# HG changeset patch # User duke # Date 1499279383 -7200 # Node ID de68c8dd1de2e82bfd059dc8fd3e4c32364beaf6 # Parent 27f6a088fa6a1f3a741ee1b30bff014bc7fcfd72# Parent b427ddb99dba497abbd9a99e2adba685767535b0 Merge diff -r 27f6a088fa6a -r de68c8dd1de2 .hgtags-top-repo --- a/.hgtags-top-repo Thu Apr 23 10:43:31 2015 -0700 +++ b/.hgtags-top-repo Wed Jul 05 20:29:43 2017 +0200 @@ -303,3 +303,4 @@ 6e78dd9b121037719a065fe8fb25b936babdfecb jdk9-b58 39e8a131289e8386aa4c3e4b184faa812a7c0421 jdk9-b59 9fa2185bee17462d1014538bff60af6e6f0b01e7 jdk9-b60 +ea38728b4f4bdd8fd0d7a89b18069f521cf05013 jdk9-b61 diff -r 27f6a088fa6a -r de68c8dd1de2 hotspot/.hgtags --- a/hotspot/.hgtags Thu Apr 23 10:43:31 2015 -0700 +++ b/hotspot/.hgtags Wed Jul 05 20:29:43 2017 +0200 @@ -463,3 +463,4 @@ ee878f3d6732856f7725c590312bfbe2ffa52cc7 jdk9-b58 96bcaec07cb165782bae1b9a1f28450b37a10e3a jdk9-b59 9c916db4bf3bc164a47b5a9cefe5ffd71e111f6a jdk9-b60 +715d2da5801c410746e92f08066d53bde1496286 jdk9-b61 diff -r 27f6a088fa6a -r de68c8dd1de2 hotspot/src/cpu/aarch64/vm/aarch64.ad --- a/hotspot/src/cpu/aarch64/vm/aarch64.ad Thu Apr 23 10:43:31 2015 -0700 +++ b/hotspot/src/cpu/aarch64/vm/aarch64.ad Wed Jul 05 20:29:43 2017 +0200 @@ -793,38 +793,832 @@ } }; - bool preceded_by_ordered_load(const Node *barrier); + // graph traversal helpers + MemBarNode *has_parent_membar(const Node *n, + ProjNode *&ctl, ProjNode *&mem); + MemBarNode *has_child_membar(const MemBarNode *n, + ProjNode *&ctl, ProjNode *&mem); + + // predicates controlling emit of ldr/ldar and associated dmb + bool unnecessary_acquire(const Node *barrier); + bool needs_acquiring_load(const Node *load); + + // predicates controlling emit of str/stlr and associated dmbs + bool unnecessary_release(const Node *barrier); + bool unnecessary_volatile(const Node *barrier); + bool needs_releasing_store(const Node *store); // Use barrier instructions rather than load acquire / store // release. - const bool UseBarriersForVolatile = true; + const bool UseBarriersForVolatile = false; + // Use barrier instructions for unsafe volatile gets rather than + // trying to identify an exact signature for them + const bool UseBarriersForUnsafeVolatileGet = false; %} source %{ - // AArch64 has load acquire and store release instructions which we - // use for ordered memory accesses, e.g. for volatiles. The ideal - // graph generator also inserts memory barriers around volatile - // accesses, and we don't want to generate both barriers and acq/rel - // instructions. So, when we emit a MemBarAcquire we look back in - // the ideal graph for an ordered load and only emit the barrier if - // we don't find one. - -bool preceded_by_ordered_load(const Node *barrier) { + // AArch64 has ldar and stlr instructions which we can safely + // use to implement volatile reads and writes. For a volatile read + // we simply need + // + // ldar + // + // and for a volatile write we need + // + // stlr + // + // Alternatively, we can implement them by pairing a normal + // load/store with a memory barrier. For a volatile read we need + // + // ldr + // dmb ishld + // + // for a volatile write + // + // dmb ish + // str + // dmb ish + // + // In order to generate the desired instruction sequence we need to + // be able to identify specific 'signature' ideal graph node + // sequences which i) occur as a translation of a volatile reads or + // writes and ii) do not occur through any other translation or + // graph transformation. We can then provide alternative aldc + // matching rules which translate these node sequences to the + // desired machine code sequences. Selection of the alternative + // rules can be implemented by predicates which identify the + // relevant node sequences. + // + // The ideal graph generator translates a volatile read to the node + // sequence + // + // LoadX[mo_acquire] + // MemBarAcquire + // + // As a special case when using the compressed oops optimization we + // may also see this variant + // + // LoadN[mo_acquire] + // DecodeN + // MemBarAcquire + // + // A volatile write is translated to the node sequence + // + // MemBarRelease + // StoreX[mo_release] + // MemBarVolatile + // + // n.b. the above node patterns are generated with a strict + // 'signature' configuration of input and output dependencies (see + // the predicates below for exact details). The two signatures are + // unique to translated volatile reads/stores -- they will not + // appear as a result of any other bytecode translation or inlining + // nor as a consequence of optimizing transforms. + // + // We also want to catch inlined unsafe volatile gets and puts and + // be able to implement them using either ldar/stlr or some + // combination of ldr/stlr and dmb instructions. + // + // Inlined unsafe volatiles puts manifest as a minor variant of the + // normal volatile put node sequence containing an extra cpuorder + // membar + // + // MemBarRelease + // MemBarCPUOrder + // StoreX[mo_release] + // MemBarVolatile + // + // n.b. as an aside, the cpuorder membar is not itself subject to + // matching and translation by adlc rules. However, the rule + // predicates need to detect its presence in order to correctly + // select the desired adlc rules. + // + // Inlined unsafe volatiles gets manifest as a somewhat different + // node sequence to a normal volatile get + // + // MemBarCPUOrder + // || \\ + // MemBarAcquire LoadX[mo_acquire] + // || + // MemBarCPUOrder + // + // In this case the acquire membar does not directly depend on the + // load. However, we can be sure that the load is generated from an + // inlined unsafe volatile get if we see it dependent on this unique + // sequence of membar nodes. Similarly, given an acquire membar we + // can know that it was added because of an inlined unsafe volatile + // get if it is fed and feeds a cpuorder membar and if its feed + // membar also feeds an acquiring load. + // + // So, where we can identify these volatile read and write + // signatures we can choose to plant either of the above two code + // sequences. For a volatile read we can simply plant a normal + // ldr and translate the MemBarAcquire to a dmb. However, we can + // also choose to inhibit translation of the MemBarAcquire and + // inhibit planting of the ldr, instead planting an ldar. + // + // When we recognise a volatile store signature we can choose to + // plant at a dmb ish as a translation for the MemBarRelease, a + // normal str and then a dmb ish for the MemBarVolatile. + // Alternatively, we can inhibit translation of the MemBarRelease + // and MemBarVolatile and instead plant a simple stlr + // instruction. + // + // Of course, the above only applies when we see these signature + // configurations. We still want to plant dmb instructions in any + // other cases where we may see a MemBarAcquire, MemBarRelease or + // MemBarVolatile. For example, at the end of a constructor which + // writes final/volatile fields we will see a MemBarRelease + // instruction and this needs a 'dmb ish' lest we risk the + // constructed object being visible without making the + // final/volatile field writes visible. + // + // n.b. the translation rules below which rely on detection of the + // volatile signatures and insert ldar or stlr are failsafe. + // If we see anything other than the signature configurations we + // always just translate the loads and stors to ldr and str + // and translate acquire, release and volatile membars to the + // relevant dmb instructions. + // + // n.b.b as a case in point for the above comment, the current + // predicates don't detect the precise signature for certain types + // of volatile object stores (where the heap_base input type is not + // known at compile-time to be non-NULL). In those cases the + // MemBarRelease and MemBarVolatile bracket an if-then-else sequence + // with a store in each branch (we need a different store depending + // on whether heap_base is actually NULL). In such a case we will + // just plant a dmb both before and after the branch/merge. The + // predicate could (and probably should) be fixed later to also + // detect this case. + + // graph traversal helpers + + // if node n is linked to a parent MemBarNode by an intervening + // Control or Memory ProjNode return the MemBarNode otherwise return + // NULL. + // + // n may only be a Load or a MemBar. + // + // The ProjNode* references c and m are used to return the relevant + // nodes. + + MemBarNode *has_parent_membar(const Node *n, ProjNode *&c, ProjNode *&m) + { + Node *ctl = NULL; + Node *mem = NULL; + Node *membar = NULL; + + if (n->is_Load()) { + ctl = n->lookup(LoadNode::Control); + mem = n->lookup(LoadNode::Memory); + } else if (n->is_MemBar()) { + ctl = n->lookup(TypeFunc::Control); + mem = n->lookup(TypeFunc::Memory); + } else { + return NULL; + } + + if (!ctl || !mem || !ctl->is_Proj() || !mem->is_Proj()) + return NULL; + + c = ctl->as_Proj(); + + membar = ctl->lookup(0); + + if (!membar || !membar->is_MemBar()) + return NULL; + + m = mem->as_Proj(); + + if (mem->lookup(0) != membar) + return NULL; + + return membar->as_MemBar(); + } + + // if n is linked to a child MemBarNode by intervening Control and + // Memory ProjNodes return the MemBarNode otherwise return NULL. + // + // The ProjNode** arguments c and m are used to return pointers to + // the relevant nodes. A null argument means don't don't return a + // value. + + MemBarNode *has_child_membar(const MemBarNode *n, ProjNode *&c, ProjNode *&m) + { + ProjNode *ctl = n->proj_out(TypeFunc::Control); + ProjNode *mem = n->proj_out(TypeFunc::Memory); + + // MemBar needs to have both a Ctl and Mem projection + if (! ctl || ! mem) + return NULL; + + c = ctl; + m = mem; + + MemBarNode *child = NULL; + Node *x; + + for (DUIterator_Fast imax, i = ctl->fast_outs(imax); i < imax; i++) { + x = ctl->fast_out(i); + // if we see a membar we keep hold of it. we may also see a new + // arena copy of the original but it will appear later + if (x->is_MemBar()) { + child = x->as_MemBar(); + break; + } + } + + if (child == NULL) + return NULL; + + for (DUIterator_Fast imax, i = mem->fast_outs(imax); i < imax; i++) { + x = mem->fast_out(i); + // if we see a membar we keep hold of it. we may also see a new + // arena copy of the original but it will appear later + if (x == child) { + return child; + } + } + return NULL; + } + + // predicates controlling emit of ldr/ldar and associated dmb + +bool unnecessary_acquire(const Node *barrier) { + // assert barrier->is_MemBar(); + if (UseBarriersForVolatile) + // we need to plant a dmb + return false; + + // a volatile read derived from bytecode (or also from an inlined + // SHA field read via LibraryCallKit::load_field_from_object) + // manifests as a LoadX[mo_acquire] followed by an acquire membar + // with a bogus read dependency on it's preceding load. so in those + // cases we will find the load node at the PARMS offset of the + // acquire membar. n.b. there may be an intervening DecodeN node. + // + // a volatile load derived from an inlined unsafe field access + // manifests as a cpuorder membar with Ctl and Mem projections + // feeding both an acquire membar and a LoadX[mo_acquire]. The + // acquire then feeds another cpuorder membar via Ctl and Mem + // projections. The load has no output dependency on these trailing + // membars because subsequent nodes inserted into the graph take + // their control feed from the final membar cpuorder meaning they + // are all ordered after the load. + Node *x = barrier->lookup(TypeFunc::Parms); - - if (! x) + if (x) { + // we are starting from an acquire and it has a fake dependency + // + // need to check for + // + // LoadX[mo_acquire] + // { |1 } + // {DecodeN} + // |Parms + // MemBarAcquire* + // + // where * tags node we were passed + // and |k means input k + if (x->is_DecodeNarrowPtr()) + x = x->in(1); + + return (x->is_Load() && x->as_Load()->is_acquire()); + } + + // only continue if we want to try to match unsafe volatile gets + if (UseBarriersForUnsafeVolatileGet) + return false; + + // need to check for + // + // MemBarCPUOrder + // || \\ + // MemBarAcquire* LoadX[mo_acquire] + // || + // MemBarCPUOrder + // + // where * tags node we were passed + // and || or \\ are Ctl+Mem feeds via intermediate Proj Nodes + + // check for a parent MemBarCPUOrder + ProjNode *ctl; + ProjNode *mem; + MemBarNode *parent = has_parent_membar(barrier, ctl, mem); + if (!parent || parent->Opcode() != Op_MemBarCPUOrder) + return false; + // ensure the proj nodes both feed a LoadX[mo_acquire] + LoadNode *ld = NULL; + for (DUIterator_Fast imax, i = ctl->fast_outs(imax); i < imax; i++) { + x = ctl->fast_out(i); + // if we see a load we keep hold of it and stop searching + if (x->is_Load()) { + ld = x->as_Load(); + break; + } + } + // it must be an acquiring load + if (! ld || ! ld->is_acquire()) + return false; + for (DUIterator_Fast imax, i = mem->fast_outs(imax); i < imax; i++) { + x = mem->fast_out(i); + // if we see the same load we drop it and stop searching + if (x == ld) { + ld = NULL; + break; + } + } + // we must have dropped the load + if (ld) + return false; + // check for a child cpuorder membar + MemBarNode *child = has_child_membar(barrier->as_MemBar(), ctl, mem); + if (!child || child->Opcode() != Op_MemBarCPUOrder) + return false; + + return true; +} + +bool needs_acquiring_load(const Node *n) +{ + // assert n->is_Load(); + if (UseBarriersForVolatile) + // we use a normal load and a dmb + return false; + + LoadNode *ld = n->as_Load(); + + if (!ld->is_acquire()) + return false; + + // check if this load is feeding an acquire membar + // + // LoadX[mo_acquire] + // { |1 } + // {DecodeN} + // |Parms + // MemBarAcquire* + // + // where * tags node we were passed + // and |k means input k + + Node *start = ld; + Node *mbacq = NULL; + + // if we hit a DecodeNarrowPtr we reset the start node and restart + // the search through the outputs + restart: + + for (DUIterator_Fast imax, i = start->fast_outs(imax); i < imax; i++) { + Node *x = start->fast_out(i); + if (x->is_MemBar() && x->Opcode() == Op_MemBarAcquire) { + mbacq = x; + } else if (!mbacq && + (x->is_DecodeNarrowPtr() || + (x->is_Mach() && x->Opcode() == Op_DecodeN))) { + start = x; + goto restart; + } + } + + if (mbacq) { + return true; + } + + // only continue if we want to try to match unsafe volatile gets + if (UseBarriersForUnsafeVolatileGet) + return false; + + // check if Ctl and Proj feed comes from a MemBarCPUOrder + // + // MemBarCPUOrder + // || \\ + // MemBarAcquire* LoadX[mo_acquire] + // || + // MemBarCPUOrder + + MemBarNode *membar; + ProjNode *ctl; + ProjNode *mem; + + membar = has_parent_membar(ld, ctl, mem); + + if (!membar || !membar->Opcode() == Op_MemBarCPUOrder) + return false; + + // ensure that there is a CPUOrder->Acquire->CPUOrder membar chain + + membar = has_child_membar(membar, ctl, mem); + + if (!membar || !membar->Opcode() == Op_MemBarAcquire) + return false; + + membar = has_child_membar(membar, ctl, mem); + + if (!membar || !membar->Opcode() == Op_MemBarCPUOrder) + return false; + + return true; +} + +bool unnecessary_release(const Node *n) { + // assert n->is_MemBar(); + if (UseBarriersForVolatile) + // we need to plant a dmb + return false; + + // ok, so we can omit this release barrier if it has been inserted + // as part of a volatile store sequence + // + // MemBarRelease + // { || } + // {MemBarCPUOrder} -- optional + // || \\ + // || StoreX[mo_release] + // | \ / + // | MergeMem + // | / + // MemBarVolatile + // + // where + // || and \\ represent Ctl and Mem feeds via Proj nodes + // | \ and / indicate further routing of the Ctl and Mem feeds + // + // so we need to check that + // + // ia) the release membar (or its dependent cpuorder membar) feeds + // control to a store node (via a Control project node) + // + // ii) the store is ordered release + // + // iii) the release membar (or its dependent cpuorder membar) feeds + // control to a volatile membar (via the same Control project node) + // + // iv) the release membar feeds memory to a merge mem and to the + // same store (both via a single Memory proj node) + // + // v) the store outputs to the merge mem + // + // vi) the merge mem outputs to the same volatile membar + // + // n.b. if this is an inlined unsafe node then the release membar + // may feed its control and memory links via an intervening cpuorder + // membar. this case can be dealt with when we check the release + // membar projections. if they both feed a single cpuorder membar + // node continue to make the same checks as above but with the + // cpuorder membar substituted for the release membar. if they don't + // both feed a cpuorder membar then the check fails. + // + // n.b.b. for an inlined unsafe store of an object in the case where + // !TypePtr::NULL_PTR->higher_equal(type(heap_base_oop)) we may see + // an embedded if then else where we expect the store. this is + // needed to do the right type of store depending on whether + // heap_base is NULL. We could check for that but for now we can + // just take the hit of on inserting a redundant dmb for this + // redundant volatile membar + + MemBarNode *barrier = n->as_MemBar(); + ProjNode *ctl; + ProjNode *mem; + // check for an intervening cpuorder membar + MemBarNode *b = has_child_membar(barrier, ctl, mem); + if (b && b->Opcode() == Op_MemBarCPUOrder) { + // ok, so start form the dependent cpuorder barrier + barrier = b; + } + // check the ctl and mem flow + ctl = barrier->proj_out(TypeFunc::Control); + mem = barrier->proj_out(TypeFunc::Memory); + + // the barrier needs to have both a Ctl and Mem projection + if (! ctl || ! mem) + return false; + + Node *x = NULL; + Node *mbvol = NULL; + StoreNode * st = NULL; + + // For a normal volatile write the Ctl ProjNode should have output + // to a MemBarVolatile and a Store marked as releasing + // + // n.b. for an inlined unsafe store of an object in the case where + // !TypePtr::NULL_PTR->higher_equal(type(heap_base_oop)) we may see + // an embedded if then else where we expect the store. this is + // needed to do the right type of store depending on whether + // heap_base is NULL. We could check for that case too but for now + // we can just take the hit of inserting a dmb and a non-volatile + // store to implement the volatile store + + for (DUIterator_Fast imax, i = ctl->fast_outs(imax); i < imax; i++) { + x = ctl->fast_out(i); + if (x->is_MemBar() && x->Opcode() == Op_MemBarVolatile) { + if (mbvol) { + return false; + } + mbvol = x; + } else if (x->is_Store()) { + st = x->as_Store(); + if (! st->is_release()) { + return false; + } + } else if (!x->is_Mach()) { + // we may see mach nodes added during matching but nothing else + return false; + } + } + + if (!mbvol || !st) return false; - if (x->is_DecodeNarrowPtr()) - x = x->in(1); - - if (x->is_Load()) - return ! x->as_Load()->is_unordered(); - - return false; + // the Mem ProjNode should output to a MergeMem and the same Store + Node *mm = NULL; + for (DUIterator_Fast imax, i = mem->fast_outs(imax); i < imax; i++) { + x = mem->fast_out(i); + if (!mm && x->is_MergeMem()) { + mm = x; + } else if (x != st && !x->is_Mach()) { + // we may see mach nodes added during matching but nothing else + return false; + } + } + + if (!mm) + return false; + + // the MergeMem should output to the MemBarVolatile + for (DUIterator_Fast imax, i = mm->fast_outs(imax); i < imax; i++) { + x = mm->fast_out(i); + if (x != mbvol && !x->is_Mach()) { + // we may see mach nodes added during matching but nothing else + return false; + } + } + + return true; } +bool unnecessary_volatile(const Node *n) { + // assert n->is_MemBar(); + if (UseBarriersForVolatile) + // we need to plant a dmb + return false; + + // ok, so we can omit this volatile barrier if it has been inserted + // as part of a volatile store sequence + // + // MemBarRelease + // { || } + // {MemBarCPUOrder} -- optional + // || \\ + // || StoreX[mo_release] + // | \ / + // | MergeMem + // | / + // MemBarVolatile + // + // where + // || and \\ represent Ctl and Mem feeds via Proj nodes + // | \ and / indicate further routing of the Ctl and Mem feeds + // + // we need to check that + // + // i) the volatile membar gets its control feed from a release + // membar (or its dependent cpuorder membar) via a Control project + // node + // + // ii) the release membar (or its dependent cpuorder membar) also + // feeds control to a store node via the same proj node + // + // iii) the store is ordered release + // + // iv) the release membar (or its dependent cpuorder membar) feeds + // memory to a merge mem and to the same store (both via a single + // Memory proj node) + // + // v) the store outputs to the merge mem + // + // vi) the merge mem outputs to the volatile membar + // + // n.b. for an inlined unsafe store of an object in the case where + // !TypePtr::NULL_PTR->higher_equal(type(heap_base_oop)) we may see + // an embedded if then else where we expect the store. this is + // needed to do the right type of store depending on whether + // heap_base is NULL. We could check for that but for now we can + // just take the hit of on inserting a redundant dmb for this + // redundant volatile membar + + MemBarNode *mbvol = n->as_MemBar(); + Node *x = n->lookup(TypeFunc::Control); + + if (! x || !x->is_Proj()) + return false; + + ProjNode *proj = x->as_Proj(); + + x = proj->lookup(0); + + if (!x || !x->is_MemBar()) + return false; + + MemBarNode *barrier = x->as_MemBar(); + + // if the barrier is a release membar we have what we want. if it is + // a cpuorder membar then we need to ensure that it is fed by a + // release membar in which case we proceed to check the graph below + // this cpuorder membar as the feed + + if (x->Opcode() != Op_MemBarRelease) { + if (x->Opcode() != Op_MemBarCPUOrder) + return false; + ProjNode *ctl; + ProjNode *mem; + MemBarNode *b = has_parent_membar(x, ctl, mem); + if (!b || !b->Opcode() == Op_MemBarRelease) + return false; + } + + ProjNode *ctl = barrier->proj_out(TypeFunc::Control); + ProjNode *mem = barrier->proj_out(TypeFunc::Memory); + + // barrier needs to have both a Ctl and Mem projection + // and we need to have reached it via the Ctl projection + if (! ctl || ! mem || ctl != proj) + return false; + + StoreNode * st = NULL; + + // The Ctl ProjNode should have output to a MemBarVolatile and + // a Store marked as releasing + for (DUIterator_Fast imax, i = ctl->fast_outs(imax); i < imax; i++) { + x = ctl->fast_out(i); + if (x->is_MemBar() && x->Opcode() == Op_MemBarVolatile) { + if (x != mbvol) { + return false; + } + } else if (x->is_Store()) { + st = x->as_Store(); + if (! st->is_release()) { + return false; + } + } else if (!x->is_Mach()){ + // we may see mach nodes added during matching but nothing else + return false; + } + } + + if (!st) + return false; + + // the Mem ProjNode should output to a MergeMem and the same Store + Node *mm = NULL; + for (DUIterator_Fast imax, i = mem->fast_outs(imax); i < imax; i++) { + x = mem->fast_out(i); + if (!mm && x->is_MergeMem()) { + mm = x; + } else if (x != st && !x->is_Mach()) { + // we may see mach nodes added during matching but nothing else + return false; + } + } + + if (!mm) + return false; + + // the MergeMem should output to the MemBarVolatile + for (DUIterator_Fast imax, i = mm->fast_outs(imax); i < imax; i++) { + x = mm->fast_out(i); + if (x != mbvol && !x->is_Mach()) { + // we may see mach nodes added during matching but nothing else + return false; + } + } + + return true; +} + + + +bool needs_releasing_store(const Node *n) +{ + // assert n->is_Store(); + if (UseBarriersForVolatile) + // we use a normal store and dmb combination + return false; + + StoreNode *st = n->as_Store(); + + if (!st->is_release()) + return false; + + // check if this store is bracketed by a release (or its dependent + // cpuorder membar) and a volatile membar + // + // MemBarRelease + // { || } + // {MemBarCPUOrder} -- optional + // || \\ + // || StoreX[mo_release] + // | \ / + // | MergeMem + // | / + // MemBarVolatile + // + // where + // || and \\ represent Ctl and Mem feeds via Proj nodes + // | \ and / indicate further routing of the Ctl and Mem feeds + // + + + Node *x = st->lookup(TypeFunc::Control); + + if (! x || !x->is_Proj()) + return false; + + ProjNode *proj = x->as_Proj(); + + x = proj->lookup(0); + + if (!x || !x->is_MemBar()) + return false; + + MemBarNode *barrier = x->as_MemBar(); + + // if the barrier is a release membar we have what we want. if it is + // a cpuorder membar then we need to ensure that it is fed by a + // release membar in which case we proceed to check the graph below + // this cpuorder membar as the feed + + if (x->Opcode() != Op_MemBarRelease) { + if (x->Opcode() != Op_MemBarCPUOrder) + return false; + Node *ctl = x->lookup(TypeFunc::Control); + Node *mem = x->lookup(TypeFunc::Memory); + if (!ctl || !ctl->is_Proj() || !mem || !mem->is_Proj()) + return false; + x = ctl->lookup(0); + if (!x || !x->is_MemBar() || !x->Opcode() == Op_MemBarRelease) + return false; + Node *y = mem->lookup(0); + if (!y || y != x) + return false; + } + + ProjNode *ctl = barrier->proj_out(TypeFunc::Control); + ProjNode *mem = barrier->proj_out(TypeFunc::Memory); + + // MemBarRelease needs to have both a Ctl and Mem projection + // and we need to have reached it via the Ctl projection + if (! ctl || ! mem || ctl != proj) + return false; + + MemBarNode *mbvol = NULL; + + // The Ctl ProjNode should have output to a MemBarVolatile and + // a Store marked as releasing + for (DUIterator_Fast imax, i = ctl->fast_outs(imax); i < imax; i++) { + x = ctl->fast_out(i); + if (x->is_MemBar() && x->Opcode() == Op_MemBarVolatile) { + mbvol = x->as_MemBar(); + } else if (x->is_Store()) { + if (x != st) { + return false; + } + } else if (!x->is_Mach()){ + return false; + } + } + + if (!mbvol) + return false; + + // the Mem ProjNode should output to a MergeMem and the same Store + Node *mm = NULL; + for (DUIterator_Fast imax, i = mem->fast_outs(imax); i < imax; i++) { + x = mem->fast_out(i); + if (!mm && x->is_MergeMem()) { + mm = x; + } else if (x != st && !x->is_Mach()) { + return false; + } + } + + if (!mm) + return false; + + // the MergeMem should output to the MemBarVolatile + for (DUIterator_Fast imax, i = mm->fast_outs(imax); i < imax; i++) { + x = mm->fast_out(i); + if (x != mbvol && !x->is_Mach()) { + return false; + } + } + + return true; +} + + + #define __ _masm. // advance declarations for helper functions to convert register @@ -5151,7 +5945,7 @@ instruct loadB(iRegINoSp dst, memory mem) %{ match(Set dst (LoadB mem)); - predicate(UseBarriersForVolatile || n->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n)); ins_cost(4 * INSN_COST); format %{ "ldrsbw $dst, $mem\t# byte" %} @@ -5165,7 +5959,7 @@ instruct loadB2L(iRegLNoSp dst, memory mem) %{ match(Set dst (ConvI2L (LoadB mem))); - predicate(UseBarriersForVolatile || n->in(1)->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n->in(1))); ins_cost(4 * INSN_COST); format %{ "ldrsb $dst, $mem\t# byte" %} @@ -5179,7 +5973,7 @@ instruct loadUB(iRegINoSp dst, memory mem) %{ match(Set dst (LoadUB mem)); - predicate(UseBarriersForVolatile || n->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n)); ins_cost(4 * INSN_COST); format %{ "ldrbw $dst, $mem\t# byte" %} @@ -5193,7 +5987,7 @@ instruct loadUB2L(iRegLNoSp dst, memory mem) %{ match(Set dst (ConvI2L (LoadUB mem))); - predicate(UseBarriersForVolatile || n->in(1)->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n->in(1))); ins_cost(4 * INSN_COST); format %{ "ldrb $dst, $mem\t# byte" %} @@ -5207,7 +6001,7 @@ instruct loadS(iRegINoSp dst, memory mem) %{ match(Set dst (LoadS mem)); - predicate(UseBarriersForVolatile || n->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n)); ins_cost(4 * INSN_COST); format %{ "ldrshw $dst, $mem\t# short" %} @@ -5221,7 +6015,7 @@ instruct loadS2L(iRegLNoSp dst, memory mem) %{ match(Set dst (ConvI2L (LoadS mem))); - predicate(UseBarriersForVolatile || n->in(1)->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n->in(1))); ins_cost(4 * INSN_COST); format %{ "ldrsh $dst, $mem\t# short" %} @@ -5235,7 +6029,7 @@ instruct loadUS(iRegINoSp dst, memory mem) %{ match(Set dst (LoadUS mem)); - predicate(UseBarriersForVolatile || n->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n)); ins_cost(4 * INSN_COST); format %{ "ldrh $dst, $mem\t# short" %} @@ -5249,7 +6043,7 @@ instruct loadUS2L(iRegLNoSp dst, memory mem) %{ match(Set dst (ConvI2L (LoadUS mem))); - predicate(UseBarriersForVolatile || n->in(1)->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n->in(1))); ins_cost(4 * INSN_COST); format %{ "ldrh $dst, $mem\t# short" %} @@ -5263,7 +6057,7 @@ instruct loadI(iRegINoSp dst, memory mem) %{ match(Set dst (LoadI mem)); - predicate(UseBarriersForVolatile || n->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n)); ins_cost(4 * INSN_COST); format %{ "ldrw $dst, $mem\t# int" %} @@ -5277,7 +6071,7 @@ instruct loadI2L(iRegLNoSp dst, memory mem) %{ match(Set dst (ConvI2L (LoadI mem))); - predicate(UseBarriersForVolatile || n->in(1)->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n->in(1))); ins_cost(4 * INSN_COST); format %{ "ldrsw $dst, $mem\t# int" %} @@ -5291,7 +6085,7 @@ instruct loadUI2L(iRegLNoSp dst, memory mem, immL_32bits mask) %{ match(Set dst (AndL (ConvI2L (LoadI mem)) mask)); - predicate(UseBarriersForVolatile || n->in(1)->in(1)->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n->in(1)->in(1)->as_Load())); ins_cost(4 * INSN_COST); format %{ "ldrw $dst, $mem\t# int" %} @@ -5305,7 +6099,7 @@ instruct loadL(iRegLNoSp dst, memory mem) %{ match(Set dst (LoadL mem)); - predicate(UseBarriersForVolatile || n->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n)); ins_cost(4 * INSN_COST); format %{ "ldr $dst, $mem\t# int" %} @@ -5332,7 +6126,7 @@ instruct loadP(iRegPNoSp dst, memory mem) %{ match(Set dst (LoadP mem)); - predicate(UseBarriersForVolatile || n->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n)); ins_cost(4 * INSN_COST); format %{ "ldr $dst, $mem\t# ptr" %} @@ -5346,7 +6140,7 @@ instruct loadN(iRegNNoSp dst, memory mem) %{ match(Set dst (LoadN mem)); - predicate(UseBarriersForVolatile || n->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n)); ins_cost(4 * INSN_COST); format %{ "ldrw $dst, $mem\t# compressed ptr" %} @@ -5360,7 +6154,7 @@ instruct loadKlass(iRegPNoSp dst, memory mem) %{ match(Set dst (LoadKlass mem)); - predicate(UseBarriersForVolatile || n->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n)); ins_cost(4 * INSN_COST); format %{ "ldr $dst, $mem\t# class" %} @@ -5374,7 +6168,7 @@ instruct loadNKlass(iRegNNoSp dst, memory mem) %{ match(Set dst (LoadNKlass mem)); - predicate(UseBarriersForVolatile || n->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n)); ins_cost(4 * INSN_COST); format %{ "ldrw $dst, $mem\t# compressed class ptr" %} @@ -5388,7 +6182,7 @@ instruct loadF(vRegF dst, memory mem) %{ match(Set dst (LoadF mem)); - predicate(UseBarriersForVolatile || n->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n)); ins_cost(4 * INSN_COST); format %{ "ldrs $dst, $mem\t# float" %} @@ -5402,7 +6196,7 @@ instruct loadD(vRegD dst, memory mem) %{ match(Set dst (LoadD mem)); - predicate(UseBarriersForVolatile || n->as_Load()->is_unordered()); + predicate(!needs_acquiring_load(n)); ins_cost(4 * INSN_COST); format %{ "ldrd $dst, $mem\t# double" %} @@ -5633,7 +6427,7 @@ instruct storeB(iRegIorL2I src, memory mem) %{ match(Set mem (StoreB mem src)); - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); ins_cost(INSN_COST); format %{ "strb $src, $mem\t# byte" %} @@ -5647,7 +6441,7 @@ instruct storeimmB0(immI0 zero, memory mem) %{ match(Set mem (StoreB mem zero)); - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); ins_cost(INSN_COST); format %{ "strb zr, $mem\t# byte" %} @@ -5661,7 +6455,7 @@ instruct storeC(iRegIorL2I src, memory mem) %{ match(Set mem (StoreC mem src)); - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); ins_cost(INSN_COST); format %{ "strh $src, $mem\t# short" %} @@ -5674,7 +6468,7 @@ instruct storeimmC0(immI0 zero, memory mem) %{ match(Set mem (StoreC mem zero)); - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); ins_cost(INSN_COST); format %{ "strh zr, $mem\t# short" %} @@ -5689,7 +6483,7 @@ instruct storeI(iRegIorL2I src, memory mem) %{ match(Set mem(StoreI mem src)); - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); ins_cost(INSN_COST); format %{ "strw $src, $mem\t# int" %} @@ -5702,7 +6496,7 @@ instruct storeimmI0(immI0 zero, memory mem) %{ match(Set mem(StoreI mem zero)); - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); ins_cost(INSN_COST); format %{ "strw zr, $mem\t# int" %} @@ -5716,7 +6510,7 @@ instruct storeL(iRegL src, memory mem) %{ match(Set mem (StoreL mem src)); - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); ins_cost(INSN_COST); format %{ "str $src, $mem\t# int" %} @@ -5730,7 +6524,7 @@ instruct storeimmL0(immL0 zero, memory mem) %{ match(Set mem (StoreL mem zero)); - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); ins_cost(INSN_COST); format %{ "str zr, $mem\t# int" %} @@ -5744,7 +6538,7 @@ instruct storeP(iRegP src, memory mem) %{ match(Set mem (StoreP mem src)); - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); ins_cost(INSN_COST); format %{ "str $src, $mem\t# ptr" %} @@ -5758,7 +6552,7 @@ instruct storeimmP0(immP0 zero, memory mem) %{ match(Set mem (StoreP mem zero)); - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); ins_cost(INSN_COST); format %{ "str zr, $mem\t# ptr" %} @@ -5772,7 +6566,7 @@ instruct storeN(iRegN src, memory mem) %{ match(Set mem (StoreN mem src)); - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); ins_cost(INSN_COST); format %{ "strw $src, $mem\t# compressed ptr" %} @@ -5787,7 +6581,7 @@ match(Set mem (StoreN mem zero)); predicate(Universe::narrow_oop_base() == NULL && Universe::narrow_klass_base() == NULL && - (UseBarriersForVolatile || n->as_Store()->is_unordered())); + (!needs_releasing_store(n))); ins_cost(INSN_COST); format %{ "strw rheapbase, $mem\t# compressed ptr (rheapbase==0)" %} @@ -5801,7 +6595,7 @@ instruct storeF(vRegF src, memory mem) %{ match(Set mem (StoreF mem src)); - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); ins_cost(INSN_COST); format %{ "strs $src, $mem\t# float" %} @@ -5818,7 +6612,7 @@ instruct storeD(vRegD src, memory mem) %{ match(Set mem (StoreD mem src)); - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); ins_cost(INSN_COST); format %{ "strd $src, $mem\t# double" %} @@ -5831,7 +6625,7 @@ // Store Compressed Klass Pointer instruct storeNKlass(iRegN src, memory mem) %{ - predicate(UseBarriersForVolatile || n->as_Store()->is_unordered()); + predicate(!needs_releasing_store(n)); match(Set mem (StoreNKlass mem src)); ins_cost(INSN_COST); @@ -6293,7 +7087,7 @@ %} instruct unnecessary_membar_acquire() %{ - predicate(! UseBarriersForVolatile && preceded_by_ordered_load(n)); + predicate(unnecessary_acquire(n)); match(MemBarAcquire); ins_cost(0); @@ -6345,6 +7139,19 @@ ins_pipe(pipe_serial); %} +instruct unnecessary_membar_release() %{ + predicate(unnecessary_release(n)); + match(MemBarRelease); + ins_cost(0); + + format %{ "membar_release (elided)" %} + + ins_encode %{ + __ block_comment("membar_release (elided)"); + %} + ins_pipe(pipe_serial); +%} + instruct membar_release() %{ match(MemBarRelease); ins_cost(VOLATILE_REF_COST); @@ -6382,6 +7189,20 @@ ins_pipe(pipe_serial); %} +instruct unnecessary_membar_volatile() %{ + predicate(unnecessary_volatile(n)); + match(MemBarVolatile); + ins_cost(0); + + format %{ "membar_volatile (elided)" %} + + ins_encode %{ + __ block_comment("membar_volatile (elided)"); + %} + + ins_pipe(pipe_serial); +%} + instruct membar_volatile() %{ match(MemBarVolatile); ins_cost(VOLATILE_REF_COST*100); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/.hgtags --- a/jdk/.hgtags Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/.hgtags Wed Jul 05 20:29:43 2017 +0200 @@ -303,3 +303,4 @@ 36fc65e80d811ee43aedfc69284224b86a403662 jdk9-b58 48ee960f29df93a9b2a895621321358a86909086 jdk9-b59 84c5527f742bc64562e47d3149c16197fe1c4c1a jdk9-b60 +da84dcac1b0b12c5b836b05ac75ecbfadee0cd32 jdk9-b61 diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/make/src/classes/build/tools/module/ext.modules --- a/jdk/make/src/classes/build/tools/module/ext.modules Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/make/src/classes/build/tools/module/ext.modules Wed Jul 05 20:29:43 2017 +0200 @@ -12,4 +12,5 @@ jdk.localedata jdk.naming.dns jdk.scripting.nashorn +jdk.xml.dom jdk.zipfs diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/linux/classes/sun/nio/ch/EPollPort.java --- a/jdk/src/java.base/linux/classes/sun/nio/ch/EPollPort.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/linux/classes/sun/nio/ch/EPollPort.java Wed Jul 05 20:29:43 2017 +0200 @@ -105,7 +105,7 @@ // create the queue and offer the special event to ensure that the first // threads polls - this.queue = new ArrayBlockingQueue(MAX_EPOLL_EVENTS); + this.queue = new ArrayBlockingQueue<>(MAX_EPOLL_EVENTS); this.queue.offer(NEED_TO_POLL); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/linux/classes/sun/nio/fs/LinuxNativeDispatcher.java --- a/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxNativeDispatcher.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxNativeDispatcher.java Wed Jul 05 20:29:43 2017 +0200 @@ -121,7 +121,7 @@ private static native void init(); static { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { System.loadLibrary("nio"); return null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/linux/classes/sun/nio/fs/LinuxWatchService.java --- a/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxWatchService.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxWatchService.java Wed Jul 05 20:29:43 2017 +0200 @@ -190,7 +190,7 @@ this.watcher = watcher; this.ifd = ifd; this.socketpair = sp; - this.wdToKey = new HashMap(); + this.wdToKey = new HashMap<>(); this.address = unsafe.allocateMemory(BUFFER_SIZE); } @@ -457,7 +457,7 @@ private static native int poll(int fd1, int fd2) throws UnixException; static { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { System.loadLibrary("nio"); return null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/linux/classes/sun/nio/fs/MagicFileTypeDetector.java --- a/jdk/src/java.base/linux/classes/sun/nio/fs/MagicFileTypeDetector.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/linux/classes/sun/nio/fs/MagicFileTypeDetector.java Wed Jul 05 20:29:43 2017 +0200 @@ -68,7 +68,7 @@ private static native byte[] probe0(long pathAddress); static { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { System.loadLibrary("nio"); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java --- a/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java Wed Jul 05 20:29:43 2017 +0200 @@ -87,7 +87,7 @@ // If loading from stand alone build uncomment this. // System.loadLibrary("unpack"); java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("unpack"); return null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/Package.java --- a/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/Package.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/Package.java Wed Jul 05 20:29:43 2017 +0200 @@ -1210,7 +1210,7 @@ // This keeps files of similar format near each other. // Put class files at the end, keeping their fixed order. // Be sure the JAR file's required manifest stays at the front. (4893051) - Collections.sort(files, new Comparator() { + Collections.sort(files, new Comparator<>() { public int compare(File r0, File r1) { // Get the file name. String f0 = r0.nameString; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageReader.java --- a/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageReader.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageReader.java Wed Jul 05 20:29:43 2017 +0200 @@ -1151,7 +1151,7 @@ return -1; } - Comparator entryOutputOrder = new Comparator() { + Comparator entryOutputOrder = new Comparator<>() { public int compare(Entry e0, Entry e1) { int k0 = getOutputIndex(e0); int k1 = getOutputIndex(e1); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageWriter.java --- a/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageWriter.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageWriter.java Wed Jul 05 20:29:43 2017 +0200 @@ -829,7 +829,7 @@ maxFlags = new int[ATTR_CONTEXT_LIMIT]; allLayouts = new FixedList<>(ATTR_CONTEXT_LIMIT); for (int i = 0; i < ATTR_CONTEXT_LIMIT; i++) { - allLayouts.set(i, new HashMap()); + allLayouts.set(i, new HashMap<>()); } // Collect maxFlags and allLayouts. for (Class cls : pkg.classes) { @@ -892,7 +892,7 @@ // Sort by count, most frequent first. // Predefs. participate in this sort, though it does not matter. Arrays.sort(layoutsAndCounts, - new Comparator>() { + new Comparator<>() { public int compare(Map.Entry e0, Map.Entry e1) { // Primary sort key is count, reversed. @@ -1010,7 +1010,7 @@ int numAttrDefs = defList.size(); Object[][] defs = new Object[numAttrDefs][]; defList.toArray(defs); - Arrays.sort(defs, new Comparator() { + Arrays.sort(defs, new Comparator<>() { public int compare(Object[] a0, Object[] a1) { // Primary sort key is attr def header. @SuppressWarnings("unchecked") diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/io/ExpiringCache.java --- a/jdk/src/java.base/share/classes/java/io/ExpiringCache.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/io/ExpiringCache.java Wed Jul 05 20:29:43 2017 +0200 @@ -64,7 +64,7 @@ @SuppressWarnings("serial") ExpiringCache(long millisUntilExpiration) { this.millisUntilExpiration = millisUntilExpiration; - map = new LinkedHashMap() { + map = new LinkedHashMap<>() { protected boolean removeEldestEntry(Map.Entry eldest) { return size() > MAX_ENTRIES; } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/io/FilePermission.java --- a/jdk/src/java.base/share/classes/java/io/FilePermission.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/io/FilePermission.java Wed Jul 05 20:29:43 2017 +0200 @@ -201,7 +201,7 @@ } // store only the canonical cpath if possible - cpath = AccessController.doPrivileged(new PrivilegedAction() { + cpath = AccessController.doPrivileged(new PrivilegedAction<>() { public String run() { try { String path = cpath; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/io/ObjectInputStream.java --- a/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java Wed Jul 05 20:29:43 2017 +0200 @@ -1263,7 +1263,7 @@ */ private static boolean auditSubclass(final Class subcl) { Boolean result = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public Boolean run() { for (Class cl = subcl; cl != ObjectInputStream.class; @@ -2255,7 +2255,7 @@ try { while (list != null) { AccessController.doPrivileged( - new PrivilegedExceptionAction() + new PrivilegedExceptionAction<>() { public Void run() throws InvalidObjectException { list.obj.validateObject(); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/io/ObjectOutputStream.java --- a/jdk/src/java.base/share/classes/java/io/ObjectOutputStream.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/io/ObjectOutputStream.java Wed Jul 05 20:29:43 2017 +0200 @@ -1066,7 +1066,7 @@ */ private static boolean auditSubclass(final Class subcl) { Boolean result = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public Boolean run() { for (Class cl = subcl; cl != ObjectOutputStream.class; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/io/ObjectStreamClass.java --- a/jdk/src/java.base/share/classes/java/io/ObjectStreamClass.