - if (value.isHeapAllocated()) { + if (value.isHeapAllocated() && + clazz.getLoader() == snapshot.getNullThing()) { + // static fields are only roots if they are in classes + // loaded by the root classloader. JavaHeapObject ho = (JavaHeapObject) value; String s = "Static reference from " + clazz.getName() + "." + field.getName(); diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/com/sun/tracing/ProviderFactory.java --- a/jdk/src/share/classes/com/sun/tracing/ProviderFactory.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/com/sun/tracing/ProviderFactory.java Sun Nov 29 15:24:32 2009 -0800 @@ -4,7 +4,10 @@ import java.util.HashSet; import java.io.PrintStream; import java.lang.reflect.Field; -import java.util.logging.Logger; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; +import sun.security.action.GetPropertyAction; import sun.tracing.NullProviderFactory; import sun.tracing.PrintStreamProviderFactory; @@ -52,23 +55,17 @@ HashSet factories = new HashSet(); // Try to instantiate a DTraceProviderFactory - String prop = null; - try { prop = System.getProperty("com.sun.tracing.dtrace"); } - catch (java.security.AccessControlException e) { - Logger.getAnonymousLogger().fine( - "Cannot access property com.sun.tracing.dtrace"); - } + String prop = AccessController.doPrivileged( + new GetPropertyAction("com.sun.tracing.dtrace")); + if ( (prop == null || !prop.equals("disable")) && DTraceProviderFactory.isSupported() ) { factories.add(new DTraceProviderFactory()); } // Try to instantiate an output stream factory - try { prop = System.getProperty("sun.tracing.stream"); } - catch (java.security.AccessControlException e) { - Logger.getAnonymousLogger().fine( - "Cannot access property sun.tracing.stream"); - } + prop = AccessController.doPrivileged( + new GetPropertyAction("sun.tracing.stream")); if (prop != null) { for (String spec : prop.split(",")) { PrintStream ps = getPrintStreamFromSpec(spec); @@ -89,22 +86,29 @@ } } - private static PrintStream getPrintStreamFromSpec(String spec) { + private static PrintStream getPrintStreamFromSpec(final String spec) { try { // spec is in the form of ., where is // a fully specified class name, and is a static member // in that class. The must be a 'PrintStream' or subtype // in order to be used. - int fieldpos = spec.lastIndexOf('.'); - Class cls = Class.forName(spec.substring(0, fieldpos)); - Field f = cls.getField(spec.substring(fieldpos + 1)); - Class fieldType = f.getType(); + final int fieldpos = spec.lastIndexOf('.'); + final Class cls = Class.forName(spec.substring(0, fieldpos)); + + Field f = AccessController.doPrivileged(new PrivilegedExceptionAction() { + public Field run() throws NoSuchFieldException { + return cls.getField(spec.substring(fieldpos + 1)); + } + }); + return (PrintStream)f.get(null); - } catch (Exception e) { - Logger.getAnonymousLogger().warning( - "Could not parse sun.tracing.stream property: " + e); + } catch (ClassNotFoundException e) { + throw new AssertionError(e); + } catch (IllegalAccessException e) { + throw new AssertionError(e); + } catch (PrivilegedActionException e) { + throw new AssertionError(e); } - return null; } } diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/java/net/CookieManager.java --- a/jdk/src/share/classes/java/net/CookieManager.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/java/net/CookieManager.java Sun Nov 29 15:24:32 2009 -0800 @@ -30,6 +30,7 @@ import java.util.Collections; import java.util.Comparator; import java.io.IOException; +import sun.util.logging.PlatformLogger; /** * CookieManager provides a concrete implementation of {@link CookieHandler}, @@ -263,6 +264,7 @@ if (cookieJar == null) return; + PlatformLogger logger = PlatformLogger.getLogger("java.net.CookieManager"); for (String headerKey : responseHeaders.keySet()) { // RFC 2965 3.2.2, key must be 'Set-Cookie2' // we also accept 'Set-Cookie' here for backward compatibility @@ -277,7 +279,16 @@ for (String headerValue : responseHeaders.get(headerKey)) { try { - List cookies = HttpCookie.parse(headerValue); + List cookies; + try { + cookies = HttpCookie.parse(headerValue); + } catch (IllegalArgumentException e) { + // Bogus header, make an empty list and log the error + cookies = java.util.Collections.EMPTY_LIST; + if (logger.isLoggable(PlatformLogger.SEVERE)) { + logger.severe("Invalid cookie for " + uri + ": " + headerValue); + } + } for (HttpCookie cookie : cookies) { if (cookie.getPath() == null) { // If no path is specified, then by default diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/java/net/HttpCookie.java --- a/jdk/src/share/classes/java/net/HttpCookie.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/java/net/HttpCookie.java Sun Nov 29 15:24:32 2009 -0800 @@ -1036,7 +1036,7 @@ int version = Integer.parseInt(attrValue); cookie.setVersion(version); } catch (NumberFormatException ignored) { - throw new IllegalArgumentException("Illegal cookie version attribute"); + // Just ignore bogus version, it will default to 0 or 1 } } }); @@ -1147,12 +1147,15 @@ } private static String stripOffSurroundingQuote(String str) { - if (str != null && str.length() > 0 && + if (str != null && str.length() > 2 && str.charAt(0) == '"' && str.charAt(str.length() - 1) == '"') { return str.substring(1, str.length() - 1); - } else { - return str; } + if (str != null && str.length() > 2 && + str.charAt(0) == '\'' && str.charAt(str.length() - 1) == '\'') { + return str.substring(1, str.length() - 1); + } + return str; } private static boolean equalsIgnoreCase(String s, String t) { diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/javax/security/auth/Subject.java --- a/jdk/src/share/classes/javax/security/auth/Subject.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/javax/security/auth/Subject.java Sun Nov 29 15:24:32 2009 -0800 @@ -40,7 +40,6 @@ import java.security.PrivilegedActionException; import java.security.ProtectionDomain; import sun.security.util.ResourcesMgr; -import sun.security.util.SecurityConstants; /** *

A Subject represents a grouping of related information @@ -239,7 +238,7 @@ public void setReadOnly() { java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { - sm.checkPermission(new AuthPermission("setReadOnly")); + sm.checkPermission(AuthPermissionHolder.SET_READ_ONLY_PERMISSION); } this.readOnly = true; @@ -285,7 +284,7 @@ java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { - sm.checkPermission(new AuthPermission("getSubject")); + sm.checkPermission(AuthPermissionHolder.GET_SUBJECT_PERMISSION); } if (acc == null) { @@ -343,7 +342,7 @@ java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { - sm.checkPermission(SecurityConstants.DO_AS_PERMISSION); + sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION); } if (action == null) throw new NullPointerException @@ -402,7 +401,7 @@ java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { - sm.checkPermission(SecurityConstants.DO_AS_PERMISSION); + sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION); } if (action == null) @@ -456,7 +455,7 @@ java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { - sm.checkPermission(SecurityConstants.DO_AS_PRIVILEGED_PERMISSION); + sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION); } if (action == null) @@ -520,7 +519,7 @@ java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { - sm.checkPermission(SecurityConstants.DO_AS_PRIVILEGED_PERMISSION); + sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION); } if (action == null) @@ -1044,16 +1043,13 @@ if (sm != null) { switch (which) { case Subject.PRINCIPAL_SET: - sm.checkPermission(new AuthPermission - ("modifyPrincipals")); + sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION); break; case Subject.PUB_CREDENTIAL_SET: - sm.checkPermission(new AuthPermission - ("modifyPublicCredentials")); + sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION); break; default: - sm.checkPermission(new AuthPermission - ("modifyPrivateCredentials")); + sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION); break; } } @@ -1073,16 +1069,13 @@ if (sm != null) { switch (which) { case Subject.PRINCIPAL_SET: - sm.checkPermission - (new AuthPermission("modifyPrincipals")); + sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION); break; case Subject.PUB_CREDENTIAL_SET: - sm.checkPermission - (new AuthPermission("modifyPublicCredentials")); + sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION); break; default: - sm.checkPermission - (new AuthPermission("modifyPrivateCredentials")); + sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION); break; } } @@ -1405,4 +1398,27 @@ return set.add(o); } } + + static class AuthPermissionHolder { + static final AuthPermission DO_AS_PERMISSION = + new AuthPermission("doAs"); + + static final AuthPermission DO_AS_PRIVILEGED_PERMISSION = + new AuthPermission("doAsPrivileged"); + + static final AuthPermission SET_READ_ONLY_PERMISSION = + new AuthPermission("setReadOnly"); + + static final AuthPermission GET_SUBJECT_PERMISSION = + new AuthPermission("getSubject"); + + static final AuthPermission MODIFY_PRINCIPALS_PERMISSION = + new AuthPermission("modifyPrincipals"); + + static final AuthPermission MODIFY_PUBLIC_CREDENTIALS_PERMISSION = + new AuthPermission("modifyPublicCredentials"); + + static final AuthPermission MODIFY_PRIVATE_CREDENTIALS_PERMISSION = + new AuthPermission("modifyPrivateCredentials"); + } } diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/org/ietf/jgss/GSSContext.java --- a/jdk/src/share/classes/org/ietf/jgss/GSSContext.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/org/ietf/jgss/GSSContext.java Sun Nov 29 15:24:32 2009 -0800 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2001 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -678,7 +678,7 @@ * are not definitive then the method will attempt to treat all * available bytes as part of the token.

* - * Other than the possible blocking behaviour described above, this + * Other than the possible blocking behavior described above, this * method is equivalent to the byte array based {@link #unwrap(byte[], * int, int, MessageProp) unwrap} method.

* @@ -826,7 +826,7 @@ * are not definitive then the method will attempt to treat all * available bytes as part of the token.

* - * Other than the possible blocking behaviour described above, this + * Other than the possible blocking behavior described above, this * method is equivalent to the byte array based {@link #verifyMIC(byte[], * int, int, byte[], int, int, MessageProp) verifyMIC} method.

* @@ -917,7 +917,7 @@ * getMutualAuthState} method.

