# HG changeset patch
# User lana
# Date 1319849342 25200
# Node ID 7e570cc378fb4f4ebf2c083845469f62bae60d73
# Parent c049b778ca6110ca04e05d47df22063c6d189f33# Parent b98de7e93a2b2e61a312fa5c84c757bfe03fdd0f
Merge
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/com/sun/security/auth/module/Makefile
--- a/jdk/make/com/sun/security/auth/module/Makefile Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/com/sun/security/auth/module/Makefile Fri Oct 28 17:49:02 2011 -0700
@@ -78,7 +78,3 @@
#
include $(BUILDDIR)/common/Library.gmk
-#
-# JVMDI implementation lives in the VM.
-#
-OTHER_LDLIBS = $(JVMLIB)
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/common/Defs.gmk
--- a/jdk/make/common/Defs.gmk Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/common/Defs.gmk Fri Oct 28 17:49:02 2011 -0700
@@ -220,14 +220,30 @@
JRE_NONEXIST_LOCALES = en en_US de_DE es_ES fr_FR it_IT ja_JP ko_KR sv_SE zh
#
-# All libraries except libjava and libjvm itself link against libjvm and
-# libjava, the latter for its exported common utilities. libjava only links
-# against libjvm. Programs' makefiles take their own responsibility for
+# For now, most libraries except libjava and libjvm itself link against libjvm
+# and libjava, the latter for its exported common utilities. libjava only
+# links against libjvm. Programs' makefiles take their own responsibility for
# adding other libs.
#
+# The makefiles for these packages do not link against libjvm and libjava.
+# This list will eventually go away and each Programs' makefiles
+# will have to explicitly declare that they want to link to libjava/libjvm
+#
+NO_JAVALIB_PKGS = \
+ sun.security.mscapi \
+ sun.security.krb5 \
+ sun.security.pkcs11 \
+ sun.security.jgss \
+ sun.security.jgss.wrapper \
+ sun.security.ec \
+ sun.security.smartcardio \
+ com.sun.security.auth.module
+
ifdef PACKAGE
# put JAVALIB first, but do not lose any platform specific values....
- LDLIBS_COMMON = $(JAVALIB)
+ ifeq (,$(findstring $(PACKAGE),$(NO_JAVALIB_PKGS)))
+ LDLIBS_COMMON = $(JAVALIB)
+ endif
endif # PACKAGE
#
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/common/Library.gmk
--- a/jdk/make/common/Library.gmk Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/common/Library.gmk Fri Oct 28 17:49:02 2011 -0700
@@ -165,7 +165,7 @@
$(LINK) -dll -out:$(OBJDIR)/$(@F) \
-map:$(OBJDIR)/$(LIBRARY).map \
$(LFLAGS) @$(OBJDIR)/$(LIBRARY).lcf \
- $(OTHER_LCF) $(JAVALIB) $(LDLIBS)
+ $(OTHER_LCF) $(LDLIBS)
$(CP) $(OBJDIR)/$(@F) $@
@$(call binary_file_verification,$@)
$(CP) $(OBJDIR)/$(LIBRARY).map $(@D)
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/java/java/mapfile-vers
--- a/jdk/make/java/java/mapfile-vers Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/java/java/mapfile-vers Fri Oct 28 17:49:02 2011 -0700
@@ -90,7 +90,6 @@
Java_java_io_FileSystem_getFileSystem;
Java_java_io_ObjectInputStream_bytesToDoubles;
Java_java_io_ObjectInputStream_bytesToFloats;
- Java_java_io_ObjectInputStream_latestUserDefinedLoader;
Java_java_io_ObjectOutputStream_doublesToBytes;
Java_java_io_ObjectOutputStream_floatsToBytes;
Java_java_io_ObjectStreamClass_hasStaticInitializer;
@@ -275,6 +274,7 @@
Java_sun_misc_Version_getJvmVersionInfo;
Java_sun_misc_Version_getJvmSpecialVersion;
Java_sun_misc_VM_getThreadStateValues;
+ Java_sun_misc_VM_latestUserDefinedLoader;
Java_sun_misc_VM_initialize;
Java_sun_misc_VMSupport_initAgentProperties;
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/javazic/tzdata/VERSION
--- a/jdk/make/sun/javazic/tzdata/VERSION Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/javazic/tzdata/VERSION Fri Oct 28 17:49:02 2011 -0700
@@ -21,4 +21,4 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
-tzdata2011j
+tzdata2011l
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/javazic/tzdata/asia
--- a/jdk/make/sun/javazic/tzdata/asia Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/javazic/tzdata/asia Fri Oct 28 17:49:02 2011 -0700
@@ -2216,7 +2216,47 @@
# http://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html
#
+# From Steffen Thorsen (2011-08-26):
+# Gaza and the West Bank did go back to standard time in the beginning of
+# August, and will now enter daylight saving time again on 2011-08-30
+# 00:00 (so two periods of DST in 2011). The pause was because of
+# Ramadan.
+#
+#
+# http://www.maannews.net/eng/ViewDetails.aspx?ID=416217
+#
+# Additional info:
+#
+# http://www.timeanddate.com/news/time/palestine-dst-2011.html
+#
+
+# From Alexander Krivenyshev (2011-08-27):
+# According to the article in The Jerusalem Post:
+# "...Earlier this month, the Palestinian government in the West Bank decided to
+# move to standard time for 30 days, during Ramadan. The Palestinians in the
+# Gaza Strip accepted the change and also moved their clocks one hour back.
+# The Hamas government said on Saturday that it won't observe summertime after
+# the Muslim feast of Id al-Fitr, which begins on Tuesday..."
+# ...
+#
+# http://www.jpost.com/MiddleEast/Article.aspx?id=235650
+#
+# or
+#
+# http://www.worldtimezone.com/dst_news/dst_news_gazastrip05.html
+#
# The rules for Egypt are stolen from the `africa' file.
+
+# From Steffen Thorsen (2011-09-30):
+# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30
+# 00:00).
+# So West Bank and Gaza now have the same time again.
+#
+# Many sources, including:
+#
+# http://www.maannews.net/eng/ViewDetails.aspx?ID=424808
+#
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule EgyptAsia 1957 only - May 10 0:00 1:00 S
Rule EgyptAsia 1957 1958 - Oct 1 0:00 0 -
@@ -2232,19 +2272,37 @@
Rule Palestine 2006 2008 - Apr 1 0:00 1:00 S
Rule Palestine 2006 only - Sep 22 0:00 0 -
Rule Palestine 2007 only - Sep Thu>=8 2:00 0 -
-Rule Palestine 2008 only - Aug lastFri 2:00 0 -
+Rule Palestine 2008 only - Aug lastFri 0:00 0 -
Rule Palestine 2009 only - Mar lastFri 0:00 1:00 S
-Rule Palestine 2010 max - Mar lastSat 0:01 1:00 S
-Rule Palestine 2009 max - Sep Fri>=1 2:00 0 -
+Rule Palestine 2009 only - Sep Fri>=1 2:00 0 -
+Rule Palestine 2010 only - Mar lastSat 0:01 1:00 S
Rule Palestine 2010 only - Aug 11 0:00 0 -
+# From Arthur David Olson (2011-09-20):
+# 2011 transitions per http://www.timeanddate.com as of 2011-09-20.
+
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Gaza 2:17:52 - LMT 1900 Oct
2:00 Zion EET 1948 May 15
2:00 EgyptAsia EE%sT 1967 Jun 5
2:00 Zion I%sT 1996
2:00 Jordan EE%sT 1999
- 2:00 Palestine EE%sT
+ 2:00 Palestine EE%sT 2011 Apr 2 12:01
+ 2:00 1:00 EEST 2011 Aug 1
+ 2:00 - EET
+
+Zone Asia/Hebron 2:20:23 - LMT 1900 Oct
+ 2:00 Zion EET 1948 May 15
+ 2:00 EgyptAsia EE%sT 1967 Jun 5
+ 2:00 Zion I%sT 1996
+ 2:00 Jordan EE%sT 1999
+ 2:00 Palestine EE%sT 2008 Aug
+ 2:00 1:00 EEST 2008 Sep
+ 2:00 Palestine EE%sT 2011 Apr 1 12:01
+ 2:00 1:00 EEST 2011 Aug 1
+ 2:00 - EET 2011 Aug 30
+ 2:00 1:00 EEST 2011 Sep 30 3:00
+ 2:00 - EET
# Paracel Is
# no information
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/javazic/tzdata/australasia
--- a/jdk/make/sun/javazic/tzdata/australasia Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/javazic/tzdata/australasia Fri Oct 28 17:49:02 2011 -0700
@@ -318,6 +318,18 @@
# http://www.worldtimezone.com/dst_news/dst_news_fiji04.html
#
+# From Steffen Thorsen (2011-10-03):
+# Now the dates have been confirmed, and at least our start date
+# assumption was correct (end date was one week wrong).
+#
+#
+# www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155
+#
+# which says
+# Members of the public are reminded to change their time to one hour in
+# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to
+# 2am on February 26 next year.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Fiji 1998 1999 - Nov Sun>=1 2:00 1:00 S
Rule Fiji 1999 2000 - Feb lastSun 3:00 0 -
@@ -325,6 +337,8 @@
Rule Fiji 2010 only - Mar lastSun 3:00 0 -
Rule Fiji 2010 only - Oct 24 2:00 1:00 S
Rule Fiji 2011 only - Mar Sun>=1 3:00 0 -
+Rule Fiji 2011 only - Oct 23 2:00 1:00 S
+Rule Fiji 2012 only - Feb 26 3:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Fiji 11:53:40 - LMT 1915 Oct 26 # Suva
12:00 Fiji FJ%sT # Fiji Time
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/javazic/tzdata/europe
--- a/jdk/make/sun/javazic/tzdata/europe Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/javazic/tzdata/europe Fri Oct 28 17:49:02 2011 -0700
@@ -583,9 +583,9 @@
#
Rule Russia 1992 only - Mar lastSat 23:00 1:00 S
Rule Russia 1992 only - Sep lastSat 23:00 0 -
-Rule Russia 1993 max - Mar lastSun 2:00s 1:00 S
+Rule Russia 1993 2010 - Mar lastSun 2:00s 1:00 S
Rule Russia 1993 1995 - Sep lastSun 2:00s 0 -
-Rule Russia 1996 max - Oct lastSun 2:00s 0 -
+Rule Russia 1996 2010 - Oct lastSun 2:00s 0 -
# From Alexander Krivenyshev (2011-06-14):
# According to Kremlin press service, Russian President Dmitry Medvedev
@@ -605,7 +605,6 @@
# From Arthur David Olson (2011-06-15):
# Take "abolishing daylight saving time" to mean that time is now considered
# to be standard.
-# At least for now, keep the "old" Russia rules for the benefit of Belarus.
# These are for backward compatibility with older versions.
@@ -711,6 +710,23 @@
1:00 EU CE%sT
# Belarus
+# From Yauhen Kharuzhy (2011-09-16):
+# By latest Belarus government act Europe/Minsk timezone was changed to
+# GMT+3 without DST (was GMT+2 with DST).
+#
+# Sources (Russian language):
+# 1.
+#
+# http://www.belta.by/ru/all_news/society/V-Belarusi-otmenjaetsja-perexod-na-sezonnoe-vremja_i_572952.html
+#
+# 2.
+#
+# http://naviny.by/rubrics/society/2011/09/16/ic_articles_116_175144/
+#
+# 3.
+#
+# http://news.tut.by/society/250578.html
+#
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Europe/Minsk 1:50:16 - LMT 1880
1:50 - MMT 1924 May 2 # Minsk Mean Time
@@ -722,7 +738,8 @@
2:00 1:00 EEST 1991 Sep 29 2:00s
2:00 - EET 1992 Mar 29 0:00s
2:00 1:00 EEST 1992 Sep 27 0:00s
- 2:00 Russia EE%sT
+ 2:00 Russia EE%sT 2011 Mar 27 2:00s
+ 3:00 - FET # Further-eastern European Time
# Belgium
#
@@ -2056,7 +2073,7 @@
2:00 Poland CE%sT 1946
3:00 Russia MSK/MSD 1991 Mar 31 2:00s
2:00 Russia EE%sT 2011 Mar 27 2:00s
- 3:00 - KALT
+ 3:00 - FET # Further-eastern European Time
#
# From Oscar van Vlijmen (2001-08-25): [This region consists of]
# Respublika Adygeya, Arkhangel'skaya oblast',
@@ -2211,7 +2228,7 @@
# [parts of] Respublika Sakha (Yakutiya), Chitinskaya oblast'.
# From Oscar van Vlijmen (2009-11-29):
-# ...some regions of RUssia were merged with others since 2005...
+# ...some regions of [Russia] were merged with others since 2005...
# Some names were changed, no big deal, except for one instance: a new name.
# YAK/YAKST: UTC+9 Zabajkal'skij kraj.
@@ -2635,6 +2652,28 @@
# of March at 3am the time is changing to 4am and each last Sunday of
# October the time at 4am is changing to 3am"
+# From Alexander Krivenyshev (2011-09-20):
+# On September 20, 2011 the deputies of the Verkhovna Rada agreed to
+# abolish the transfer clock to winter time.