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/io/ObjectStreamClass.java Wed Jul 05 20:29:43 2017 +0200 @@ -367,7 +367,7 @@ entry = th; } if (future.set(entry)) { - Caches.localDescs.put(key, new SoftReference(entry)); + Caches.localDescs.put(key, new SoftReference<>(entry)); } else { // nested lookup call already set future entry = future.get(); @@ -430,7 +430,7 @@ } if (interrupted) { AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public Void run() { Thread.currentThread().interrupt(); return null; @@ -465,7 +465,7 @@ localDesc = this; if (serializable) { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { if (isEnum) { suid = Long.valueOf(0); @@ -1733,7 +1733,7 @@ for (int i = 0; i < fields.length; i++) { fieldSigs[i] = new MemberSignature(fields[i]); } - Arrays.sort(fieldSigs, new Comparator() { + Arrays.sort(fieldSigs, new Comparator<>() { public int compare(MemberSignature ms1, MemberSignature ms2) { return ms1.name.compareTo(ms2.name); } @@ -1764,7 +1764,7 @@ for (int i = 0; i < cons.length; i++) { consSigs[i] = new MemberSignature(cons[i]); } - Arrays.sort(consSigs, new Comparator() { + Arrays.sort(consSigs, new Comparator<>() { public int compare(MemberSignature ms1, MemberSignature ms2) { return ms1.signature.compareTo(ms2.signature); } @@ -1787,7 +1787,7 @@ for (int i = 0; i < methods.length; i++) { methSigs[i] = new MemberSignature(methods[i]); } - Arrays.sort(methSigs, new Comparator() { + Arrays.sort(methSigs, new Comparator<>() { public int compare(MemberSignature ms1, MemberSignature ms2) { int comp = ms1.name.compareTo(ms2.name); if (comp == 0) { @@ -2164,7 +2164,7 @@ entry = th; } future.set(entry); - Caches.reflectors.put(key, new SoftReference(entry)); + Caches.reflectors.put(key, new SoftReference<>(entry)); } if (entry instanceof FieldReflector) { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/CharacterName.java --- a/jdk/src/java.base/share/classes/java/lang/CharacterName.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/CharacterName.java Wed Jul 05 20:29:43 2017 +0200 @@ -45,7 +45,7 @@ DataInputStream dis = null; try { dis = new DataInputStream(new InflaterInputStream( - AccessController.doPrivileged(new PrivilegedAction() + AccessController.doPrivileged(new PrivilegedAction<>() { public InputStream run() { return getClass().getResourceAsStream("uniName.dat"); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/Class.java --- a/jdk/src/java.base/share/classes/java/lang/Class.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/Class.java Wed Jul 05 20:29:43 2017 +0200 @@ -437,7 +437,7 @@ // (the stack depth is wrong for the Constructor's // security check to work) java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { c.setAccessible(true); return null; @@ -1068,7 +1068,7 @@ Reflection.getCallerClass(), true); // Client is ok to access declared methods but j.l.Class might not be. Method[] candidates = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { @Override public Method[] run() { return enclosingCandidate.getDeclaredMethods(); @@ -1228,7 +1228,7 @@ Reflection.getCallerClass(), true); // Client is ok to access declared methods but j.l.Class might not be. Constructor[] candidates = AccessController.doPrivileged( - new PrivilegedAction[]>() { + new PrivilegedAction<>() { @Override public Constructor[] run() { return enclosingCandidate.getDeclaredConstructors(); @@ -1542,7 +1542,7 @@ // has already been ok'd by the SecurityManager. return java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction[]>() { + new java.security.PrivilegedAction<>() { public Class[] run() { List> list = new ArrayList<>(); Class currentClass = Class.this; @@ -3293,7 +3293,7 @@ private static boolean initted = false; private static void checkInitted() { if (initted) return; - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { // Tests to ensure the system properties table is fully // initialized. This is needed because reflection code is @@ -3349,7 +3349,7 @@ try { final Method values = getMethod("values"); java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { values.setAccessible(true); return null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/ClassLoader.java --- a/jdk/src/java.base/share/classes/java/lang/ClassLoader.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/ClassLoader.java Wed Jul 05 20:29:43 2017 +0200 @@ -496,7 +496,7 @@ final String name = cls.getName(); final int i = name.lastIndexOf('.'); if (i != -1) { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { sm.checkPackageAccess(name.substring(0, i)); return null; @@ -1265,7 +1265,7 @@ { final Enumeration e = getBootstrapClassPath().getResources(name); - return new Enumeration () { + return new Enumeration<> () { public URL nextElement() { return e.nextElement().getURL(); } @@ -1867,7 +1867,7 @@ boolean isBuiltin = (name != null); if (!isBuiltin) { name = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public String run() { try { return file.exists() ? file.getCanonicalPath() : null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/Package.java --- a/jdk/src/java.base/share/classes/java/lang/Package.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/Package.java Wed Jul 05 20:29:43 2017 +0200 @@ -595,7 +595,7 @@ CachedManifest(final String fileName) { this.fileName = fileName; - this.url = AccessController.doPrivileged(new PrivilegedAction() { + this.url = AccessController.doPrivileged(new PrivilegedAction<>() { public URL run() { final File file = new File(fileName); if (file.isFile()) { @@ -626,7 +626,7 @@ if (m != null) { return m; } - m = AccessController.doPrivileged(new PrivilegedAction() { + m = AccessController.doPrivileged(new PrivilegedAction<>() { public Manifest run() { try (FileInputStream fis = new FileInputStream(fileName); JarInputStream jis = new JarInputStream(fis, false)) { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/SecurityManager.java --- a/jdk/src/java.base/share/classes/java/lang/SecurityManager.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/SecurityManager.java Wed Jul 05 20:29:43 2017 +0200 @@ -1455,7 +1455,7 @@ if (!packageAccessValid) { String tmpPropertyStr = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public String run() { return java.security.Security.getProperty( "package.access"); @@ -1524,7 +1524,7 @@ if (!packageDefinitionValid) { String tmpPropertyStr = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public String run() { return java.security.Security.getProperty( "package.definition"); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/StringBuffer.java --- a/jdk/src/java.base/share/classes/java/lang/StringBuffer.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/StringBuffer.java Wed Jul 05 20:29:43 2017 +0200 @@ -206,6 +206,7 @@ } /** + * @throws IndexOutOfBoundsException {@inheritDoc} * @since 1.5 */ @Override @@ -214,6 +215,7 @@ } /** + * @throws IndexOutOfBoundsException {@inheritDoc} * @since 1.5 */ @Override @@ -222,6 +224,7 @@ } /** + * @throws IndexOutOfBoundsException {@inheritDoc} * @since 1.5 */ @Override @@ -230,6 +233,7 @@ } /** + * @throws IndexOutOfBoundsException {@inheritDoc} * @since 1.5 */ @Override diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/System.java --- a/jdk/src/java.base/share/classes/java/lang/System.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/System.java Wed Jul 05 20:29:43 2017 +0200 @@ -309,7 +309,7 @@ // calls the installed security manager's checkPermission method // which will loop infinitely if there is a non-system class // (in this case: the new security manager class) on the stack). - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Object run() { s.getClass().getProtectionDomain().implies (SecurityConstants.ALL_PERMISSION); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/Thread.java --- a/jdk/src/java.base/share/classes/java/lang/Thread.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/Thread.java Wed Jul 05 20:29:43 2017 +0200 @@ -1661,7 +1661,7 @@ */ private static boolean auditSubclass(final Class subcl) { Boolean result = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public Boolean run() { for (Class cl = subcl; cl != Thread.class; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/invoke/InfoFromMemberName.java --- a/jdk/src/java.base/share/classes/java/lang/invoke/InfoFromMemberName.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/InfoFromMemberName.java Wed Jul 05 20:29:43 2017 +0200 @@ -87,7 +87,7 @@ // For more information see comments on {@link MethodHandleNatives#linkMethod}. throw new IllegalArgumentException("cannot reflect signature polymorphic method"); } - Member mem = AccessController.doPrivileged(new PrivilegedAction() { + Member mem = AccessController.doPrivileged(new PrivilegedAction<>() { public Member run() { try { return reflectUnchecked(); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java --- a/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java Wed Jul 05 20:29:43 2017 +0200 @@ -194,7 +194,7 @@ final Class innerClass = spinInnerClass(); if (invokedType.parameterCount() == 0) { final Constructor[] ctrs = AccessController.doPrivileged( - new PrivilegedAction[]>() { + new PrivilegedAction<>() { @Override public Constructor[] run() { Constructor[] ctrs = innerClass.getDeclaredConstructors(); @@ -311,7 +311,7 @@ // If requested, dump out to a file for debugging purposes if (dumper != null) { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { dumper.dumpClass(lambdaClassName, classBytes); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java --- a/jdk/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java Wed Jul 05 20:29:43 2017 +0200 @@ -167,7 +167,7 @@ static void maybeDump(final String className, final byte[] classFile) { if (DUMP_CLASS_FILES) { java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { try { String dumpName = className; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java --- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -51,7 +51,7 @@ private static final int MAX_ARITY; static { final Object[] values = { 255 }; - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { values[0] = Integer.getInteger(MethodHandleImpl.class.getName()+".MAX_ARITY", 255); @@ -1234,7 +1234,7 @@ private static final byte[] T_BYTES; static { final Object[] values = {null}; - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { try { Class tClass = T.class; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java --- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java Wed Jul 05 20:29:43 2017 +0200 @@ -199,7 +199,7 @@ // sun.invoke.WrapperInstance is a restricted interface not accessible // by any non-null class loader. final ClassLoader loader = proxyLoader; - proxy = AccessController.doPrivileged(new PrivilegedAction() { + proxy = AccessController.doPrivileged(new PrivilegedAction<>() { public Object run() { return Proxy.newProxyInstance( loader, diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java --- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java Wed Jul 05 20:29:43 2017 +0200 @@ -53,7 +53,7 @@ static { final Object[] values = new Object[9]; - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { values[0] = Boolean.getBoolean("java.lang.invoke.MethodHandle.DEBUG_NAMES"); values[1] = Boolean.getBoolean("java.lang.invoke.MethodHandle.DUMP_CLASS_FILES"); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/invoke/ProxyClassesDumper.java --- a/jdk/src/java.base/share/classes/java/lang/invoke/ProxyClassesDumper.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/ProxyClassesDumper.java Wed Jul 05 20:29:43 2017 +0200 @@ -64,7 +64,7 @@ try { path = path.trim(); final Path dir = Paths.get(path.length() == 0 ? "." : path); - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { validateDumpDir(dir); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/invoke/SerializedLambda.java --- a/jdk/src/java.base/share/classes/java/lang/invoke/SerializedLambda.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/invoke/SerializedLambda.java Wed Jul 05 20:29:43 2017 +0200 @@ -218,7 +218,7 @@ private Object readResolve() throws ReflectiveOperationException { try { - Method deserialize = AccessController.doPrivileged(new PrivilegedExceptionAction() { + Method deserialize = AccessController.doPrivileged(new PrivilegedExceptionAction<>() { @Override public Method run() throws Exception { Method m = capturingClass.getDeclaredMethod("$deserializeLambda$", SerializedLambda.class); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/ref/Finalizer.java --- a/jdk/src/java.base/share/classes/java/lang/ref/Finalizer.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/ref/Finalizer.java Wed Jul 05 20:29:43 2017 +0200 @@ -121,7 +121,7 @@ */ private static void forkSecondaryFinalizer(final Runnable proc) { AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public Void run() { ThreadGroup tg = Thread.currentThread().getThreadGroup(); for (ThreadGroup tgn = tg; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/lang/reflect/Proxy.java --- a/jdk/src/java.base/share/classes/java/lang/reflect/Proxy.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/lang/reflect/Proxy.java Wed Jul 05 20:29:43 2017 +0200 @@ -728,7 +728,7 @@ final Constructor cons = cl.getConstructor(constructorParams); if (!Modifier.isPublic(cl.getModifiers())) { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { cons.setAccessible(true); return null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/AbstractPlainDatagramSocketImpl.java --- a/jdk/src/java.base/share/classes/java/net/AbstractPlainDatagramSocketImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/AbstractPlainDatagramSocketImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -62,7 +62,7 @@ */ static { java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); return null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/AbstractPlainSocketImpl.java --- a/jdk/src/java.base/share/classes/java/net/AbstractPlainSocketImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/AbstractPlainSocketImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -79,7 +79,7 @@ */ static { java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); return null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/CookieManager.java --- a/jdk/src/java.base/share/classes/java/net/CookieManager.