* * @param state a boolean value indicating whether mutual - * authentication shouls be used or not. + * authentication should be used or not. * @see #getMutualAuthState() * * @throws GSSException containing the following @@ -928,7 +928,7 @@ /** * Requests that replay detection be enabled for the - * per-message security services after context establishemnt. This + * per-message security services after context establishment. This * request can only be made on the context initiator's side and it has * to be done prior to the first call to * initSecContext. During context establishment replay @@ -958,7 +958,7 @@ /** * Requests that sequence checking be enabled for the - * per-message security services after context establishemnt. This + * per-message security services after context establishment. This * request can only be made on the context initiator's side and it has * to be done prior to the first call to * initSecContext. During context establishment sequence diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java --- a/jdk/src/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java Sun Nov 29 15:24:32 2009 -0800 @@ -25,6 +25,7 @@ package sun.net.www.protocol.http.spnego; +import com.sun.security.jgss.ExtendedGSSContext; import java.io.IOException; import org.ietf.jgss.GSSContext; @@ -100,15 +101,10 @@ null, GSSContext.DEFAULT_LIFETIME); - // In order to support credential delegation in HTTP/SPNEGO, - // we always request it before initSecContext. The current - // implementation will check the OK-AS-DELEGATE flag inside - // the service ticket of the web server, and only enable - // delegation when this flag is set. This check is only - // performed when the GSS caller is CALLER_HTTP_NEGOTIATE, - // so all other normal GSS-API calls are not affected. - - context.requestCredDeleg(true); + // Always respect delegation policy in HTTP/SPNEGO. + if (context instanceof ExtendedGSSContext) { + ((ExtendedGSSContext)context).requestDelegPolicy(true); + } oneToken = context.initSecContext(new byte[0], 0, 0); } diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java --- a/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java Sun Nov 29 15:24:32 2009 -0800 @@ -89,7 +89,8 @@ */ class GSSContextImpl implements ExtendedGSSContext { - private GSSManagerImpl gssManager = null; + private final GSSManagerImpl gssManager; + private final boolean initiator; // private flags for the context state private static final int PRE_INIT = 1; @@ -99,14 +100,12 @@ // instance variables private int currentState = PRE_INIT; - private boolean initiator; private GSSContextSpi mechCtxt = null; private Oid mechOid = null; private ObjectIdentifier objId = null; private GSSCredentialImpl myCred = null; - private GSSCredentialImpl delegCred = null; private GSSNameImpl srcName = null; private GSSNameImpl targName = null; @@ -121,6 +120,7 @@ private boolean reqSequenceDetState = true; private boolean reqCredDelegState = false; private boolean reqAnonState = false; + private boolean reqDelegPolicyState = false; /** * Creates a GSSContextImp on the context initiator's side. @@ -221,6 +221,7 @@ mechCtxt.requestSequenceDet(reqSequenceDetState); mechCtxt.requestAnonymity(reqAnonState); mechCtxt.setChannelBinding(channelBindings); + mechCtxt.requestDelegPolicy(reqDelegPolicyState); objId = new ObjectIdentifier(mechOid.toString()); @@ -465,42 +466,42 @@ } public void requestMutualAuth(boolean state) throws GSSException { - if (mechCtxt == null) + if (mechCtxt == null && initiator) reqMutualAuthState = state; } public void requestReplayDet(boolean state) throws GSSException { - if (mechCtxt == null) + if (mechCtxt == null && initiator) reqReplayDetState = state; } public void requestSequenceDet(boolean state) throws GSSException { - if (mechCtxt == null) + if (mechCtxt == null && initiator) reqSequenceDetState = state; } public void requestCredDeleg(boolean state) throws GSSException { - if (mechCtxt == null) + if (mechCtxt == null && initiator) reqCredDelegState = state; } public void requestAnonymity(boolean state) throws GSSException { - if (mechCtxt == null) + if (mechCtxt == null && initiator) reqAnonState = state; } public void requestConf(boolean state) throws GSSException { - if (mechCtxt == null) + if (mechCtxt == null && initiator) reqConfState = state; } public void requestInteg(boolean state) throws GSSException { - if (mechCtxt == null) + if (mechCtxt == null && initiator) reqIntegState = state; } public void requestLifetime(int lifetime) throws GSSException { - if (mechCtxt == null) + if (mechCtxt == null && initiator) reqLifetime = lifetime; } @@ -630,6 +631,8 @@ targName = null; } + // ExtendedGSSContext methods: + @Override public Object inquireSecContext(InquireType type) throws GSSException { SecurityManager security = System.getSecurityManager(); @@ -641,4 +644,18 @@ } return mechCtxt.inquireSecContext(type); } + + @Override + public void requestDelegPolicy(boolean state) throws GSSException { + if (mechCtxt == null && initiator) + reqDelegPolicyState = state; + } + + @Override + public boolean getDelegPolicyState() { + if (mechCtxt != null) + return mechCtxt.getDelegPolicyState(); + else + return reqDelegPolicyState; + } } diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java --- a/jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java Sun Nov 29 15:24:32 2009 -0800 @@ -85,34 +85,41 @@ int size = CHECKSUM_LENGTH_SIZE + CHECKSUM_BINDINGS_SIZE + CHECKSUM_FLAGS_SIZE; - if (context.getCredDelegState()) { - if (context.getCaller() instanceof HttpCaller && - !serviceTicket.getFlags()[Krb5.TKT_OPTS_DELEGATE]) { - // When the caller is HTTP/SPNEGO and OK-AS-DELEGATE - // is not present in the service ticket, delegation - // is disabled. - context.setCredDelegState(false); - } else if (!tgt.isForwardable()) { - // XXX log this resetting of delegation state - context.setCredDelegState(false); + if (!tgt.isForwardable()) { + context.setCredDelegState(false); + context.setDelegPolicyState(false); + } else if (context.getCredDelegState()) { + if (context.getDelegPolicyState()) { + if (!serviceTicket.checkDelegate()) { + // delegation not permitted by server policy, mark it + context.setDelegPolicyState(false); + } + } + } else if (context.getDelegPolicyState()) { + if (serviceTicket.checkDelegate()) { + context.setCredDelegState(true); } else { - KrbCred krbCred = null; - CipherHelper cipherHelper = - context.getCipherHelper(serviceTicket.getSessionKey()); - if (useNullKey(cipherHelper)) { - krbCred = new KrbCred(tgt, serviceTicket, - EncryptionKey.NULL_KEY); - } else { - krbCred = new KrbCred(tgt, serviceTicket, - serviceTicket.getSessionKey()); - } - krbCredMessage = krbCred.getMessage(); - size += CHECKSUM_DELEG_OPT_SIZE + - CHECKSUM_DELEG_LGTH_SIZE + - krbCredMessage.length; + context.setDelegPolicyState(false); } } + if (context.getCredDelegState()) { + KrbCred krbCred = null; + CipherHelper cipherHelper = + context.getCipherHelper(serviceTicket.getSessionKey()); + if (useNullKey(cipherHelper)) { + krbCred = new KrbCred(tgt, serviceTicket, + EncryptionKey.NULL_KEY); + } else { + krbCred = new KrbCred(tgt, serviceTicket, + serviceTicket.getSessionKey()); + } + krbCredMessage = krbCred.getMessage(); + size += CHECKSUM_DELEG_OPT_SIZE + + CHECKSUM_DELEG_LGTH_SIZE + + krbCredMessage.length; + } + checksumBytes = new byte[size]; checksumBytes[pos++] = CHECKSUM_FIRST_BYTES[0]; @@ -296,6 +303,7 @@ return delegCreds; } + // Only called by acceptor public void setContextFlags(Krb5Context context) { // default for cred delegation is false if ((flags & CHECKSUM_DELEG_FLAG) > 0) diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/security/jgss/krb5/Krb5Context.java --- a/jdk/src/share/classes/sun/security/jgss/krb5/Krb5Context.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/security/jgss/krb5/Krb5Context.java Sun Nov 29 15:24:32 2009 -0800 @@ -78,6 +78,7 @@ private boolean sequenceDetState = true; private boolean confState = true; private boolean integState = true; + private boolean delegPolicyState = false; private int mySeqNumber; private int peerSeqNumber; @@ -299,6 +300,21 @@ return sequenceDetState || replayDetState; } + /** + * Requests that the deleg policy be respected. + */ + public final void requestDelegPolicy(boolean value) { + if (state == STATE_NEW && isInitiator()) + delegPolicyState = value; + } + + /** + * Is deleg policy respected? + */ + public final boolean getDelegPolicyState() { + return delegPolicyState; + } + /* * Anonymity is a little different in that after an application * requests anonymity it will want to know whether the mechanism @@ -422,6 +438,10 @@ integState = state; } + final void setDelegPolicyState(boolean state) { + delegPolicyState = state; + } + /** * Sets the channel bindings to be used during context * establishment. diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/security/jgss/spi/GSSContextSpi.java --- a/jdk/src/share/classes/sun/security/jgss/spi/GSSContextSpi.