+#
+# Bill number 8330 of MP from the Party of Regions Oleg Nadoshi got
+# approval from 266 deputies.
+#
+# Ukraine abolishes transter back to the winter time (in Russian)
+#
+# http://news.mail.ru/politics/6861560/
+#
+#
+# The Ukrainians will no longer change the clock (in Russian)
+#
+# http://www.segodnya.ua/news/14290482.html
+#
+#
+# Deputies cancelled the winter time (in Russian)
+#
+# http://www.pravda.com.ua/rus/news/2011/09/20/6600616/
+#
+
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
# Most of Ukraine since 1970 has been like Kiev.
# "Kyiv" is the transliteration of the Ukrainian name, but
@@ -2648,7 +2687,8 @@
3:00 - MSK 1990 Jul 1 2:00
2:00 - EET 1992
2:00 E-Eur EE%sT 1995
- 2:00 EU EE%sT
+ 2:00 EU EE%sT 2011 Mar lastSun 1:00u
+ 3:00 - FET # Further-eastern European Time
# Ruthenia used CET 1990/1991.
# "Uzhhorod" is the transliteration of the Ukrainian name, but
# "Uzhgorod" is more common in English.
@@ -2662,7 +2702,8 @@
1:00 - CET 1991 Mar 31 3:00
2:00 - EET 1992
2:00 E-Eur EE%sT 1995
- 2:00 EU EE%sT
+ 2:00 EU EE%sT 2011 Mar lastSun 1:00u
+ 3:00 - FET # Further-eastern European Time
# Zaporozh'ye and eastern Lugansk oblasts observed DST 1990/1991.
# "Zaporizhia" is the transliteration of the Ukrainian name, but
# "Zaporozh'ye" is more common in English. Use the common English
@@ -2675,7 +2716,8 @@
1:00 C-Eur CE%sT 1943 Oct 25
3:00 Russia MSK/MSD 1991 Mar 31 2:00
2:00 E-Eur EE%sT 1995
- 2:00 EU EE%sT
+ 2:00 EU EE%sT 2011 Mar lastSun 1:00u
+ 3:00 - FET # Further-eastern European Time
# Central Crimea used Moscow time 1994/1997.
Zone Europe/Simferopol 2:16:24 - LMT 1880
2:16 - SMT 1924 May 2 # Simferopol Mean T
@@ -2700,7 +2742,8 @@
# Assume it happened in March by not changing the clocks.
3:00 Russia MSK/MSD 1997
3:00 - MSK 1997 Mar lastSun 1:00u
- 2:00 EU EE%sT
+ 2:00 EU EE%sT 2011 Mar lastSun 1:00u
+ 3:00 - FET # Further-eastern European Time
###############################################################################
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/javazic/tzdata/northamerica
--- a/jdk/make/sun/javazic/tzdata/northamerica Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/javazic/tzdata/northamerica Fri Oct 28 17:49:02 2011 -0700
@@ -505,7 +505,7 @@
-8:00 US P%sT 1983 Oct 30 2:00
-9:00 US Y%sT 1983 Nov 30
-9:00 US AK%sT
-Zone America/Sitka -14:58:47 - LMT 1867 Oct 18
+Zone America/Sitka 14:58:47 - LMT 1867 Oct 18
-9:01:13 - LMT 1900 Aug 20 12:00
-8:00 - PST 1942
-8:00 US P%sT 1946
@@ -1190,31 +1190,21 @@
# INMS (2000-09-12) says that, since 1988 at least, Newfoundland switches
# at 00:01 local time. For now, assume it started in 1987.
-# From Michael Pelley (2011-08-05):
-# The Government of Newfoundland and Labrador has pending changes to
-# modify the hour for daylight savings time to come into effect in
-# November 2011. This modification would change the time from 12:01AM to
-# 2:00AM on the dates of the switches of Daylight Savings Time to/from
-# Standard Time.
-#
-# As a matter of reference, in Canada provinces have the authority of
-# setting time zone information. The legislation has passed our
-# legislative body (The House of Assembly) and is awaiting the
-# proclamation to come into effect. You may find this information at:
-#
-# http://www.assembly.nl.ca/legislation/sr/lists/Proclamation.htm
-#
-# and
-# search within that web page for Standard Time (Amendment) Act. The Act
-# may be found at:
-#
-# http://www.assembly.nl.ca/business/bills/Bill1106.htm
+# From Michael Pelley (2011-09-12):
+# We received today, Monday, September 12, 2011, notification that the
+# changes to the Newfoundland Standard Time Act have been proclaimed.
+# The change in the Act stipulates that the change from Daylight Savings
+# Time to Standard Time and from Standard Time to Daylight Savings Time
+# now occurs at 2:00AM.
+# ...
+#
+# http://www.assembly.nl.ca/legislation/sr/annualstatutes/2011/1106.chp.htm
#
# ...
-# MICHAEL PELLEY | Manager of Enterprise Architecture - Solution Delivery
-# Office of the Chief Information Officer Executive Council Government of
-# Newfoundland & Labrador P.O. Box 8700, 40 Higgins Line, St. John's NL
-# A1B 4J6
+# MICHAEL PELLEY | Manager of Enterprise Architecture - Solution Delivery
+# Office of the Chief Information Officer
+# Executive Council
+# Government of Newfoundland & Labrador
Rule StJohns 1987 only - Apr Sun>=1 0:01 1:00 D
Rule StJohns 1987 2006 - Oct lastSun 0:01 0 S
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/javazic/tzdata/southamerica
--- a/jdk/make/sun/javazic/tzdata/southamerica Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/javazic/tzdata/southamerica Fri Oct 28 17:49:02 2011 -0700
@@ -819,6 +819,26 @@
#
# http://www.timeanddate.com/news/time/brazil-dst-2008-2009.html
#
+#
+# From Alexander Krivenyshev (2011-10-04):
+# State Bahia will return to Daylight savings time this year after 8 years off.
+# The announcement was made by Governor Jaques Wagner in an interview to a
+# television station in Salvador.
+
+# In Portuguese:
+#
+# http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html
+# and
+#
+# http://noticias.terra.com.br/brasil/noticias/0,,OI5390887-EI8139,00-Bahia+volta+a+ter+horario+de+verao+apos+oito+anos.html
+#
+
+# From Guilherme Bernardes Rodrigues (2011-10-07):
+# There is news in the media, however there is still no decree about it.
+# I just send a e-mail to Zulmira Brandão at
+# http://pcdsh01.on.br/ the
+# oficial agency about time in Brazil, and she confirmed that the old rule is
+# still in force.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
# Decree 20,466 (1931-10-01)
@@ -1057,6 +1077,9 @@
Zone America/Bahia -2:34:04 - LMT 1914
-3:00 Brazil BR%sT 2003 Sep 24
-3:00 - BRT
+# as noted above, not yet in operation.
+# -3:00 - BRT 2011 Oct 16
+# -3:00 Brazil BR%sT
#
# Goias (GO), Distrito Federal (DF), Minas Gerais (MG),
# Espirito Santo (ES), Rio de Janeiro (RJ), Sao Paulo (SP), Parana (PR),
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/javazic/tzdata/zone.tab
--- a/jdk/make/sun/javazic/tzdata/zone.tab Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/javazic/tzdata/zone.tab Fri Oct 28 17:49:02 2011 -0700
@@ -341,7 +341,8 @@
PM +4703-05620 America/Miquelon
PN -2504-13005 Pacific/Pitcairn
PR +182806-0660622 America/Puerto_Rico
-PS +3130+03428 Asia/Gaza
+PS +3130+03428 Asia/Gaza Gaza Strip
+PS +313200+0350542 Asia/Hebron West Bank
PT +3843-00908 Europe/Lisbon mainland
PT +3238-01654 Atlantic/Madeira Madeira Islands
PT +3744-02540 Atlantic/Azores Azores
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/rmi/rmi/Makefile
--- a/jdk/make/sun/rmi/rmi/Makefile Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/rmi/rmi/Makefile Fri Oct 28 17:49:02 2011 -0700
@@ -30,16 +30,9 @@
BUILDDIR = ../../..
PACKAGE = sun.rmi
PRODUCT = sun
-LIBRARY = rmi
include $(BUILDDIR)/common/Defs.gmk
#
-# Add use of a mapfile
-#
-FILES_m = mapfile-vers
-include $(BUILDDIR)/common/Mapfile-vers.gmk
-
-#
# Java files to compile.
#
AUTO_FILES_JAVA_DIRS = \
@@ -52,31 +45,9 @@
com/sun/rmi
#
-# Native files to compile.
-#
-FILES_c = \
- sun/rmi/server/MarshalInputStream.c
-
-#
-# Add ambient vpath to pick up files not part of sun.rmi package
-#
-vpath %.c $(SHARE_SRC)/native/sun/rmi/server
-
-#
-# Exported files that require generated .h
-#
-FILES_export = \
- sun/rmi/server/MarshalInputStream.java
-
-#
-# Link to JVM for JVM_LatestUserDefinedLoader
-#
-OTHER_LDLIBS = $(JVMLIB)
-
-#
# Rules
#
-include $(BUILDDIR)/common/Library.gmk
+include $(BUILDDIR)/common/Rules.gmk
#
# Full package names of implementations requiring stubs
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/rmi/rmi/mapfile-vers
--- a/jdk/make/sun/rmi/rmi/mapfile-vers Thu Oct 27 13:54:42 2011 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,33 +0,0 @@
-#
-# Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation. Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# Define library interface.
-
-SUNWprivate_1.1 {
- global:
- Java_sun_rmi_server_MarshalInputStream_latestUserDefinedLoader;
- local:
- *;
-};
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/security/ec/Makefile
--- a/jdk/make/sun/security/ec/Makefile Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/security/ec/Makefile Fri Oct 28 17:49:02 2011 -0700
@@ -192,10 +192,8 @@
#
# Libraries to link
#
- ifeq ($(PLATFORM), windows)
- OTHER_LDLIBS += $(JVMLIB)
- else
- OTHER_LDLIBS = -ldl $(JVMLIB) $(LIBCXX)
+ ifneq ($(PLATFORM), windows)
+ OTHER_LDLIBS = $(LIBCXX)
endif
include $(BUILDDIR)/common/Mapfile-vers.gmk
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/security/jgss/wrapper/Makefile
--- a/jdk/make/sun/security/jgss/wrapper/Makefile Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/security/jgss/wrapper/Makefile Fri Oct 28 17:49:02 2011 -0700
@@ -72,5 +72,6 @@
# Libraries to link
#
ifneq ($(PLATFORM), windows)
- OTHER_LDLIBS = -ldl $(JVMLIB)
+ OTHER_LDLIBS = -ldl
endif
+
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/security/krb5/Makefile
--- a/jdk/make/sun/security/krb5/Makefile Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/security/krb5/Makefile Fri Oct 28 17:49:02 2011 -0700
@@ -69,15 +69,6 @@
include $(BUILDDIR)/common/Classes.gmk
endif # PLATFORM
-#
-# Libraries to link
-#
-ifeq ($(PLATFORM), windows)
- OTHER_LDLIBS = $(JVMLIB)
-else
- OTHER_LDLIBS = -ldl $(JVMLIB)
-endif
-
build:
ifeq ($(PLATFORM),windows)
$(call make-launcher, kinit, sun.security.krb5.internal.tools.Kinit, , )
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/security/mscapi/Makefile
--- a/jdk/make/sun/security/mscapi/Makefile Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/security/mscapi/Makefile Fri Oct 28 17:49:02 2011 -0700
@@ -159,7 +159,7 @@
# Libraries to link
#
ifeq ($(PLATFORM), windows)
- OTHER_LDLIBS += $(JVMLIB) Crypt32.Lib
+ OTHER_LDLIBS += Crypt32.Lib
endif
#
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/security/other/Makefile
--- a/jdk/make/sun/security/other/Makefile Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/security/other/Makefile Fri Oct 28 17:49:02 2011 -0700
@@ -38,6 +38,7 @@
sun/security/acl \
sun/security/jca \
sun/security/pkcs \
+ sun/security/pkcs10 \
sun/security/pkcs12 \
sun/security/provider \
sun/security/rsa \
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/security/pkcs11/Makefile
--- a/jdk/make/sun/security/pkcs11/Makefile Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/security/pkcs11/Makefile Fri Oct 28 17:49:02 2011 -0700
@@ -159,10 +159,8 @@
#
# Libraries to link
#
-ifeq ($(PLATFORM), windows)
- OTHER_LDLIBS = $(JVMLIB)
-else
- OTHER_LDLIBS = -ldl $(JVMLIB)
+ifneq ($(PLATFORM), windows)
+ OTHER_LDLIBS = -ldl
endif
# Other config files
diff -r c049b778ca61 -r 7e570cc378fb jdk/make/sun/security/smartcardio/Makefile
--- a/jdk/make/sun/security/smartcardio/Makefile Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/make/sun/security/smartcardio/Makefile Fri Oct 28 17:49:02 2011 -0700
@@ -73,8 +73,8 @@
# Libraries to link
#
ifeq ($(PLATFORM), windows)
- OTHER_LDLIBS = $(JVMLIB) winscard.lib
+ OTHER_LDLIBS = winscard.lib
else
- OTHER_LDLIBS = -ldl $(JVMLIB)
+ OTHER_LDLIBS = -ldl
OTHER_CFLAGS = -D__sun_jdk
endif
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/java/io/ObjectInputStream.java
--- a/jdk/src/share/classes/java/io/ObjectInputStream.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/java/io/ObjectInputStream.java Fri Oct 28 17:49:02 2011 -0700
@@ -2025,8 +2025,9 @@
* This method should not be removed or its signature changed without
* corresponding modifications to the above class.