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/CookieManager.java Wed Jul 05 20:29:43 2017 +0200 @@ -201,14 +201,13 @@ throw new IllegalArgumentException("Argument is null"); } - Map> cookieMap = - new java.util.HashMap>(); + Map> cookieMap = new java.util.HashMap<>(); // if there's no default CookieStore, no way for us to get any cookie if (cookieJar == null) return Collections.unmodifiableMap(cookieMap); boolean secureLink = "https".equalsIgnoreCase(uri.getScheme()); - List cookies = new java.util.ArrayList(); + List cookies = new java.util.ArrayList<>(); String path = uri.getPath(); if (path == null || path.isEmpty()) { path = "/"; @@ -411,7 +410,7 @@ private List sortByPath(List cookies) { Collections.sort(cookies, new CookiePathComparator()); - List cookieHeader = new java.util.ArrayList(); + List cookieHeader = new java.util.ArrayList<>(); for (HttpCookie cookie : cookies) { // Netscape cookie spec and RFC 2965 have different format of Cookie // header; RFC 2965 requires a leading $Version="1" string while Netscape diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/DatagramPacket.java --- a/jdk/src/java.base/share/classes/java/net/DatagramPacket.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/DatagramPacket.java Wed Jul 05 20:29:43 2017 +0200 @@ -47,7 +47,7 @@ */ static { java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); return null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/DatagramSocket.java --- a/jdk/src/java.base/share/classes/java/net/DatagramSocket.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/DatagramSocket.java Wed Jul 05 20:29:43 2017 +0200 @@ -308,7 +308,7 @@ // getDeclaredMethod, therefore we need permission to access the member try { AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { public Void run() throws NoSuchMethodException { Class[] cl = new Class[1]; cl[0] = DatagramPacket.class; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/HttpConnectSocketImpl.java --- a/jdk/src/java.base/share/classes/java/net/HttpConnectSocketImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/HttpConnectSocketImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -64,7 +64,7 @@ serverSocketField = netClientClazz.getDeclaredField("serverSocket"); java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { httpField.setAccessible(true); serverSocketField.setAccessible(true); @@ -146,7 +146,7 @@ { try { return java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction() { + new java.security.PrivilegedExceptionAction<>() { public Socket run() throws IOException { return doTunnel(urlString, timeout); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/HttpCookie.java --- a/jdk/src/java.base/share/classes/java/net/HttpCookie.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/HttpCookie.java Wed Jul 05 20:29:43 2017 +0200 @@ -1125,7 +1125,7 @@ * @return list of strings; never null */ private static List splitMultiCookies(String header) { - List cookies = new java.util.ArrayList(); + List cookies = new java.util.ArrayList<>(); int quoteCount = 0; int p, q; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/IDN.java --- a/jdk/src/java.base/share/classes/java/net/IDN.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/IDN.java Wed Jul 05 20:29:43 2017 +0200 @@ -228,7 +228,7 @@ try { final String IDN_PROFILE = "uidna.spp"; if (System.getSecurityManager() != null) { - stream = AccessController.doPrivileged(new PrivilegedAction() { + stream = AccessController.doPrivileged(new PrivilegedAction<>() { public InputStream run() { return StringPrep.class.getResourceAsStream(IDN_PROFILE); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/InMemoryCookieStore.java --- a/jdk/src/java.base/share/classes/java/net/InMemoryCookieStore.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/InMemoryCookieStore.java Wed Jul 05 20:29:43 2017 +0200 @@ -62,9 +62,9 @@ * The default ctor */ public InMemoryCookieStore() { - cookieJar = new ArrayList(); - domainIndex = new HashMap>(); - uriIndex = new HashMap>(); + cookieJar = new ArrayList<>(); + domainIndex = new HashMap<>(); + uriIndex = new HashMap<>(); lock = new ReentrantLock(false); } @@ -115,7 +115,7 @@ throw new NullPointerException("uri is null"); } - List cookies = new ArrayList(); + List cookies = new ArrayList<>(); boolean secureLink = "https".equalsIgnoreCase(uri.getScheme()); lock.lock(); try { @@ -157,7 +157,7 @@ * of this cookie store. */ public List getURIs() { - List uris = new ArrayList(); + List uris = new ArrayList<>(); lock.lock(); try { @@ -281,7 +281,7 @@ String host, boolean secureLink) { // Use a separate list to handle cookies that need to be removed so // that there is no conflict with iterators. - ArrayList toRemove = new ArrayList(); + ArrayList toRemove = new ArrayList<>(); for (Map.Entry> entry : cookieIndex.entrySet()) { String domain = entry.getKey(); List lst = entry.getValue(); @@ -368,7 +368,7 @@ cookies.add(cookie); } else { - cookies = new ArrayList(); + cookies = new ArrayList<>(); cookies.add(cookie); indexStore.put(index, cookies); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/InetAddress.java --- a/jdk/src/java.base/share/classes/java/net/InetAddress.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/InetAddress.java Wed Jul 05 20:29:43 2017 +0200 @@ -270,7 +270,7 @@ preferIPv6Address = java.security.AccessController.doPrivileged( new GetBooleanAction("java.net.preferIPv6Addresses")).booleanValue(); AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); return null; @@ -852,7 +852,7 @@ final String providerName = provider; try { nameService = java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction() { + new java.security.PrivilegedExceptionAction<>() { public NameService run() { Iterator itr = ServiceLoader.load(NameServiceDescriptor.class) @@ -892,7 +892,7 @@ String provider = null;; String propPrefix = "sun.net.spi.nameservice.provider."; int n = 1; - nameServices = new ArrayList(); + nameServices = new ArrayList<>(); provider = AccessController.doPrivileged( new GetPropertyAction(propPrefix + n)); while (provider != null) { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/NetworkInterface.java --- a/jdk/src/java.base/share/classes/java/net/NetworkInterface.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/NetworkInterface.java Wed Jul 05 20:29:43 2017 +0200 @@ -54,7 +54,7 @@ static { AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); return null; @@ -167,7 +167,7 @@ * @since 1.6 */ public java.util.List getInterfaceAddresses() { - java.util.List lst = new java.util.ArrayList(1); + java.util.List lst = new java.util.ArrayList<>(1); SecurityManager sec = System.getSecurityManager(); for (int j=0; j() { + return new Enumeration<>() { private int i = 0; public NetworkInterface nextElement() { if (netifs != null && i < netifs.length) { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/Socket.java --- a/jdk/src/java.base/share/classes/java/net/Socket.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/Socket.java Wed Jul 05 20:29:43 2017 +0200 @@ -470,7 +470,7 @@ // getDeclaredMethod, therefore we need permission to access the member oldImpl = AccessController.doPrivileged - (new PrivilegedAction() { + (new PrivilegedAction<>() { public Boolean run() { Class clazz = impl.getClass(); while (true) { @@ -911,7 +911,7 @@ InputStream is = null; try { is = AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { public InputStream run() throws IOException { return impl.getInputStream(); } @@ -951,7 +951,7 @@ OutputStream os = null; try { os = AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { public OutputStream run() throws IOException { return impl.getOutputStream(); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/SocketPermission.java --- a/jdk/src/java.base/share/classes/java/net/SocketPermission.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/SocketPermission.java Wed Jul 05 20:29:43 2017 +0200 @@ -1194,7 +1194,7 @@ */ private static int initEphemeralPorts(String suffix, int defval) { return AccessController.doPrivileged( - new PrivilegedAction(){ + new PrivilegedAction<>(){ public Integer run() { int val = Integer.getInteger( "jdk.net.ephemeralPortRange."+suffix, -1 @@ -1328,7 +1328,7 @@ */ public SocketPermissionCollection() { - perms = new ArrayList(); + perms = new ArrayList<>(); } /** @@ -1466,7 +1466,7 @@ // Get the one we want @SuppressWarnings("unchecked") Vector permissions = (Vector)gfields.get("permissions", null); - perms = new ArrayList(permissions.size()); + perms = new ArrayList<>(permissions.size()); perms.addAll(permissions); } } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/SocksSocketImpl.java --- a/jdk/src/java.base/share/classes/java/net/SocksSocketImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/SocksSocketImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -82,7 +82,7 @@ { try { AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction() { + new java.security.PrivilegedExceptionAction<>() { public Void run() throws IOException { superConnectServer(host, port, timeout); cmdIn = getInputStream(); @@ -157,7 +157,7 @@ final InetAddress addr = InetAddress.getByName(server); PasswordAuthentication pw = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public PasswordAuthentication run() { return Authenticator.requestPasswordAuthentication( server, addr, serverPort, "SOCKS5", "SOCKS authentication", null); @@ -351,7 +351,7 @@ // server is not null only when the socket was created with a // specified proxy in which case it does bypass the ProxySelector ProxySelector sel = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public ProxySelector run() { return ProxySelector.getDefault(); } @@ -595,7 +595,7 @@ InetAddress naddr = baddr; if (naddr.isAnyLocalAddress()) { naddr = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public InetAddress run() { return cmdsock.getLocalAddress(); @@ -671,7 +671,7 @@ // server is not null only when the socket was created with a // specified proxy in which case it does bypass the ProxySelector ProxySelector sel = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public ProxySelector run() { return ProxySelector.getDefault(); } @@ -724,7 +724,7 @@ // Connects to the SOCKS server try { AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { public Void run() throws Exception { cmdsock = new Socket(new PlainSocketImpl()); cmdsock.connect(new InetSocketAddress(server, serverPort)); @@ -755,7 +755,7 @@ } else { try { AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { public Void run() throws Exception { cmdsock = new Socket(new PlainSocketImpl()); cmdsock.connect(new InetSocketAddress(server, serverPort)); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/URL.java --- a/jdk/src/java.base/share/classes/java/net/URL.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/URL.java Wed Jul 05 20:29:43 2017 +0200 @@ -268,6 +268,23 @@ * createURLStreamHandler} method of each provider, if instantiated, is * invoked, with the protocol string, until a provider returns non-null, * or all providers have been exhausted. + *
  • If the previous step fails to find a protocol handler, the + * constructor reads the value of the system property: + *
    {@code + * java.protocol.handler.pkgs + * }
    + * If the value of that system property is not {@code null}, + * it is interpreted as a list of packages separated by a vertical + * slash character '{@code |}'. The constructor tries to load + * the class named: + *
    {@code + * ..Handler + * }
    + * where {@code } is replaced by the name of the package + * and {@code } is replaced by the name of the protocol. + * If this class does not exist, or if the class exists but it is not + * a subclass of {@code URLStreamHandler}, then the next package + * in the list is tried. *
  • If the previous step fails to find a protocol handler, then the * constructor tries to load a built-in protocol handler. * If this class does not exist, or if the class exists but it is not a @@ -1139,8 +1156,41 @@ } } + private static URLStreamHandler lookupViaProperty(String protocol) { + String packagePrefixList = java.security.AccessController.doPrivileged( + new PrivilegedAction<>() { + public String run() { + return System.getProperty(protocolPathProp, ""); + } + }); + String[] packagePrefixes = packagePrefixList.split("\\|"); + + URLStreamHandler handler = null; + for (int i=0; handler == null && i cls = null; + try { + cls = Class.forName(clsName); + } catch (ClassNotFoundException e) { + ClassLoader cl = ClassLoader.getSystemClassLoader(); + if (cl != null) { + cls = cl.loadClass(clsName); + } + } + if (cls != null) { + handler = (URLStreamHandler)cls.newInstance(); + } + } catch (Exception e) { + // any number of exceptions can get thrown here + } + } + return handler; + } + private static Iterator providers() { - return new Iterator() { + return new Iterator<>() { ClassLoader cl = ClassLoader.getSystemClassLoader(); ServiceLoader sl = @@ -1193,7 +1243,7 @@ gate.set(gate); try { return AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public URLStreamHandler run() { Iterator itr = providers(); while (itr.hasNext()) { @@ -1251,6 +1301,10 @@ if (handler == null && !protocol.equalsIgnoreCase("jar")) { handler = lookupViaProviders(protocol); } + + if (handler == null) { + handler = lookupViaProperty(protocol); + } } synchronized (streamHandlerLock) { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/net/URLClassLoader.java --- a/jdk/src/java.base/share/classes/java/net/URLClassLoader.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/net/URLClassLoader.java Wed Jul 05 20:29:43 2017 +0200 @@ -359,7 +359,7 @@ final Class result; try { result = AccessController.doPrivileged( - new PrivilegedExceptionAction>() { + new PrivilegedExceptionAction<>() { public Class run() throws ClassNotFoundException { String path = name.replace('.', '/').concat(".class"); Resource res = ucp.getResource(path, false); @@ -564,7 +564,7 @@ * The same restriction to finding classes applies to resources */ URL url = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public URL run() { return ucp.findResource(name, true); } @@ -587,7 +587,7 @@ { final Enumeration e = ucp.findResources(name, true); - return new Enumeration() { + return new Enumeration<>() { private URL url = null; private boolean next() { @@ -596,7 +596,7 @@ } do { URL u = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public URL run() { if (!e.hasMoreElements()) return null; @@ -704,7 +704,7 @@ final SecurityManager sm = System.getSecurityManager(); if (sm != null) { final Permission fp = p; - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() throws SecurityException { sm.checkPermission(fp); return null; @@ -735,7 +735,7 @@ final AccessControlContext acc = AccessController.getContext(); // Need a privileged block to create the class loader URLClassLoader ucl = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public URLClassLoader run() { return new FactoryURLClassLoader(urls, parent, acc); } @@ -760,7 +760,7 @@ final AccessControlContext acc = AccessController.getContext(); // Need a privileged block to create the class loader URLClassLoader ucl = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public URLClassLoader run() { return new FactoryURLClassLoader(urls, acc); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/nio/channels/AsynchronousFileChannel.java --- a/jdk/src/java.base/share/classes/java/nio/channels/AsynchronousFileChannel.