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/security/jgss/spi/GSSContextSpi.java Sun Nov 29 15:24:32 2009 -0800 @@ -124,6 +124,8 @@ public void requestInteg(boolean state) throws GSSException; + public void requestDelegPolicy(boolean state) throws GSSException; + public void setChannelBinding(ChannelBinding cb) throws GSSException; public boolean getCredDelegState(); @@ -136,6 +138,8 @@ public boolean getAnonymityState(); + public boolean getDelegPolicyState(); + public boolean isTransferable() throws GSSException; public boolean isProtReady(); diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java --- a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Sun Nov 29 15:24:32 2009 -0800 @@ -63,6 +63,7 @@ private boolean sequenceDetState = true; private boolean confState = true; private boolean integState = true; + private boolean delegPolicyState = false; private GSSNameSpi peerName = null; private GSSNameSpi myName = null; @@ -154,6 +155,14 @@ } /** + * Requests that deleg policy be respected. + */ + public final void requestDelegPolicy(boolean value) throws GSSException { + if (state == STATE_NEW && isInitiator()) + delegPolicyState = value; + } + + /** * Is integrity available? */ public final boolean getIntegState() { @@ -161,6 +170,19 @@ } /** + * Is deleg policy respected? + */ + public final boolean getDelegPolicyState() { + if (isInitiator() && mechContext != null && + mechContext instanceof ExtendedGSSContext && + (state == STATE_IN_PROCESS || state == STATE_DONE)) { + return ((ExtendedGSSContext)mechContext).getDelegPolicyState(); + } else { + return delegPolicyState; + } + } + + /** * Requests that credential delegation be done during context * establishment. */ @@ -173,7 +195,7 @@ * Is credential delegation enabled? */ public final boolean getCredDelegState() { - if (mechContext != null && + if (isInitiator() && mechContext != null && (state == STATE_IN_PROCESS || state == STATE_DONE)) { return mechContext.getCredDelegState(); } else { @@ -201,30 +223,6 @@ return mutualAuthState; } - final void setCredDelegState(boolean state) { - credDelegState = state; - } - - final void setMutualAuthState(boolean state) { - mutualAuthState = state; - } - - final void setReplayDetState(boolean state) { - replayDetState = state; - } - - final void setSequenceDetState(boolean state) { - sequenceDetState = state; - } - - final void setConfState(boolean state) { - confState = state; - } - - final void setIntegState(boolean state) { - integState = state; - } - /** * Returns the mechanism oid. * @@ -319,14 +317,9 @@ mechToken = GSS_initSecContext(null); errorCode = GSSException.DEFECTIVE_TOKEN; - byte[] micToken = null; - if (!GSSUtil.useMSInterop()) { - // calculate MIC only in normal mode - micToken = generateMechListMIC(DER_mechTypes); - } // generate SPNEGO token initToken = new NegTokenInit(DER_mechTypes, getContextFlags(), - mechToken, micToken); + mechToken, null); if (DEBUG) { System.out.println("SpNegoContext.initSecContext: " + "sending token of type = " + @@ -585,15 +578,9 @@ "negotiated result = " + negoResult); } - // calculate MIC only in normal mode - byte[] micToken = null; - if (!GSSUtil.useMSInterop() && valid) { - micToken = generateMechListMIC(DER_mechTypes); - } - // generate SPNEGO token NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(), - mech_wanted, accept_token, micToken); + mech_wanted, accept_token, null); if (DEBUG) { System.out.println("SpNegoContext.acceptSecContext: " + "sending token of type = " + @@ -653,6 +640,10 @@ throw gssException; } + if (state == STATE_DONE) { + // now set the context flags for acceptor + setContextFlags(); + } return retVal; } @@ -703,36 +694,39 @@ return out; } + // Only called on acceptor side. On the initiator side, most flags + // are already set at request. For those that might get chanegd, + // state from mech below is used. private void setContextFlags() { if (mechContext != null) { // default for cred delegation is false if (mechContext.getCredDelegState()) { - setCredDelegState(true); + credDelegState = true; } // default for the following are true if (!mechContext.getMutualAuthState()) { - setMutualAuthState(false); + mutualAuthState = false; } if (!mechContext.getReplayDetState()) { - setReplayDetState(false); + replayDetState = false; } if (!mechContext.getSequenceDetState()) { - setSequenceDetState(false); + sequenceDetState = false; } if (!mechContext.getIntegState()) { - setIntegState(false); + integState = false; } if (!mechContext.getConfState()) { - setConfState(false); + confState = false; } } } /** - * generate MIC on mechList + * generate MIC on mechList. Not used at the moment. */ - private byte[] generateMechListMIC(byte[] mechTypes) + /*private byte[] generateMechListMIC(byte[] mechTypes) throws GSSException { // sanity check the required input @@ -769,7 +763,7 @@ } } return mic; - } + }*/ /** * verify MIC on MechList @@ -837,6 +831,10 @@ mechContext.requestMutualAuth(mutualAuthState); mechContext.requestReplayDet(replayDetState); mechContext.requestSequenceDet(sequenceDetState); + if (mechContext instanceof ExtendedGSSContext) { + ((ExtendedGSSContext)mechContext).requestDelegPolicy( + delegPolicyState); + } } // pass token @@ -1202,5 +1200,5 @@ "inquireSecContext not supported by underlying mech."); } } +} -} diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/security/jgss/spnego/SpNegoMechFactory.java --- a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoMechFactory.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoMechFactory.java Sun Nov 29 15:24:32 2009 -0800 @@ -57,6 +57,12 @@ GSSName.NT_HOSTBASED_SERVICE, GSSName.NT_EXPORT_NAME}; + // The default underlying mech of SPNEGO, must not be SPNEGO itself. + private static final Oid DEFAULT_SPNEGO_MECH_OID = + ProviderList.DEFAULT_MECH_OID.equals(GSS_SPNEGO_MECH_OID)? + GSSUtil.GSS_KRB5_MECH_OID: + ProviderList.DEFAULT_MECH_OID; + // Use an instance of a GSSManager whose provider list // does not include native provider final GSSManagerImpl manager; @@ -100,18 +106,27 @@ availableMechs[j++] = mechs[i]; } } + // Move the preferred mech to first place + for (int i=0; i>> Credentials acquireServiceCreds: " + + "global OK-AS-DELEGATE turned off at " + + newTgt.getServer()); + } + okAsDelegate = false; + } if (DEBUG) { @@ -283,6 +293,9 @@ System.out.println(">>> Credentials acquireServiceCreds: returning creds:"); Credentials.printDebug(theCreds); } + if (!okAsDelegate) { + theCreds.resetDelegate(); + } return theCreds; } throw new KrbApErrException(Krb5.KRB_AP_ERR_GEN_CRED, diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java --- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Sun Nov 29 15:24:32 2009 -0800 @@ -335,10 +335,13 @@ response = OCSP.check(Collections.singletonList(certId), uri, responderCert, pkixParams.getDate()); } catch (Exception e) { - // Wrap all exceptions in CertPathValidatorException so that - // we can fallback to CRLs, if enabled. - throw new CertPathValidatorException - ("Unable to send OCSP request", e); + if (e instanceof CertPathValidatorException) { + throw (CertPathValidatorException) e; + } else { + // Wrap exceptions in CertPathValidatorException so that + // we can fallback to CRLs, if enabled. + throw new CertPathValidatorException(e); + } } RevocationStatus rs = (RevocationStatus) response.getSingleResponse(certId); diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/security/util/SecurityConstants.java --- a/jdk/src/share/classes/sun/security/util/SecurityConstants.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/security/util/SecurityConstants.java Sun Nov 29 15:24:32 2009 -0800 @@ -33,7 +33,6 @@ import java.security.BasicPermission; import java.security.SecurityPermission; import java.security.AllPermission; -import javax.security.auth.AuthPermission; /** * Permission constants and string constants used to create permissions @@ -259,12 +258,4 @@ // java.lang.SecurityManager public static final SocketPermission LOCAL_LISTEN_PERMISSION = new SocketPermission("localhost:1024-", SOCKET_LISTEN_ACTION); - - // javax.security.auth.Subject - public static final AuthPermission DO_AS_PERMISSION = - new AuthPermission("doAs"); - - // javax.security.auth.Subject - public static final AuthPermission DO_AS_PRIVILEGED_PERMISSION = - new AuthPermission("doAsPrivileged"); } diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/security/validator/PKIXValidator.java --- a/jdk/src/share/classes/sun/security/validator/PKIXValidator.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/security/validator/PKIXValidator.java Sun Nov 29 15:24:32 2009 -0800 @@ -150,9 +150,17 @@ ("null or zero-length certificate chain"); } if (TRY_VALIDATOR) { - // check if chain contains trust anchor + // check that chain is in correct order and check if chain contains + // trust anchor + X500Principal prevIssuer = null; for (int i = 0; i < chain.length; i++) { - if (trustedCerts.contains(chain[i])) { + X509Certificate cert = chain[i]; + if (i != 0 && + !cert.getSubjectX500Principal().equals(prevIssuer)) { + // chain is not ordered correctly, call builder instead + return doBuild(chain, otherCerts); + } + if (trustedCerts.contains(cert)) { if (i == 0) { return new X509Certificate[] {chain[0]}; } @@ -161,6 +169,7 @@ System.arraycopy(chain, 0, newChain, 0, i); return doValidate(newChain); } + prevIssuer = cert.getIssuerX500Principal(); } // apparently issued by trust anchor? @@ -303,5 +312,4 @@ ("PKIX path building failed: " + e.toString(), e); } } - } diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/tracing/MultiplexProviderFactory.java --- a/jdk/src/share/classes/sun/tracing/MultiplexProviderFactory.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/tracing/MultiplexProviderFactory.java Sun Nov 29 15:24:32 2009 -0800 @@ -30,7 +30,6 @@ import java.util.HashMap; import java.util.HashSet; import java.util.Set; -import java.util.logging.Logger; import com.sun.tracing.ProviderFactory; import com.sun.tracing.Provider; @@ -65,13 +64,7 @@ providers.add(factory.createProvider(cls)); } MultiplexProvider provider = new MultiplexProvider(cls, providers); - try { - provider.init(); - } catch (Exception e) { - // Probably a permission problem (can't get declared members) - Logger.getAnonymousLogger().warning( - "Could not initialize tracing provider: " + e.getMessage()); - } + provider.init(); return provider.newProxyInstance(); } } diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/tracing/NullProviderFactory.java --- a/jdk/src/share/classes/sun/tracing/NullProviderFactory.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/tracing/NullProviderFactory.java Sun Nov 29 15:24:32 2009 -0800 @@ -26,7 +26,6 @@ package sun.tracing; import java.lang.reflect.Method; -import java.util.logging.Logger; import com.sun.tracing.ProviderFactory; import com.sun.tracing.Provider; @@ -53,13 +52,7 @@ */ public T createProvider(Class cls) { NullProvider provider = new NullProvider(cls); - try { - provider.init(); - } catch (Exception e) { - // Probably a permission problem (can't get declared members) - Logger.getAnonymousLogger().warning( - "Could not initialize tracing provider: " + e.getMessage()); - } + provider.init(); return provider.newProxyInstance(); } } diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/tracing/PrintStreamProviderFactory.java --- a/jdk/src/share/classes/sun/tracing/PrintStreamProviderFactory.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/tracing/PrintStreamProviderFactory.java Sun Nov 29 15:24:32 2009 -0800 @@ -28,7 +28,6 @@ import java.lang.reflect.Method; import java.io.PrintStream; import java.util.HashMap; -import java.util.logging.Logger; import com.sun.tracing.ProviderFactory; import com.sun.tracing.Provider; @@ -54,13 +53,7 @@ public T createProvider(Class cls) { PrintStreamProvider provider = new PrintStreamProvider(cls, stream); - try { - provider.init(); - } catch (Exception e) { - // Probably a permission problem (can't get declared members) - Logger.getAnonymousLogger().warning( - "Could not initialize tracing provider: " + e.getMessage()); - } + provider.init(); return provider.newProxyInstance(); } } diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/tracing/ProviderSkeleton.java --- a/jdk/src/share/classes/sun/tracing/ProviderSkeleton.