# HG changeset patch # User lana # Date 1422170605 28800 # Node ID 6d99e9b8dbe5103e9b432bf322cd127a73529bb6 # Parent efce8f50cea4be6d9662ad7f588c5eb0b2b95b1d# Parent b00a1e9a9238ce952dd750c79ebf2f0d79beec48 Merge diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/make/gendata/GendataPolicyJars.gmk --- a/jdk/make/gendata/GendataPolicyJars.gmk Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/make/gendata/GendataPolicyJars.gmk Sat Jan 24 23:23:25 2015 -0800 @@ -35,65 +35,62 @@ US_EXPORT_POLICY_JAR_DST := \ $(SUPPORT_OUTPUTDIR)/modules_libs/java.base/security/US_export_policy.jar -ifneq ($(BUILD_CRYPTO), no) - - US_EXPORT_POLICY_JAR_LIMITED := \ - $(SUPPORT_OUTPUTDIR)/jce/policy/limited/US_export_policy.jar - US_EXPORT_POLICY_JAR_UNLIMITED := \ - $(SUPPORT_OUTPUTDIR)/jce/policy/unlimited/US_export_policy.jar +US_EXPORT_POLICY_JAR_LIMITED := \ + $(SUPPORT_OUTPUTDIR)/jce/policy/limited/US_export_policy.jar +US_EXPORT_POLICY_JAR_UNLIMITED := \ + $(SUPPORT_OUTPUTDIR)/jce/policy/unlimited/US_export_policy.jar - ifndef OPENJDK - # - # In past releases, Oracle JDK has had a separately downloadable set of - # policy files which has been a nightmare for deployment. - # - # Now if we're closed and limited (default for Oracle JDK), create - # an "unlimited_policy" directory that contains the unlimited policy - # files. It will be up to the user/deployer to make an informed choice - # as to whether they are legally entitled to use the unlimited policy - # file in their environment. Users/deployers simply need to overwrite - # the files. Consult README.txt (below) for more info. - # - UNLIMITED_POLICY_DIR := \ - $(SUPPORT_OUTPUTDIR)/modules_libs/java.base/security/unlimited_policy - endif +ifndef OPENJDK + # + # In past releases, Oracle JDK has had a separately downloadable set of + # policy files which has been a nightmare for deployment. + # + # Now if we're closed and limited (default for Oracle JDK), create + # an "unlimited_policy" directory that contains the unlimited policy + # files. It will be up to the user/deployer to make an informed choice + # as to whether they are legally entitled to use the unlimited policy + # file in their environment. Users/deployers simply need to overwrite + # the files. Consult README.txt (below) for more info. + # + UNLIMITED_POLICY_DIR := \ + $(SUPPORT_OUTPUTDIR)/modules_libs/java.base/security/unlimited_policy +endif - # - # TODO fix so that SetupArchive does not write files into SRCS - # then we don't need this extra copying - # - # NOTE: We currently do not place restrictions on our limited export - # policy. This was not a typo. This means we are shipping the same file - # for both limited and unlimited US_export_policy.jar. Only the local - # policy file currently has restrictions. - # - US_EXPORT_POLICY_JAR_SRC_DIR := \ - $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited - US_EXPORT_POLICY_JAR_TMP := \ - $(SUPPORT_OUTPUTDIR)/jce/policy/unlimited/US_export_policy_jar.tmp +# +# TODO fix so that SetupArchive does not write files into SRCS +# then we don't need this extra copying +# +# NOTE: We currently do not place restrictions on our limited export +# policy. This was not a typo. This means we are shipping the same file +# for both limited and unlimited US_export_policy.jar. Only the local +# policy file currently has restrictions. +# +US_EXPORT_POLICY_JAR_SRC_DIR := \ + $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited +US_EXPORT_POLICY_JAR_TMP := \ + $(SUPPORT_OUTPUTDIR)/jce/policy/unlimited/US_export_policy_jar.tmp - $(US_EXPORT_POLICY_JAR_TMP)/%: $(US_EXPORT_POLICY_JAR_SRC_DIR)/% +$(US_EXPORT_POLICY_JAR_TMP)/%: $(US_EXPORT_POLICY_JAR_SRC_DIR)/% $(install-file) - US_EXPORT_POLICY_JAR_DEPS := \ - $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy +US_EXPORT_POLICY_JAR_DEPS := \ + $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy - $(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR, \ - $(US_EXPORT_POLICY_JAR_DEPS), \ - SRCS := $(US_EXPORT_POLICY_JAR_TMP), \ - SUFFIXES := .policy, \ - JAR := $(US_EXPORT_POLICY_JAR_UNLIMITED), \ - EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \ - SKIP_METAINF := true)) +$(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR, \ + $(US_EXPORT_POLICY_JAR_DEPS), \ + SRCS := $(US_EXPORT_POLICY_JAR_TMP), \ + SUFFIXES := .policy, \ + JAR := $(US_EXPORT_POLICY_JAR_UNLIMITED), \ + EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \ + SKIP_METAINF := true)) - $(US_EXPORT_POLICY_JAR_LIMITED): \ - $(US_EXPORT_POLICY_JAR_UNLIMITED) - $(ECHO) $(LOG_INFO) \ - Copying unlimited $(patsubst $(OUTPUT_ROOT)/%,%,$@) - $(install-file) +$(US_EXPORT_POLICY_JAR_LIMITED): \ + $(US_EXPORT_POLICY_JAR_UNLIMITED) + $(ECHO) $(LOG_INFO) \ + Copying unlimited $(patsubst $(OUTPUT_ROOT)/%,%,$@) + $(install-file) - TARGETS += $(US_EXPORT_POLICY_JAR_LIMITED) $(US_EXPORT_POLICY_JAR_UNLIMITED) -endif +TARGETS += $(US_EXPORT_POLICY_JAR_LIMITED) $(US_EXPORT_POLICY_JAR_UNLIMITED) ifeq ($(UNLIMITED_CRYPTO), true) $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_UNLIMITED) @@ -119,57 +116,54 @@ LOCAL_POLICY_JAR_DST := \ $(SUPPORT_OUTPUTDIR)/modules_libs/java.base/security/local_policy.jar -ifneq ($(BUILD_CRYPTO), no) +LOCAL_POLICY_JAR_LIMITED := \ + $(SUPPORT_OUTPUTDIR)/jce/policy/limited/local_policy.jar +LOCAL_POLICY_JAR_UNLIMITED := \ + $(SUPPORT_OUTPUTDIR)/jce/policy/unlimited/local_policy.jar - LOCAL_POLICY_JAR_LIMITED := \ - $(SUPPORT_OUTPUTDIR)/jce/policy/limited/local_policy.jar - LOCAL_POLICY_JAR_UNLIMITED := \ - $(SUPPORT_OUTPUTDIR)/jce/policy/unlimited/local_policy.jar +# +# TODO fix so that SetupArchive does not write files into SRCS +# then we don't need this extra copying +# +LOCAL_POLICY_JAR_LIMITED_TMP := \ + $(SUPPORT_OUTPUTDIR)/jce/policy/limited/local_policy_jar.tmp +LOCAL_POLICY_JAR_UNLIMITED_TMP := \ + $(SUPPORT_OUTPUTDIR)/jce/policy/unlimited/local_policy_jar.tmp + +$(LOCAL_POLICY_JAR_LIMITED_TMP)/%: \ + $(JDK_TOPDIR)/make/data/cryptopolicy/limited/% + $(install-file) + +$(LOCAL_POLICY_JAR_UNLIMITED_TMP)/%: \ + $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited/% + $(install-file) - # - # TODO fix so that SetupArchive does not write files into SRCS - # then we don't need this extra copying - # - LOCAL_POLICY_JAR_LIMITED_TMP := \ - $(SUPPORT_OUTPUTDIR)/jce/policy/limited/local_policy_jar.tmp - LOCAL_POLICY_JAR_UNLIMITED_TMP := \ - $(SUPPORT_OUTPUTDIR)/jce/policy/unlimited/local_policy_jar.tmp +$(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR_LIMITED, \ + $(LOCAL_POLICY_JAR_LIMITED_TMP)/exempt_local.policy \ + $(LOCAL_POLICY_JAR_LIMITED_TMP)/default_local.policy, \ + SRCS := $(LOCAL_POLICY_JAR_LIMITED_TMP), \ + SUFFIXES := .policy, \ + JAR := $(LOCAL_POLICY_JAR_LIMITED), \ + EXTRA_MANIFEST_ATTR := Crypto-Strength: limited, \ + SKIP_METAINF := true)) - $(LOCAL_POLICY_JAR_LIMITED_TMP)/%: \ - $(JDK_TOPDIR)/make/data/cryptopolicy/limited/% - $(install-file) +$(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR_UNLIMITED, \ + $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/default_local.policy, \ + SRCS := $(LOCAL_POLICY_JAR_UNLIMITED_TMP), \ + SUFFIXES := .policy, \ + JAR := $(LOCAL_POLICY_JAR_UNLIMITED), \ + EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \ + SKIP_METAINF := true)) - $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/%: \ - $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited/% +TARGETS += $(LOCAL_POLICY_JAR_LIMITED) $(LOCAL_POLICY_JAR_UNLIMITED) + +ifndef OPENJDK + ifneq ($(UNLIMITED_CRYPTO), true) + $(UNLIMITED_POLICY_DIR)/README.txt: \ + $(JDK_TOPDIR)/make/closed/data/cryptopolicy/README.txt $(install-file) - $(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR_LIMITED, \ - $(LOCAL_POLICY_JAR_LIMITED_TMP)/exempt_local.policy \ - $(LOCAL_POLICY_JAR_LIMITED_TMP)/default_local.policy, \ - SRCS := $(LOCAL_POLICY_JAR_LIMITED_TMP), \ - SUFFIXES := .policy, \ - JAR := $(LOCAL_POLICY_JAR_LIMITED), \ - EXTRA_MANIFEST_ATTR := Crypto-Strength: limited, \ - SKIP_METAINF := true)) - - $(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR_UNLIMITED, \ - $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/default_local.policy, \ - SRCS := $(LOCAL_POLICY_JAR_UNLIMITED_TMP), \ - SUFFIXES := .policy, \ - JAR := $(LOCAL_POLICY_JAR_UNLIMITED), \ - EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \ - SKIP_METAINF := true)) - - TARGETS += $(LOCAL_POLICY_JAR_LIMITED) $(LOCAL_POLICY_JAR_UNLIMITED) - - ifndef