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/nio/channels/AsynchronousFileChannel.java Wed Jul 05 20:29:43 2017 +0200 @@ -296,7 +296,7 @@ public static AsynchronousFileChannel open(Path file, OpenOption... options) throws IOException { - Set set = new HashSet(options.length); + Set set = new HashSet<>(options.length); Collections.addAll(set, options); return open(file, set, null, NO_ATTRIBUTES); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/nio/channels/FileChannel.java --- a/jdk/src/java.base/share/classes/java/nio/channels/FileChannel.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/nio/channels/FileChannel.java Wed Jul 05 20:29:43 2017 +0200 @@ -330,7 +330,7 @@ public static FileChannel open(Path path, OpenOption... options) throws IOException { - Set set = new HashSet(options.length); + Set set = new HashSet<>(options.length); Collections.addAll(set, options); return open(path, set, NO_ATTRIBUTES); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/nio/channels/spi/AsynchronousChannelProvider.java --- a/jdk/src/java.base/share/classes/java/nio/channels/spi/AsynchronousChannelProvider.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/nio/channels/spi/AsynchronousChannelProvider.java Wed Jul 05 20:29:43 2017 +0200 @@ -76,7 +76,7 @@ private static AsynchronousChannelProvider load() { return AccessController - .doPrivileged(new PrivilegedAction() { + .doPrivileged(new PrivilegedAction<>() { public AsynchronousChannelProvider run() { AsynchronousChannelProvider p; p = loadProviderFromProperty(); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/nio/channels/spi/SelectorProvider.java --- a/jdk/src/java.base/share/classes/java/nio/channels/spi/SelectorProvider.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/nio/channels/spi/SelectorProvider.java Wed Jul 05 20:29:43 2017 +0200 @@ -172,7 +172,7 @@ if (provider != null) return provider; return AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public SelectorProvider run() { if (loadProviderFromProperty()) return provider; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/nio/charset/Charset.java --- a/jdk/src/java.base/share/classes/java/nio/charset/Charset.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/nio/charset/Charset.java Wed Jul 05 20:29:43 2017 +0200 @@ -335,7 +335,7 @@ // thrown. Should be invoked with full privileges. // private static Iterator providers() { - return new Iterator() { + return new Iterator<>() { ClassLoader cl = ClassLoader.getSystemClassLoader(); ServiceLoader sl = @@ -404,7 +404,7 @@ gate.set(gate); return AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public Charset run() { for (Iterator i = providers(); i.hasNext();) { @@ -428,7 +428,7 @@ // returns ExtendedProvider, if installed private static CharsetProvider extendedProvider() { return AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public CharsetProvider run() { try { Class epc @@ -570,10 +570,10 @@ */ public static SortedMap availableCharsets() { return AccessController.doPrivileged( - new PrivilegedAction>() { + new PrivilegedAction<>() { public SortedMap run() { TreeMap m = - new TreeMap( + new TreeMap<>( ASCIICaseInsensitiveComparator.CASE_INSENSITIVE_ORDER); put(standardProvider.charsets(), m); CharsetProvider ecp = ExtendedProviderHolder.extendedProvider; @@ -663,7 +663,7 @@ if (aliasSet != null) return aliasSet; int n = aliases.length; - HashSet hs = new HashSet(n); + HashSet hs = new HashSet<>(n); for (int i = 0; i < n; i++) hs.add(aliases[i]); aliasSet = Collections.unmodifiableSet(hs); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/nio/charset/CoderResult.java --- a/jdk/src/java.base/share/classes/java/nio/charset/CoderResult.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/nio/charset/CoderResult.java Wed Jul 05 20:29:43 2017 +0200 @@ -204,13 +204,13 @@ WeakReference w; CoderResult e = null; if (cache == null) { - cache = new HashMap>(); + cache = new HashMap<>(); } else if ((w = cache.get(k)) != null) { e = w.get(); } if (e == null) { e = create(len); - cache.put(k, new WeakReference(e)); + cache.put(k, new WeakReference<>(e)); } return e; } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/nio/file/FileSystems.java --- a/jdk/src/java.base/share/classes/java/nio/file/FileSystems.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/nio/file/FileSystems.java Wed Jul 05 20:29:43 2017 +0200 @@ -93,7 +93,7 @@ private static FileSystem defaultFileSystem() { // load default provider FileSystemProvider provider = AccessController - .doPrivileged(new PrivilegedAction() { + .doPrivileged(new PrivilegedAction<>() { public FileSystemProvider run() { return getDefaultProvider(); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/nio/file/Files.java --- a/jdk/src/java.base/share/classes/java/nio/file/Files.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/nio/file/Files.java Wed Jul 05 20:29:43 2017 +0200 @@ -402,7 +402,7 @@ public static SeekableByteChannel newByteChannel(Path path, OpenOption... options) throws IOException { - Set set = new HashSet(options.length); + Set set = new HashSet<>(options.length); Collections.addAll(set, options); return newByteChannel(path, set); } @@ -516,7 +516,7 @@ // create a matcher and return a filter that uses it. FileSystem fs = dir.getFileSystem(); final PathMatcher matcher = fs.getPathMatcher("glob:" + glob); - DirectoryStream.Filter filter = new DirectoryStream.Filter() { + DirectoryStream.Filter filter = new DirectoryStream.Filter<>() { @Override public boolean accept(Path entry) { return matcher.matches(entry.getFileName()); @@ -1541,7 +1541,7 @@ // creates the default file type detector private static FileTypeDetector createDefaultFileTypeDetector() { return AccessController - .doPrivileged(new PrivilegedAction() { + .doPrivileged(new PrivilegedAction<>() { @Override public FileTypeDetector run() { return sun.nio.fs.DefaultFileTypeDetector.create(); }}); @@ -1550,7 +1550,7 @@ // loads all installed file type detectors private static List loadInstalledDetectors() { return AccessController - .doPrivileged(new PrivilegedAction>() { + .doPrivileged(new PrivilegedAction<>() { @Override public List run() { List list = new ArrayList<>(); ServiceLoader loader = ServiceLoader @@ -3468,7 +3468,7 @@ final Iterator delegate = ds.iterator(); // Re-wrap DirectoryIteratorException to UncheckedIOException - Iterator iterator = new Iterator() { + Iterator iterator = new Iterator<>() { @Override public boolean hasNext() { try { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/nio/file/Path.java --- a/jdk/src/java.base/share/classes/java/nio/file/Path.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/nio/file/Path.java Wed Jul 05 20:29:43 2017 +0200 @@ -801,7 +801,7 @@ */ @Override default Iterator iterator() { - return new Iterator() { + return new Iterator<>() { private int i = 0; @Override diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/nio/file/attribute/AclEntry.java --- a/jdk/src/java.base/share/classes/java/nio/file/attribute/AclEntry.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/nio/file/attribute/AclEntry.java Wed Jul 05 20:29:43 2017 +0200 @@ -306,7 +306,7 @@ * @return the permissions component */ public Set permissions() { - return new HashSet(perms); + return new HashSet<>(perms); } /** @@ -317,7 +317,7 @@ * @return the flags component */ public Set flags() { - return new HashSet(flags); + return new HashSet<>(flags); } /** diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/nio/file/attribute/PosixFilePermissions.java --- a/jdk/src/java.base/share/classes/java/nio/file/attribute/PosixFilePermissions.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/nio/file/attribute/PosixFilePermissions.java Wed Jul 05 20:29:43 2017 +0200 @@ -160,13 +160,13 @@ { // copy set and check for nulls (CCE will be thrown if an element is not // a PosixFilePermission) - perms = new HashSet(perms); + perms = new HashSet<>(perms); for (PosixFilePermission p: perms) { if (p == null) throw new NullPointerException(); } final Set value = perms; - return new FileAttribute>() { + return new FileAttribute<>() { @Override public String name() { return "posix:permissions"; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/nio/file/spi/FileSystemProvider.java --- a/jdk/src/java.base/share/classes/java/nio/file/spi/FileSystemProvider.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/nio/file/spi/FileSystemProvider.java Wed Jul 05 20:29:43 2017 +0200 @@ -110,7 +110,7 @@ // loads all installed providers private static List loadInstalledProviders() { - List list = new ArrayList(); + List list = new ArrayList<>(); ServiceLoader sl = ServiceLoader .load(FileSystemProvider.class, ClassLoader.getSystemClassLoader()); @@ -163,7 +163,7 @@ loadingProviders = true; List list = AccessController - .doPrivileged(new PrivilegedAction>() { + .doPrivileged(new PrivilegedAction<>() { @Override public List run() { return loadInstalledProviders(); @@ -419,7 +419,7 @@ throws IOException { int len = options.length; - Set opts = new HashSet(len + 3); + Set opts = new HashSet<>(len + 3); if (len == 0) { opts.add(StandardOpenOption.CREATE); opts.add(StandardOpenOption.TRUNCATE_EXISTING); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/time/format/DateTimeParseContext.java --- a/jdk/src/java.base/share/classes/java/time/format/DateTimeParseContext.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/time/format/DateTimeParseContext.java Wed Jul 05 20:29:43 2017 +0200 @@ -399,7 +399,7 @@ */ void addChronoChangedListener(Consumer listener) { if (chronoListeners == null) { - chronoListeners = new ArrayList>(); + chronoListeners = new ArrayList<>(); } chronoListeners.add(listener); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/time/zone/ZoneRulesProvider.java --- a/jdk/src/java.base/share/classes/java/time/zone/ZoneRulesProvider.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/time/zone/ZoneRulesProvider.java Wed Jul 05 20:29:43 2017 +0200 @@ -141,7 +141,7 @@ // if the property java.time.zone.DefaultZoneRulesProvider is // set then its value is the class name of the default provider final List loaded = new ArrayList<>(); - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Object run() { String prop = System.getProperty("java.time.zone.DefaultZoneRulesProvider"); if (prop != null) { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/util/Calendar.java --- a/jdk/src/java.base/share/classes/java/util/Calendar.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/util/Calendar.java Wed Jul 05 20:29:43 2017 +0200 @@ -3579,7 +3579,7 @@ ZoneInfo zi = null; try { zi = AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { @Override public ZoneInfo run() throws Exception { return (ZoneInfo) input.readObject(); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/util/Currency.java --- a/jdk/src/java.base/share/classes/java/util/Currency.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/util/Currency.java Wed Jul 05 20:29:43 2017 +0200 @@ -212,7 +212,7 @@ private static final int VALID_FORMAT_VERSION = 2; static { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { try { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/util/ResourceBundle.java --- a/jdk/src/java.base/share/classes/java/util/ResourceBundle.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/util/ResourceBundle.java Wed Jul 05 20:29:43 2017 +0200 @@ -2655,7 +2655,7 @@ InputStream stream = null; try { stream = AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { public InputStream run() throws IOException { InputStream is = null; if (reloadFlag) { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/util/TimeZone.java --- a/jdk/src/java.base/share/classes/java/util/TimeZone.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/util/TimeZone.java Wed Jul 05 20:29:43 2017 +0200 @@ -678,7 +678,7 @@ assert tz != null; final String id = zoneID; - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { System.setProperty("user.timezone", id); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/util/jar/JarFile.java --- a/jdk/src/java.base/share/classes/java/util/jar/JarFile.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/util/jar/JarFile.java Wed Jul 05 20:29:43 2017 +0200 @@ -593,7 +593,7 @@ if (includeUnsigned) { return unsignedEntryNames(); } else { - return new Enumeration() { + return new Enumeration<>() { public boolean hasMoreElements() { return false; @@ -619,7 +619,7 @@ // screen out entries which are never signed final Enumeration enum_ = super.entries(); - return new Enumeration() { + return new Enumeration<>() { ZipEntry entry; @@ -669,7 +669,7 @@ private Enumeration unsignedEntryNames() { final Enumeration entries = entries(); - return new Enumeration() { + return new Enumeration<>() { String name; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/java/util/jar/JarVerifier.java --- a/jdk/src/java.base/share/classes/java/util/jar/JarVerifier.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/java/util/jar/JarVerifier.java Wed Jul 05 20:29:43 2017 +0200 @@ -684,7 +684,7 @@ final List signersReq = req; final Enumeration enum2 = (matchUnsigned) ? unsignedEntryNames(jar) : emptyEnumeration; - return new Enumeration() { + return new Enumeration<>() { String name; @@ -726,7 +726,7 @@ final Map map = new HashMap<>(); map.putAll(signerMap()); final Enumeration enum_ = e; - return new Enumeration() { + return new Enumeration<>() { Enumeration signers = null; JarEntry entry; @@ -786,7 +786,7 @@ private Enumeration unsignedEntryNames(JarFile jar) { final Map map = signerMap(); final Enumeration entries = jar.entries(); - return new Enumeration() { + return new Enumeration<>() { String name; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/misc/Cleaner.java --- a/jdk/src/java.base/share/classes/sun/misc/Cleaner.