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/tracing/ProviderSkeleton.java Sun Nov 29 15:24:32 2009 -0800 @@ -32,6 +32,8 @@ import java.lang.reflect.AnnotatedElement; import java.lang.annotation.Annotation; import java.util.HashMap; +import java.security.AccessController; +import java.security.PrivilegedAction; import com.sun.tracing.Provider; import com.sun.tracing.Probe; @@ -99,7 +101,13 @@ * It is up to the factory implementations to call this after construction. */ public void init() { - for (Method m : providerType.getDeclaredMethods()) { + Method[] methods = AccessController.doPrivileged(new PrivilegedAction() { + public Method[] run() { + return providerType.getDeclaredMethods(); + } + }); + + for (Method m : methods) { if ( m.getReturnType() != Void.TYPE ) { throw new IllegalArgumentException( "Return value of method is not void"); diff -r aba524fe54db -r 0b2523baa546 jdk/src/share/classes/sun/tracing/dtrace/DTraceProviderFactory.java --- a/jdk/src/share/classes/sun/tracing/dtrace/DTraceProviderFactory.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/src/share/classes/sun/tracing/dtrace/DTraceProviderFactory.java Sun Nov 29 15:24:32 2009 -0800 @@ -29,7 +29,6 @@ import java.util.Set; import java.util.HashMap; import java.util.HashSet; -import java.util.logging.Logger; import java.security.Permission; import com.sun.tracing.ProviderFactory; @@ -80,15 +79,8 @@ DTraceProvider jsdt = new DTraceProvider(cls); T proxy = jsdt.newProxyInstance(); jsdt.setProxy(proxy); - try { - jsdt.init(); - new Activation(jsdt.getModuleName(), new DTraceProvider[] { jsdt }); - } catch (Exception e) { - // Probably a permission problem (can't get declared members) - Logger.getAnonymousLogger().warning( - "Could not initialize tracing provider: " + e.getMessage()); - jsdt.dispose(); - } + jsdt.init(); + new Activation(jsdt.getModuleName(), new DTraceProvider[] { jsdt }); return proxy; } diff -r aba524fe54db -r 0b2523baa546 jdk/test/Makefile --- a/jdk/test/Makefile Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/Makefile Sun Nov 29 15:24:32 2009 -0800 @@ -337,9 +337,11 @@ # jtreg tests # Expect JT_HOME to be set for jtreg tests. (home for jtreg) -JT_HOME = $(SLASH_JAVA)/re/jtreg/4.0/promoted/latest/binaries/jtreg -ifdef JPRT_JTREG_HOME - JT_HOME = $(JPRT_JTREG_HOME) +ifndef JT_HOME + JT_HOME = $(SLASH_JAVA)/re/jtreg/4.0/promoted/latest/binaries/jtreg + ifdef JPRT_JTREG_HOME + JT_HOME = $(JPRT_JTREG_HOME) + endif endif # Expect JPRT to set TESTDIRS to the jtreg test dirs @@ -361,21 +363,22 @@ # Some tests annoy me and fail frequently PROBLEM_LIST=ProblemList.txt +PROBLEM_LISTS=$(PROBLEM_LIST) $(wildcard closed/$(PROBLEM_LIST)) EXCLUDELIST=$(ABS_TEST_OUTPUT_DIR)/excludelist.txt # Create exclude list for this platform and arch ifdef NO_EXCLUDES -$(EXCLUDELIST): $(PROBLEM_LIST) $(TESTDIRS) +$(EXCLUDELIST): $(PROBLEM_LISTS) $(TESTDIRS) @$(ECHO) "NOTHING_EXCLUDED" > $@ else -$(EXCLUDELIST): $(PROBLEM_LIST) $(TESTDIRS) +$(EXCLUDELIST): $(PROBLEM_LISTS) $(TESTDIRS) @$(RM) $@ $@.temp1 $@.temp2 - @( ( $(EGREP) -- '$(OS_NAME)-all' $< ) ;\ - ( $(EGREP) -- '$(OS_NAME)-$(OS_ARCH)' $< ) ;\ - ( $(EGREP) -- '$(OS_NAME)-$(OS_VERSION)' $< ) ;\ - ( $(EGREP) -- 'generic-$(OS_ARCH)' $< ) ;\ - ( $(EGREP) -- 'generic-all' $< ) ;\ - ( $(ECHO) "#") ;\ + @(($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- '$(OS_NAME)-all' ) ;\ + ($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- '$(OS_NAME)-$(OS_ARCH)' ) ;\ + ($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- '$(OS_NAME)-$(OS_VERSION)') ;\ + ($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- 'generic-$(OS_ARCH)' ) ;\ + ($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- 'generic-all' ) ;\ + ($(ECHO) "#") ;\ ) | $(SED) -e 's@^[\ ]*@@' \ | $(EGREP) -v '^#' > $@.temp1 @for tdir in $(TESTDIRS) ; do \ @@ -386,14 +389,18 @@ @$(ECHO) "Excluding list contains `$(EXPAND) $@ | $(WC) -l` items" endif +# Select list of directories that exist +define TestDirs +$(foreach i,$1,$(wildcard ${i})) $(foreach i,$1,$(wildcard closed/${i})) +endef # Running batches of tests with or without samevm define RunSamevmBatch -$(ECHO) "Running tests in samevm mode: $?" -$(MAKE) TESTDIRS="$?" USE_JTREG_SAMEVM=true UNIQUE_DIR=$@ jtreg_tests +$(ECHO) "Running tests in samevm mode: $(call TestDirs, $?)" +$(MAKE) TESTDIRS="$(call TestDirs, $?)" USE_JTREG_SAMEVM=true UNIQUE_DIR=$@ jtreg_tests endef define RunOthervmBatch -$(ECHO) "Running tests in othervm mode: $?" -$(MAKE) TESTDIRS="$?" USE_JTREG_SAMEVM=false UNIQUE_DIR=$@ jtreg_tests +$(ECHO) "Running tests in othervm mode: $(call TestDirs, $?)" +$(MAKE) TESTDIRS="$(call TestDirs, $?)" USE_JTREG_SAMEVM=false UNIQUE_DIR=$@ jtreg_tests endef define SummaryInfo $(ECHO) "Summary for: $?" @@ -428,6 +435,9 @@ jdk_beans3: java/beans/XMLEncoder $(call RunOthervmBatch) +jdk_beans: jdk_beans1 jdk_beans2 jdk_beans3 + @$(SummaryInfo) + # Stable samevm testruns (minus items from PROBLEM_LIST) JDK_ALL_TARGETS += jdk_io jdk_io: java/io @@ -450,6 +460,9 @@ jdk_management2: com/sun/jmx com/sun/management sun/management $(call RunOthervmBatch) +jdk_management: jdk_management1 jdk_management2 + @$(SummaryInfo) + # Stable samevm testruns (minus items from PROBLEM_LIST) JDK_ALL_TARGETS += jdk_math jdk_math: java/math @@ -482,6 +495,9 @@ jdk_nio3: com/sun/nio sun/nio $(call RunOthervmBatch) +jdk_nio: jdk_nio1 jdk_nio2 jdk_nio3 + @$(SummaryInfo) + # Stable othervm testruns (minus items from PROBLEM_LIST) # Using samevm has serious problems with these tests JDK_ALL_TARGETS += jdk_rmi @@ -502,6 +518,9 @@ jdk_security3: com/sun/security lib/security javax/security sun/security $(call RunOthervmBatch) +jdk_security: jdk_security1 jdk_security2 jdk_security3 + @$(SummaryInfo) + # Stable othervm testruns (minus items from PROBLEM_LIST) # Using samevm has problems, and doesn't help performance as much as others. JDK_ALL_TARGETS += jdk_swing @@ -517,11 +536,14 @@ # Using samevm has serious problems with these tests JDK_ALL_TARGETS += jdk_tools1 jdk_tools1: com/sun/jdi - $(call RunOthervmBatch) + $(call RunSamevmBatch) JDK_ALL_TARGETS += jdk_tools2 jdk_tools2: com/sun/tools sun/jvmstat sun/tools tools vm com/sun/servicetag com/sun/tracing $(call RunOthervmBatch) +jdk_tools: jdk_tools1 jdk_tools2 + @$(SummaryInfo) + # Stable samevm testruns (minus items from PROBLEM_LIST) JDK_ALL_TARGETS += jdk_util jdk_util: java/util sun/util diff -r aba524fe54db -r 0b2523baa546 jdk/test/ProblemList.txt --- a/jdk/test/ProblemList.txt Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/ProblemList.txt Sun Nov 29 15:24:32 2009 -0800 @@ -344,6 +344,9 @@ # Some of these tests (like java/lang/management) may just need to be marked # othervm, but that is partially speculation. +# Samevm failure on OpenSolaris, security manager? +java/lang/ClassLoader/UninitializedParent.java generic-all + # Times out on solaris 10 sparc java/lang/ClassLoader/Assert.java generic-all @@ -538,6 +541,18 @@ # Missing close on file wbmp*, windows samevm javax/imageio/plugins/wbmp/CanDecodeTest.java generic-all +# Failures on OpenSolaris, cannot read input files? samevm issues? +javax/imageio/metadata/BooleanAttributes.java generic-all +javax/imageio/plugins/bmp/BMPSubsamplingTest.java generic-all +javax/imageio/plugins/bmp/TopDownTest.java generic-all +javax/imageio/plugins/gif/EncodeSubImageTest.java generic-all +javax/imageio/plugins/gif/GifTransparencyTest.java generic-all +javax/imageio/plugins/png/GrayPngTest.java generic-all +javax/imageio/plugins/png/ItxtUtf8Test.java generic-all +javax/imageio/plugins/png/MergeStdCommentTest.java generic-all +javax/imageio/plugins/png/ShortHistogramTest.java generic-all +javax/imageio/plugins/shared/BitDepth.java generic-all + # Exclude all javax/print tests, even if they passed, they may need samevm work # Times out on solaris-sparc, sparcv9, x64 -server, some on i586 -client @@ -1073,9 +1088,6 @@ # So most if not all tools tests are now being run with "othervm" mode. # Some of these tools tests have a tendency to use fixed ports, bad idea. -# Solaris 10 client x86, java.lang.IndexOutOfBoundsException resumer Interrupted -com/sun/jdi/SimulResumerTest.java generic-all - # Output of jps differs from expected output. # Invalid argument count on solaris-sparc and x64 sun/tools/jstatd/jstatdPort.sh generic-all @@ -1090,9 +1102,6 @@ # Server name error, port 2098 problem? sun/tools/jstatd/jstatdServerName.sh generic-all -# Solaris, handshake failed, othervm mode -com/sun/jdi/RedefineException.sh generic-all - # These tests fail on solaris sparc, all the time com/sun/servicetag/DeleteServiceTag.java generic-all com/sun/servicetag/DuplicateNotFound.java generic-all @@ -1117,9 +1126,6 @@ # Unexpected Monitor Exception, solaris sparc -client sun/jvmstat/monitor/MonitoredVm/MonitorVmStartTerminate.sh generic-all -# Probably should be samevm, but seem to cause errors even in othervm at times -sun/tools/jhat/HatHeapDump1Test.java generic-all - # Problems on windows, jmap.exe hangs? (these run jmap) sun/tools/jmap/Basic.sh windows-all @@ -1129,9 +1135,6 @@ # Solaris sparcv9, jps output does not match, x64 different sun/tools/jstatd/jstatdExternalRegistry.sh solaris-all -# Probably should be samevm, but seem to cause errors even in othervm at times -sun/tools/native2ascii/NativeErrors.java generic-all - # Solaris 10 sparc 32bit -client, java.lang.AssertionError: Some tests failed tools/jar/JarEntryTime.java generic-all diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/BadHandshakeTest.java --- a/jdk/test/com/sun/jdi/BadHandshakeTest.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/BadHandshakeTest.java Sun Nov 29 15:24:32 2009 -0800 @@ -112,6 +112,8 @@ String arch = System.getProperty("os.arch"); if (arch.equals("sparcv9")) { exe += "sparcv9/java"; + } else if (arch.equals("amd64")) { + exe += "amd64/java"; } else { exe += "java"; } diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/DoubleAgentTest.java --- a/jdk/test/com/sun/jdi/DoubleAgentTest.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/DoubleAgentTest.java Sun Nov 29 15:24:32 2009 -0800 @@ -94,6 +94,8 @@ String arch = System.getProperty("os.arch"); if (arch.equals("sparcv9")) { exe += "sparcv9/java"; + } else if (arch.equals("amd64")) { + exe += "amd64/java"; } else { exe += "java"; } diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/ExclusiveBind.java --- a/jdk/test/com/sun/jdi/ExclusiveBind.