OPENJDK - ifneq ($(UNLIMITED_CRYPTO), true) - $(UNLIMITED_POLICY_DIR)/README.txt: \ - $(JDK_TOPDIR)/make/closed/data/cryptopolicy/README.txt - $(install-file) - - TARGETS += $(UNLIMITED_POLICY_DIR)/README.txt - endif + TARGETS += $(UNLIMITED_POLICY_DIR)/README.txt endif endif diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/make/lib/Awt2dLibraries.gmk --- a/jdk/make/lib/Awt2dLibraries.gmk Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/make/lib/Awt2dLibraries.gmk Sat Jan 24 23:23:25 2015 -0800 @@ -300,7 +300,6 @@ LIBAWT_XAWT_DIRS := \ $(JDK_TOPDIR)/src/java.desktop/$(OPENJDK_TARGET_OS_TYPE)/native/libawt_xawt \ - $(JDK_TOPDIR)/src/java.desktop/$(OPENJDK_TARGET_OS_TYPE)/native/libjawt \ $(JDK_TOPDIR)/src/java.desktop/share/native/common/awt/debug \ $(JDK_TOPDIR)/src/java.desktop/share/native/common/awt/utility \ $(JDK_TOPDIR)/src/java.desktop/share/native/common/font \ diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/make/src/classes/build/tools/module/ext.modules --- a/jdk/make/src/classes/build/tools/module/ext.modules Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/make/src/classes/build/tools/module/ext.modules Sat Jan 24 23:23:25 2015 -0800 @@ -6,4 +6,4 @@ jdk.naming.dns jdk.scripting.nashorn jdk.zipfs -oracle.accessbridge +jdk.accessbridge diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/macosx/classes/java/lang/ClassLoaderHelper.java --- a/jdk/src/java.base/macosx/classes/java/lang/ClassLoaderHelper.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/macosx/classes/java/lang/ClassLoaderHelper.java Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015 Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,6 +31,11 @@ private ClassLoaderHelper() {} /** + * Indicates, whether PATH env variable is allowed to contain quoted entries. + */ + static final boolean allowsQuotedPathElements = false; + + /** * Returns an alternate path name for the given file * such that if the original pathname did not exist, then the * file may be located at the alternate location. diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/java/lang/Class.java --- a/jdk/src/java.base/share/classes/java/lang/Class.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/java/lang/Class.java Sat Jan 24 23:23:25 2015 -0800 @@ -149,7 +149,8 @@ * {@code getName}. If this {@code Class} object represents a * primitive type, this method returns the name of the primitive type. If * this {@code Class} object represents void this method returns - * "void". + * "void". If this {@code Class} object represents an array type, + * this method returns "class " followed by {@code getName}. * * @return a string representation of this class object. */ @@ -174,6 +175,12 @@ * occur in canonical order. If there are no type parameters, the * type parameter list is elided. * + * For an array type, the string starts with the type name, + * followed by an angle-bracketed comma-separated list of the + * type's type parameters, if any, followed by a sequence of + * {@code []} characters, one set of brackets per dimension of + * the array. + * *

Note that since information about the runtime representation * of a type is being generated, modifiers not present on the * originating source code or illegal on the originating source @@ -189,29 +196,39 @@ return toString(); } else { StringBuilder sb = new StringBuilder(); - - // Class modifiers are a superset of interface modifiers - int modifiers = getModifiers() & Modifier.classModifiers(); - if (modifiers != 0) { - sb.append(Modifier.toString(modifiers)); + Class component = this; + int arrayDepth = 0; + + if (isArray()) { + do { + arrayDepth++; + component = component.getComponentType(); + } while (component.isArray()); + sb.append(component.getName()); + } else { + // Class modifiers are a superset of interface modifiers + int modifiers = getModifiers() & Modifier.classModifiers(); + if (modifiers != 0) { + sb.append(Modifier.toString(modifiers)); + sb.append(' '); + } + + if (isAnnotation()) { + sb.append('@'); + } + if (isInterface()) { // Note: all annotation types are interfaces + sb.append("interface"); + } else { + if (isEnum()) + sb.append("enum"); + else + sb.append("class"); + } sb.append(' '); - } - - if (isAnnotation()) { - sb.append('@'); + sb.append(getName()); } - if (isInterface()) { // Note: all annotation types are interfaces - sb.append("interface"); - } else { - if (isEnum()) - sb.append("enum"); - else - sb.append("class"); - } - sb.append(' '); - sb.append(getName()); - - TypeVariable[] typeparms = getTypeParameters(); + + TypeVariable[] typeparms = component.getTypeParameters(); if (typeparms.length > 0) { boolean first = true; sb.append('<'); @@ -224,6 +241,9 @@ sb.append('>'); } + for (int i = 0; i < arrayDepth; i++) + sb.append("[]"); + return sb.toString(); } } diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/java/lang/ClassLoader.java --- a/jdk/src/java.base/share/classes/java/lang/ClassLoader.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/java/lang/ClassLoader.java Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2014 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2015 Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1360,7 +1360,10 @@ return null; SecurityManager sm = System.getSecurityManager(); if (sm != null) { - checkClassLoaderPermission(this, Reflection.getCallerClass()); + // Check access to the parent class loader + // If the caller's class loader is same as this class loader, + // permission check is performed. + checkClassLoaderPermission(parent, Reflection.getCallerClass()); } return parent; } @@ -1503,6 +1506,11 @@ return caller.getClassLoader0(); } + /* + * Checks RuntimePermission("getClassLoader") permission + * if caller's class loader is not null and caller's class loader + * is not the same as or an ancestor of the given cl argument. + */ static void checkClassLoaderPermission(ClassLoader cl, Class caller) { SecurityManager sm = System.getSecurityManager(); if (sm != null) { @@ -1747,35 +1755,54 @@ private static String usr_paths[]; private static String sys_paths[]; - private static String[] initializePath(String propname) { - String ldpath = System.getProperty(propname, ""); - String ps = File.pathSeparator; - int ldlen = ldpath.length(); - int i, j, n; - // Count the separators in the path - i = ldpath.indexOf(ps); - n = 0; - while (i >= 0) { - n++; - i = ldpath.indexOf(ps, i + 1); + private static String[] initializePath(String propName) { + String ldPath = System.getProperty(propName, ""); + int ldLen = ldPath.length(); + char ps = File.pathSeparatorChar; + int psCount = 0; + + if (ClassLoaderHelper.allowsQuotedPathElements && + ldPath.indexOf('\"') >= 0) { + // First, remove quotes put around quoted parts of paths. + // Second, use a quotation mark as a new path separator. + // This will preserve any quoted old path separators. + char[] buf = new char[ldLen]; + int bufLen = 0; + for (int i = 0; i < ldLen; ++i) { + char ch = ldPath.charAt(i); + if (ch == '\"') { + while (++i < ldLen && + (ch = ldPath.charAt(i)) != '\"') { + buf[bufLen++] = ch; + } + } else { + if (ch == ps) { + psCount++; + ch = '\"'; + } + buf[bufLen++] = ch; + } + } + ldPath = new String(buf, 0, bufLen); + ldLen = bufLen; + ps = '\"'; + } else { + for (int i = ldPath.indexOf(ps); i >= 0; + i = ldPath.indexOf(ps, i + 1)) { + psCount++; + } } - // allocate the array of paths - n :'s = n + 1 path elements - String[] paths = new String[n + 1]; - - // Fill the array with paths from the ldpath - n = i = 0; - j = ldpath.indexOf(ps); - while (j >= 0) { - if (j - i > 0) { - paths[n++] = ldpath.substring(i, j); - } else if (j - i == 0) { - paths[n++] = "."; - } - i = j + 1; - j = ldpath.indexOf(ps, i); + String[] paths = new String[psCount + 1]; + int pathStart = 0; + for (int j = 0; j < psCount; ++j) { + int pathEnd = ldPath.indexOf(ps, pathStart); + paths[j] = (pathStart < pathEnd) ? + ldPath.substring(pathStart, pathEnd) : "."; + pathStart = pathEnd + 1; } - paths[n] = ldpath.substring(i, ldlen); + paths[psCount] = (pathStart < ldLen) ? + ldPath.substring(pathStart, ldLen) : "."; return paths; } diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/java/net/MulticastSocket.java --- a/jdk/src/java.base/share/classes/java/net/MulticastSocket.