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/misc/Cleaner.java Wed Jul 05 20:29:43 2017 +0200 @@ -142,7 +142,7 @@ try { thunk.run(); } catch (final Throwable x) { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { if (System.err != null) new Error("Cleaner terminated abnormally", x) diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/misc/URLClassPath.java --- a/jdk/src/java.base/share/classes/sun/misc/URLClassPath.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/misc/URLClassPath.java Wed Jul 05 20:29:43 2017 +0200 @@ -97,16 +97,16 @@ } /* The original search path of URLs. */ - private ArrayList path = new ArrayList(); + private ArrayList path = new ArrayList<>(); /* The stack of unopened URLs */ - Stack urls = new Stack(); + Stack urls = new Stack<>(); /* The resulting search path of Loaders */ - ArrayList loaders = new ArrayList(); + ArrayList loaders = new ArrayList<>(); /* Map of each URL opened to its corresponding Loader */ - HashMap lmap = new HashMap(); + HashMap lmap = new HashMap<>(); /* The jar protocol handler to use when creating new URLs */ private URLStreamHandler jarHandler; @@ -142,7 +142,7 @@ if (closed) { return Collections.emptyList(); } - List result = new LinkedList(); + List result = new LinkedList<>(); for (Loader loader : loaders) { try { loader.close(); @@ -234,7 +234,7 @@ */ public Enumeration findResources(final String name, final boolean check) { - return new Enumeration() { + return new Enumeration<>() { private int index = 0; private URL url = null; @@ -281,7 +281,7 @@ */ public Enumeration getResources(final String name, final boolean check) { - return new Enumeration() { + return new Enumeration<>() { private int index = 0; private Resource res = null; @@ -374,7 +374,7 @@ private Loader getLoader(final URL url) throws IOException { try { return java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction() { + new java.security.PrivilegedExceptionAction<>() { public Loader run() throws IOException { String file = url.getFile(); if (file != null && file.endsWith("/")) { @@ -689,7 +689,7 @@ if (jar == null) { try { java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction() { + new java.security.PrivilegedExceptionAction<>() { public Void run() throws IOException { if (DEBUG) { System.err.println("Opening " + csu); @@ -870,7 +870,7 @@ if (index == null) return null; - HashSet visited = new HashSet(); + HashSet visited = new HashSet<>(); return getResource(name, check, visited); } @@ -912,7 +912,7 @@ * before */ newLoader = AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { public JarLoader run() throws IOException { return new JarLoader(url, handler, lmap); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/net/NetworkClient.java --- a/jdk/src/java.base/share/classes/sun/net/NetworkClient.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/net/NetworkClient.java Wed Jul 05 20:29:43 2017 +0200 @@ -69,7 +69,7 @@ final String encs[] = { null }; AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public Void run() { vals[0] = Integer.getInteger("sun.net.client.defaultReadTimeout", 0).intValue(); vals[1] = Integer.getInteger("sun.net.client.defaultConnectTimeout", 0).intValue(); @@ -154,7 +154,7 @@ if (proxy != null) { if (proxy.type() == Proxy.Type.SOCKS) { s = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public Socket run() { return new Socket(proxy); }}); @@ -201,7 +201,7 @@ if (serverSocket == null) throw new IOException("not connected"); return AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public InetAddress run() { return serverSocket.getLocalAddress(); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/net/ProgressMonitor.java --- a/jdk/src/java.base/share/classes/sun/net/ProgressMonitor.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/net/ProgressMonitor.java Wed Jul 05 20:29:43 2017 +0200 @@ -64,7 +64,7 @@ * Return a snapshot of the ProgressSource list */ public ArrayList getProgressSources() { - ArrayList snapshot = new ArrayList(); + ArrayList snapshot = new ArrayList<>(); try { synchronized(progressSourceList) { @@ -114,7 +114,7 @@ if (progressListenerList.size() > 0) { // Notify progress listener if there is progress change - ArrayList listeners = new ArrayList(); + ArrayList listeners = new ArrayList<>(); // Copy progress listeners to another list to avoid holding locks synchronized(progressListenerList) { @@ -151,7 +151,7 @@ if (progressListenerList.size() > 0) { // Notify progress listener if there is progress change - ArrayList listeners = new ArrayList(); + ArrayList listeners = new ArrayList<>(); // Copy progress listeners to another list to avoid holding locks synchronized(progressListenerList) { @@ -183,7 +183,7 @@ if (progressListenerList.size() > 0) { // Notify progress listener if there is progress change - ArrayList listeners = new ArrayList(); + ArrayList listeners = new ArrayList<>(); // Copy progress listeners to another list to avoid holding locks synchronized(progressListenerList) { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/net/www/MessageHeader.java --- a/jdk/src/java.base/share/classes/sun/net/www/MessageHeader.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/net/www/MessageHeader.java Wed Jul 05 20:29:43 2017 +0200 @@ -244,7 +244,7 @@ public synchronized Map> filterAndAddHeaders( String[] excludeList, Map> include) { boolean skipIt = false; - Map> m = new HashMap>(); + Map> m = new HashMap<>(); for (int i = nkeys; --i >= 0;) { if (excludeList != null) { // check if the key is in the excludeList. @@ -260,7 +260,7 @@ if (!skipIt) { List l = m.get(keys[i]); if (l == null) { - l = new ArrayList(); + l = new ArrayList<>(); m.put(keys[i], l); } l.add(values[i]); @@ -274,7 +274,7 @@ for (Map.Entry> entry: include.entrySet()) { List l = m.get(entry.getKey()); if (l == null) { - l = new ArrayList(); + l = new ArrayList<>(); m.put(entry.getKey(), l); } l.addAll(entry.getValue()); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/net/www/http/HttpCapture.java --- a/jdk/src/java.base/share/classes/sun/net/www/http/HttpCapture.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/net/www/http/HttpCapture.java Wed Jul 05 20:29:43 2017 +0200 @@ -64,7 +64,7 @@ private static synchronized void init() { initialized = true; String rulesFile = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public String run() { return NetProperties.get("sun.net.http.captureRules"); } @@ -85,8 +85,8 @@ String[] s = line.split(","); if (s.length == 2) { if (patterns == null) { - patterns = new ArrayList(); - capFiles = new ArrayList(); + patterns = new ArrayList<>(); + capFiles = new ArrayList<>(); } patterns.add(Pattern.compile(s[0].trim())); capFiles.add(s[1].trim()); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java --- a/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java Wed Jul 05 20:29:43 2017 +0200 @@ -479,7 +479,7 @@ { try { java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction() { + new java.security.PrivilegedExceptionAction<>() { public Void run() throws IOException { openServer(server.getHostString(), server.getPort()); return null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/net/www/http/KeepAliveCache.java --- a/jdk/src/java.base/share/classes/sun/net/www/http/KeepAliveCache.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/net/www/http/KeepAliveCache.java Wed Jul 05 20:29:43 2017 +0200 @@ -94,7 +94,7 @@ */ final KeepAliveCache cache = this; java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { keepAliveTimer = new InnocuousThread(cache, "Keep-Alive-Timer"); keepAliveTimer.setDaemon(true); @@ -178,7 +178,7 @@ long currentTime = System.currentTimeMillis(); ArrayList keysToRemove - = new ArrayList(); + = new ArrayList<>(); for (KeepAliveKey key : keySet()) { ClientVector v = get(key); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java Wed Jul 05 20:29:43 2017 +0200 @@ -122,7 +122,7 @@ this.dontUseNegotiate = dontUseNegotiate; rsp = response; this.hdrname = hdrname; - schemes = new HashMap(); + schemes = new HashMap<>(); parse(); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java Wed Jul 05 20:29:43 2017 +0200 @@ -62,7 +62,7 @@ static { Boolean b = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public Boolean run() { return NetProperties.getBoolean(compatPropName); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Wed Jul 05 20:29:43 2017 +0200 @@ -244,7 +244,7 @@ new sun.security.action.GetBooleanAction( "sun.net.http.allowRestrictedHeaders")).booleanValue(); if (!allowRestrictedHeaders) { - restrictedHeaderSet = new HashSet(restrictedHeaders.length); + restrictedHeaderSet = new HashSet<>(restrictedHeaders.length); for (int i=0; i < restrictedHeaders.length; i++) { restrictedHeaderSet.add(restrictedHeaders[i].toLowerCase()); } @@ -413,7 +413,7 @@ final URL url, final RequestorType authType) { return java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public PasswordAuthentication run() { if (logger.isLoggable(PlatformLogger.Level.FINEST)) { logger.finest("Requesting Authentication: host =" + host + " url = " + url); @@ -817,14 +817,14 @@ } catch (SecurityException se) { /* swallow exception */ } } else { cookieHandler = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public CookieHandler run() { return CookieHandler.getDefault(); } }); } cacheHandler = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public ResponseCache run() { return ResponseCache.getDefault(); } @@ -909,7 +909,7 @@ final boolean result[] = {false}; java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { try { InetAddress a1 = InetAddress.getByName(h1); @@ -954,7 +954,7 @@ try { // lookup hostname and use IP address if available host = AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { public String run() throws IOException { InetAddress addr = InetAddress.getByName(hostarg); return addr.getHostAddress(); @@ -984,7 +984,7 @@ if (p != null) { try { AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { public Void run() throws IOException { plainConnect0(); return null; @@ -1086,7 +1086,7 @@ */ ProxySelector sel = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public ProxySelector run() { return ProxySelector.getDefault(); } @@ -1245,7 +1245,7 @@ if (p != null) { try { return AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { public OutputStream run() throws IOException { return getOutputStream0(); } @@ -1423,7 +1423,7 @@ if (p != null) { try { return AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { public InputStream run() throws IOException { return getInputStream0(); } @@ -1877,7 +1877,7 @@ final Object[] args = { rememberedException.getMessage() }; IOException chainedException = java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction() { + new java.security.PrivilegedExceptionAction<>() { public IOException run() throws Exception { return (IOException) rememberedException.getClass() @@ -2204,7 +2204,7 @@ try { final String finalHost = host; addr = java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction() { + new java.security.PrivilegedExceptionAction<>() { public InetAddress run() throws java.net.UnknownHostException { return InetAddress.getByName(finalHost); @@ -2566,7 +2566,7 @@ if (p != null) { try { return AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { public Boolean run() throws IOException { return followRedirect0(loc, stat, locUrl0); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/net/www/protocol/jar/URLJarFile.java --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/jar/URLJarFile.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/jar/URLJarFile.java Wed Jul 05 20:29:43 2017 +0200 @@ -213,7 +213,7 @@ /* get the stream before asserting privileges */ try (final InputStream in = url.openConnection().getInputStream()) { result = AccessController.doPrivileged( - new PrivilegedExceptionAction() { + new PrivilegedExceptionAction<>() { public JarFile run() throws IOException { Path tmpFile = Files.createTempFile("jar_cache", null); try { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java --- a/jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -76,7 +76,7 @@ this.pool = pool; if (pool.isFixedThreadPool()) { - taskQueue = new ConcurrentLinkedQueue(); + taskQueue = new ConcurrentLinkedQueue<>(); } else { taskQueue = null; // not used } @@ -115,7 +115,7 @@ } private void startInternalThread(final Runnable task) { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { // internal threads should not be visible to application so @@ -246,7 +246,7 @@ abstract void shutdownHandlerTasks(); private void shutdownExecutors() { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { pool.executor().shutdown(); timeoutExecutor.shutdown(); @@ -323,7 +323,7 @@ task = new Runnable() { @Override public void run() { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { delegate.run(); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousServerSocketChannelImpl.java --- a/jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousServerSocketChannelImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousServerSocketChannelImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -228,7 +228,7 @@ static final Set> defaultOptions = defaultOptions(); private static Set> defaultOptions() { - HashSet> set = new HashSet>(2); + HashSet> set = new HashSet<>(2); set.add(StandardSocketOptions.SO_RCVBUF); set.add(StandardSocketOptions.SO_REUSEADDR); return Collections.unmodifiableSet(set); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousSocketChannelImpl.java --- a/jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousSocketChannelImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousSocketChannelImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -503,7 +503,7 @@ static final Set> defaultOptions = defaultOptions(); private static Set> defaultOptions() { - HashSet> set = new HashSet>(5); + HashSet> set = new HashSet<>(5); set.add(StandardSocketOptions.SO_SNDBUF); set.add(StandardSocketOptions.SO_RCVBUF); set.add(StandardSocketOptions.SO_KEEPALIVE); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/nio/ch/DatagramChannelImpl.java --- a/jdk/src/java.base/share/classes/sun/nio/ch/DatagramChannelImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/nio/ch/DatagramChannelImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -294,7 +294,7 @@ static final Set> defaultOptions = defaultOptions(); private static Set> defaultOptions() { - HashSet> set = new HashSet>(8); + HashSet> set = new HashSet<>(8); set.add(StandardSocketOptions.SO_SNDBUF); set.add(StandardSocketOptions.SO_RCVBUF); set.add(StandardSocketOptions.SO_REUSEADDR); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/nio/ch/MembershipKeyImpl.java --- a/jdk/src/java.base/share/classes/sun/nio/ch/MembershipKeyImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/nio/ch/MembershipKeyImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -184,7 +184,7 @@ // created blocked set if required and add source address if (blockedSet == null) - blockedSet = new HashSet(); + blockedSet = new HashSet<>(); blockedSet.add(toBlock); } return this; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/nio/ch/MembershipRegistry.java --- a/jdk/src/java.base/share/classes/sun/nio/ch/MembershipRegistry.