*/
- // REMIND: change name to something more accurate?
- private static native ClassLoader latestUserDefinedLoader();
+ private static ClassLoader latestUserDefinedLoader() {
+ return sun.misc.VM.latestUserDefinedLoader();
+ }
/**
* Default GetField implementation.
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/java/util/Collections.java
--- a/jdk/src/share/classes/java/util/Collections.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/java/util/Collections.java Fri Oct 28 17:49:02 2011 -0700
@@ -2352,6 +2352,64 @@
}
/**
+ * Returns a dynamically typesafe view of the specified queue.
+ * Any attempt to insert an element of the wrong type will result in
+ * an immediate {@link ClassCastException}. Assuming a queue contains
+ * no incorrectly typed elements prior to the time a dynamically typesafe
+ * view is generated, and that all subsequent access to the queue
+ * takes place through the view, it is guaranteed that the
+ * queue cannot contain an incorrectly typed element.
+ *
+ *
A discussion of the use of dynamically typesafe views may be
+ * found in the documentation for the {@link #checkedCollection
+ * checkedCollection} method.
+ *
+ *
The returned queue will be serializable if the specified queue
+ * is serializable.
+ *
+ *
Since {@code null} is considered to be a value of any reference
+ * type, the returned queue permits insertion of {@code null} elements
+ * whenever the backing queue does.
+ *
+ * @param queue the queue for which a dynamically typesafe view is to be
+ * returned
+ * @param type the type of element that {@code queue} is permitted to hold
+ * @return a dynamically typesafe view of the specified queue
+ * @since 1.8
+ */
+ public static Queue checkedQueue(Queue queue, Class type) {
+ return new CheckedQueue<>(queue, type);
+ }
+
+ /**
+ * @serial include
+ */
+ static class CheckedQueue
+ extends CheckedCollection
+ implements Queue, Serializable
+ {
+ private static final long serialVersionUID = 1433151992604707767L;
+ final Queue queue;
+
+ CheckedQueue(Queue queue, Class elementType) {
+ super(queue, elementType);
+ this.queue = queue;
+ }
+
+ public E element() {return queue.element();}
+ public boolean equals(Object o) {return o == this || c.equals(o);}
+ public int hashCode() {return c.hashCode();}
+ public E peek() {return queue.peek();}
+ public E poll() {return queue.poll();}
+ public E remove() {return queue.remove();}
+
+ public boolean offer(E e) {
+ typeCheck(e);
+ return add(e);
+ }
+ }
+
+ /**
* Returns a dynamically typesafe view of the specified set.
* Any attempt to insert an element of the wrong type will result in
* an immediate {@link ClassCastException}. Assuming a set contains
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/misc/VM.java
--- a/jdk/src/share/classes/sun/misc/VM.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/sun/misc/VM.java Fri Oct 28 17:49:02 2011 -0700
@@ -371,6 +371,12 @@
private final static int JVMTI_THREAD_STATE_WAITING_INDEFINITELY = 0x0010;
private final static int JVMTI_THREAD_STATE_WAITING_WITH_TIMEOUT = 0x0020;
+ /*
+ * Returns the first non-null class loader up the execution stack,
+ * or null if only code from the null class loader is on the stack.
+ */
+ public static native ClassLoader latestUserDefinedLoader();
+
static {
initialize();
}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java
--- a/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java Fri Oct 28 17:49:02 2011 -0700
@@ -110,14 +110,6 @@
}
/**
- * Load the "rmi" native library.
- */
- static {
- java.security.AccessController.doPrivileged(
- new sun.security.action.LoadLibraryAction("rmi"));
- }
-
- /**
* Create a new MarshalInputStream object.
*/
public MarshalInputStream(InputStream in)
@@ -262,7 +254,9 @@
* Returns the first non-null class loader up the execution stack, or null
* if only code from the null class loader is on the stack.
*/
- private static native ClassLoader latestUserDefinedLoader();
+ private static ClassLoader latestUserDefinedLoader() {
+ return sun.misc.VM.latestUserDefinedLoader();
+ }
/**
* Fix for 4179055: Need to assist resolving sun stubs; resolve
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/pkcs/EncodingException.java
--- a/jdk/src/share/classes/sun/security/pkcs/EncodingException.java Thu Oct 27 13:54:42 2011 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/**
- * Generic PKCS Encoding exception.
- *
- * @author Benjamin Renaud
- */
-
-package sun.security.pkcs;
-
-public class EncodingException extends Exception {
-
- private static final long serialVersionUID = 4060198374240668325L;
-
- public EncodingException() {
- super();
- }
-
- public EncodingException(String s) {
- super(s);
- }
-}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/pkcs/PKCS10.java
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS10.java Thu Oct 27 13:54:42 2011 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,353 +0,0 @@
-/*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-
-package sun.security.pkcs;
-
-import java.io.PrintStream;
-import java.io.IOException;
-import java.math.BigInteger;
-
-import java.security.cert.CertificateException;
-import java.security.NoSuchAlgorithmException;
-import java.security.InvalidKeyException;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.PublicKey;
-
-import sun.misc.BASE64Encoder;
-
-import sun.security.util.*;
-import sun.security.x509.AlgorithmId;
-import sun.security.x509.X509Key;
-import sun.security.x509.X500Name;
-
-/**
- * A PKCS #10 certificate request is created and sent to a Certificate
- * Authority, which then creates an X.509 certificate and returns it to
- * the entity that requested it. A certificate request basically consists
- * of the subject's X.500 name, public key, and optionally some attributes,
- * signed using the corresponding private key.
- *
- * The ASN.1 syntax for a Certification Request is:
- *
- *
- * @author David Brownell
- * @author Amit Kapoor
- * @author Hemma Prafullchandra
- */
-public class PKCS10 {
- /**
- * Constructs an unsigned PKCS #10 certificate request. Before this
- * request may be used, it must be encoded and signed. Then it
- * must be retrieved in some conventional format (e.g. string).
- *
- * @param publicKey the public key that should be placed
- * into the certificate generated by the CA.
- */
- public PKCS10(PublicKey publicKey) {
- subjectPublicKeyInfo = publicKey;
- attributeSet = new PKCS10Attributes();
- }
-
- /**
- * Constructs an unsigned PKCS #10 certificate request. Before this
- * request may be used, it must be encoded and signed. Then it
- * must be retrieved in some conventional format (e.g. string).
- *
- * @param publicKey the public key that should be placed
- * into the certificate generated by the CA.
- * @param attributes additonal set of PKCS10 attributes requested
- * for in the certificate.
- */
- public PKCS10(PublicKey publicKey, PKCS10Attributes attributes) {
- subjectPublicKeyInfo = publicKey;
- attributeSet = attributes;
- }
-
- /**
- * Parses an encoded, signed PKCS #10 certificate request, verifying
- * the request's signature as it does so. This constructor would
- * typically be used by a Certificate Authority, from which a new
- * certificate would then be constructed.
- *
- * @param data the DER-encoded PKCS #10 request.
- * @exception IOException for low level errors reading the data
- * @exception SignatureException when the signature is invalid
- * @exception NoSuchAlgorithmException when the signature
- * algorithm is not supported in this environment
- */
- public PKCS10(byte[] data)
- throws IOException, SignatureException, NoSuchAlgorithmException {
- DerInputStream in;
- DerValue[] seq;
- AlgorithmId id;
- byte[] sigData;
- Signature sig;
-
- encoded = data;
-
- //
- // Outer sequence: request, signature algorithm, signature.
- // Parse, and prepare to verify later.
- //
- in = new DerInputStream(data);
- seq = in.getSequence(3);
-
- if (seq.length != 3)
- throw new IllegalArgumentException("not a PKCS #10 request");
-
- data = seq[0].toByteArray(); // reusing this variable
- id = AlgorithmId.parse(seq[1]);
- sigData = seq[2].getBitString();
-
- //
- // Inner sequence: version, name, key, attributes
- //
- BigInteger serial;
- DerValue val;
-
- serial = seq[0].data.getBigInteger();
- if (!serial.equals(BigInteger.ZERO))
- throw new IllegalArgumentException("not PKCS #10 v1");
-
- subject = new X500Name(seq[0].data);
- subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue());
-
- // Cope with a somewhat common illegal PKCS #10 format
- if (seq[0].data.available() != 0)
- attributeSet = new PKCS10Attributes(seq[0].data);
- else
- attributeSet = new PKCS10Attributes();
-
- if (seq[0].data.available() != 0)
- throw new IllegalArgumentException("illegal PKCS #10 data");
-
- //
- // OK, we parsed it all ... validate the signature using the
- // key and signature algorithm we found.
- //
- try {
- sig = Signature.getInstance(id.getName());
- sig.initVerify(subjectPublicKeyInfo);
- sig.update(data);
- if (!sig.verify(sigData))
- throw new SignatureException("Invalid PKCS #10 signature");
- } catch (InvalidKeyException e) {
- throw new SignatureException("invalid key");
- }
- }
-
- /**
- * Create the signed certificate request. This will later be
- * retrieved in either string or binary format.
- *
- * @param subject identifies the signer (by X.500 name).
- * @param signature private key and signing algorithm to use.
- * @exception IOException on errors.
- * @exception CertificateException on certificate handling errors.
- * @exception SignatureException on signature handling errors.
- */
- public void encodeAndSign(X500Name subject, Signature signature)
- throws CertificateException, IOException, SignatureException {
- DerOutputStream out, scratch;
- byte[] certificateRequestInfo;
- byte[] sig;
-
- if (encoded != null)
- throw new SignatureException("request is already signed");
-
- this.subject = subject;
-
- /*
- * Encode cert request info, wrap in a sequence for signing
- */
- scratch = new DerOutputStream();
- scratch.putInteger(BigInteger.ZERO); // PKCS #10 v1.0
- subject.encode(scratch); // X.500 name
- scratch.write(subjectPublicKeyInfo.getEncoded()); // public key
- attributeSet.encode(scratch);
-
- out = new DerOutputStream();
- out.write(DerValue.tag_Sequence, scratch); // wrap it!
- certificateRequestInfo = out.toByteArray();
- scratch = out;
-
- /*
- * Sign it ...
- */
- signature.update(certificateRequestInfo, 0,
- certificateRequestInfo.length);
- sig = signature.sign();
-
- /*
- * Build guts of SIGNED macro
- */
- AlgorithmId algId = null;
- try {
- algId = AlgorithmId.get(signature.getAlgorithm());
- } catch (NoSuchAlgorithmException nsae) {
- throw new SignatureException(nsae);
- }
- algId.encode(scratch); // sig algorithm
- scratch.putBitString(sig); // sig
-
- /*
- * Wrap those guts in a sequence
- */
- out = new DerOutputStream();
- out.write(DerValue.tag_Sequence, scratch);
- encoded = out.toByteArray();
- }
-
- /**
- * Returns the subject's name.
- */
- public X500Name getSubjectName() { return subject; }
-
- /**
- * Returns the subject's public key.
- */
- public PublicKey getSubjectPublicKeyInfo()
- { return subjectPublicKeyInfo; }
-
- /**
- * Returns the additional attributes requested.
- */
- public PKCS10Attributes getAttributes()
- { return attributeSet; }
-
- /**
- * Returns the encoded and signed certificate request as a
- * DER-encoded byte array.
- *
- * @return the certificate request, or null if encodeAndSign()
- * has not yet been called.
- */
- public byte[] getEncoded() {
- if (encoded != null)
- return encoded.clone();
- else
- return null;
- }
-
- /**
- * Prints an E-Mailable version of the certificate request on the print
- * stream passed. The format is a common base64 encoded one, supported
- * by most Certificate Authorities because Netscape web servers have
- * used this for some time. Some certificate authorities expect some
- * more information, in particular contact information for the web
- * server administrator.
- *
- * @param out the print stream where the certificate request
- * will be printed.
- * @exception IOException when an output operation failed
- * @exception SignatureException when the certificate request was
- * not yet signed.
- */
- public void print(PrintStream out)
- throws IOException, SignatureException {
- if (encoded == null)
- throw new SignatureException("Cert request was not signed");
-
- BASE64Encoder encoder = new BASE64Encoder();
-
- out.println("-----BEGIN NEW CERTIFICATE REQUEST-----");
- encoder.encodeBuffer(encoded, out);
- out.println("-----END NEW CERTIFICATE REQUEST-----");
- }
-
- /**
- * Provides a short description of this request.