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/java/net/MulticastSocket.java Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -569,7 +569,7 @@ public NetworkInterface getNetworkInterface() throws SocketException { NetworkInterface ni = (NetworkInterface)getImpl().getOption(SocketOptions.IP_MULTICAST_IF2); - if (ni.getIndex() == 0) { + if ((ni.getIndex() == 0) || (ni.getIndex() == -1)) { InetAddress[] addrs = new InetAddress[1]; addrs[0] = InetAddress.anyLocalAddress(); return new NetworkInterface(addrs[0].getHostName(), 0, addrs); diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/java/net/URI.java --- a/jdk/src/java.base/share/classes/java/net/URI.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/java/net/URI.java Sat Jan 24 23:23:25 2015 -0800 @@ -2637,6 +2637,11 @@ private static final long H_URIC_NO_SLASH = H_UNRESERVED | H_ESCAPED | highMask(";?:@&=+$,"); + // scope_id = alpha | digit | "_" | "." + private static final long L_SCOPE_ID + = L_ALPHANUM | lowMask("_."); + private static final long H_SCOPE_ID + = H_ALPHANUM | highMask("_."); // -- Escaping and encoding -- @@ -3226,7 +3231,7 @@ if (r+1 == q) { fail ("scope id expected"); } - checkChars (r+1, q, L_ALPHANUM, H_ALPHANUM, + checkChars (r+1, q, L_SCOPE_ID, H_SCOPE_ID, "scope id"); } else { parseIPv6Reference(p, q); diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/java/nio/channels/Channels.java --- a/jdk/src/java.base/share/classes/java/nio/channels/Channels.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/java/nio/channels/Channels.java Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -579,12 +579,13 @@ * charset and writes the resulting bytes to the given channel. * *

An invocation of this method of the form - *

+ * * 

 {@code
      *     Channels.newWriter(ch, csname)
      * }
+ * * behaves in exactly the same way as the expression - *

+ * * 

 {@code
      *     Channels.newWriter(ch, Charset.forName(csName).newEncoder(), -1)
      * }
diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/java/util/Formatter.java --- a/jdk/src/java.base/share/classes/java/util/Formatter.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/java/util/Formatter.java Sat Jan 24 23:23:25 2015 -0800 @@ -1835,7 +1835,7 @@ *

The maximum number of arguments is limited by the maximum dimension of a * Java array as defined by * The Java™ Virtual Machine Specification. - * If the argument index is does not correspond to an + * If the argument index does not correspond to an * available argument, then a {@link MissingFormatArgumentException} is thrown. * *

If there are more arguments than format specifiers, the extra arguments diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/java/util/Hashtable.java --- a/jdk/src/java.base/share/classes/java/util/Hashtable.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/java/util/Hashtable.java Sat Jan 24 23:23:25 2015 -0800 @@ -1137,10 +1137,10 @@ Entry entryStack = null; synchronized (this) { - // Write out the length, threshold, loadfactor + // Write out the threshold and loadFactor s.defaultWriteObject(); - // Write out length, count of elements + // Write out the length and count of elements s.writeInt(table.length); s.writeInt(count); @@ -1169,22 +1169,33 @@ private void readObject(java.io.ObjectInputStream s) throws IOException, ClassNotFoundException { - // Read in the length, threshold, and loadfactor + // Read in the threshold and loadFactor s.defaultReadObject(); + // Validate loadFactor (ignore threshold - it will be re-computed) + if (loadFactor <= 0 || Float.isNaN(loadFactor)) + throw new StreamCorruptedException("Illegal Load: " + loadFactor); + // Read the original length of the array and number of elements int origlength = s.readInt(); int elements = s.readInt(); - // Compute new size with a bit of room 5% to grow but - // no larger than the original size. Make the length + // Validate # of elements + if (elements < 0) + throw new StreamCorruptedException("Illegal # of Elements: " + elements); + + // Clamp original length to be more than elements / loadFactor + // (this is the invariant enforced with auto-growth) + origlength = Math.max(origlength, (int)(elements / loadFactor) + 1); + + // Compute new length with a bit of room 5% + 3 to grow but + // no larger than the clamped original length. Make the length // odd if it's large enough, this helps distribute the entries. // Guard against the length ending up zero, that's not valid. - int length = (int)(elements * loadFactor) + (elements / 20) + 3; + int length = (int)((elements + elements / 20) / loadFactor) + 3; if (length > elements && (length & 1) == 0) length--; - if (origlength > 0 && length > origlength) - length = origlength; + length = Math.min(length, origlength); table = new Entry[length]; threshold = (int)Math.min(length * loadFactor, MAX_ARRAY_SIZE + 1); count = 0; @@ -1195,7 +1206,7 @@ K key = (K)s.readObject(); @SuppressWarnings("unchecked") V value = (V)s.readObject(); - // synch could be eliminated for performance + // sync is eliminated for performance reconstitutionPut(table, key, value); } } @@ -1207,9 +1218,9 @@ * *

This differs from the regular put method in several ways. No * checking for rehashing is necessary since the number of elements - * initially in the table is known. The modCount is not incremented - * because we are creating a new instance. Also, no return value - * is needed. + * initially in the table is known. The modCount is not incremented and + * there's no synchronization because we are creating a new instance. + * Also, no return value is needed. */ private void reconstitutionPut(Entry[] tab, K key, V value) throws StreamCorruptedException diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/java/util/Spliterator.java --- a/jdk/src/java.base/share/classes/java/util/Spliterator.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/java/util/Spliterator.java Sat Jan 24 23:23:25 2015 -0800 @@ -125,7 +125,7 @@ * are encountered. * * @apiNote - *

Spliterators, like {@code Iterators}s, are for traversing the elements of + *

Spliterators, like {@code Iterator}s, are for traversing the elements of * a source. The {@code Spliterator} API was designed to support efficient * parallel traversal in addition to sequential traversal, by supporting * decomposition as well as single-element iteration. In addition, the diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/java/util/concurrent/CompletableFuture.java --- a/jdk/src/java.base/share/classes/java/util/concurrent/CompletableFuture.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/java/util/concurrent/CompletableFuture.java Sat Jan 24 23:23:25 2015 -0800 @@ -978,7 +978,15 @@ } try { @SuppressWarnings("unchecked") T t = (T) r; - return f.apply(t).toCompletableFuture(); + CompletableFuture g = f.apply(t).toCompletableFuture(); + Object s = g.result; + if (s != null) + return new CompletableFuture(encodeRelay(s)); + CompletableFuture d = new CompletableFuture(); + UniRelay copy = new UniRelay(d, g); + g.push(copy); + copy.tryFire(SYNC); + return d; } catch (Throwable ex) { return new CompletableFuture(encodeThrowable(ex)); } diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Sat Jan 24 23:23:25 2015 -0800 @@ -337,6 +337,7 @@ /* try auth without calling Authenticator. Used for transparent NTLM authentication */ private boolean tryTransparentNTLMServer = true; private boolean tryTransparentNTLMProxy = true; + private boolean useProxyResponseCode = false; /* Used by Windows specific code */ private Object authObj; @@ -2239,6 +2240,15 @@ if (tryTransparentNTLMProxy) { tryTransparentNTLMProxy = NTLMAuthenticationProxy.supportsTransparentAuth; + /* If the platform supports transparent authentication + * then normally it's ok to do transparent auth to a proxy + * because we generally trust proxies (chosen by the user) + * But not in the case of 305 response where the server + * chose it. */ + if (tryTransparentNTLMProxy && useProxyResponseCode) { + tryTransparentNTLMProxy = false; + } + } a = null; if (tryTransparentNTLMProxy) { @@ -2610,6 +2620,10 @@ requests.set(0, method + " " + getRequestURI()+" " + httpVersion, null); connected = true; + // need to remember this in case NTLM proxy authentication gets + // used. We can't use transparent authentication when user + // doesn't know about proxy. + useProxyResponseCode = true; } else { // maintain previous headers, just change the name // of the file we're getting diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java Sat Jan 24 23:23:25 2015 -0800 @@ -192,22 +192,6 @@ return userAgent; } - // should remove once HttpClient.newHttpProxy is putback - private static Proxy newHttpProxy(String proxyHost, int proxyPort) { - InetSocketAddress saddr = null; - final String phost = proxyHost; - final int pport = proxyPort < 0 ? httpsPortNumber : proxyPort; - try { - saddr = java.security.AccessController.doPrivileged(new - java.security.PrivilegedExceptionAction() { - public InetSocketAddress run() { - return new InetSocketAddress(phost, pport); - }}); - } catch (java.security.PrivilegedActionException pae) { - } - return new Proxy(Proxy.Type.HTTP, saddr); - } - // CONSTRUCTOR, FACTORY @@ -251,7 +235,7 @@ throws IOException { this(sf, url, (proxyHost == null? null: - HttpsClient.newHttpProxy(proxyHost, proxyPort)), + HttpClient.newHttpProxy(proxyHost, proxyPort, "https")), connectTimeout); } @@ -261,6 +245,11 @@ HttpsClient(SSLSocketFactory sf, URL url, Proxy proxy, int connectTimeout) throws IOException { + PlatformLogger logger = HttpURLConnection.getHttpLogger(); + if (logger.isLoggable(PlatformLogger.Level.FINEST)) { + logger.finest("Creating new HttpsClient with url:" + url + " and proxy:" + proxy + + " with connect timeout:" + connectTimeout); + } this.proxy = proxy; setSSLSocketFactory(sf); this.proxyDisabled = true; @@ -317,7 +306,7 @@ return HttpsClient.New(sf, url, hv, (proxyHost == null? null : - HttpsClient.newHttpProxy(proxyHost, proxyPort)), + HttpClient.newHttpProxy(proxyHost, proxyPort, "https")), useCache, connectTimeout, httpuc); } @@ -329,6 +318,11 @@ if (p == null) { p = Proxy.NO_PROXY; } + PlatformLogger logger = HttpURLConnection.getHttpLogger(); + if (logger.isLoggable(PlatformLogger.Level.FINEST)) { + logger.finest("Looking for HttpClient for URL " + url + + " and proxy value of " + p); + } HttpsClient ret = null; if (useCache) { /* see if one's already around */ @@ -342,14 +336,13 @@ if (ret != null) { if ((ret.proxy != null && ret.proxy.equals(p)) || - (ret.proxy == null && p == null)) { + (ret.proxy == null && p == Proxy.NO_PROXY)) { synchronized (ret) { ret.cachedHttpClient = true; assert ret.inCache; ret.inCache = false; if (httpuc != null && ret.needsTunneling()) httpuc.setTunnelState(TUNNELING); - PlatformLogger logger = HttpURLConnection.getHttpLogger(); if (logger.isLoggable(PlatformLogger.Level.FINEST)) { logger.finest("KeepAlive stream retrieved from the cache, " + ret); } @@ -360,6 +353,9 @@ // This should be fine as it is very rare that a connection // to the same host will not use the same proxy. synchronized(ret) { + if (logger.isLoggable(PlatformLogger.Level.FINEST)) { + logger.finest("Not returning this connection to cache: " + ret); + } ret.inCache = false; ret.closeServer(); } diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/provider/FileInputStreamPool.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/src/java.base/share/classes/sun/security/provider/FileInputStreamPool.java Sat Jan 24 23:23:25 2015 -0800 @@ -0,0 +1,159 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.provider; + +import java.io.*; +import java.lang.ref.ReferenceQueue; +import java.lang.ref.WeakReference; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.ConcurrentMap; + +/** + * A pool of {@code InputStream}s opened from distinct files. Only a single + * instance is ever opened from the same file. This is used to read special + * infinite files like {@code /dev/random} where the current file pointer is not + * relevant, so multiple readers can share the same file descriptor and + * consequently the same {@code InputStream}. + */ +class FileInputStreamPool { + + /** + * a pool of: StreamRef -> UnclosableInputStream -> FileInputStream(s) + */ + private static final ConcurrentMap pool = + new ConcurrentHashMap<>(); + + /** + * a reference queue of cleared StreamRef(s) + */ + private static final ReferenceQueue refQueue = + new ReferenceQueue<>(); + + /** + * This method opens an underlying {@link java.io.FileInputStream} for a + * given {@code file} and returns a wrapper over it. The wrapper is shared + * among multiple readers of the same {@code file} and ignores + * {@link java.io.InputStream#close()} requests. The underlying stream is + * closed when all references to the wrapper are relinquished. + * + * @param file the file to be opened for reading. + * @return a shared {@link java.io.InputStream} instance opened from given + * file. + * @throws FileNotFoundException if the file does not exist, is a directory + * rather than a regular file, or for some + * other reason cannot be opened for reading. + * @throws SecurityException if a security manager exists and its + * checkRead method denies read + * access to the file. + */ + static InputStream getInputStream(File file) throws IOException { + + // expunge any cleared references + StreamRef oldRref; + while ((oldRref = (StreamRef) refQueue.poll()) != null) { + pool.remove(oldRref.file, oldRref); + } + + // canonicalize the path + // (this also checks the read permission on the file if SecurityManager + // is present, so no checking is needed later when we just return the + // already opened stream) + File cfile = file.getCanonicalFile(); + + // check if it exists in pool + oldRref = pool.get(cfile); + UnclosableInputStream oldStream = (oldRref == null) + ? null + : oldRref.get(); + StreamRef newRef = null; + UnclosableInputStream newStream = null; + + // retry loop + while (true) { + if (oldStream != null) { + // close our optimistically opened stream 1st (if we opened it) + if (newStream != null) { + try { + newStream.getWrappedStream().close(); + } catch (IOException ignore) { + // can't do anything here + } + } + // return it + return oldStream; + } else { + // we need to open new stream optimistically (if not already) + if (newStream == null) { + newStream = new UnclosableInputStream( + new FileInputStream(cfile)); + newRef = new StreamRef(cfile, newStream, refQueue); + } + // either try to install newRef or replace oldRef with newRef + if (oldRref == null) { + oldRref = pool.putIfAbsent(cfile, newRef); + } else { + oldRref = pool.replace(cfile, oldRref, newRef) + ? null + : pool.get(cfile); + } + if (oldRref == null) { + // success + return newStream; + } else { + // lost race + oldStream = oldRref.get(); + // another loop + } + } + } + } + + private static class StreamRef extends WeakReference { + final File file; + + StreamRef(File file, + UnclosableInputStream stream, + ReferenceQueue refQueue) { + super(stream, refQueue); + this.file = file; + } + } + + private static final class UnclosableInputStream extends FilterInputStream { + UnclosableInputStream(InputStream in) { + super(in); + } + + @Override + public void close() throws IOException { + // Ignore close attempts since underlying InputStream is shared. + } + + InputStream getWrappedStream() { + return in; + } + } +} diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/provider/SeedGenerator.java --- a/jdk/src/java.base/share/classes/sun/security/provider/SeedGenerator.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/security/provider/SeedGenerator.java Sat Jan 24 23:23:25 2015 -0800 @@ -504,9 +504,10 @@ @Override public InputStream run() throws IOException { /* - * return a FileInputStream for file URLs and - * avoid buffering. The openStream() call wraps - * InputStream in a BufferedInputStream which + * return a shared InputStream for file URLs and + * avoid buffering. + * The URL.openStream() call wraps InputStream in a + * BufferedInputStream which * can buffer up to 8K bytes. This read is a * performance issue for entropy sources which * can be slow to replenish. @@ -514,7 +515,8 @@ if (device.getProtocol().equalsIgnoreCase("file")) { File deviceFile = SunEntries.getDeviceFile(device); - return new FileInputStream(deviceFile); + return FileInputStreamPool + .getInputStream(deviceFile); } else { return device.openStream(); } diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java Sat Jan 24 23:23:25 2015 -0800 @@ -345,6 +345,13 @@ break; case HandshakeMessage.ht_finished: + // A ChangeCipherSpec record must have been received prior to + // reception of the Finished message (RFC 5246, 7.4.9). + if (!receivedChangeCipherSpec()) { + fatalSE(Alerts.alert_handshake_failure, + "Received Finished message before ChangeCipherSpec"); + } + this.serverFinished( new Finished(protocolVersion, input, cipherSuite)); break; diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -243,6 +243,7 @@ protocolVersion = ProtocolVersion.valueOf(s.getInt8(), s.getInt8()); clnt_random = new RandomCookie(s); sessionId = new SessionId(s.getBytes8()); + sessionId.checkLength(protocolVersion); cipherSuites = new CipherSuiteList(s); compression_methods = s.getBytes8(); if (messageLength() != messageLength) { @@ -355,6 +356,7 @@ input.getInt8()); svr_random = new RandomCookie(input); sessionId = new SessionId(input.getBytes8()); + sessionId.checkLength(protocolVersion); cipherSuite = CipherSuite.valueOf(input.getInt8(), input.getInt8()); compression_method = (byte)input.getInt8(); if (messageLength() != messageLength) { diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Sat Jan 24 23:23:25 2015 -0800 @@ -95,8 +95,6 @@ Collection peerSupportedSignAlgs; /* - - /* * List of active protocols * * Active protocols is a subset of enabled protocols, and will @@ -114,10 +112,8 @@ private CipherSuiteList activeCipherSuites; // The server name indication and matchers - List serverNames = - Collections.emptyList(); - Collection sniMatchers = - Collections.emptyList(); + List serverNames = Collections.emptyList(); + Collection sniMatchers = Collections.emptyList(); private boolean isClient; private boolean needCertVerify; @@ -139,12 +135,16 @@ // current key exchange. Never null, initially K_NULL KeyExchange keyExchange; - /* True if this session is being resumed (fast handshake) */ + // True if this session is being resumed (fast handshake) boolean resumingSession; - /* True if it's OK to start a new SSL session */ + // True if it's OK to start a new SSL session boolean enableNewSession; + // True if session keys have been calculated and the caller may receive + // and process a ChangeCipherSpec message + private boolean sessKeysCalculated; + // Whether local cipher suites preference should be honored during // handshaking? // @@ -253,6 +253,7 @@ this.serverVerifyData = serverVerifyData; enableNewSession = true; invalidated = false; + sessKeysCalculated = false; setCipherSuite(CipherSuite.C_NULL); setEnabledProtocols(enabledProtocols); @@ -359,6 +360,14 @@ } } + final boolean receivedChangeCipherSpec() { + if (conn != null) { + return conn.receivedChangeCipherSpec(); + } else { + return engine.receivedChangeCipherSpec(); + } + } + String getEndpointIdentificationAlgorithmSE() { SSLParameters paras; if (conn != null) { @@ -491,7 +500,9 @@ if (activeProtocols.collection().isEmpty() || activeProtocols.max.v == ProtocolVersion.NONE.v) { - throw new SSLHandshakeException("No appropriate protocol"); + throw new SSLHandshakeException( + "No appropriate protocol (protocol is disabled or " + + "cipher suites are inappropriate)"); } if (activeCipherSuites == null) { @@ -676,6 +687,17 @@ continue; } + if (!algorithmConstraints.permits( + EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), + protocol.name, null)) { + if (debug != null && Debug.isOn("verbose")) { + System.out.println( + "Ignoring disabled protocol: " + protocol); + } + + continue; + } + boolean found = false; for (CipherSuite suite : enabledCipherSuites.collection()) { if (suite.isAvailable() && suite.obsoleted > protocol.v && @@ -1081,7 +1103,6 @@ calculateConnectionKeys(master); } - /* * Calculate the master secret from its various components. This is * used for key exchange by all cipher suites. @@ -1226,6 +1247,10 @@ throw new ProviderException(e); } + // Mark a flag that allows outside entities (like SSLSocket/SSLEngine) + // determine if a ChangeCipherSpec message could be processed. + sessKeysCalculated = true; + // // Dump the connection keys as they're generated. // @@ -1280,6 +1305,15 @@ } } + /** + * Return whether or not the Handshaker has derived session keys for + * this handshake. This is used for determining readiness to process + * an incoming ChangeCipherSpec message. + */ + boolean sessionKeysCalculated() { + return sessKeysCalculated; + } + private static void printHex(HexDumpEncoder dump, byte[] bytes) { if (bytes == null) { System.out.println("(key bytes not available)"); diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java Sat Jan 24 23:23:25 2015 -0800 @@ -25,6 +25,9 @@ package sun.security.ssl; +import java.util.*; +import java.security.CryptoPrimitive; + /** * Type safe enum for an SSL/TLS protocol version. Instances are obtained * using the static factory methods or by referencing the static members @@ -86,6 +89,11 @@ // Default version for hello messages (SSLv2Hello) final static ProtocolVersion DEFAULT_HELLO = FIPS ? TLS10 : SSL30; + // Available protocols + // + // Including all supported protocols except the disabled ones. + final static Set availableProtocols; + // version in 16 bit MSB format as it appears in records and // messages, i.e. 0x0301 for TLS 1.0 public final int v; @@ -96,6 +104,25 @@ // name used in JSSE (e.g. TLSv1 for TLS 1.0) final String name; + // Initialize the available protocols. + static { + Set protocols = new HashSet<>(5); + + ProtocolVersion[] pvs = new ProtocolVersion[] { + SSL20Hello, SSL30, TLS10, TLS11, TLS12}; + EnumSet cryptoPrimitives = + EnumSet.of(CryptoPrimitive.KEY_AGREEMENT); + for (ProtocolVersion p : pvs) { + if (SSLAlgorithmConstraints.DEFAULT_SSL_ONLY.permits( + cryptoPrimitives, p.name, null)) { + protocols.add(p); + } + } + + availableProtocols = + Collections.unmodifiableSet(protocols); + } + // private private ProtocolVersion(int v, String name) { this.v = v; diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -55,6 +55,14 @@ private boolean enabledX509DisabledAlgConstraints = true; + // the default algorithm constraints + final static AlgorithmConstraints DEFAULT = + new SSLAlgorithmConstraints(null); + + // the default SSL only algorithm constraints + final static AlgorithmConstraints DEFAULT_SSL_ONLY = + new SSLAlgorithmConstraints((SSLSocket)null, false); + SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) { userAlgConstraints = algorithmConstraints; } diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -52,10 +52,6 @@ private X509TrustManager trustManager; private SecureRandom secureRandom; - // The default algrithm constraints - private AlgorithmConstraints defaultAlgorithmConstraints = - new SSLAlgorithmConstraints(null); - // supported and default protocols private ProtocolList defaultServerProtocolList; private ProtocolList defaultClientProtocolList; @@ -350,7 +346,7 @@ if (suite.isAvailable() && suite.obsoleted > protocols.min.v && suite.supported <= protocols.max.v) { - if (defaultAlgorithmConstraints.permits( + if (SSLAlgorithmConstraints.DEFAULT.permits( EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), suite.name, null)) { suites.add(suite); @@ -431,11 +427,16 @@ */ private abstract static class AbstractSSLContext extends SSLContextImpl { // parameters - private final static SSLParameters defaultServerSSLParams; - private final static SSLParameters supportedSSLParams; + private static final SSLParameters defaultServerSSLParams; + private static final SSLParameters supportedSSLParams; static { + // supported SSL parameters supportedSSLParams = new SSLParameters(); + + // candidates for available protocols + ProtocolVersion[] candidates; + if (SunJSSE.isFIPS()) { supportedSSLParams.setProtocols(new String[] { ProtocolVersion.TLS10.name, @@ -443,7 +444,11 @@ ProtocolVersion.TLS12.name }); - defaultServerSSLParams = supportedSSLParams; + candidates = new ProtocolVersion[] { + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; } else { supportedSSLParams.setProtocols(new String[] { ProtocolVersion.SSL20Hello.name, @@ -453,8 +458,18 @@ ProtocolVersion.TLS12.name }); - defaultServerSSLParams = supportedSSLParams; + candidates = new ProtocolVersion[] { + ProtocolVersion.SSL20Hello, + ProtocolVersion.SSL30, + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; } + + defaultServerSSLParams = new SSLParameters(); + defaultServerSSLParams.setProtocols( + getAvailableProtocols(candidates)); } @Override @@ -466,6 +481,22 @@ SSLParameters getSupportedSSLParams() { return supportedSSLParams; } + + static String[] getAvailableProtocols( + ProtocolVersion[] protocolCandidates) { + + List availableProtocols = Collections.emptyList(); + if (protocolCandidates != null && protocolCandidates.length != 0) { + availableProtocols = new ArrayList<>(protocolCandidates.length); + for (ProtocolVersion p : protocolCandidates) { + if (ProtocolVersion.availableProtocols.contains(p)) { + availableProtocols.add(p.name); + } + } + } + + return