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/ExclusiveBind.java Sun Nov 29 15:24:32 2009 -0800 @@ -101,6 +101,8 @@ String arch = System.getProperty("os.arch"); if (arch.equals("sparcv9")) { exe += "sparcv9/java"; + } else if (arch.equals("amd64")) { + exe += "amd64/java"; } else { exe += "java"; } diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/JITDebug.sh --- a/jdk/test/com/sun/jdi/JITDebug.sh Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/JITDebug.sh Sun Nov 29 15:24:32 2009 -0800 @@ -103,10 +103,10 @@ #if running standalone (no test harness of any kind), compile the #support files and the test case ${TESTJAVA}/bin/javac -d ${TESTCLASSES} \ - -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}." \ + -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}${TESTSRC}" \ TestScaffold.java VMConnection.java TargetListener.java TargetAdapter.java ${TESTJAVA}/bin/javac -d ${TESTCLASSES} \ - -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}." -g \ + -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}${TESTSRC}" -g \ JITDebug.java fi echo "JDK under test is: $TESTJAVA" diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/RepStep.java --- a/jdk/test/com/sun/jdi/RepStep.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/RepStep.java Sun Nov 29 15:24:32 2009 -0800 @@ -29,7 +29,7 @@ * @run compile -g RepStepTarg.java * @run build VMConnection RepStep * - * @run main RepStep + * @run main/othervm RepStep * * @summary RepStep detects missed step events due to lack of * frame pop events (in back-end). diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/RunToExit.java --- a/jdk/test/com/sun/jdi/RunToExit.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/RunToExit.java Sun Nov 29 15:24:32 2009 -0800 @@ -26,7 +26,7 @@ * @summary Test that with server=y, when VM runs to System.exit() no error happens * * @build VMConnection RunToExit Exit0 - * @run main RunToExit + * @run main/othervm RunToExit */ import java.io.InputStream; import java.io.IOException; @@ -117,6 +117,8 @@ String arch = System.getProperty("os.arch"); if (arch.equals("sparcv9")) { exe += "sparcv9/java"; + } else if (arch.equals("amd64")) { + exe += "amd64/java"; } else { exe += "java"; } diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/ShellScaffold.sh --- a/jdk/test/com/sun/jdi/ShellScaffold.sh Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/ShellScaffold.sh Sun Nov 29 15:24:32 2009 -0800 @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright 2002-2005 Sun Microsystems, Inc. All Rights Reserved. +# Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -194,7 +194,7 @@ # Return 0 if $1 is the pid of a running process. if [ -z "$isWin98" ] ; then if [ "$osname" = SunOS ] ; then - #Solaris and OpenSolaris use pgrep and not ps in psCmd + # Solaris and OpenSolaris use pgrep and not ps in psCmd findPidCmd="$psCmd" else # Never use plain 'ps', which requires a "controlling terminal" @@ -298,15 +298,15 @@ # On linux, core files take a long time, and can leave # zombie processes if [ "$osname" = SunOS ] ; then - #Experiments show Solaris '/usr/ucb/ps -axwww' and - #'/usr/bin/pgrep -f -l' provide the same small amount of the - #argv string (PRARGSZ=80 in /usr/include/sys/procfs.h) - # 1) This seems to have been working OK in ShellScaffold. - # 2) OpenSolaris does not provide /usr/ucb/ps, so use pgrep - # instead - #The alternative would be to use /usr/bin/pargs [pid] to get - #all the args for a process, splice them back into one - #long string, then grep. + # Experiments show Solaris '/usr/ucb/ps -axwww' and + # '/usr/bin/pgrep -f -l' provide the same small amount of the + # argv string (PRARGSZ=80 in /usr/include/sys/procfs.h) + # 1) This seems to have been working OK in ShellScaffold. + # 2) OpenSolaris does not provide /usr/ucb/ps, so use pgrep + # instead + # The alternative would be to use /usr/bin/pargs [pid] to get + # all the args for a process, splice them back into one + # long string, then grep. UU=`/usr/xpg4/bin/id -u -n` psCmd="pgrep -f -l -U $UU" else @@ -519,7 +519,7 @@ # if jdb got a cont cmd that caused the debuggee # to run to completion, jdb can be gone before # we get here. - echo quit >& 2 + echo "--Sending cmd: quit" >& 2 echo quit # See 6562090. Maybe there is a way that the exit # can cause jdb to not get the quit. @@ -531,7 +531,7 @@ # because after starting jdb, we waited # for the prompt. fileSize=`wc -c $jdbOutFile | awk '{ print $1 }'` - echo $* >&2 + echo "--Sending cmd: " $* >&2 # jjh: We have a few intermittent failures here. # It is as if every so often, jdb doesn't @@ -558,12 +558,85 @@ # seen the ]. echo $* - # wait for jdb output to appear + # Now we have to wait for the next jdb prompt. We wait for a pattern + # to appear in the last line of jdb output. Normally, the prompt is + # + # 1) ^main[89] @ + # + # where ^ means start of line, and @ means end of file with no end of line + # and 89 is the current command counter. But we have complications e.g., + # the following jdb output can appear: + # + # 2) a[89] = 10 + # + # The above form is an array assignment and not a prompt. + # + # 3) ^main[89] main[89] ... + # + # This occurs if the next cmd is one that causes no jdb output, e.g., + # 'trace methods'. + # + # 4) ^main[89] [main[89]] .... > @ + # + # jdb prints a > as a prompt after something like a cont. + # Thus, even though the above is the last 'line' in the file, it + # isn't the next prompt we are waiting for after the cont completes. + # HOWEVER, sometimes we see this for a cont command: + # + # ^main[89] $ + # + # + # 5) ^main[89] > @ + # + # i.e., the > prompt comes out AFTER the prompt we we need to wait for. + # + # So, how do we know when the next prompt has appeared?? + # 1. Search for + # main[89] $ + # This will handle cases 1, 2, 3 + # 2. This leaves cases 4 and 5. + # + # What if we wait for 4 more chars to appear and then search for + # + # main[89] [>]$ + # + # on the last line? + # + # a. if we are currently at + # + # ^main[89] main[89] @ + # + # and a 'trace methods comes in, we will wait until at least + # + # ^main[89] main[89] main@ + # + # and then the search will find the new prompt when it completes. + # + # b. if we are currently at + # + # ^main[89] main[89] @ + # + # and the first form of cont comes in, then we will see + # + # ^main[89] main[89] > $ + # ^x@ + # + # where x is the first char of the msg output when the bkpt is hit + # and we will start our search, which will find the prompt + # when it comes out after the bkpt output, with or without the + # trailing > + # + + # wait for 4 new chars to appear in the jdb output count=0 + desiredFileSize=`expr $fileSize + 4` msg1=`echo At start: cmd/size/waiting : $* / $fileSize / \`date\`` while [ 1 = 1 ] ; do newFileSize=`wc -c $jdbOutFile | awk '{ print $1 } '` - if [ "$fileSize" != "$newFileSize" ] ; then + #echo jj: desired = $desiredFileSize, new = $newFileSize >& 2 + + done=`expr $newFileSize \>= $desiredFileSize` + if [ $done = 1 ] ; then break fi sleep ${sleep_seconds} @@ -573,14 +646,19 @@ echo "--DEBUG: jdb $$ didn't responded to command in $count secs: $*" >& 2 echo "--DEBUG:" $msg1 >& 2 echo "--DEBUG: "done size/waiting : / $newFileSize / `date` >& 2 - $psCmd | sed -e '/com.sun.javatest/d' -e '/nsk/d' >& 2 + echo "-- $jdbOutFile follows-------------------------------" >& 2 + cat $jdbOutFile >& 2 + echo "------------------------------------------" >& 2 + dojstack + #$psCmd | sed -e '/com.sun.javatest/d' -e '/nsk/d' >& 2 if [ $count = 60 ] ; then dofail "jdb never responded to command: $*" fi fi done - - waitForJdbMsg '^.*\[[0-9]*\] $' 1 allowExit + # Note that this assumes just these chars in thread names. + waitForJdbMsg '[a-zA-Z0-9_-][a-zA-Z0-9_-]*\[[1-9][0-9]*\] [ >]*$' \ + 1 allowExit } setBkpts() @@ -596,15 +674,19 @@ runToBkpt() { cmd run + # Don't need to do this - the above waits for the next prompt which comes out + # AFTER the Breakpoint hit message. # Wait for jdb to hit the bkpt - waitForJdbMsg "Breakpoint hit" 5 + #waitForJdbMsg "Breakpoint hit" 5 } contToBkpt() { cmd cont + # Don't need to do this - the above waits for the next prompt which comes out + # AFTER the Breakpoint hit message. # Wait for jdb to hit the bkpt - waitForJdbMsg "Breakpoint hit" 5 + #waitForJdbMsg "Breakpoint hit" 5 } @@ -618,7 +700,7 @@ nlines=$2 allowExit="$3" myCount=0 - timeLimit=40 # wait a max of 40 secs for a response from a jdb command + timeLimit=40 # wait a max of this many secs for a response from a jdb command while [ 1 = 1 ] ; do if [ -r $jdbOutFile ] ; then # Something here causes jdb to complain about Unrecognized cmd on x86. @@ -654,8 +736,11 @@ myCount=`expr $myCount + ${sleep_seconds}` if [ $myCount -gt $timeLimit ] ; then + echo "--Fail: waitForJdbMsg timed out after $timeLimit seconds, looking for /$1/, in $nlines lines; exitting" >> $failFile + echo "vv jdbOutFile vvvvvvvvvvvvvvvvvvvvvvvvvvvv" >& 2 + cat $jdbOutFile >& 2 + echo "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" >& 2 dojstack - echo "--Fail: waitForJdbMsg timed out after $timeLimit seconds; exitting" >> $failFile exit 1 fi done @@ -865,35 +950,29 @@ # get inserted into the string we are searching for # so ignore those chars. if [ -z "$3" ] ; then - case "$2" in - *\>*) - # Target string contains a > so we better - # not ignore it - $grep -s "$2" $1 > $devnull 2>&1 - stat=$? - ;; - *) - # Target string does not contain a >. - # Ignore > and '> ' in the file. - cat $1 | sed -e 's@> @@g' -e 's@>@@g' | $grep -s "$2" > $devnull 2>&1 - stat=$? - esac + theCmd=cat else - case "$2" in - *\>*) - # Target string contains a > so we better - # not ignore it - tail -$3 $1 | $grep -s "$2" > $devnull 2>&1 - stat=$? - ;; - *) - # Target string does not contain a >. - # Ignore > and '> ' in the file. - tail -$3 $1 | sed -e 's@> @@g' -e 's@>@@g' | $grep -s "$2" > $devnull 2>&1 - stat=$? - ;; - esac + theCmd="tail -$3" fi + case "$2" in + *\>*) + # Target string contains a > so we better + # not ignore it + $theCmd $1 | $grep -s "$2" > $devnull 2>&1 + return $? + ;; + esac + # Target string does not contain a >. + # Ignore > and '> ' in the file. + # NOTE: if $1 does not end with a new line, piping it to sed doesn't include the + # chars on the last line. Detect this case, and add a new line. + cp $1 $1.tmp + if [ `tail -1 $1.tmp | wc -l | sed -e 's@ @@g'` = 0 ] ; then + echo >> $1.tmp + fi + $theCmd $1.tmp | sed -e 's@> @@g' -e 's@>@@g' | $grep -s "$2" > $devnull 2>&1 + stat=$? + rm -f $1.tmp return $stat } diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/SimulResumerTest.java --- a/jdk/test/com/sun/jdi/SimulResumerTest.