- */
- public String toString() {
- return "[PKCS #10 certificate request:\n"
- + subjectPublicKeyInfo.toString()
- + " subject: <" + subject + ">" + "\n"
- + " attributes: " + attributeSet.toString()
- + "\n]";
- }
-
- /**
- * Compares this object for equality with the specified
- * object. If the other object is an
- * instanceofPKCS10, then
- * its encoded form is retrieved and compared with the
- * encoded form of this certificate request.
- *
- * @param other the object to test for equality with this object.
- * @return true iff the encoded forms of the two certificate
- * requests match, false otherwise.
- */
- public boolean equals(Object other) {
- if (this == other)
- return true;
- if (!(other instanceof PKCS10))
- return false;
- if (encoded == null) // not signed yet
- return false;
- byte[] otherEncoded = ((PKCS10)other).getEncoded();
- if (otherEncoded == null)
- return false;
-
- return java.util.Arrays.equals(encoded, otherEncoded);
- }
-
- /**
- * Returns a hashcode value for this certificate request from its
- * encoded form.
- *
- * @return the hashcode value.
- */
- public int hashCode() {
- int retval = 0;
- if (encoded != null)
- for (int i = 1; i < encoded.length; i++)
- retval += encoded[i] * i;
- return(retval);
- }
-
- private X500Name subject;
- private PublicKey subjectPublicKeyInfo;
- private PKCS10Attributes attributeSet;
- private byte[] encoded; // signed
-}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/pkcs/PKCS10Attribute.java
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS10Attribute.java Thu Oct 27 13:54:42 2011 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,135 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.pkcs;
-
-import java.io.OutputStream;
-import java.io.IOException;
-
-import sun.security.util.*;
-
-/**
- * Represent a PKCS#10 Attribute.
- *
- *
Attributes are additonal information which can be inserted in a PKCS#10
- * certificate request. For example a "Driving License Certificate" could have
- * the driving license number as an attribute.
- *
- *
Attributes are represented as a sequence of the attribute identifier
- * (Object Identifier) and a set of DER encoded attribute values.
- *
- * ASN.1 definition of Attribute:
- *
- * Attribute :: SEQUENCE {
- * type AttributeType,
- * values SET OF AttributeValue
- * }
- * AttributeType ::= OBJECT IDENTIFIER
- * AttributeValue ::= ANY defined by type
- *
- *
- * @author Amit Kapoor
- * @author Hemma Prafullchandra
- */
-public class PKCS10Attribute implements DerEncoder {
-
- protected ObjectIdentifier attributeId = null;
- protected Object attributeValue = null;
-
- /**
- * Constructs an attribute from a DER encoding.
- * This constructor expects the value to be encoded as defined above,
- * i.e. a SEQUENCE of OID and SET OF value(s), not a literal
- * X.509 v3 extension. Only PKCS9 defined attributes are supported
- * currently.
- *
- * @param derVal the der encoded attribute.
- * @exception IOException on parsing errors.
- */
- public PKCS10Attribute(DerValue derVal) throws IOException {
- PKCS9Attribute attr = new PKCS9Attribute(derVal);
- this.attributeId = attr.getOID();
- this.attributeValue = attr.getValue();
- }
-
- /**
- * Constructs an attribute from individual components of
- * ObjectIdentifier and the value (any java object).
- *
- * @param attributeId the ObjectIdentifier of the attribute.
- * @param attributeValue an instance of a class that implements
- * the attribute identified by the ObjectIdentifier.
- */
- public PKCS10Attribute(ObjectIdentifier attributeId,
- Object attributeValue) {
- this.attributeId = attributeId;
- this.attributeValue = attributeValue;
- }
-
- /**
- * Constructs an attribute from PKCS9 attribute.
- *
- * @param attr the PKCS9Attribute to create from.
- */
- public PKCS10Attribute(PKCS9Attribute attr) {
- this.attributeId = attr.getOID();
- this.attributeValue = attr.getValue();
- }
-
- /**
- * DER encode this object onto an output stream.
- * Implements the DerEncoder interface.
- *
- * @param out
- * the OutputStream on which to write the DER encoding.
- *
- * @exception IOException on encoding errors.
- */
- public void derEncode(OutputStream out) throws IOException {
- PKCS9Attribute attr = new PKCS9Attribute(attributeId, attributeValue);
- attr.derEncode(out);
- }
-
- /**
- * Returns the ObjectIdentifier of the attribute.
- */
- public ObjectIdentifier getAttributeId() {
- return (attributeId);
- }
-
- /**
- * Returns the attribute value.
- */
- public Object getAttributeValue() {
- return (attributeValue);
- }
-
- /**
- * Returns the attribute in user readable form.
- */
- public String toString() {
- return (attributeValue.toString());
- }
-}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/pkcs/PKCS10Attributes.java
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS10Attributes.java Thu Oct 27 13:54:42 2011 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,219 +0,0 @@
-/*
- * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.pkcs;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.cert.CertificateException;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.Hashtable;
-
-import sun.security.util.*;
-
-/**
- * This class defines the PKCS10 attributes for the request.
- * The ASN.1 syntax for this is:
- *
- * Attributes ::= SET OF Attribute
- *
- *
- * @author Amit Kapoor
- * @author Hemma Prafullchandra
- * @see PKCS10
- * @see PKCS10Attribute
- */
-public class PKCS10Attributes implements DerEncoder {
-
- private Hashtable map =
- new Hashtable(3);
-
- /**
- * Default constructor for the PKCS10 attribute.
- */
- public PKCS10Attributes() { }
-
- /**
- * Create the object from the array of PKCS10Attribute objects.
- *
- * @param attrs the array of PKCS10Attribute objects.
- */
- public PKCS10Attributes(PKCS10Attribute[] attrs) {
- for (int i = 0; i < attrs.length; i++) {
- map.put(attrs[i].getAttributeId().toString(), attrs[i]);
- }
- }
-
- /**
- * Create the object, decoding the values from the passed DER stream.
- * The DER stream contains the SET OF Attribute.
- *
- * @param in the DerInputStream to read the attributes from.
- * @exception IOException on decoding errors.
- */
- public PKCS10Attributes(DerInputStream in) throws IOException {
- DerValue[] attrs = in.getSet(3, true);
-
- if (attrs == null)
- throw new IOException("Illegal encoding of attributes");
- for (int i = 0; i < attrs.length; i++) {
- PKCS10Attribute attr = new PKCS10Attribute(attrs[i]);
- map.put(attr.getAttributeId().toString(), attr);
- }
- }
-
- /**
- * Encode the attributes in DER form to the stream.
- *
- * @param out the OutputStream to marshal the contents to.
- * @exception IOException on encoding errors.
- */
- public void encode(OutputStream out) throws IOException {
- derEncode(out);
- }
-
- /**
- * Encode the attributes in DER form to the stream.
- * Implements the DerEncoder interface.
- *
- * @param out the OutputStream to marshal the contents to.
- * @exception IOException on encoding errors.
- */
- public void derEncode(OutputStream out) throws IOException {
- // first copy the elements into an array
- Collection allAttrs = map.values();
- PKCS10Attribute[] attribs =
- allAttrs.toArray(new PKCS10Attribute[map.size()]);
-
- DerOutputStream attrOut = new DerOutputStream();
- attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT,
- true, (byte)0),
- attribs);
- out.write(attrOut.toByteArray());
- }
-
- /**
- * Set the attribute value.
- */
- public void setAttribute(String name, Object obj) {
- if (obj instanceof PKCS10Attribute) {
- map.put(name, (PKCS10Attribute)obj);
- }
- }
-
- /**
- * Get the attribute value.
- */
- public Object getAttribute(String name) {
- return map.get(name);
- }
-
- /**
- * Delete the attribute value.
- */
- public void deleteAttribute(String name) {
- map.remove(name);
- }
-
- /**
- * Return an enumeration of names of attributes existing within this
- * attribute.
- */
- public Enumeration getElements() {
- return (map.elements());
- }
-
- /**
- * Return a Collection of attributes existing within this
- * PKCS10Attributes object.
- */
- public Collection getAttributes() {
- return (Collections.unmodifiableCollection(map.values()));
- }
-
- /**
- * Compares this PKCS10Attributes for equality with the specified
- * object. If the other object is an
- * instanceofPKCS10Attributes, then
- * all the entries are compared with the entries from this.
- *
- * @param other the object to test for equality with this PKCS10Attributes.
- * @return true if all the entries match that of the Other,
- * false otherwise.
- */
- public boolean equals(Object other) {
- if (this == other)
- return true;
- if (!(other instanceof PKCS10Attributes))
- return false;
-
- Collection othersAttribs =
- ((PKCS10Attributes)other).getAttributes();
- PKCS10Attribute[] attrs =
- othersAttribs.toArray(new PKCS10Attribute[othersAttribs.size()]);
- int len = attrs.length;
- if (len != map.size())
- return false;
- PKCS10Attribute thisAttr, otherAttr;
- String key = null;
- for (int i=0; i < len; i++) {
- otherAttr = attrs[i];
- key = otherAttr.getAttributeId().toString();
-
- if (key == null)
- return false;
- thisAttr = map.get(key);
- if (thisAttr == null)
- return false;
- if (! thisAttr.equals(otherAttr))
- return false;
- }
- return true;
- }
-
- /**
- * Returns a hashcode value for this PKCS10Attributes.
- *
- * @return the hashcode value.
- */
- public int hashCode() {
- return map.hashCode();
- }
-
- /**
- * Returns a string representation of this PKCS10Attributes object
- * in the form of a set of entries, enclosed in braces and separated
- * by the ASCII characters ", " (comma and space).
- *
Overrides the toString method of Object.
- *
- * @return a string representation of this PKCS10Attributes.
- */
- public String toString() {
- String s = map.size() + "\n" + map.toString();
- return s;
- }
-}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/pkcs/PKCS7.java
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS7.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/sun/security/pkcs/PKCS7.java Fri Oct 28 17:49:02 2011 -0700
@@ -27,6 +27,7 @@
import java.io.*;
import java.math.BigInteger;
+import java.net.URI;
import java.util.*;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
@@ -35,6 +36,7 @@
import java.security.cert.CertificateFactory;
import java.security.*;
+import sun.security.timestamp.*;
import sun.security.util.*;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateIssuerName;
@@ -68,6 +70,30 @@
private Principal[] certIssuerNames;
+ /*
+ * Random number generator for creating nonce values
+ */
+ private static final SecureRandom RANDOM;
+ static {
+ SecureRandom tmp = null;
+ try {
+ tmp = SecureRandom.getInstance("SHA1PRNG");
+ } catch (NoSuchAlgorithmException e) {
+ // should not happen
+ }
+ RANDOM = tmp;
+ }
+
+ /*
+ * Object identifier for the timestamping key purpose.
+ */
+ private static final String KP_TIMESTAMPING_OID = "1.3.6.1.5.5.7.3.8";
+
+ /*
+ * Object identifier for extendedKeyUsage extension
+ */
+ private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37";
+
/**
* Unmarshals a PKCS7 block from its encoded form, parsing the
* encoded bytes from the InputStream.
@@ -733,4 +759,164 @@
public boolean isOldStyle() {
return this.oldStyle;
}
+
+ /**
+ * Assembles a PKCS #7 signed data message that optionally includes a
+ * signature timestamp.
+ *
+ * @param signature the signature bytes
+ * @param signerChain the signer's X.509 certificate chain
+ * @param content the content that is signed; specify null to not include
+ * it in the PKCS7 data
+ * @param signatureAlgorithm the name of the signature algorithm
+ * @param tsaURI the URI of the Timestamping Authority; or null if no
+ * timestamp is requested
+ * @return the bytes of the encoded PKCS #7 signed data message
+ * @throws NoSuchAlgorithmException The exception is thrown if the signature
+ * algorithm is unrecognised.
+ * @throws CertificateException The exception is thrown if an error occurs
+ * while processing the signer's certificate or the TSA's
+ * certificate.
+ * @throws IOException The exception is thrown if an error occurs while
+ * generating the signature timestamp or while generating the signed
+ * data message.