availableProtocols.toArray(new String[0]); + } } /* @@ -474,21 +505,25 @@ * @see SSLContext */ public static final class TLS10Context extends AbstractSSLContext { - private final static SSLParameters defaultClientSSLParams; + private static final SSLParameters defaultClientSSLParams; static { - defaultClientSSLParams = new SSLParameters(); + // candidates for available protocols + ProtocolVersion[] candidates; if (SunJSSE.isFIPS()) { - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name - }); + candidates = new ProtocolVersion[] { + ProtocolVersion.TLS10 + }; + } else { + candidates = new ProtocolVersion[] { + ProtocolVersion.SSL30, + ProtocolVersion.TLS10 + }; + } - } else { - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name - }); - } + defaultClientSSLParams = new SSLParameters(); + defaultClientSSLParams.setProtocols( + getAvailableProtocols(candidates)); } @Override @@ -503,23 +538,27 @@ * @see SSLContext */ public static final class TLS11Context extends AbstractSSLContext { - private final static SSLParameters defaultClientSSLParams; + private static final SSLParameters defaultClientSSLParams; static { - defaultClientSSLParams = new SSLParameters(); + // candidates for available protocols + ProtocolVersion[] candidates; if (SunJSSE.isFIPS()) { - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name - }); + candidates = new ProtocolVersion[] { + ProtocolVersion.TLS10, + ProtocolVersion.TLS11 + }; + } else { + candidates = new ProtocolVersion[] { + ProtocolVersion.SSL30, + ProtocolVersion.TLS10, + ProtocolVersion.TLS11 + }; + } - } else { - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name - }); - } + defaultClientSSLParams = new SSLParameters(); + defaultClientSSLParams.setProtocols( + getAvailableProtocols(candidates)); } @Override @@ -534,25 +573,29 @@ * @see SSLContext */ public static final class TLS12Context extends AbstractSSLContext { - private final static SSLParameters defaultClientSSLParams; + private static final SSLParameters defaultClientSSLParams; static { - defaultClientSSLParams = new SSLParameters(); + // candidates for available protocols + ProtocolVersion[] candidates; if (SunJSSE.isFIPS()) { - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); + candidates = new ProtocolVersion[] { + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; + } else { + candidates = new ProtocolVersion[] { + ProtocolVersion.SSL30, + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; + } - } else { - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - } + defaultClientSSLParams = new SSLParameters(); + defaultClientSSLParams.setProtocols( + getAvailableProtocols(candidates)); } @Override @@ -567,8 +610,8 @@ * @see SSLContext */ private static class CustomizedSSLContext extends AbstractSSLContext { - private final static String PROPERTY_NAME = "jdk.tls.client.protocols"; - private final static SSLParameters defaultClientSSLParams; + private static final String PROPERTY_NAME = "jdk.tls.client.protocols"; + private static final SSLParameters defaultClientSSLParams; private static IllegalArgumentException reservedException = null; // Don't want a java.lang.LinkageError for illegal system property. @@ -578,60 +621,74 @@ // the provider service. Instead, let's handle the initialization // exception in constructor. static { + // candidates for available protocols + ProtocolVersion[] candidates; + String property = AccessController.doPrivileged( new GetPropertyAction(PROPERTY_NAME)); - defaultClientSSLParams = new SSLParameters(); if (property == null || property.length() == 0) { // the default enabled client TLS protocols if (SunJSSE.isFIPS()) { - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); - + candidates = new ProtocolVersion[] { + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; } else { - defaultClientSSLParams.setProtocols(new String[] { - ProtocolVersion.SSL30.name, - ProtocolVersion.TLS10.name, - ProtocolVersion.TLS11.name, - ProtocolVersion.TLS12.name - }); + candidates = new ProtocolVersion[] { + ProtocolVersion.SSL30, + ProtocolVersion.TLS10, + ProtocolVersion.TLS11, + ProtocolVersion.TLS12 + }; } } else { // remove double quote marks from beginning/end of the property - if (property.charAt(0) == '"' && + if (property.length() > 1 && property.charAt(0) == '"' && property.charAt(property.length() - 1) == '"') { property = property.substring(1, property.length() - 1); } - String[] protocols = property.split(","); + String[] protocols = null; + if (property != null && property.length() != 0) { + protocols = property.split(","); + } else { + reservedException = new IllegalArgumentException( + "No protocol specified in " + + PROPERTY_NAME + " system property"); + protocols = new String[0]; + } + + candidates = new ProtocolVersion[protocols.length]; for (int i = 0; i < protocols.length; i++) { protocols[i] = protocols[i].trim(); // Is it a supported protocol name? try { - ProtocolVersion.valueOf(protocols[i]); + candidates[i] = ProtocolVersion.valueOf(protocols[i]); } catch (IllegalArgumentException iae) { reservedException = new IllegalArgumentException( - PROPERTY_NAME + ": " + protocols[i] + - " is not a standard SSL protocol name", iae); + PROPERTY_NAME + ": " + protocols[i] + + " is not a standard SSL/TLS protocol name", iae); + break; } } if ((reservedException == null) && SunJSSE.isFIPS()) { - for (String protocol : protocols) { - if (ProtocolVersion.SSL20Hello.name.equals(protocol) || - ProtocolVersion.SSL30.name.equals(protocol)) { + for (ProtocolVersion protocolVersion : candidates) { + if (ProtocolVersion.SSL20Hello.v == protocolVersion.v || + ProtocolVersion.SSL30.v == protocolVersion.v) { reservedException = new IllegalArgumentException( - PROPERTY_NAME + ": " + protocol + + PROPERTY_NAME + ": " + protocolVersion + " is not FIPS compliant"); } } } + } - if (reservedException == null) { - defaultClientSSLParams.setProtocols(protocols); - } + defaultClientSSLParams = new SSLParameters(); + if (reservedException == null) { + defaultClientSSLParams.setProtocols( + getAvailableProtocols(candidates)); } } diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -212,6 +212,11 @@ static final byte clauth_required = 2; /* + * Flag indicating that the engine has received a ChangeCipherSpec message. + */ + private boolean receivedCCS; + + /* * Flag indicating if the next record we receive MUST be a Finished * message. Temporarily set during the handshake to ensure that * a change cipher spec message is followed by a finished message. @@ -372,6 +377,7 @@ */ roleIsServer = true; connectionState = cs_START; + receivedCCS = false; // default server name indication serverNames = @@ -1021,6 +1027,7 @@ if (handshaker.invalidated) { handshaker = null; + receivedCCS = false; // if state is cs_RENEGOTIATE, revert it to cs_DATA if (connectionState == cs_RENEGOTIATE) { connectionState = cs_DATA; @@ -1039,6 +1046,7 @@ } handshaker = null; connectionState = cs_DATA; + receivedCCS = false; // No handshakeListeners here. That's a // SSLSocket thing. @@ -1078,13 +1086,25 @@ case Record.ct_change_cipher_spec: if ((connectionState != cs_HANDSHAKE && connectionState != cs_RENEGOTIATE) - || inputRecord.available() != 1 - || inputRecord.read() != 1) { + || !handshaker.sessionKeysCalculated() + || receivedCCS) { + // For the CCS message arriving in the wrong state fatal(Alerts.alert_unexpected_message, - "illegal change cipher spec msg, state = " - + connectionState); + "illegal change cipher spec msg, conn state = " + + connectionState + ", handshake state = " + + handshaker.state); + } else if (inputRecord.available() != 1 + || inputRecord.read() != 1) { + // For structural/content issues with the CCS + fatal(Alerts.alert_unexpected_message, + "Malformed change cipher spec msg"); } + // Once we've received CCS, update the flag. + // If the remote endpoint sends it again in this handshake + // we won't process it. + receivedCCS = true; + // // The first message after a change_cipher_spec // record MUST be a "Finished" handshake record, @@ -2121,6 +2141,14 @@ } /** + * Returns a boolean indicating whether the ChangeCipherSpec message + * has been received for this handshake. + */ + boolean receivedChangeCipherSpec() { + return receivedCCS; + } + + /** * Returns a printable representation of this end of the connection. */ @Override diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -172,6 +172,12 @@ private volatile int connectionState; /* + * Flag indicating that the engine's handshaker has done the necessary + * steps so the engine may process a ChangeCipherSpec message. + */ + private boolean receivedCCS; + + /* * Flag indicating if the next record we receive MUST be a Finished * message. Temporarily set during the handshake to ensure that * a change cipher spec message is followed by a finished message. @@ -587,6 +593,7 @@ */ roleIsServer = isServer; connectionState = cs_START; + receivedCCS = false; /* * default read and write side cipher and MAC support @@ -1045,6 +1052,7 @@ if (handshaker.invalidated) { handshaker = null; + receivedCCS = false; // if state is cs_RENEGOTIATE, revert it to cs_DATA if (connectionState == cs_RENEGOTIATE) { connectionState = cs_DATA; @@ -1060,6 +1068,7 @@ handshakeSession = null; handshaker = null; connectionState = cs_DATA; + receivedCCS = false; // // Tell folk about handshake completion, but do @@ -1107,13 +1116,24 @@ case Record.ct_change_cipher_spec: if ((connectionState != cs_HANDSHAKE && connectionState != cs_RENEGOTIATE) - || r.available() != 1 - || r.read() != 1) { + || !handshaker.sessionKeysCalculated() + || receivedCCS) { + // For the CCS message arriving in the wrong state fatal(Alerts.alert_unexpected_message, - "illegal change cipher spec msg, state = " - + connectionState); + "illegal change cipher spec msg, conn state = " + + connectionState + ", handshake state = " + + handshaker.state); + } else if (r.available() != 1 || r.read() != 1) { + // For structural/content issues with the CCS + fatal(Alerts.alert_unexpected_message, + "Malformed change cipher spec msg"); } + // Once we've received CCS, update the flag. + // If the remote endpoint sends it again in this handshake + // we won't process it. + receivedCCS = true; + // // The first message after a change_cipher_spec // record MUST be a "Finished" handshake record, @@ -2590,6 +2610,14 @@ } /** + * Returns a boolean indicating whether the ChangeCipherSpec message + * has been received for this handshake. + */ + boolean receivedChangeCipherSpec() { + return receivedCCS; + } + + /** * Returns a printable representation of this end of the connection. */ @Override diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java Sat Jan 24 23:23:25 2015 -0800 @@ -287,6 +287,13 @@ break; case HandshakeMessage.ht_finished: + // A ChangeCipherSpec record must have been received prior to + // reception of the Finished message (RFC 5246, 7.4.9). + if (!receivedChangeCipherSpec()) { + fatalSE(Alerts.alert_handshake_failure, + "Received Finished message before ChangeCipherSpec"); + } + this.clientFinished( new Finished(protocolVersion, input, cipherSuite)); break; diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/ssl/SessionId.java --- a/jdk/src/java.base/share/classes/sun/security/ssl/SessionId.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/security/ssl/SessionId.java Sat Jan 24 23:23:25 2015 -0800 @@ -27,6 +27,7 @@ package sun.security.ssl; import java.security.SecureRandom; +import javax.net.ssl.SSLProtocolException; /** * Encapsulates an SSL session ID. SSL Session IDs are not reused by @@ -41,6 +42,7 @@ final class SessionId { + static int MAX_LENGTH = 32; private byte sessionId []; // max 32 bytes /** Constructs a new session ID ... perhaps for a rejoinable session */ @@ -114,4 +116,19 @@ } return true; } + + /** + * Checks the length of the session ID to make sure it sits within + * the range called out in the specification + */ + void checkLength(ProtocolVersion pv) throws SSLProtocolException { + // As of today all versions of TLS have a 32-byte maximum length. + // In the future we can do more here to support protocol versions + // that may have longer max lengths. + if (sessionId.length > MAX_LENGTH) { + throw new SSLProtocolException("Invalid session ID length (" + + sessionId.length + " bytes)"); + } + } + } diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java --- a/jdk/src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/security/util/DerIndefLenConverter.java Sat Jan 24 23:23:25 2015 -0800 @@ -156,12 +156,18 @@ } if (isLongForm(lenByte)) { lenByte &= LEN_MASK; - if (lenByte > 4) + if (lenByte > 4) { throw new IOException("Too much data"); - if ((dataSize - dataPos) < (lenByte + 1)) + } + if ((dataSize - dataPos) < (lenByte + 1)) { throw new IOException("Too little data"); - for (int i = 0; i < lenByte; i++) + } + for (int i = 0; i < lenByte; i++) { curLen = (curLen << 8) + (data[dataPos++] & 0xff); + } + if (curLen < 0) { + throw new IOException("Invalid length bytes"); + } } else { curLen = (lenByte & LEN_MASK); } @@ -188,10 +194,15 @@ } if (isLongForm(lenByte)) { lenByte &= LEN_MASK; - for (int i = 0; i < lenByte; i++) + for (int i = 0; i < lenByte; i++) { curLen = (curLen << 8) + (data[dataPos++] & 0xff); - } else + } + if (curLen < 0) { + throw new IOException("Invalid length bytes"); + } + } else { curLen = (lenByte & LEN_MASK); + } writeLength(curLen); writeValue(curLen); } diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/classes/sun/security/util/DerInputStream.java --- a/jdk/src/java.base/share/classes/sun/security/util/DerInputStream.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/classes/sun/security/util/DerInputStream.java Sat Jan 24 23:23:25 2015 -0800 @@ -577,6 +577,10 @@ value <<= 8; value += 0x0ff & in.read(); } + if (value < 0) { + throw new IOException("DerInputStream.getLength(): " + + "Invalid length bytes"); + } } return value; } diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/share/conf/security/java.security --- a/jdk/src/java.base/share/conf/security/java.security Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/share/conf/security/java.security Sat Jan 24 23:23:25 2015 -0800 @@ -512,8 +512,12 @@ # # In some environments, certain algorithms or key lengths may be undesirable # when using SSL/TLS. This section describes the mechanism for disabling -# algorithms during SSL/TLS security parameters negotiation, including cipher -# suites selection, peer authentication and key exchange mechanisms. +# algorithms during SSL/TLS security parameters negotiation, including +# protocol version negotiation, cipher suites selection, peer authentication +# and key exchange mechanisms. +# +# Disabled algorithms will not be negotiated for SSL/TLS connections, even +# if they are enabled explicitly in an application. # # For PKI-based peer authentication and key exchange mechanisms, this list # of disabled algorithms will also be checked during certification path @@ -528,4 +532,5 @@ # It is not guaranteed to be examined and used by other implementations. # # Example: -# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048 +# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 +jdk.tls.disabledAlgorithms=SSLv3 diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/unix/classes/java/lang/ClassLoaderHelper.java --- a/jdk/src/java.base/unix/classes/java/lang/ClassLoaderHelper.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/unix/classes/java/lang/ClassLoaderHelper.java Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015 Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,6 +31,11 @@ private ClassLoaderHelper() {} /** + * Indicates, whether PATH env variable is allowed to contain quoted entries. + */ + static final boolean allowsQuotedPathElements = false; + + /** * Returns an alternate path name for the given file * such that if the original pathname did not exist, then the * file may be located at the alternate location. diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/unix/classes/sun/security/provider/NativePRNG.java --- a/jdk/src/java.base/unix/classes/sun/security/provider/NativePRNG.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/unix/classes/sun/security/provider/NativePRNG.java Sat Jan 24 23:23:25 2015 -0800 @@ -371,8 +371,8 @@ // constructor, called only once from initIO() private RandomIO(File seedFile, File nextFile) throws IOException { this.seedFile = seedFile; - seedIn = new FileInputStream(seedFile); - nextIn = new FileInputStream(nextFile); + seedIn = FileInputStreamPool.getInputStream(seedFile); + nextIn = FileInputStreamPool.getInputStream(nextFile); nextBuffer = new byte[BUFFER_SIZE]; } diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/unix/native/libnet/NetworkInterface.c --- a/jdk/src/java.base/unix/native/libnet/NetworkInterface.c Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/unix/native/libnet/NetworkInterface.c Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -274,7 +274,6 @@ if (index <= 0) { return NULL; } - ifs = enumInterfaces(env); if (ifs == NULL) { return NULL; @@ -551,9 +550,14 @@ jboolean isCopy; int ret = -1; int sock; - const char* name_utf; + const char* name_utf = NULL; - name_utf = (*env)->GetStringUTFChars(env, name, &isCopy); + if (name != NULL) { + name_utf = (*env)->GetStringUTFChars(env, name, &isCopy); + } else { + JNU_ThrowNullPointerException(env, "network interface name is NULL"); + return ret; + } if (name_utf == NULL) { if (!