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/SimulResumerTest.java Sun Nov 29 15:24:32 2009 -0800 @@ -30,7 +30,7 @@ * * @run build TestScaffold VMConnection TargetListener TargetAdapter * @run compile -g SimulResumerTest.java - * @run main SimulResumerTest + * @run main/othervm SimulResumerTest */ import com.sun.jdi.*; import com.sun.jdi.event.*; diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/Solaris32AndSolaris64Test.sh --- a/jdk/test/com/sun/jdi/Solaris32AndSolaris64Test.sh Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/Solaris32AndSolaris64Test.sh Sun Nov 29 15:24:32 2009 -0800 @@ -164,10 +164,10 @@ if [ -n "${STANDALONE}" ] ; then #if running standalone, compile the support files ${TESTJAVA}/bin/javac -d ${TESTCLASSES} \ - -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}." \ + -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}${TESTSRC}" \ TestScaffold.java VMConnection.java TargetListener.java TargetAdapter.java ${TESTJAVA}/bin/javac -d ${TESTCLASSES} \ - -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}." -g \ + -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}${TESTSRC}" -g \ FetchLocals.java DataModelTest.java fi diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/VMConnection.java --- a/jdk/test/com/sun/jdi/VMConnection.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/VMConnection.java Sun Nov 29 15:24:32 2009 -0800 @@ -57,6 +57,7 @@ if (testClasses == null) { return retVal; } + retVal += "-classpath " + testClasses + " "; File myFile = new File(testClasses, "@debuggeeVMOptions"); if (!myFile.canRead()) { @@ -97,7 +98,7 @@ if (line.length() != 0 && !line.startsWith("#")) { System.out.println("-- Added debuggeeVM options from file " + wholePath + ": " + line); - retVal = line; + retVal += line; break; } // Else, read he next line. diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/connect/spi/DebugUsingCustomConnector.java --- a/jdk/test/com/sun/jdi/connect/spi/DebugUsingCustomConnector.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/connect/spi/DebugUsingCustomConnector.java Sun Nov 29 15:24:32 2009 -0800 @@ -28,7 +28,7 @@ * This tests launches a debuggee using a custom LaunchingConnector. * * @build DebugUsingCustomConnector SimpleLaunchingConnector Foo NullTransportService - * @run main DebugUsingCustomConnector + * @run main/othervm DebugUsingCustomConnector */ import com.sun.jdi.*; import com.sun.jdi.connect.*; diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/connect/spi/GeneratedConnectors.java --- a/jdk/test/com/sun/jdi/connect/spi/GeneratedConnectors.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/connect/spi/GeneratedConnectors.java Sun Nov 29 15:24:32 2009 -0800 @@ -31,7 +31,7 @@ * created and that they have an "address" argument. * * @build GeneratedConnectors NullTransportService - * @run main GeneratedConnectors + * @run main/othervm GeneratedConnectors */ import com.sun.jdi.*; diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/connect/spi/SimpleLaunchingConnector.java --- a/jdk/test/com/sun/jdi/connect/spi/SimpleLaunchingConnector.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/connect/spi/SimpleLaunchingConnector.java Sun Nov 29 15:24:32 2009 -0800 @@ -147,11 +147,15 @@ String arch = System.getProperty("os.arch"); if (arch.equals("sparcv9")) { exe += "sparcv9/java"; + } else if (arch.equals("amd64")) { + exe += "amd64/java"; } else { exe += "java"; } String cmd = exe + " -Xdebug -Xrunjdwp:transport=dt_socket,timeout=15000,address=" + - key.address() + "" + className; + key.address() + + " -classpath " + System.getProperty("test.classes") + + " " + className; Process process = Runtime.getRuntime().exec(cmd); Connection conn = ts.accept(key, 30*1000, 9*1000); ts.stopListening(key); diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/jdi/redefine/RedefineTest.java --- a/jdk/test/com/sun/jdi/redefine/RedefineTest.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/com/sun/jdi/redefine/RedefineTest.java Sun Nov 29 15:24:32 2009 -0800 @@ -34,7 +34,7 @@ * @run build TestScaffold VMConnection TargetListener TargetAdapter * @run compile -g RedefineTest.java * @run shell RedefineSetUp.sh - * @run main RedefineTest + * @run main/othervm RedefineTest */ import com.sun.jdi.*; import com.sun.jdi.event.*; diff -r aba524fe54db -r 0b2523baa546 jdk/test/com/sun/tracing/BasicWithSecurityMgr.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/com/sun/tracing/BasicWithSecurityMgr.java Sun Nov 29 15:24:32 2009 -0800 @@ -0,0 +1,149 @@ +/* + * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/** + * @test + * @bug 6899605 + * @summary Basic unit test for tracing framework with security manager + * enabled + */ + +import com.sun.tracing.*; +import java.lang.reflect.Method; + +@ProviderName("NamedProvider") +interface BasicProvider extends Provider { + void plainProbe(); + void probeWithArgs(int a, float f, String s, Long l); + @ProbeName("namedProbe") void probeWithName(); + void overloadedProbe(); + void overloadedProbe(int i); +} + +interface InvalidProvider extends Provider { + int nonVoidProbe(); +} + +public class BasicWithSecurityMgr { + + public static ProviderFactory factory; + public static BasicProvider bp; + + public static void main(String[] args) throws Exception { + // enable security manager + System.setSecurityManager(new SecurityManager()); + + factory = ProviderFactory.getDefaultFactory(); + if (factory != null) { + bp = factory.createProvider(BasicProvider.class); + } + + testProviderFactory(); + testProbe(); + testProvider(); + } + + static void fail(String s) throws Exception { + throw new Exception(s); + } + + static void testProviderFactory() throws Exception { + if (factory == null) { + fail("ProviderFactory.getDefaultFactory: Did not create factory"); + } + if (bp == null) { + fail("ProviderFactory.createProvider: Did not create provider"); + } + try { + factory.createProvider(null); + fail("ProviderFactory.createProvider: Did not throw NPE for null"); + } catch (NullPointerException e) {} + + try { + factory.createProvider(InvalidProvider.class); + fail("Factory.createProvider: Should error with non-void probes"); + } catch (IllegalArgumentException e) {} + } + + public static void testProvider() throws Exception { + + // These just shouldn't throw any exeptions: + bp.plainProbe(); + bp.probeWithArgs(42, (float)3.14, "spam", new Long(2L)); + bp.probeWithArgs(42, (float)3.14, null, null); + bp.probeWithName(); + bp.overloadedProbe(); + bp.overloadedProbe(42); + + Method m = BasicProvider.class.getMethod("plainProbe"); + Probe p = bp.getProbe(m); + if (p == null) { + fail("Provider.getProbe: Did not return probe"); + } + + Method m2 = BasicWithSecurityMgr.class.getMethod("testProvider"); + p = bp.getProbe(m2); + if (p != null) { + fail("Provider.getProbe: Got probe with invalid spec"); + } + + bp.dispose(); + // These just shouldn't throw any exeptions: + bp.plainProbe(); + bp.probeWithArgs(42, (float)3.14, "spam", new Long(2L)); + bp.probeWithArgs(42, (float)3.14, null, null); + bp.probeWithName(); + bp.overloadedProbe(); + bp.overloadedProbe(42); + + if (bp.getProbe(m) != null) { + fail("Provider.getProbe: Should return null after dispose()"); + } + + bp.dispose(); // just to make sure nothing bad happens + } + + static void testProbe() throws Exception { + Method m = BasicProvider.class.getMethod("plainProbe"); + Probe p = bp.getProbe(m); + p.isEnabled(); // just make sure it doesn't do anything bad + p.trigger(); + + try { + p.trigger(0); + fail("Probe.trigger: too many arguments not caught"); + } catch (IllegalArgumentException e) {} + + p = bp.getProbe(BasicProvider.class.getMethod( + "probeWithArgs", int.class, float.class, String.class, Long.class)); + try { + p.trigger(); + fail("Probe.trigger: too few arguments not caught"); + } catch (IllegalArgumentException e) {} + + try { + p.trigger((float)3.14, (float)3.14, "", new Long(0L)); + fail("Probe.trigger: wrong type primitive arguments not caught"); + } catch (IllegalArgumentException e) {} + } +} diff -r aba524fe54db -r 0b2523baa546 jdk/test/java/net/CookieHandler/TestHttpCookie.java --- a/jdk/test/java/net/CookieHandler/TestHttpCookie.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/java/net/CookieHandler/TestHttpCookie.java Sun Nov 29 15:24:32 2009 -0800 @@ -24,7 +24,7 @@ /** * @test * @summary Unit test for java.net.HttpCookie - * @bug 6244040 6277796 6277801 6277808 6294071 6692802 6790677 + * @bug 6244040 6277796 6277801 6277808 6294071 6692802 6790677 6901170 * @author Edward Wang */ @@ -335,6 +335,9 @@ // bug 6277801 test("set-cookie: CUSTOMER=WILE_E_COYOTE; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT; path=\"/acme\"") .n("CUSTOMER").v("WILE_E_COYOTE").p("/").ver(0); + + // bug 6901170 + test("set-cookie: CUSTOMER=WILE_E_COYOTE; version='1'").ver(1); } static void misc() { diff -r aba524fe54db -r 0b2523baa546 jdk/test/sun/security/jgss/spnego/NoSpnegoAsDefMech.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/jgss/spnego/NoSpnegoAsDefMech.java Sun Nov 29 15:24:32 2009 -0800 @@ -0,0 +1,43 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6770883 + * @summary Infinite loop if SPNEGO specified as sun.security.jgss.mechanism + */ + +import org.ietf.jgss.*; +import sun.security.jgss.*; + +public class NoSpnegoAsDefMech { + + public static void main(String[] argv) throws Exception { + System.setProperty("sun.security.jgss.mechanism", GSSUtil.GSS_SPNEGO_MECH_OID.toString()); + try { + GSSManager.getInstance().createName("service@host", GSSName.NT_HOSTBASED_SERVICE, new Oid("1.3.6.1.5.5.2")); + } catch (GSSException e) { + // This is OK, for example, krb5.conf is missing or other problems + } + } +} diff -r aba524fe54db -r 0b2523baa546 jdk/test/sun/security/krb5/auto/Context.java --- a/jdk/test/sun/security/krb5/auto/Context.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/sun/security/krb5/auto/Context.java Sun Nov 29 15:24:32 2009 -0800 @@ -72,7 +72,7 @@ public class Context { private Subject s; - private GSSContext x; + private ExtendedGSSContext x; private boolean f; // context established? private String name; private GSSCredential cred; // see static method delegated(). @@ -147,8 +147,8 @@ @Override public byte[] run(Context me, byte[] dummy) throws Exception { GSSManager m = GSSManager.getInstance(); - me.x = m.createContext( - target.indexOf('@') < 0 ? + me.x = (ExtendedGSSContext)m.createContext( + target.indexOf('@') < 0 ? m.createName(target, null) : m.createName(target, GSSName.NT_HOSTBASED_SERVICE), mech, @@ -170,7 +170,7 @@ @Override public byte[] run(Context me, byte[] dummy) throws Exception { GSSManager m = GSSManager.getInstance(); - me.x = m.createContext(m.createCredential( + me.x = (ExtendedGSSContext)m.createContext(m.createCredential( null, GSSCredential.INDEFINITE_LIFETIME, mech, @@ -193,7 +193,7 @@ * * @return the GSSContext object */ - public GSSContext x() { + public ExtendedGSSContext x() { return x; } @@ -255,6 +255,11 @@ if (x.getSequenceDetState()) { sb.append("seq det, "); } + if (x instanceof ExtendedGSSContext) { + if (((ExtendedGSSContext)x).getDelegPolicyState()) { + sb.append("deleg policy, "); + } + } System.out.println("Context status of " + name + ": " + sb.toString()); System.out.println(x.getSrcName() + " -> " + x.getTargName()); } catch (Exception e) { diff -r aba524fe54db -r 0b2523baa546 jdk/test/sun/security/krb5/auto/KDC.java --- a/jdk/test/sun/security/krb5/auto/KDC.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/sun/security/krb5/auto/KDC.java Sun Nov 29 15:24:32 2009 -0800 @@ -63,6 +63,14 @@ * settings after calling a KDC method, call Config.refresh() to * make sure your changes are reflected in the Config object. * + * System properties recognized: + *