+ */
+ public static byte[] generateSignedData(byte[] signature,
+ X509Certificate[] signerChain,
+ byte[] content,
+ String signatureAlgorithm,
+ URI tsaURI)
+ throws CertificateException, IOException, NoSuchAlgorithmException
+ {
+
+ // Generate the timestamp token
+ PKCS9Attributes unauthAttrs = null;
+ if (tsaURI != null) {
+ // Timestamp the signature
+ HttpTimestamper tsa = new HttpTimestamper(tsaURI);
+ byte[] tsToken = generateTimestampToken(tsa, signature);
+
+ // Insert the timestamp token into the PKCS #7 signer info element
+ // (as an unsigned attribute)
+ unauthAttrs =
+ new PKCS9Attributes(new PKCS9Attribute[]{
+ new PKCS9Attribute(
+ PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR,
+ tsToken)});
+ }
+
+ // Create the SignerInfo
+ X500Name issuerName =
+ X500Name.asX500Name(signerChain[0].getIssuerX500Principal());
+ BigInteger serialNumber = signerChain[0].getSerialNumber();
+ String encAlg = AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm);
+ String digAlg = AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm);
+ SignerInfo signerInfo = new SignerInfo(issuerName, serialNumber,
+ AlgorithmId.get(digAlg), null,
+ AlgorithmId.get(encAlg),
+ signature, unauthAttrs);
+
+ // Create the PKCS #7 signed data message
+ SignerInfo[] signerInfos = {signerInfo};
+ AlgorithmId[] algorithms = {signerInfo.getDigestAlgorithmId()};
+ // Include or exclude content
+ ContentInfo contentInfo = (content == null)
+ ? new ContentInfo(ContentInfo.DATA_OID, null)
+ : new ContentInfo(content);
+ PKCS7 pkcs7 = new PKCS7(algorithms, contentInfo,
+ signerChain, signerInfos);
+ ByteArrayOutputStream p7out = new ByteArrayOutputStream();
+ pkcs7.encodeSignedData(p7out);
+
+ return p7out.toByteArray();
+ }
+
+ /**
+ * Requests, processes and validates a timestamp token from a TSA using
+ * common defaults. Uses the following defaults in the timestamp request:
+ * SHA-1 for the hash algorithm, a 64-bit nonce, and request certificate
+ * set to true.
+ *
+ * @param tsa the timestamping authority to use
+ * @param toBeTimestamped the token that is to be timestamped
+ * @return the encoded timestamp token
+ * @throws IOException The exception is thrown if an error occurs while
+ * communicating with the TSA.
+ * @throws CertificateException The exception is thrown if the TSA's
+ * certificate is not permitted for timestamping.
+ */
+ private static byte[] generateTimestampToken(Timestamper tsa,
+ byte[] toBeTimestamped)
+ throws IOException, CertificateException
+ {
+ // Generate a timestamp
+ MessageDigest messageDigest = null;
+ TSRequest tsQuery = null;
+ try {
+ // SHA-1 is always used.
+ messageDigest = MessageDigest.getInstance("SHA-1");
+ tsQuery = new TSRequest(toBeTimestamped, messageDigest);
+ } catch (NoSuchAlgorithmException e) {
+ // ignore
+ }
+
+ // Generate a nonce
+ BigInteger nonce = null;
+ if (RANDOM != null) {
+ nonce = new BigInteger(64, RANDOM);
+ tsQuery.setNonce(nonce);
+ }
+ tsQuery.requestCertificate(true);
+
+ TSResponse tsReply = tsa.generateTimestamp(tsQuery);
+ int status = tsReply.getStatusCode();
+ // Handle TSP error
+ if (status != 0 && status != 1) {
+ throw new IOException("Error generating timestamp: " +
+ tsReply.getStatusCodeAsText() + " " +
+ tsReply.getFailureCodeAsText());
+ }
+ PKCS7 tsToken = tsReply.getToken();
+
+ TimestampToken tst = tsReply.getTimestampToken();
+ if (!tst.getHashAlgorithm().getName().equals("SHA")) {
+ throw new IOException("Digest algorithm not SHA-1 in "
+ + "timestamp token");
+ }
+ if (!MessageDigest.isEqual(tst.getHashedMessage(),
+ tsQuery.getHashedMessage())) {
+ throw new IOException("Digest octets changed in timestamp token");
+ }
+
+ BigInteger replyNonce = tst.getNonce();
+ if (replyNonce == null && nonce != null) {
+ throw new IOException("Nonce missing in timestamp token");
+ }
+ if (replyNonce != null && !replyNonce.equals(nonce)) {
+ throw new IOException("Nonce changed in timestamp token");
+ }
+
+ // Examine the TSA's certificate (if present)
+ for (SignerInfo si: tsToken.getSignerInfos()) {
+ X509Certificate cert = si.getCertificate(tsToken);
+ if (cert == null) {
+ // Error, we've already set tsRequestCertificate = true
+ throw new CertificateException(
+ "Certificate not included in timestamp token");
+ } else {
+ if (!cert.getCriticalExtensionOIDs().contains(
+ EXTENDED_KEY_USAGE_OID)) {
+ throw new CertificateException(
+ "Certificate is not valid for timestamping");
+ }
+ List keyPurposes = cert.getExtendedKeyUsage();
+ if (keyPurposes == null ||
+ !keyPurposes.contains(KP_TIMESTAMPING_OID)) {
+ throw new CertificateException(
+ "Certificate is not valid for timestamping");
+ }
+ }
+ }
+ return tsReply.getEncodedToken();
+ }
}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/pkcs/SignerInfo.java
--- a/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java Fri Oct 28 17:49:02 2011 -0700
@@ -28,10 +28,14 @@
import java.io.OutputStream;
import java.io.IOException;
import java.math.BigInteger;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.security.*;
import java.util.ArrayList;
+import sun.security.timestamp.TimestampToken;
import sun.security.util.*;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X500Name;
@@ -51,6 +55,8 @@
AlgorithmId digestAlgorithmId;
AlgorithmId digestEncryptionAlgorithmId;
byte[] encryptedDigest;
+ Timestamp timestamp;
+ private boolean hasTimestamp = true;
PKCS9Attributes authenticatedAttributes;
PKCS9Attributes unauthenticatedAttributes;
@@ -442,6 +448,62 @@
return unauthenticatedAttributes;
}
+ /*
+ * Extracts a timestamp from a PKCS7 SignerInfo.
+ *
+ * Examines the signer's unsigned attributes for a
+ * signatureTimestampToken attribute. If present,
+ * then it is parsed to extract the date and time at which the
+ * timestamp was generated.
+ *
+ * @param info A signer information element of a PKCS 7 block.
+ *
+ * @return A timestamp token or null if none is present.
+ * @throws IOException if an error is encountered while parsing the
+ * PKCS7 data.
+ * @throws NoSuchAlgorithmException if an error is encountered while
+ * verifying the PKCS7 object.
+ * @throws SignatureException if an error is encountered while
+ * verifying the PKCS7 object.
+ * @throws CertificateException if an error is encountered while generating
+ * the TSA's certpath.
+ */
+ public Timestamp getTimestamp()
+ throws IOException, NoSuchAlgorithmException, SignatureException,
+ CertificateException
+ {
+ if (timestamp != null || !hasTimestamp)
+ return timestamp;
+
+ if (unauthenticatedAttributes == null) {
+ hasTimestamp = false;
+ return null;
+ }
+ PKCS9Attribute tsTokenAttr =
+ unauthenticatedAttributes.getAttribute(
+ PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
+ if (tsTokenAttr == null) {
+ hasTimestamp = false;
+ return null;
+ }
+
+ PKCS7 tsToken = new PKCS7((byte[])tsTokenAttr.getValue());
+ // Extract the content (an encoded timestamp token info)
+ byte[] encTsTokenInfo = tsToken.getContentInfo().getData();
+ // Extract the signer (the Timestamping Authority)
+ // while verifying the content
+ SignerInfo[] tsa = tsToken.verify(encTsTokenInfo);
+ // Expect only one signer
+ ArrayList chain = tsa[0].getCertificateChain(tsToken);
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ CertPath tsaChain = cf.generateCertPath(chain);
+ // Create a timestamp token info object
+ TimestampToken tsTokenInfo = new TimestampToken(encTsTokenInfo);
+ // Create a timestamp object
+ timestamp = new Timestamp(tsTokenInfo.getDate(), tsaChain);
+ return timestamp;
+ }
+
public String toString() {
HexDumpEncoder hexDump = new HexDumpEncoder();
@@ -467,5 +529,4 @@
}
return out;
}
-
}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java Fri Oct 28 17:49:02 2011 -0700
@@ -0,0 +1,353 @@
+/*
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+
+package sun.security.pkcs10;
+
+import java.io.PrintStream;
+import java.io.IOException;
+import java.math.BigInteger;
+
+import java.security.cert.CertificateException;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.PublicKey;
+
+import sun.misc.BASE64Encoder;
+
+import sun.security.util.*;
+import sun.security.x509.AlgorithmId;
+import sun.security.x509.X509Key;
+import sun.security.x509.X500Name;
+
+/**
+ * A PKCS #10 certificate request is created and sent to a Certificate
+ * Authority, which then creates an X.509 certificate and returns it to
+ * the entity that requested it. A certificate request basically consists
+ * of the subject's X.500 name, public key, and optionally some attributes,
+ * signed using the corresponding private key.
+ *
+ * The ASN.1 syntax for a Certification Request is:
+ *
+ *
+ * @author David Brownell
+ * @author Amit Kapoor
+ * @author Hemma Prafullchandra
+ */
+public class PKCS10 {
+ /**
+ * Constructs an unsigned PKCS #10 certificate request. Before this
+ * request may be used, it must be encoded and signed. Then it
+ * must be retrieved in some conventional format (e.g. string).
+ *
+ * @param publicKey the public key that should be placed
+ * into the certificate generated by the CA.
+ */
+ public PKCS10(PublicKey publicKey) {
+ subjectPublicKeyInfo = publicKey;
+ attributeSet = new PKCS10Attributes();
+ }
+
+ /**
+ * Constructs an unsigned PKCS #10 certificate request. Before this
+ * request may be used, it must be encoded and signed. Then it
+ * must be retrieved in some conventional format (e.g. string).
+ *
+ * @param publicKey the public key that should be placed
+ * into the certificate generated by the CA.
+ * @param attributes additonal set of PKCS10 attributes requested
+ * for in the certificate.
+ */
+ public PKCS10(PublicKey publicKey, PKCS10Attributes attributes) {
+ subjectPublicKeyInfo = publicKey;
+ attributeSet = attributes;
+ }
+
+ /**
+ * Parses an encoded, signed PKCS #10 certificate request, verifying
+ * the request's signature as it does so. This constructor would
+ * typically be used by a Certificate Authority, from which a new
+ * certificate would then be constructed.
+ *
+ * @param data the DER-encoded PKCS #10 request.
+ * @exception IOException for low level errors reading the data
+ * @exception SignatureException when the signature is invalid
+ * @exception NoSuchAlgorithmException when the signature
+ * algorithm is not supported in this environment
+ */
+ public PKCS10(byte[] data)
+ throws IOException, SignatureException, NoSuchAlgorithmException {
+ DerInputStream in;
+ DerValue[] seq;
+ AlgorithmId id;
+ byte[] sigData;
+ Signature sig;
+
+ encoded = data;
+
+ //
+ // Outer sequence: request, signature algorithm, signature.
+ // Parse, and prepare to verify later.
+ //
+ in = new DerInputStream(data);
+ seq = in.getSequence(3);
+
+ if (seq.length != 3)
+ throw new IllegalArgumentException("not a PKCS #10 request");
+
+ data = seq[0].toByteArray(); // reusing this variable
+ id = AlgorithmId.parse(seq[1]);
+ sigData = seq[2].getBitString();
+
+ //
+ // Inner sequence: version, name, key, attributes
+ //
+ BigInteger serial;
+ DerValue val;
+
+ serial = seq[0].data.getBigInteger();
+ if (!serial.equals(BigInteger.ZERO))
+ throw new IllegalArgumentException("not PKCS #10 v1");
+
+ subject = new X500Name(seq[0].data);
+ subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue());
+
+ // Cope with a somewhat common illegal PKCS #10 format
+ if (seq[0].data.available() != 0)
+ attributeSet = new PKCS10Attributes(seq[0].data);
+ else
+ attributeSet = new PKCS10Attributes();
+
+ if (seq[0].data.available() != 0)
+ throw new IllegalArgumentException("illegal PKCS #10 data");
+
+ //
+ // OK, we parsed it all ... validate the signature using the
+ // key and signature algorithm we found.
+ //
+ try {
+ sig = Signature.getInstance(id.getName());
+ sig.initVerify(subjectPublicKeyInfo);
+ sig.update(data);
+ if (!sig.verify(sigData))
+ throw new SignatureException("Invalid PKCS #10 signature");
+ } catch (InvalidKeyException e) {
+ throw new SignatureException("invalid key");
+ }
+ }
+
+ /**
+ * Create the signed certificate request. This will later be
+ * retrieved in either string or binary format.
+ *
+ * @param subject identifies the signer (by X.500 name).
+ * @param signature private key and signing algorithm to use.
+ * @exception IOException on errors.
+ * @exception CertificateException on certificate handling errors.
+ * @exception SignatureException on signature handling errors.
+ */
+ public void encodeAndSign(X500Name subject, Signature signature)
+ throws CertificateException, IOException, SignatureException {
+ DerOutputStream out, scratch;
+ byte[] certificateRequestInfo;
+ byte[] sig;
+
+ if (encoded != null)
+ throw new SignatureException("request is already signed");
+
+ this.subject = subject;
+
+ /*
+ * Encode cert request info, wrap in a sequence for signing
+ */
+ scratch = new DerOutputStream();
+ scratch.putInteger(BigInteger.ZERO); // PKCS #10 v1.0
+ subject.encode(scratch); // X.500 name
+ scratch.write(subjectPublicKeyInfo.getEncoded()); // public key
+ attributeSet.encode(scratch);
+
+ out = new DerOutputStream();
+ out.write(DerValue.tag_Sequence, scratch); // wrap it!