(*env)->ExceptionCheck(env)) JNU_ThrowOutOfMemoryError(env, NULL); @@ -581,7 +585,13 @@ const char* name_utf; int flags = 0; - name_utf = (*env)->GetStringUTFChars(env, name, &isCopy); + if (name != NULL) { + name_utf = (*env)->GetStringUTFChars(env, name, &isCopy); + } else { + JNU_ThrowNullPointerException(env, "network interface name is NULL"); + return -1; + } + if (name_utf == NULL) { if (!(*env)->ExceptionCheck(env)) JNU_ThrowOutOfMemoryError(env, NULL); @@ -1063,6 +1073,7 @@ */ #ifdef AF_INET6 +// unused arg ifname and struct if2 static int openSocketWithFallback(JNIEnv *env, const char *ifname){ int sock; struct ifreq if2; @@ -1453,9 +1464,14 @@ static int getMTU(JNIEnv *env, int sock, const char *ifname) { struct ifreq if2; + memset((char *) &if2, 0, sizeof(if2)); - memset((char *) &if2, 0, sizeof(if2)); - strcpy(if2.ifr_name, ifname); + if (ifname != NULL) { + strcpy(if2.ifr_name, ifname); + } else { + JNU_ThrowNullPointerException(env, "network interface name is NULL"); + return -1; + } if (ioctl(sock, SIOCGIFMTU, (char *)&if2) < 0) { NET_ThrowByNameWithLastError(env, JNU_JAVANETPKG "SocketException", "IOCTL SIOCGIFMTU failed"); diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/unix/native/libnet/PlainDatagramSocketImpl.c --- a/jdk/src/java.base/unix/native/libnet/PlainDatagramSocketImpl.c Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/unix/native/libnet/PlainDatagramSocketImpl.c Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -62,7 +62,6 @@ #include "jvm.h" #include "jni_util.h" #include "net_util.h" - #include "java_net_SocketOptions.h" #include "java_net_PlainDatagramSocketImpl.h" #include "java_net_NetworkInterface.h" @@ -83,6 +82,7 @@ extern void setDefaultScopeID(JNIEnv *env, struct sockaddr *him); extern int getDefaultScopeID(JNIEnv *env); + /* * Returns a java.lang.Integer based on 'i' */ @@ -1447,10 +1447,12 @@ static jmethodID ni_ctrID; static jfieldID ni_indexID; static jfieldID ni_addrsID; + static jfieldID ni_nameID; jobjectArray addrArray; jobject addr; jobject ni; + jobject ni_name; struct in_addr in; struct in_addr *inP = ∈ @@ -1500,6 +1502,8 @@ ni_addrsID = (*env)->GetFieldID(env, c, "addrs", "[Ljava/net/InetAddress;"); CHECK_NULL_RETURN(ni_addrsID, NULL); + ni_nameID = (*env)->GetFieldID(env, c,"name", "Ljava/lang/String;"); + CHECK_NULL_RETURN(ni_nameID, NULL); ni_class = (*env)->NewGlobalRef(env, c); CHECK_NULL_RETURN(ni_class, NULL); } @@ -1521,6 +1525,10 @@ CHECK_NULL_RETURN(addrArray, NULL); (*env)->SetObjectArrayElement(env, addrArray, 0, addr); (*env)->SetObjectField(env, ni, ni_addrsID, addrArray); + ni_name = (*env)->NewStringUTF(env, ""); + if (ni_name != NULL) { + (*env)->SetObjectField(env, ni, ni_nameID, ni_name); + } return ni; } @@ -1537,14 +1545,16 @@ static jfieldID ni_indexID; static jfieldID ni_addrsID; static jclass ia_class; + static jfieldID ni_nameID; static jmethodID ia_anyLocalAddressID; - int index; + int index = 0; socklen_t len = sizeof(index); jobjectArray addrArray; jobject addr; jobject ni; + jobject ni_name; if (getsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_IF, (char*)&index, &len) < 0) { @@ -1573,6 +1583,8 @@ "anyLocalAddress", "()Ljava/net/InetAddress;"); CHECK_NULL_RETURN(ia_anyLocalAddressID, NULL); + ni_nameID = (*env)->GetFieldID(env, c,"name", "Ljava/lang/String;"); + CHECK_NULL_RETURN(ni_nameID, NULL); ni_class = (*env)->NewGlobalRef(env, c); CHECK_NULL_RETURN(ni_class, NULL); } @@ -1633,6 +1645,10 @@ CHECK_NULL_RETURN(addrArray, NULL); (*env)->SetObjectArrayElement(env, addrArray, 0, addr); (*env)->SetObjectField(env, ni, ni_addrsID, addrArray); + ni_name = (*env)->NewStringUTF(env, ""); + if (ni_name != NULL) { + (*env)->SetObjectField(env, ni, ni_nameID, ni_name); + } return ni; } #endif diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/windows/classes/java/lang/ClassLoaderHelper.java --- a/jdk/src/java.base/windows/classes/java/lang/ClassLoaderHelper.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/windows/classes/java/lang/ClassLoaderHelper.java Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015 Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,6 +31,11 @@ private ClassLoaderHelper() {} /** + * Indicates, whether PATH env variable is allowed to contain quoted entries. + */ + static final boolean allowsQuotedPathElements = true; + + /** * Returns an alternate path name for the given file * such that if the original pathname did not exist, then the * file may be located at the alternate location. diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.base/windows/native/libjava/ProcessImpl_md.c --- a/jdk/src/java.base/windows/native/libjava/ProcessImpl_md.c Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.base/windows/native/libjava/ProcessImpl_md.c Sat Jan 24 23:23:25 2015 -0800 @@ -283,14 +283,10 @@ FALSE, FALSE, FALSE, FALSE, FALSE, FALSE}; - { - /* Extraction of current process standard IOE handles */ - DWORD idsIOE[3] = {STD_INPUT_HANDLE, STD_OUTPUT_HANDLE, STD_ERROR_HANDLE}; - int i; - for (i = 0; i < 3; ++i) - /* Should not be closed by CloseHandle! */ - stdIOE[i] = GetStdHandle(idsIOE[i]); - } + /* These three should not be closed by CloseHandle! */ + stdIOE[0] = GetStdHandle(STD_INPUT_HANDLE); + stdIOE[1] = GetStdHandle(STD_OUTPUT_HANDLE); + stdIOE[2] = GetStdHandle(STD_ERROR_HANDLE); prepareIOEHandleState(stdIOE, inherit); { @@ -319,11 +315,16 @@ if (success) { PROCESS_INFORMATION pi; - DWORD processFlag = CREATE_UNICODE_ENVIRONMENT; + DWORD processFlag = CREATE_NO_WINDOW | CREATE_UNICODE_ENVIRONMENT; - /* Suppress popping-up of a console window for non-console applications */ - if (GetConsoleWindow() == NULL) - processFlag |= CREATE_NO_WINDOW; + /* If the standard I/O is inherited, CREATE_NO_WINDOW must not be used. */ + if (GetConsoleWindow() != NULL && + (si.hStdInput == stdIOE[0] || + si.hStdOutput == stdIOE[1] || + si.hStdError == (redirectErrorStream ? stdIOE[1] : stdIOE[2]))) + { + processFlag &= ~CREATE_NO_WINDOW; + } si.dwFlags = STARTF_USESTDHANDLES; if (!CreateProcessW( diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.desktop/share/classes/com/sun/java/swing/plaf/windows/WindowsButtonUI.java --- a/jdk/src/java.desktop/share/classes/com/sun/java/swing/plaf/windows/WindowsButtonUI.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.desktop/share/classes/com/sun/java/swing/plaf/windows/WindowsButtonUI.java Sat Jan 24 23:23:25 2015 -0800 @@ -248,7 +248,8 @@ Part part = getXPButtonType(b); - if (b.isContentAreaFilled() && xp != null) { + if (b.isContentAreaFilled() && b.getBorder() != null + && b.isBorderPainted() && xp != null) { Skin skin = xp.getSkin(b, part); diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.desktop/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java --- a/jdk/src/java.desktop/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.desktop/share/classes/com/sun/java/swing/plaf/windows/WindowsFileChooserUI.java Sat Jan 24 23:23:25 2015 -0800 @@ -1081,16 +1081,9 @@ directories.clear(); - File[] baseFolders; - if (useShellFolder) { - baseFolders = AccessController.doPrivileged(new PrivilegedAction() { - public File[] run() { - return (File[]) ShellFolder.get("fileChooserComboBoxFolders"); - } - }); - } else { - baseFolders = fsv.getRoots(); - } + File[] baseFolders = (useShellFolder) + ? (File[]) ShellFolder.get("fileChooserComboBoxFolders") + : fsv.getRoots(); directories.addAll(Arrays.asList(baseFolders)); // Get the canonical (full) path. This has the side diff -r efce8f50cea4 -r 6d99e9b8dbe5 jdk/src/java.desktop/share/classes/java/beans/package.html --- a/jdk/src/java.desktop/share/classes/java/beans/package.html Fri Jan 23 18:50:48 2015 -0800 +++ b/jdk/src/java.desktop/share/classes/java/beans/package.html Sat Jan 24 23:23:25 2015 -0800 @@ -1,5 +1,5 @@