test.kdc.save.ccache + *

+ * Support policies: + *

ok-as-delegate + *

* Issues and TODOs: *

Generates krb5.conf to be used on another machine, currently the kdc is @@ -151,7 +159,7 @@ * A standalone KDC server. */ public static void main(String[] args) throws Exception { - KDC kdc = create("RABBIT.HOLE", "kdc.rabbit,hole", 0, false); + KDC kdc = create("RABBIT.HOLE", "kdc.rabbit.hole", 0, false); kdc.addPrincipal("dummy", "bogus".toCharArray()); kdc.addPrincipal("foo", "bar".toCharArray()); kdc.addPrincipalRandKey("krbtgt/RABBIT.HOLE"); @@ -426,14 +434,17 @@ * @throws sun.security.krb5.KrbException when the principal is not inside * the database. */ - private char[] getPassword(PrincipalName p) throws KrbException { + private char[] getPassword(PrincipalName p, boolean server) + throws KrbException { String pn = p.toString(); if (p.getRealmString() == null) { pn = pn + "@" + getRealm(); } char[] pass = passwords.get(pn); if (pass == null) { - throw new KrbException(Krb5.KDC_ERR_C_PRINCIPAL_UNKNOWN); + throw new KrbException(server? + Krb5.KDC_ERR_S_PRINCIPAL_UNKNOWN: + Krb5.KDC_ERR_C_PRINCIPAL_UNKNOWN); } return pass; } @@ -457,10 +468,12 @@ * Returns the key for a given principal of the given encryption type * @param p the principal * @param etype the encryption type + * @param server looking for a server principal? * @return the key * @throws sun.security.krb5.KrbException for unknown/unsupported etype */ - private EncryptionKey keyForUser(PrincipalName p, int etype) throws KrbException { + private EncryptionKey keyForUser(PrincipalName p, int etype, boolean server) + throws KrbException { try { // Do not call EncryptionKey.acquireSecretKeys(), otherwise // the krb5.conf config file would be loaded. @@ -469,22 +482,71 @@ Integer kvno = null; // For service whose password ending with a number, use it as kvno if (p.toString().indexOf('/') >= 0) { - char[] pass = getPassword(p); + char[] pass = getPassword(p, server); if (Character.isDigit(pass[pass.length-1])) { kvno = pass[pass.length-1] - '0'; } } return new EncryptionKey((byte[]) stringToKey.invoke( - null, getPassword(p), getSalt(p), null, etype), + null, getPassword(p, server), getSalt(p), null, etype), etype, kvno); } catch (InvocationTargetException ex) { KrbException ke = (KrbException)ex.getCause(); throw ke; + } catch (KrbException ke) { + throw ke; } catch (Exception e) { throw new RuntimeException(e); // should not happen } } + private Map policies = new HashMap(); + + public void setPolicy(String rule, String value) { + if (value == null) { + policies.remove(rule); + } else { + policies.put(rule, value); + } + } + /** + * If the provided client/server pair matches a rule + * + * A system property named test.kdc.policy.RULE will be consulted. + * If it's unset, returns false. If its value is "", any pair is + * matched. Otherwise, it should contains the server name matched. + * + * TODO: client name is not used currently. + * + * @param c client name + * @param s server name + * @param rule rule name + * @return if a match is found + */ + private boolean configMatch(String c, String s, String rule) { + String policy = policies.get(rule); + boolean result = false; + if (policy == null) { + result = false; + } else if (policy.length() == 0) { + result = true; + } else { + String[] names = policy.split("\\s+"); + for (String name: names) { + if (name.equals(s)) { + result = true; + break; + } + } + } + if (result) { + System.out.printf(">>>> Policy match result (%s vs %s on %s) %b\n", + c, s, rule, result); + } + return result; + } + + /** * Processes an incoming request and generates a response. * @param in the request @@ -530,7 +592,7 @@ tkt = apReq.ticket; etype = tkt.encPart.getEType(); tkt.sname.setRealm(tkt.realm); - EncryptionKey kkey = keyForUser(tkt.sname, etype); + EncryptionKey kkey = keyForUser(tkt.sname, etype, true); byte[] bb = tkt.encPart.decrypt(kkey, KeyUsage.KU_TICKET); DerInputStream derIn = new DerInputStream(bb); DerValue der = derIn.getDerValue(); @@ -541,7 +603,7 @@ throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP); } } - EncryptionKey skey = keyForUser(body.sname, etype); + EncryptionKey skey = keyForUser(body.sname, etype, true); if (skey == null) { throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO } @@ -581,6 +643,10 @@ if (body.kdcOptions.get(KDCOptions.ALLOW_POSTDATE)) { bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true; } + + if (configMatch("", body.sname.getNameString(), "ok-as-delegate")) { + bFlags[Krb5.TKT_OPTS_DELEGATE] = true; + } bFlags[Krb5.TKT_OPTS_INITIAL] = true; TicketFlags tFlags = new TicketFlags(bFlags); @@ -671,8 +737,8 @@ eTypes = (int[])f.get(body); int eType = eTypes[0]; - EncryptionKey ckey = keyForUser(body.cname, eType); - EncryptionKey skey = keyForUser(body.sname, eType); + EncryptionKey ckey = keyForUser(body.cname, eType, false); + EncryptionKey skey = keyForUser(body.sname, eType, true); if (ckey == null) { throw new KrbException(Krb5.KDC_ERR_ETYPE_NOSUPP); } diff -r aba524fe54db -r 0b2523baa546 jdk/test/sun/security/krb5/auto/OkAsDelegate.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/krb5/auto/OkAsDelegate.java Sun Nov 29 15:24:32 2009 -0800 @@ -0,0 +1,104 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +import com.sun.security.jgss.ExtendedGSSContext; +import org.ietf.jgss.GSSCredential; +import org.ietf.jgss.GSSException; +import org.ietf.jgss.Oid; +import sun.security.jgss.GSSUtil; +import sun.security.krb5.Config; + +public class OkAsDelegate { + + public static void main(String[] args) + throws Exception { + OkAsDelegate ok = new OkAsDelegate(); + ok.go( + Boolean.valueOf(args[0]), // FORWARDABLE in krb5.conf on? + Boolean.valueOf(args[1]), // requestDelegState + Boolean.valueOf(args[2]), // requestDelegPolicyState + Boolean.valueOf(args[3]), // DelegState in response + Boolean.valueOf(args[4]), // DelegPolicyState in response + Boolean.valueOf(args[5]) // getDelegCred OK? + ); + } + + void go( + boolean forwardable, + boolean requestDelegState, + boolean requestDelegPolicyState, + boolean delegState, + boolean delegPolicyState, + boolean delegated + ) throws Exception { + OneKDC kdc = new OneKDC(null); + kdc.setPolicy("ok-as-delegate", + System.getProperty("test.kdc.policy.ok-as-delegate")); + kdc.writeJAASConf(); + if (!forwardable) { + // The default OneKDC always includes "forwardable = true" + // in krb5.conf, override it. + KDC.saveConfig(OneKDC.KRB5_CONF, kdc, + "default_keytab_name = " + OneKDC.KTAB); + Config.refresh(); + } + + Context c, s; + c = Context.fromJAAS("client"); + s = Context.fromJAAS("server"); + + Oid mech = GSSUtil.GSS_KRB5_MECH_OID; + if (System.getProperty("test.spnego") != null) { + mech = GSSUtil.GSS_SPNEGO_MECH_OID; + } + c.startAsClient(OneKDC.SERVER, mech); + ExtendedGSSContext cx = (ExtendedGSSContext)c.x(); + cx.requestCredDeleg(requestDelegState); + cx.requestDelegPolicy(requestDelegPolicyState); + s.startAsServer(mech); + ExtendedGSSContext sx = (ExtendedGSSContext)s.x(); + + Context.handshake(c, s); + + if (cx.getCredDelegState() != delegState) { + throw new Exception("Initiator cred state error"); + } + if (sx.getCredDelegState() != delegState) { + throw new Exception("Acceptor cred state error"); + } + if (cx.getDelegPolicyState() != delegPolicyState) { + throw new Exception("Initiator cred policy state error"); + } + + GSSCredential cred = null; + try { + cred = s.x().getDelegCred(); + } catch (GSSException e) { + // leave cred as null + } + + if (delegated != (cred != null)) { + throw new Exception("get cred error"); + } + } +} diff -r aba524fe54db -r 0b2523baa546 jdk/test/sun/security/krb5/auto/OkAsDelegateXRealm.