+ certificateRequestInfo = out.toByteArray();
+ scratch = out;
+
+ /*
+ * Sign it ...
+ */
+ signature.update(certificateRequestInfo, 0,
+ certificateRequestInfo.length);
+ sig = signature.sign();
+
+ /*
+ * Build guts of SIGNED macro
+ */
+ AlgorithmId algId = null;
+ try {
+ algId = AlgorithmId.get(signature.getAlgorithm());
+ } catch (NoSuchAlgorithmException nsae) {
+ throw new SignatureException(nsae);
+ }
+ algId.encode(scratch); // sig algorithm
+ scratch.putBitString(sig); // sig
+
+ /*
+ * Wrap those guts in a sequence
+ */
+ out = new DerOutputStream();
+ out.write(DerValue.tag_Sequence, scratch);
+ encoded = out.toByteArray();
+ }
+
+ /**
+ * Returns the subject's name.
+ */
+ public X500Name getSubjectName() { return subject; }
+
+ /**
+ * Returns the subject's public key.
+ */
+ public PublicKey getSubjectPublicKeyInfo()
+ { return subjectPublicKeyInfo; }
+
+ /**
+ * Returns the additional attributes requested.
+ */
+ public PKCS10Attributes getAttributes()
+ { return attributeSet; }
+
+ /**
+ * Returns the encoded and signed certificate request as a
+ * DER-encoded byte array.
+ *
+ * @return the certificate request, or null if encodeAndSign()
+ * has not yet been called.
+ */
+ public byte[] getEncoded() {
+ if (encoded != null)
+ return encoded.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Prints an E-Mailable version of the certificate request on the print
+ * stream passed. The format is a common base64 encoded one, supported
+ * by most Certificate Authorities because Netscape web servers have
+ * used this for some time. Some certificate authorities expect some
+ * more information, in particular contact information for the web
+ * server administrator.
+ *
+ * @param out the print stream where the certificate request
+ * will be printed.
+ * @exception IOException when an output operation failed
+ * @exception SignatureException when the certificate request was
+ * not yet signed.
+ */
+ public void print(PrintStream out)
+ throws IOException, SignatureException {
+ if (encoded == null)
+ throw new SignatureException("Cert request was not signed");
+
+ BASE64Encoder encoder = new BASE64Encoder();
+
+ out.println("-----BEGIN NEW CERTIFICATE REQUEST-----");
+ encoder.encodeBuffer(encoded, out);
+ out.println("-----END NEW CERTIFICATE REQUEST-----");
+ }
+
+ /**
+ * Provides a short description of this request.
+ */
+ public String toString() {
+ return "[PKCS #10 certificate request:\n"
+ + subjectPublicKeyInfo.toString()
+ + " subject: <" + subject + ">" + "\n"
+ + " attributes: " + attributeSet.toString()
+ + "\n]";
+ }
+
+ /**
+ * Compares this object for equality with the specified
+ * object. If the other object is an
+ * instanceofPKCS10, then
+ * its encoded form is retrieved and compared with the
+ * encoded form of this certificate request.
+ *
+ * @param other the object to test for equality with this object.
+ * @return true iff the encoded forms of the two certificate
+ * requests match, false otherwise.
+ */
+ public boolean equals(Object other) {
+ if (this == other)
+ return true;
+ if (!(other instanceof PKCS10))
+ return false;
+ if (encoded == null) // not signed yet
+ return false;
+ byte[] otherEncoded = ((PKCS10)other).getEncoded();
+ if (otherEncoded == null)
+ return false;
+
+ return java.util.Arrays.equals(encoded, otherEncoded);
+ }
+
+ /**
+ * Returns a hashcode value for this certificate request from its
+ * encoded form.
+ *
+ * @return the hashcode value.
+ */
+ public int hashCode() {
+ int retval = 0;
+ if (encoded != null)
+ for (int i = 1; i < encoded.length; i++)
+ retval += encoded[i] * i;
+ return(retval);
+ }
+
+ private X500Name subject;
+ private PublicKey subjectPublicKeyInfo;
+ private PKCS10Attributes attributeSet;
+ private byte[] encoded; // signed
+}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/pkcs10/PKCS10Attribute.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/pkcs10/PKCS10Attribute.java Fri Oct 28 17:49:02 2011 -0700
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.pkcs10;
+
+import java.io.OutputStream;
+import java.io.IOException;
+
+import sun.security.pkcs.PKCS9Attribute;
+import sun.security.util.*;
+
+/**
+ * Represent a PKCS#10 Attribute.
+ *
+ *
Attributes are additonal information which can be inserted in a PKCS#10
+ * certificate request. For example a "Driving License Certificate" could have
+ * the driving license number as an attribute.
+ *
+ *
Attributes are represented as a sequence of the attribute identifier
+ * (Object Identifier) and a set of DER encoded attribute values.
+ *
+ * ASN.1 definition of Attribute:
+ *
+ * Attribute :: SEQUENCE {
+ * type AttributeType,
+ * values SET OF AttributeValue
+ * }
+ * AttributeType ::= OBJECT IDENTIFIER
+ * AttributeValue ::= ANY defined by type
+ *
+ *
+ * @author Amit Kapoor
+ * @author Hemma Prafullchandra
+ */
+public class PKCS10Attribute implements DerEncoder {
+
+ protected ObjectIdentifier attributeId = null;
+ protected Object attributeValue = null;
+
+ /**
+ * Constructs an attribute from a DER encoding.
+ * This constructor expects the value to be encoded as defined above,
+ * i.e. a SEQUENCE of OID and SET OF value(s), not a literal
+ * X.509 v3 extension. Only PKCS9 defined attributes are supported
+ * currently.
+ *
+ * @param derVal the der encoded attribute.
+ * @exception IOException on parsing errors.
+ */
+ public PKCS10Attribute(DerValue derVal) throws IOException {
+ PKCS9Attribute attr = new PKCS9Attribute(derVal);
+ this.attributeId = attr.getOID();
+ this.attributeValue = attr.getValue();
+ }
+
+ /**
+ * Constructs an attribute from individual components of
+ * ObjectIdentifier and the value (any java object).
+ *
+ * @param attributeId the ObjectIdentifier of the attribute.
+ * @param attributeValue an instance of a class that implements
+ * the attribute identified by the ObjectIdentifier.
+ */
+ public PKCS10Attribute(ObjectIdentifier attributeId,
+ Object attributeValue) {
+ this.attributeId = attributeId;
+ this.attributeValue = attributeValue;
+ }
+
+ /**
+ * Constructs an attribute from PKCS9 attribute.
+ *
+ * @param attr the PKCS9Attribute to create from.
+ */
+ public PKCS10Attribute(PKCS9Attribute attr) {
+ this.attributeId = attr.getOID();
+ this.attributeValue = attr.getValue();
+ }
+
+ /**
+ * DER encode this object onto an output stream.
+ * Implements the DerEncoder interface.
+ *
+ * @param out
+ * the OutputStream on which to write the DER encoding.
+ *
+ * @exception IOException on encoding errors.
+ */
+ public void derEncode(OutputStream out) throws IOException {
+ PKCS9Attribute attr = new PKCS9Attribute(attributeId, attributeValue);
+ attr.derEncode(out);
+ }
+
+ /**
+ * Returns the ObjectIdentifier of the attribute.
+ */
+ public ObjectIdentifier getAttributeId() {
+ return (attributeId);
+ }
+
+ /**
+ * Returns the attribute value.
+ */
+ public Object getAttributeValue() {
+ return (attributeValue);
+ }
+
+ /**
+ * Returns the attribute in user readable form.
+ */
+ public String toString() {
+ return (attributeValue.toString());
+ }
+}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/pkcs10/PKCS10Attributes.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/pkcs10/PKCS10Attributes.java Fri Oct 28 17:49:02 2011 -0700
@@ -0,0 +1,219 @@
+/*
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.pkcs10;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.security.cert.CertificateException;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+import sun.security.util.*;
+
+/**
+ * This class defines the PKCS10 attributes for the request.
+ * The ASN.1 syntax for this is:
+ *
+ * Attributes ::= SET OF Attribute
+ *
+ *
+ * @author Amit Kapoor
+ * @author Hemma Prafullchandra
+ * @see PKCS10
+ * @see PKCS10Attribute
+ */
+public class PKCS10Attributes implements DerEncoder {
+
+ private Hashtable map =
+ new Hashtable(3);
+
+ /**
+ * Default constructor for the PKCS10 attribute.
+ */
+ public PKCS10Attributes() { }
+
+ /**
+ * Create the object from the array of PKCS10Attribute objects.
+ *
+ * @param attrs the array of PKCS10Attribute objects.
+ */
+ public PKCS10Attributes(PKCS10Attribute[] attrs) {
+ for (int i = 0; i < attrs.length; i++) {
+ map.put(attrs[i].getAttributeId().toString(), attrs[i]);
+ }
+ }
+
+ /**
+ * Create the object, decoding the values from the passed DER stream.
+ * The DER stream contains the SET OF Attribute.
+ *
+ * @param in the DerInputStream to read the attributes from.
+ * @exception IOException on decoding errors.
+ */
+ public PKCS10Attributes(DerInputStream in) throws IOException {
+ DerValue[] attrs = in.getSet(3, true);
+
+ if (attrs == null)
+ throw new IOException("Illegal encoding of attributes");
+ for (int i = 0; i < attrs.length; i++) {
+ PKCS10Attribute attr = new PKCS10Attribute(attrs[i]);
+ map.put(attr.getAttributeId().toString(), attr);
+ }
+ }
+
+ /**
+ * Encode the attributes in DER form to the stream.
+ *
+ * @param out the OutputStream to marshal the contents to.
+ * @exception IOException on encoding errors.
+ */
+ public void encode(OutputStream out) throws IOException {
+ derEncode(out);
+ }
+
+ /**
+ * Encode the attributes in DER form to the stream.
+ * Implements the DerEncoder interface.
+ *
+ * @param out the OutputStream to marshal the contents to.
+ * @exception IOException on encoding errors.
+ */
+ public void derEncode(OutputStream out) throws IOException {
+ // first copy the elements into an array
+ Collection allAttrs = map.values();
+ PKCS10Attribute[] attribs =
+ allAttrs.toArray(new PKCS10Attribute[map.size()]);
+
+ DerOutputStream attrOut = new DerOutputStream();
+ attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT,
+ true, (byte)0),
+ attribs);
+ out.write(attrOut.toByteArray());
+ }
+
+ /**
+ * Set the attribute value.
+ */
+ public void setAttribute(String name, Object obj) {
+ if (obj instanceof PKCS10Attribute) {
+ map.put(name, (PKCS10Attribute)obj);
+ }
+ }
+
+ /**
+ * Get the attribute value.
+ */
+ public Object getAttribute(String name) {
+ return map.get(name);
+ }
+
+ /**
+ * Delete the attribute value.
+ */
+ public void deleteAttribute(String name) {
+ map.remove(name);
+ }
+
+ /**
+ * Return an enumeration of names of attributes existing within this
+ * attribute.
+ */
+ public Enumeration getElements() {
+ return (map.elements());
+ }
+
+ /**
+ * Return a Collection of attributes existing within this
+ * PKCS10Attributes object.
+ */
+ public Collection getAttributes() {
+ return (Collections.unmodifiableCollection(map.values()));
+ }
+
+ /**
+ * Compares this PKCS10Attributes for equality with the specified
+ * object. If the other object is an
+ * instanceofPKCS10Attributes, then
+ * all the entries are compared with the entries from this.
+ *
+ * @param other the object to test for equality with this PKCS10Attributes.
+ * @return true if all the entries match that of the Other,
+ * false otherwise.
+ */
+ public boolean equals(Object other) {
+ if (this == other)
+ return true;
+ if (!(other instanceof PKCS10Attributes))
+ return false;
+
+ Collection othersAttribs =
+ ((PKCS10Attributes)other).getAttributes();
+ PKCS10Attribute[] attrs =
+ othersAttribs.toArray(new PKCS10Attribute[othersAttribs.size()]);
+ int len = attrs.length;
+ if (len != map.size())
+ return false;
+ PKCS10Attribute thisAttr, otherAttr;
+ String key = null;
+ for (int i=0; i < len; i++) {
+ otherAttr = attrs[i];
+ key = otherAttr.getAttributeId().toString();
+
+ if (key == null)
+ return false;
+ thisAttr = map.get(key);
+ if (thisAttr == null)
+ return false;
+ if (! thisAttr.equals(otherAttr))
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Returns a hashcode value for this PKCS10Attributes.
+ *
+ * @return the hashcode value.
+ */
+ public int hashCode() {
+ return map.hashCode();
+ }
+
+ /**
+ * Returns a string representation of this PKCS10Attributes object
+ * in the form of a set of entries, enclosed in braces and separated
+ * by the ASCII characters ", " (comma and space).
+ *
Overrides the toString method of Object.
+ *
+ * @return a string representation of this PKCS10Attributes.
+ */
+ public String toString() {
+ String s = map.size() + "\n" + map.toString();
+ return s;
+ }
+}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/pkcs11/Config.java
--- a/jdk/src/share/classes/sun/security/pkcs11/Config.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/sun/security/pkcs11/Config.java Fri Oct 28 17:49:02 2011 -0700
@@ -192,6 +192,11 @@
// works only for NSS providers created via the Secmod API
private boolean nssUseSecmodTrust = false;
+ // Flag to indicate whether the X9.63 encoding for EC points shall be used
+ // (true) or whether that encoding shall be wrapped in an ASN.1 OctetString
+ // (false).
+ private boolean useEcX963Encoding = false;
+
private Config(String filename, InputStream in) throws IOException {
if (in == null) {
if (filename.startsWith("--")) {
@@ -320,6 +325,10 @@
return nssUseSecmodTrust;
}
+ boolean getUseEcX963Encoding() {
+ return useEcX963Encoding;
+ }
+
private static String expand(final String s) throws IOException {
try {
return PropertyExpander.expand(s);
@@ -440,6 +449,8 @@
parseNSSArgs(word);
} else if (word.equals("nssUseSecmodTrust")) {
nssUseSecmodTrust = parseBooleanEntry(word);
+ } else if (word.equals("useEcX963Encoding")) {
+ useEcX963Encoding = parseBooleanEntry(word);
} else {
throw new ConfigurationException
("Unknown keyword '" + word + "', line " + st.lineno());
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/pkcs11/KeyCache.java
--- a/jdk/src/share/classes/sun/security/pkcs11/KeyCache.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/sun/security/pkcs11/KeyCache.java Fri Oct 28 17:49:02 2011 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -48,7 +48,7 @@
*/
final class KeyCache {
- private final Cache strongCache;
+ private final Cache strongCache;
private WeakReference> cacheReference;
@@ -77,7 +77,7 @@
}
synchronized P11Key get(Key key) {
- P11Key p11Key = (P11Key)strongCache.get(new IdentityWrapper(key));
+ P11Key p11Key = strongCache.get(new IdentityWrapper(key));
if (p11Key != null) {
return p11Key;
}
@@ -94,8 +94,8 @@
Map map =
(cacheReference == null) ? null : cacheReference.get();
if (map == null) {
- map = new IdentityHashMap();
- cacheReference = new WeakReference>(map);
+ map = new IdentityHashMap<>();
+ cacheReference = new WeakReference<>(map);
}
map.put(key, p11Key);
}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java
--- a/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Fri Oct 28 17:49:02 2011 -0700
@@ -203,14 +203,20 @@
private PublicKey generatePublic(ECPoint point, ECParameterSpec params) throws PKCS11Exception {
byte[] encodedParams = ECParameters.encodeParameters(params);
- byte[] encodedPoint = null;
- DerValue pkECPoint = new DerValue(DerValue.tag_OctetString,
- ECParameters.encodePoint(point, params.getCurve()));
+ byte[] encodedPoint =
+ ECParameters.encodePoint(point, params.getCurve());
- try {
- encodedPoint = pkECPoint.toByteArray();
- } catch (IOException e) {
- throw new IllegalArgumentException("Could not DER encode point", e);
+ // Check whether the X9.63 encoding of an EC point shall be wrapped
+ // in an ASN.1 OCTET STRING
+ if (!token.config.getUseEcX963Encoding()) {
+ try {
+ encodedPoint =
+ new DerValue(DerValue.tag_OctetString, encodedPoint)
+ .toByteArray();
+ } catch (IOException e) {
+ throw new
+ IllegalArgumentException("Could not DER encode point", e);
+ }
}
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/pkcs11/P11Key.java
--- a/jdk/src/share/classes/sun/security/pkcs11/P11Key.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11Key.java Fri Oct 28 17:49:02 2011 -0700
@@ -1028,28 +1028,21 @@
try {
params = P11ECKeyFactory.decodeParameters
(attributes[1].getByteArray());
-
- /*
- * An uncompressed EC point may be in either of two formats.
- * First try the OCTET STRING encoding:
- * 04 04
- *
- * Otherwise try the raw encoding:
- * 04
- */
byte[] ecKey = attributes[0].getByteArray();
- try {
+ // Check whether the X9.63 encoding of an EC point is wrapped
+ // in an ASN.1 OCTET STRING
+ if (!token.config.getUseEcX963Encoding()) {
DerValue wECPoint = new DerValue(ecKey);
- if (wECPoint.getTag() != DerValue.tag_OctetString)
- throw new IOException("Unexpected tag: " +
- wECPoint.getTag());
+ if (wECPoint.getTag() != DerValue.tag_OctetString) {
+ throw new IOException("Could not DER decode EC point." +
+ " Unexpected tag: " + wECPoint.getTag());
+ }
w = P11ECKeyFactory.decodePoint
(wECPoint.getDataBytes(), params.getCurve());
- } catch (IOException e) {
- // Failover
+ } else {
w = P11ECKeyFactory.decodePoint(ecKey, params.getCurve());
}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/provider/X509Factory.java
--- a/jdk/src/share/classes/sun/security/provider/X509Factory.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/sun/security/provider/X509Factory.java Fri Oct 28 17:49:02 2011 -0700
@@ -64,8 +64,10 @@
private static final int ENC_MAX_LENGTH = 4096 * 1024; // 4 MB MAX
- private static final Cache certCache = Cache.newSoftMemoryCache(750);
- private static final Cache crlCache = Cache.newSoftMemoryCache(750);
+ private static final Cache certCache
+ = Cache.newSoftMemoryCache(750);
+ private static final Cache crlCache
+ = Cache.newSoftMemoryCache(750);
/**
* Generates an X.509 certificate object and initializes it with
@@ -90,7 +92,7 @@
try {
byte[] encoding = readOneBlock(is);
if (encoding != null) {
- X509CertImpl cert = (X509CertImpl)getFromCache(certCache, encoding);
+ X509CertImpl cert = getFromCache(certCache, encoding);
if (cert != null) {
return cert;
}
@@ -151,7 +153,7 @@
} else {
encoding = c.getEncoded();
}
- X509CertImpl newC = (X509CertImpl)getFromCache(certCache, encoding);
+ X509CertImpl newC = getFromCache(certCache, encoding);
if (newC != null) {
return newC;
}
@@ -181,7 +183,7 @@
} else {
encoding = c.getEncoded();
}
- X509CRLImpl newC = (X509CRLImpl)getFromCache(crlCache, encoding);
+ X509CRLImpl newC = getFromCache(crlCache, encoding);
if (newC != null) {
return newC;
}
@@ -198,18 +200,17 @@
/**
* Get the X509CertImpl or X509CRLImpl from the cache.
*/
- private static synchronized Object getFromCache(Cache cache,
+ private static synchronized V getFromCache(Cache cache,
byte[] encoding) {
Object key = new Cache.EqualByteArray(encoding);
- Object value = cache.get(key);
- return value;
+ return cache.get(key);
}
/**
* Add the X509CertImpl or X509CRLImpl to the cache.
*/
- private static synchronized void addToCache(Cache cache, byte[] encoding,
- Object value) {
+ private static synchronized void addToCache(Cache cache,
+ byte[] encoding, V value) {
if (encoding.length > ENC_MAX_LENGTH) {
return;
}
@@ -361,7 +362,7 @@
try {
byte[] encoding = readOneBlock(is);
if (encoding != null) {
- X509CRLImpl crl = (X509CRLImpl)getFromCache(crlCache, encoding);
+ X509CRLImpl crl = getFromCache(crlCache, encoding);
if (crl != null) {
return crl;
}
@@ -669,6 +670,23 @@
bout.write(midByte);
bout.write(lowByte);
length = (highByte << 16) | (midByte << 8) | lowByte;
+ } else if (n == 0x84) {
+ int highByte = is.read();
+ int nextByte = is.read();
+ int midByte = is.read();
+ int lowByte = is.read();
+ if (lowByte == -1) {
+ throw new IOException("Incomplete BER/DER length info");
+ }
+ if (highByte > 127) {
+ throw new IOException("Invalid BER/DER data (a little huge?)");
+ }
+ bout.write(highByte);
+ bout.write(nextByte);
+ bout.write(midByte);
+ bout.write(lowByte);
+ length = (highByte << 24 ) | (nextByte << 16) |
+ (midByte << 8) | lowByte;
} else { // ignore longer length forms
throw new IOException("Invalid BER/DER data (too huge?)");
}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java
--- a/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java Fri Oct 28 17:49:02 2011 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,32 +27,87 @@
import java.net.URI;
import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+import java.security.AccessController;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidAlgorithmParameterException;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.security.cert.CertStore;
import java.security.cert.X509CertSelector;
import java.security.cert.X509CRLSelector;
import javax.security.auth.x500.X500Principal;
import java.io.IOException;
+import sun.security.util.Cache;
+
/**
- * Helper used by URICertStore when delegating to another CertStore to
- * fetch certs and CRLs.
+ * Helper used by URICertStore and others when delegating to another CertStore
+ * to fetch certs and CRLs.
*/
-public interface CertStoreHelper {
+public abstract class CertStoreHelper {
+
+ private static final int NUM_TYPES = 2;
+ private final static Map classMap = new HashMap<>(NUM_TYPES);
+ static {
+ classMap.put(
+ "LDAP",
+ "sun.security.provider.certpath.ldap.LDAPCertStoreHelper");
+ classMap.put(
+ "SSLServer",
+ "sun.security.provider.certpath.ssl.SSLServerCertStoreHelper");
+ };
+ private static Cache cache
+ = Cache.newSoftMemoryCache(NUM_TYPES);
+
+ public static CertStoreHelper getInstance(final String type)
+ throws NoSuchAlgorithmException
+ {
+ CertStoreHelper helper = cache.get(type);
+ if (helper != null) {
+ return helper;
+ }
+ final String cl = classMap.get(type);
+ if (cl == null) {
+ throw new NoSuchAlgorithmException(type + " not available");
+ }
+ try {
+ helper = AccessController.doPrivileged(
+ new PrivilegedExceptionAction() {
+ public CertStoreHelper run() throws ClassNotFoundException {
+ try {
+ Class c = Class.forName(cl, true, null);
+ CertStoreHelper csh
+ = (CertStoreHelper)c.newInstance();
+ cache.put(type, csh);
+ return csh;
+ } catch (InstantiationException e) {
+ throw new AssertionError(e);
+ } catch (IllegalAccessException e) {
+ throw new AssertionError(e);
+ }
+ }
+ });
+ return helper;
+ } catch (PrivilegedActionException e) {
+ throw new NoSuchAlgorithmException(type + " not available",
+ e.getException());
+ }
+ }
/**
* Returns a CertStore using the given URI as parameters.
*/
- CertStore getCertStore(URI uri)
+ public abstract CertStore getCertStore(URI uri)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
/**
* Wraps an existing X509CertSelector when needing to avoid DN matching
* issues.
*/
- X509CertSelector wrap(X509CertSelector selector,
+ public abstract X509CertSelector wrap(X509CertSelector selector,
X500Principal certSubject,
String dn)
throws IOException;
@@ -61,7 +116,7 @@
* Wraps an existing X509CRLSelector when needing to avoid DN matching
* issues.
*/
- X509CRLSelector wrap(X509CRLSelector selector,
+ public abstract X509CRLSelector wrap(X509CRLSelector selector,
Collection certIssuers,
String dn)
throws IOException;
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java
--- a/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java Fri Oct 28 17:49:02 2011 -0700
@@ -30,8 +30,6 @@
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URLConnection;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
@@ -102,8 +100,7 @@
private final CertificateFactory factory;
// cached Collection of X509Certificates (may be empty, never null)
- private Collection certs =
- Collections.emptySet();
+ private Collection certs = Collections.emptySet();
// cached X509CRL (may be null)
private X509CRL crl;
@@ -120,36 +117,11 @@
// true if URI is ldap
private boolean ldap = false;
+ private CertStoreHelper ldapHelper;
private CertStore ldapCertStore;
private String ldapPath;
/**
- * Holder class to lazily load LDAPCertStoreHelper if present.
- */
- private static class LDAP {
- private static final String CERT_STORE_HELPER =
- "sun.security.provider.certpath.ldap.LDAPCertStoreHelper";
- private static final CertStoreHelper helper =
- AccessController.doPrivileged(
- new PrivilegedAction() {
- public CertStoreHelper run() {
- try {
- Class c = Class.forName(CERT_STORE_HELPER, true, null);
- return (CertStoreHelper)c.newInstance();
- } catch (ClassNotFoundException cnf) {
- return null;
- } catch (InstantiationException e) {
- throw new AssertionError(e);
- } catch (IllegalAccessException e) {
- throw new AssertionError(e);
- }
- }});
- static CertStoreHelper helper() {
- return helper;
- }
- }
-
- /**
* Creates a URICertStore.