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/krb5/auto/OkAsDelegateXRealm.java Sun Nov 29 15:24:32 2009 -0800 @@ -0,0 +1,156 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +import com.sun.security.jgss.ExtendedGSSContext; +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.security.Security; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; +import org.ietf.jgss.GSSContext; +import org.ietf.jgss.GSSCredential; +import org.ietf.jgss.GSSException; +import org.ietf.jgss.GSSManager; +import org.ietf.jgss.GSSName; +import sun.security.jgss.GSSUtil; +import sun.security.krb5.Config; + +public class OkAsDelegateXRealm implements CallbackHandler { + + /** + * @param args boolean if the program should succeed + */ + public static void main(String[] args) + throws Exception { + + // Create and start the KDCs. Here we have 3 realms: R1, R2 and R3. + // R1 is trusted by R2, and R2 trusted by R3. + KDC kdc1 = KDC.create("R1"); + kdc1.setPolicy("ok-as-delegate", + System.getProperty("test.kdc.policy.ok-as-delegate")); + kdc1.addPrincipal("dummy", "bogus".toCharArray()); + kdc1.addPrincipalRandKey("krbtgt/R1"); + kdc1.addPrincipal("krbtgt/R2@R1", "r1->r2".toCharArray()); + + KDC kdc2 = KDC.create("R2"); + kdc2.setPolicy("ok-as-delegate", + System.getProperty("test.kdc.policy.ok-as-delegate")); + kdc2.addPrincipalRandKey("krbtgt/R2"); + kdc2.addPrincipal("krbtgt/R2@R1", "r1->r2".toCharArray()); + kdc2.addPrincipal("krbtgt/R3@R2", "r2->r3".toCharArray()); + + KDC kdc3 = KDC.create("R3"); + kdc3.setPolicy("ok-as-delegate", + System.getProperty("test.kdc.policy.ok-as-delegate")); + kdc3.addPrincipalRandKey("krbtgt/R3"); + kdc3.addPrincipal("krbtgt/R3@R2", "r2->r3".toCharArray()); + kdc3.addPrincipalRandKey("host/host.r3.local"); + + KDC.saveConfig("krb5-localkdc.conf", kdc1, kdc2, kdc3, + "forwardable=true", + "[capaths]", + "R1 = {", + " R2 = .", + " R3 = R2", + "}", + "[domain_realm]", + ".r3.local=R3" + ); + + System.setProperty("java.security.krb5.conf", "krb5-localkdc.conf"); + kdc3.writeKtab("localkdc.ktab"); + + FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf"); + + // Defines the client and server on R1 and R3 respectively. + fos.write(("com.sun.security.jgss.krb5.initiate {\n" + + " com.sun.security.auth.module.Krb5LoginModule\n" + + " required\n" + + " principal=dummy\n" + + " doNotPrompt=false\n" + + " useTicketCache=false\n" + + " ;\n};\n" + + "com.sun.security.jgss.krb5.accept {\n" + + " com.sun.security.auth.module.Krb5LoginModule required\n" + + " principal=\"host/host.r3.local@R3\"\n" + + " useKeyTab=true\n" + + " keyTab=localkdc.ktab\n" + + " isInitiator=false\n" + + " storeKey=true;\n};\n" + + "\n").getBytes()); + fos.close(); + + Security.setProperty("auth.login.defaultCallbackHandler", + "OkAsDelegateXRealm"); + + System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf"); + + new File("krb5-localkdc.conf").deleteOnExit(); + new File("localkdc.ktab").deleteOnExit(); + new File("jaas-localkdc.conf").deleteOnExit(); + Config.refresh(); + + Context c = Context.fromJAAS("com.sun.security.jgss.krb5.initiate"); + Context s = Context.fromJAAS("com.sun.security.jgss.krb5.accept"); + + // Test twice. The frist time the whole cross realm process is tried, + // the second time the cached service ticket is used. This is to make sure + // the behaviors are the same, especailly for the case when one of the + // cross-realm TGTs does not have OK-AS-DELEGATE on. + + for (int i=0; i<2; i++) { + c.startAsClient("host@host.r3.local", GSSUtil.GSS_KRB5_MECH_OID); + s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); + c.x().requestDelegPolicy(true); + + Context.handshake(c, s); + boolean succeed = true; + try { + s.x().getDelegCred(); + } catch (GSSException gsse) { + succeed = false; + } + if (succeed != Boolean.parseBoolean(args[0])) { + throw new Exception("Test fail at round #" + i); + } + } + } + + @Override + public void handle(Callback[] callbacks) + throws IOException, UnsupportedCallbackException { + for (Callback callback : callbacks) { + if (callback instanceof NameCallback) { + ((NameCallback) callback).setName("dummy"); + } + if (callback instanceof PasswordCallback) { + ((PasswordCallback) callback).setPassword("bogus".toCharArray()); + } + } + } +} + diff -r aba524fe54db -r 0b2523baa546 jdk/test/sun/security/krb5/auto/ok-as-delegate-xrealm.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/krb5/auto/ok-as-delegate-xrealm.sh Sun Nov 29 15:24:32 2009 -0800 @@ -0,0 +1,79 @@ +# +# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, +# CA 95054 USA or visit www.sun.com if you need additional information or +# have any questions. +# + +# @test +# @bug 6853328 +# @summary Support OK-AS-DELEGATE flag +# @run shell/timeout=600 ok-as-delegate-xrealm.sh +# + +if [ "${TESTSRC}" = "" ] ; then + TESTSRC=`dirname $0` +fi + +if [ "${TESTJAVA}" = "" ] ; then + JAVAC_CMD=`which javac` + TESTJAVA=`dirname $JAVAC_CMD`/.. +fi + +# set platform-dependent variables +OS=`uname -s` +case "$OS" in + Windows_* ) + FS="\\" + SEP=";" + ;; + CYGWIN* ) + FS="/" + SEP=";" + ;; + * ) + FS="/" + SEP=":" + ;; +esac + +${TESTJAVA}${FS}bin${FS}javac -XDignore.symbol.file -d . \ + ${TESTSRC}${FS}OkAsDelegateXRealm.java \ + ${TESTSRC}${FS}KDC.java \ + ${TESTSRC}${FS}OneKDC.java \ + ${TESTSRC}${FS}Action.java \ + ${TESTSRC}${FS}Context.java \ + || exit 10 + +# Add $TESTSRC to classpath so that customized nameservice can be used +J="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}." + +# KDC no OK-AS-DELEGATE, fail +$J OkAsDelegateXRealm false || exit 1 + +# KDC set OK-AS-DELEGATE for all, succeed +$J -Dtest.kdc.policy.ok-as-delegate OkAsDelegateXRealm true || exit 2 + +# KDC set OK-AS-DELEGATE for host/host.r3.local only, fail +$J -Dtest.kdc.policy.ok-as-delegate=host/host.r3.local OkAsDelegateXRealm false || exit 3 + +# KDC set OK-AS-DELEGATE for all, succeed +$J "-Dtest.kdc.policy.ok-as-delegate=host/host.r3.local krbtgt/R2 krbtgt/R3" OkAsDelegateXRealm true || exit 4 + +exit 0 diff -r aba524fe54db -r 0b2523baa546 jdk/test/sun/security/krb5/auto/ok-as-delegate.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/sun/security/krb5/auto/ok-as-delegate.sh Sun Nov 29 15:24:32 2009 -0800 @@ -0,0 +1,118 @@ +# +# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, +# CA 95054 USA or visit www.sun.com if you need additional information or +# have any questions. +# + +# @test +# @bug 6853328 +# @summary Support OK-AS-DELEGATE flag +# @run shell/timeout=600 ok-as-delegate.sh +# + +if [ "${TESTSRC}" = "" ] ; then + TESTSRC=`dirname $0` +fi + +if [ "${TESTJAVA}" = "" ] ; then + JAVAC_CMD=`which javac` + TESTJAVA=`dirname $JAVAC_CMD`/.. +fi + +# set platform-dependent variables +OS=`uname -s` +case "$OS" in + Windows_* ) + FS="\\" + SEP=";" + ;; + CYGWIN* ) + FS="/" + SEP=";" + ;; + * ) + FS="/" + SEP=":" + ;; +esac + +${TESTJAVA}${FS}bin${FS}javac -XDignore.symbol.file -d . \ + ${TESTSRC}${FS}OkAsDelegate.java \ + ${TESTSRC}${FS}KDC.java \ + ${TESTSRC}${FS}OneKDC.java \ + ${TESTSRC}${FS}Action.java \ + ${TESTSRC}${FS}Context.java \ + || exit 10 + +# Testing Kerberos 5 + +# Add $TESTSRC to classpath so that customized nameservice can be used +J="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}. OkAsDelegate" +JOK="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}. -Dtest.kdc.policy.ok-as-delegate OkAsDelegate" + +# FORWARDABLE ticket not allowed, always fail +$J false true true false false false || exit 1 + +# Service ticket no OK-AS-DELEGATE + +# Request nothing, gain nothing +$J true false false false false false || exit 2 +# Request deleg policy, gain nothing +$J true false true false false false || exit 3 +# Request deleg, granted +$J true true false true false true || exit 4 +# Request deleg and deleg policy, granted, with info not by policy +$J true true true true false true || exit 5 + +# Service ticket has OK-AS-DELEGATE + +# Request deleg policy, granted +$JOK true false true true true true || exit 6 +# Request deleg and deleg policy, granted, with info by policy +$JOK true true true true true true || exit 7 + +# Testing SPNEGO + +# Add $TESTSRC to classpath so that customized nameservice can be used +J="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}. -Dtest.spnego OkAsDelegate" +JOK="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}. -Dtest.spnego -Dtest.kdc.policy.ok-as-delegate OkAsDelegate" + +# FORWARDABLE ticket not allowed, always fail +$J false true true false false false || exit 11 + +# Service ticket no OK-AS-DELEGATE + +# Request nothing, gain nothing +$J true false false false false false || exit 12 +# Request deleg policy, gain nothing +$J true false true false false false || exit 13 +# Request deleg, granted +$J true true false true false true || exit 14 +# Request deleg and deleg policy, granted, with info not by policy +$J true true true true false true || exit 15 + +# Service ticket has OK-AS-DELEGATE + +# Request deleg policy, granted +$JOK true false true true true true || exit 16 +# Request deleg and deleg policy, granted, with info by policy +$JOK true true true true true true || exit 17 + +exit 0 diff -r aba524fe54db -r 0b2523baa546 jdk/test/sun/tools/jhat/HatRun.java --- a/jdk/test/sun/tools/jhat/HatRun.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/sun/tools/jhat/HatRun.java Sun Nov 29 15:24:32 2009 -0800 @@ -186,11 +186,13 @@ */ int nvm_options = 0; if ( vm_options != null ) nvm_options = vm_options.length; - String cmd[] = new String[1 + (d64?1:0) + 5 + nvm_options]; + String cmd[] = new String[1 + (d64?1:0) + 7 + nvm_options]; int i,j; i = 0; cmd[i++] = java; + cmd[i++] = "-cp"; + cmd[i++] = cdir; cmd[i++] = "-Dtest.classes=" + cdir; if ( d64 ) { cmd[i++] = "-d64"; diff -r aba524fe54db -r 0b2523baa546 jdk/test/sun/tools/native2ascii/NativeErrors.java --- a/jdk/test/sun/tools/native2ascii/NativeErrors.java Tue Nov 24 18:12:46 2009 -0800 +++ b/jdk/test/sun/tools/native2ascii/NativeErrors.java Sun Nov 29 15:24:32 2009 -0800 @@ -59,15 +59,28 @@ in = new BufferedReader(new InputStreamReader(p.getInputStream())); checkResult(in, "err.bad.arg"); - command = getComString("test123"); + File f0 = new File(System.getProperty("test.src", "."), "test123"); + String path0 = f0.getPath(); + if ( f0.exists() ) { + throw new Error("Input file should not exist: " + path0); + } + + command = getComString(path0); p = Runtime.getRuntime().exec(command); in = new BufferedReader(new InputStreamReader(p.getInputStream())); checkResult(in, "err.cannot.read"); File f1 = new File(System.getProperty("test.src", "."), "test1"); - File f2 = new File(System.getProperty("test.src", "."), "test2"); + File f2 = File.createTempFile("test2", ".tmp"); String path1 = f1.getPath(); String path2 = f2.getPath(); + if ( !f1.exists() ) { + throw new Error("Missing input file: " + path1); + } + if ( !f2.setWritable(false) ) { + throw new Error("Output file cannot be made read only: " + path2); + } + f2.deleteOnExit(); command = getComString(path1, path2); p = Runtime.getRuntime().exec(command); @@ -80,7 +93,9 @@ throws Exception { String errorReceived; errorReceived = in.readLine(); + assert errorReceived != null : "First readline cannot be null"; errorExpected = rsrc.getString(errorExpected); + assert errorExpected != null : "Expected message cannot be null"; StringBuffer error = new StringBuffer(errorExpected); int start = errorExpected.indexOf("{0}"); if (start >= 0) { @@ -128,6 +143,7 @@ f = new File(path); if (!f.exists()) throw new RuntimeException("Cannot find native2ascii at "+path); + System.out.println("Using native2ascii at "+path); } return path; } diff -r aba524fe54db -r 0b2523baa546 jdk/test/sun/tools/native2ascii/test2 --- a/jdk/test/sun/tools/native2ascii/test2 Tue Nov 24 18:12:46 2009 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -This file exists as a non-writable placeholder for NativeErrors.java