*
* @param parameters specifying the URI
@@ -164,10 +136,9 @@
this.uri = ((URICertStoreParameters) params).uri;
// if ldap URI, use an LDAPCertStore to fetch certs and CRLs
if (uri.getScheme().toLowerCase(Locale.ENGLISH).equals("ldap")) {
- if (LDAP.helper() == null)
- throw new NoSuchAlgorithmException("LDAP not present");
ldap = true;
- ldapCertStore = LDAP.helper().getCertStore(uri);
+ ldapHelper = CertStoreHelper.getInstance("LDAP");
+ ldapCertStore = ldapHelper.getCertStore(uri);
ldapPath = uri.getPath();
// strip off leading '/'
if (ldapPath.charAt(0) == '/') {
@@ -185,14 +156,14 @@
* Returns a URI CertStore. This method consults a cache of
* CertStores (shared per JVM) using the URI as a key.
*/
- private static final Cache certStoreCache =
- Cache.newSoftMemoryCache(CACHE_SIZE);
+ private static final Cache
+ certStoreCache = Cache.newSoftMemoryCache(CACHE_SIZE);
static synchronized CertStore getInstance(URICertStoreParameters params)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
if (debug != null) {
debug.println("CertStore URI:" + params.uri);
}
- CertStore ucs = (CertStore) certStoreCache.get(params);
+ CertStore ucs = certStoreCache.get(params);
if (ucs == null) {
ucs = new UCS(new URICertStore(params), null, "URI", params);
certStoreCache.put(params, ucs);
@@ -251,7 +222,7 @@
if (ldap) {
X509CertSelector xsel = (X509CertSelector) selector;
try {
- xsel = LDAP.helper().wrap(xsel, xsel.getSubject(), ldapPath);
+ xsel = ldapHelper.wrap(xsel, xsel.getSubject(), ldapPath);
} catch (IOException ioe) {
throw new CertStoreException(ioe);
}
@@ -273,62 +244,49 @@
return getMatchingCerts(certs, selector);
}
lastChecked = time;
- InputStream in = null;
try {
URLConnection connection = uri.toURL().openConnection();
if (lastModified != 0) {
connection.setIfModifiedSince(lastModified);
}
- in = connection.getInputStream();
long oldLastModified = lastModified;
- lastModified = connection.getLastModified();
- if (oldLastModified != 0) {
- if (oldLastModified == lastModified) {
- if (debug != null) {
- debug.println("Not modified, using cached copy");
- }
- return getMatchingCerts(certs, selector);
- } else if (connection instanceof HttpURLConnection) {
- // some proxy servers omit last modified
- HttpURLConnection hconn = (HttpURLConnection) connection;
- if (hconn.getResponseCode()
- == HttpURLConnection.HTTP_NOT_MODIFIED) {
+ try (InputStream in = connection.getInputStream()) {
+ lastModified = connection.getLastModified();
+ if (oldLastModified != 0) {
+ if (oldLastModified == lastModified) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCerts(certs, selector);
+ } else if (connection instanceof HttpURLConnection) {
+ // some proxy servers omit last modified
+ HttpURLConnection hconn = (HttpURLConnection)connection;
+ if (hconn.getResponseCode()
+ == HttpURLConnection.HTTP_NOT_MODIFIED) {
+ if (debug != null) {
+ debug.println("Not modified, using cached copy");
+ }
+ return getMatchingCerts(certs, selector);
+ }
}
}
- }
- if (debug != null) {
- debug.println("Downloading new certificates...");
+ if (debug != null) {
+ debug.println("Downloading new certificates...");
+ }
+ // Safe cast since factory is an X.509 certificate factory
+ certs = (Collection)
+ factory.generateCertificates(in);
}
- // Safe cast since factory is an X.509 certificate factory
- certs = (Collection)
- factory.generateCertificates(in);
return getMatchingCerts(certs, selector);
- } catch (IOException e) {
+ } catch (IOException | CertificateException e) {
if (debug != null) {
debug.println("Exception fetching certificates:");
e.printStackTrace();
}
- } catch (CertificateException e) {
- if (debug != null) {
- debug.println("Exception fetching certificates:");
- e.printStackTrace();
- }
- } finally {
- if (in != null) {
- try {
- in.close();
- } catch (IOException e) {
- // ignore
- }
- }
}
// exception, forget previous values
lastModified = 0;
- certs = Collections.emptySet();
+ certs = Collections.emptySet();
return certs;
}
@@ -343,8 +301,7 @@
if (selector == null) {
return certs;
}
- List matchedCerts =
- new ArrayList(certs.size());
+ List matchedCerts = new ArrayList<>(certs.size());
for (X509Certificate cert : certs) {
if (selector.match(cert)) {
matchedCerts.add(cert);
@@ -374,7 +331,7 @@
if (ldap) {
X509CRLSelector xsel = (X509CRLSelector) selector;
try {
- xsel = LDAP.helper().wrap(xsel, null, ldapPath);
+ xsel = ldapHelper.wrap(xsel, null, ldapPath);
} catch (IOException ioe) {
throw new CertStoreException(ioe);
}
@@ -395,61 +352,48 @@
return getMatchingCRLs(crl, selector);
}
lastChecked = time;
- InputStream in = null;
try {
URLConnection connection = uri.toURL().openConnection();
if (lastModified != 0) {
connection.setIfModifiedSince(lastModified);
}
- in = connection.getInputStream();
long oldLastModified = lastModified;
- lastModified = connection.getLastModified();
- if (oldLastModified != 0) {
- if (oldLastModified == lastModified) {
- if (debug != null) {
- debug.println("Not modified, using cached copy");
- }
- return getMatchingCRLs(crl, selector);
- } else if (connection instanceof HttpURLConnection) {
- // some proxy servers omit last modified
- HttpURLConnection hconn = (HttpURLConnection) connection;
- if (hconn.getResponseCode()
- == HttpURLConnection.HTTP_NOT_MODIFIED) {
+ try (InputStream in = connection.getInputStream()) {
+ lastModified = connection.getLastModified();
+ if (oldLastModified != 0) {
+ if (oldLastModified == lastModified) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCRLs(crl, selector);
+ } else if (connection instanceof HttpURLConnection) {
+ // some proxy servers omit last modified
+ HttpURLConnection hconn = (HttpURLConnection)connection;
+ if (hconn.getResponseCode()
+ == HttpURLConnection.HTTP_NOT_MODIFIED) {
+ if (debug != null) {
+ debug.println("Not modified, using cached copy");
+ }
+ return getMatchingCRLs(crl, selector);
+ }
}
}
- }
- if (debug != null) {
- debug.println("Downloading new CRL...");
+ if (debug != null) {
+ debug.println("Downloading new CRL...");
+ }
+ crl = (X509CRL) factory.generateCRL(in);
}
- crl = (X509CRL) factory.generateCRL(in);
return getMatchingCRLs(crl, selector);
- } catch (IOException e) {
+ } catch (IOException | CRLException e) {
if (debug != null) {
debug.println("Exception fetching CRL:");
e.printStackTrace();
}
- } catch (CRLException e) {
- if (debug != null) {
- debug.println("Exception fetching CRL:");
- e.printStackTrace();
- }
- } finally {
- if (in != null) {
- try {
- in.close();
- } catch (IOException e) {
- // ignore
- }
- }
}
// exception, forget previous values
lastModified = 0;
crl = null;
- return Collections.emptyList();
+ return Collections.emptyList();
}
/**
@@ -459,9 +403,9 @@
private static Collection getMatchingCRLs
(X509CRL crl, CRLSelector selector) {
if (selector == null || (crl != null && selector.match(crl))) {
- return Collections.singletonList(crl);
+ return Collections.singletonList(crl);
} else {
- return Collections.emptyList();
+ return Collections.emptyList();
}
}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/provider/certpath/X509CertificatePair.java
--- a/jdk/src/share/classes/sun/security/provider/certpath/X509CertificatePair.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/sun/security/provider/certpath/X509CertificatePair.java Fri Oct 28 17:49:02 2011 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -79,7 +79,8 @@
private X509Certificate reverse;
private byte[] encoded;
- private static final Cache cache = Cache.newSoftMemoryCache(750);
+ private static final Cache cache
+ = Cache.newSoftMemoryCache(750);
/**
* Creates an empty instance of X509CertificatePair.
@@ -114,7 +115,7 @@
*
* For internal use only, external code should use generateCertificatePair.
*/
- private X509CertificatePair(byte[] encoded)throws CertificateException {
+ private X509CertificatePair(byte[] encoded) throws CertificateException {
try {
parse(new DerValue(encoded));
this.encoded = encoded;
@@ -138,7 +139,7 @@
public static synchronized X509CertificatePair generateCertificatePair
(byte[] encoded) throws CertificateException {
Object key = new Cache.EqualByteArray(encoded);
- X509CertificatePair pair = (X509CertificatePair)cache.get(key);
+ X509CertificatePair pair = cache.get(key);
if (pair != null) {
return pair;
}
diff -r c049b778ca61 -r 7e570cc378fb jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
--- a/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Thu Oct 27 13:54:42 2011 -0700
+++ b/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Fri Oct 28 17:49:02 2011 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -103,7 +103,7 @@
* @author Steve Hanna
* @author Andreas Sterbenz
*/
-public class LDAPCertStore extends CertStoreSpi {
+public final class LDAPCertStore extends CertStoreSpi {
private static final Debug debug = Debug.getInstance("certpath");
@@ -160,7 +160,7 @@
*/
private boolean prefetchCRLs = false;
- private final Cache valueCache;
+ private final Cache valueCache;
private int cacheHits = 0;
private int cacheMisses = 0;
@@ -207,10 +207,11 @@
* Returns an LDAP CertStore. This method consults a cache of
* CertStores (shared per JVM) using the LDAP server/port as a key.
*/
- private static final Cache certStoreCache = Cache.newSoftMemoryCache(185);
+ private static final Cache
+ certStoreCache = Cache.newSoftMemoryCache(185);
static synchronized CertStore getInstance(LDAPCertStoreParameters params)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
- CertStore lcs = (CertStore) certStoreCache.get(params);
+ CertStore lcs = certStoreCache.get(params);
if (lcs == null) {
lcs = CertStore.getInstance("LDAP", params);
certStoreCache.put(params, lcs);
@@ -232,7 +233,7 @@
private void createInitialDirContext(String server, int port)
throws InvalidAlgorithmParameterException {
String url = "ldap://" + server + ":" + port;
- Hashtable env = new Hashtable();
+ Hashtable env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, url);
@@ -283,7 +284,7 @@
LDAPRequest(String name) {
this.name = name;
- requestedAttributes = new ArrayList(5);
+ requestedAttributes = new ArrayList<>(5);
}
String getName() {
@@ -311,7 +312,7 @@
+ cacheMisses);
}
String cacheKey = name + "|" + attrId;
- byte[][] values = (byte[][])valueCache.get(cacheKey);
+ byte[][] values = valueCache.get(cacheKey);
if (values != null) {
cacheHits++;
return values;
@@ -347,7 +348,7 @@
System.out.println("LDAP requests: " + requests);
}
}
- valueMap = new HashMap(8);
+ valueMap = new HashMap<>(8);
String[] attrIds = requestedAttributes.toArray(STRING0);
Attributes attrs;
try {
@@ -429,10 +430,10 @@
int n = encodedCert.length;
if (n == 0) {
- return Collections.emptySet();
+ return Collections.emptySet();
}
- List certs = new ArrayList(n);
+ List certs = new ArrayList<>(n);
/* decode certs and check if they satisfy selector */
for (int i = 0; i < n; i++) {
ByteArrayInputStream bais = new ByteArrayInputStream(encodedCert[i]);
@@ -477,11 +478,10 @@
int n = encodedCertPair.length;
if (n == 0) {
- return Collections.emptySet();
+ return Collections.emptySet();
}
- List certPairs =
- new ArrayList(n);
+ List certPairs = new ArrayList<>(n);
/* decode each cert pair and add it to the Collection */
for (int i = 0; i < n; i++) {
try {
@@ -528,8 +528,7 @@
getCertPairs(request, CROSS_CERT);
// Find Certificates that match and put them in a list
- ArrayList matchingCerts =
- new ArrayList();
+ ArrayList matchingCerts = new ArrayList<>();
for (X509CertificatePair certPair : certPairs) {
X509Certificate cert;
if (forward != null) {
@@ -587,7 +586,7 @@
int basicConstraints = xsel.getBasicConstraints();
String subject = xsel.getSubjectAsString();
String issuer = xsel.getIssuerAsString();
- HashSet certs = new HashSet();
+ HashSet certs = new HashSet<>();
if (debug != null) {
debug.println("LDAPCertStore.engineGetCertificates() basicConstraints: "
+ basicConstraints);
@@ -706,10 +705,10 @@
int n = encodedCRL.length;
if (n == 0) {
- return Collections.emptySet();
+ return Collections.emptySet();
}
- List crls = new ArrayList(n);
+ List crls = new ArrayList<>(n);
/* decode each crl and check if it matches selector */
for (int i = 0; i < n; i++) {
try {
@@ -765,13 +764,13 @@
throw new CertStoreException("need X509CRLSelector to find CRLs");
}
X509CRLSelector xsel = (X509CRLSelector) selector;
- HashSet crls = new HashSet();
+ HashSet crls = new HashSet<>();
// Look in directory entry for issuer of cert we're checking.
Collection