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/nio/ch/MembershipRegistry.java Wed Jul 05 20:29:43 2017 +0200 @@ -84,13 +84,13 @@ InetAddress group = key.group(); List keys; if (groups == null) { - groups = new HashMap>(); + groups = new HashMap<>(); keys = null; } else { keys = groups.get(group); } if (keys == null) { - keys = new LinkedList(); + keys = new LinkedList<>(); groups.put(group, keys); } keys.add(key); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/nio/ch/SelectorImpl.java --- a/jdk/src/java.base/share/classes/sun/nio/ch/SelectorImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/nio/ch/SelectorImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -52,8 +52,8 @@ protected SelectorImpl(SelectorProvider sp) { super(sp); - keys = new HashSet(); - selectedKeys = new HashSet(); + keys = new HashSet<>(); + selectedKeys = new HashSet<>(); if (Util.atBugLevel("1.4")) { publicKeys = keys; publicSelectedKeys = selectedKeys; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/nio/ch/ServerSocketChannelImpl.java --- a/jdk/src/java.base/share/classes/sun/nio/ch/ServerSocketChannelImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/nio/ch/ServerSocketChannelImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -182,7 +182,7 @@ static final Set> defaultOptions = defaultOptions(); private static Set> defaultOptions() { - HashSet> set = new HashSet>(2); + HashSet> set = new HashSet<>(2); set.add(StandardSocketOptions.SO_RCVBUF); set.add(StandardSocketOptions.SO_REUSEADDR); set.add(StandardSocketOptions.IP_TOS); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/nio/ch/SocketChannelImpl.java --- a/jdk/src/java.base/share/classes/sun/nio/ch/SocketChannelImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/nio/ch/SocketChannelImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -229,7 +229,7 @@ static final Set> defaultOptions = defaultOptions(); private static Set> defaultOptions() { - HashSet> set = new HashSet>(8); + HashSet> set = new HashSet<>(8); set.add(StandardSocketOptions.SO_SNDBUF); set.add(StandardSocketOptions.SO_RCVBUF); set.add(StandardSocketOptions.SO_KEEPALIVE); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/nio/cs/CharsetMapping.java --- a/jdk/src/java.base/share/classes/sun/nio/cs/CharsetMapping.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/nio/cs/CharsetMapping.java Wed Jul 05 20:29:43 2017 +0200 @@ -135,7 +135,7 @@ // init the CharsetMapping object from the .dat binary file public static CharsetMapping get(final InputStream is) { - return AccessController.doPrivileged(new PrivilegedAction() { + return AccessController.doPrivileged(new PrivilegedAction<>() { public CharsetMapping run() { return new CharsetMapping().load(is); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/nio/fs/AbstractPoller.java --- a/jdk/src/java.base/share/classes/sun/nio/fs/AbstractPoller.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/nio/fs/AbstractPoller.java Wed Jul 05 20:29:43 2017 +0200 @@ -48,7 +48,7 @@ private boolean shutdown; protected AbstractPoller() { - this.requestList = new LinkedList(); + this.requestList = new LinkedList<>(); this.shutdown = false; } @@ -57,7 +57,7 @@ */ public void start() { final Runnable thisRunnable = this; - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Object run() { Thread thr = new ManagedLocalsThread(thisRunnable); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/nio/fs/AbstractWatchKey.java --- a/jdk/src/java.base/share/classes/sun/nio/fs/AbstractWatchKey.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/nio/fs/AbstractWatchKey.java Wed Jul 05 20:29:43 2017 +0200 @@ -70,8 +70,8 @@ this.watcher = watcher; this.dir = dir; this.state = State.READY; - this.events = new ArrayList>(); - this.lastModifyEvents = new HashMap>(); + this.events = new ArrayList<>(); + this.lastModifyEvents = new HashMap<>(); } final AbstractWatchService watcher() { @@ -146,7 +146,7 @@ // non-repeated event Event ev = - new Event((WatchEvent.Kind)kind, context); + new Event<>((WatchEvent.Kind)kind, context); if (isModify) { lastModifyEvents.put(context, ev); } else if (kind == StandardWatchEventKinds.OVERFLOW) { @@ -163,7 +163,7 @@ public final List> pollEvents() { synchronized (this) { List> result = events; - events = new ArrayList>(); + events = new ArrayList<>(); lastModifyEvents.clear(); return result; } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/reflect/ReflectionFactory.java --- a/jdk/src/java.base/share/classes/sun/reflect/ReflectionFactory.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/reflect/ReflectionFactory.java Wed Jul 05 20:29:43 2017 +0200 @@ -375,7 +375,7 @@ private static void checkInitted() { if (initted) return; AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public Void run() { // Tests to ensure the system properties table is fully // initialized. This is needed because reflection code is diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/reflect/annotation/AnnotationType.java --- a/jdk/src/java.base/share/classes/sun/reflect/annotation/AnnotationType.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/reflect/annotation/AnnotationType.java Wed Jul 05 20:29:43 2017 +0200 @@ -106,16 +106,16 @@ throw new IllegalArgumentException("Not an annotation type"); Method[] methods = - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Method[] run() { // Initialize memberTypes and defaultValues return annotationClass.getDeclaredMethods(); } }); - memberTypes = new HashMap>(methods.length+1, 1.0f); - memberDefaults = new HashMap(0); - members = new HashMap(methods.length+1, 1.0f); + memberTypes = new HashMap<>(methods.length+1, 1.0f); + memberDefaults = new HashMap<>(0); + members = new HashMap<>(methods.length+1, 1.0f); for (Method method : methods) { if (method.getParameterTypes().length != 0) diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/security/provider/certpath/Builder.java --- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/Builder.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/Builder.java Wed Jul 05 20:29:43 2017 +0200 @@ -102,8 +102,8 @@ /** * Verifies whether the input certificate completes the path. - * When building forward, a trust anchor will complete the path. - * When building reverse, the target certificate will complete the path. + * When building in the forward direction, a trust anchor will + * complete the path. * * @param cert the certificate to test * @return a boolean value indicating whether the cert completes the path. diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/security/provider/certpath/PKIX.java --- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PKIX.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PKIX.java Wed Jul 05 20:29:43 2017 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package sun.security.provider.certpath; import java.security.InvalidAlgorithmParameterException; -import java.security.KeyStore; import java.security.PublicKey; import java.security.cert.*; import java.security.interfaces.DSAPublicKey; @@ -194,7 +193,6 @@ static class BuilderParams extends ValidatorParams { private PKIXBuilderParameters params; - private boolean buildForward = true; private List stores; private X500Principal targetSubject; @@ -213,10 +211,6 @@ + "targetCertConstraints parameter must be an " + "X509CertSelector"); } - if (params instanceof SunCertPathBuilderParameters) { - buildForward = - ((SunCertPathBuilderParameters)params).getBuildForward(); - } this.params = params; this.targetSubject = getTargetSubject( certStores(), (X509CertSelector)targetCertConstraints()); @@ -230,7 +224,6 @@ return stores; } int maxPathLength() { return params.getMaxPathLength(); } - boolean buildForward() { return buildForward; } PKIXBuilderParameters params() { return params; } X500Principal targetSubject() { return targetSubject; } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/security/provider/certpath/ReverseBuilder.java --- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/ReverseBuilder.java Thu Apr 23 10:43:31 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,551 +0,0 @@ -/* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.provider.certpath; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.Principal; -import java.security.cert.CertificateException; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertStore; -import java.security.cert.CertStoreException; -import java.security.cert.PKIXBuilderParameters; -import java.security.cert.PKIXCertPathChecker; -import java.security.cert.PKIXParameters; -import java.security.cert.PKIXReason; -import java.security.cert.TrustAnchor; -import java.security.cert.X509Certificate; -import java.security.cert.X509CertSelector; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Comparator; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.LinkedList; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import sun.security.provider.certpath.PKIX.BuilderParams; -import sun.security.util.Debug; -import sun.security.x509.Extension; -import static sun.security.x509.PKIXExtensions.*; -import sun.security.x509.X500Name; -import sun.security.x509.X509CertImpl; -import sun.security.x509.PolicyMappingsExtension; - -/** - * This class represents a reverse builder, which is able to retrieve - * matching certificates from CertStores and verify a particular certificate - * against a ReverseState. - * - * @since 1.4 - * @author Sean Mullan - * @author Yassir Elley - */ - -class ReverseBuilder extends Builder { - - private Debug debug = Debug.getInstance("certpath"); - - private final Set initPolicies; - - /** - * Initialize the builder with the input parameters. - * - * @param params the parameter set used to build a certification path - */ - ReverseBuilder(BuilderParams buildParams) { - super(buildParams); - - Set initialPolicies = buildParams.initialPolicies(); - initPolicies = new HashSet(); - if (initialPolicies.isEmpty()) { - // if no initialPolicies are specified by user, set - // initPolicies to be anyPolicy by default - initPolicies.add(PolicyChecker.ANY_POLICY); - } else { - initPolicies.addAll(initialPolicies); - } - } - - /** - * Retrieves all certs from the specified CertStores that satisfy the - * requirements specified in the parameters and the current - * PKIX state (name constraints, policy constraints, etc). - * - * @param currentState the current state. - * Must be an instance of ReverseState - * @param certStores list of CertStores - */ - @Override - Collection getMatchingCerts - (State currState, List certStores) - throws CertStoreException, CertificateException, IOException - { - ReverseState currentState = (ReverseState) currState; - - if (debug != null) - debug.println("In ReverseBuilder.getMatchingCerts."); - - /* - * The last certificate could be an EE or a CA certificate - * (we may be building a partial certification path or - * establishing trust in a CA). - * - * Try the EE certs before the CA certs. It will be more - * common to build a path to an end entity. - */ - Collection certs = - getMatchingEECerts(currentState, certStores); - certs.addAll(getMatchingCACerts(currentState, certStores)); - - return certs; - } - - /* - * Retrieves all end-entity certificates which satisfy constraints - * and requirements specified in the parameters and PKIX state. - */ - private Collection getMatchingEECerts - (ReverseState currentState, List certStores) - throws CertStoreException, CertificateException, IOException { - - /* - * Compose a CertSelector to filter out - * certs which do not satisfy requirements. - * - * First, retrieve clone of current target cert constraints, and - * then add more selection criteria based on current validation state. - */ - X509CertSelector sel = (X509CertSelector) targetCertConstraints.clone(); - - /* - * Match on issuer (subject of previous cert) - */ - sel.setIssuer(currentState.subjectDN); - - /* - * Match on certificate validity date. - */ - sel.setCertificateValid(buildParams.date()); - - /* - * Policy processing optimizations - */ - if (currentState.explicitPolicy == 0) - sel.setPolicy(getMatchingPolicies()); - - /* - * If previous cert has a subject key identifier extension, - * use it to match on authority key identifier extension. - */ - /*if (currentState.subjKeyId != null) { - AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension( - (KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID), - null, null); - sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue()); - }*/ - - /* - * Require EE certs - */ - sel.setBasicConstraints(-2); - - /* Retrieve matching certs from CertStores */ - HashSet eeCerts = new HashSet<>(); - addMatchingCerts(sel, certStores, eeCerts, true); - - if (debug != null) { - debug.println("ReverseBuilder.getMatchingEECerts got " - + eeCerts.size() + " certs."); - } - return eeCerts; - } - - /* - * Retrieves all CA certificates which satisfy constraints - * and requirements specified in the parameters and PKIX state. - */ - private Collection getMatchingCACerts - (ReverseState currentState, List certStores) - throws CertificateException, CertStoreException, IOException { - - /* - * Compose a CertSelector to filter out - * certs which do not satisfy requirements. - */ - X509CertSelector sel = new X509CertSelector(); - - /* - * Match on issuer (subject of previous cert) - */ - sel.setIssuer(currentState.subjectDN); - - /* - * Match on certificate validity date. - */ - sel.setCertificateValid(buildParams.date()); - - /* - * Match on target subject name (checks that current cert's - * name constraints permit it to certify target). - * (4 is the integer type for DIRECTORY name). - */ - byte[] subject = targetCertConstraints.getSubjectAsBytes(); - if (subject != null) { - sel.addPathToName(4, subject); - } else { - X509Certificate cert = targetCertConstraints.getCertificate(); - if (cert != null) { - sel.addPathToName(4, - cert.getSubjectX500Principal().getEncoded()); - } - } - - /* - * Policy processing optimizations - */ - if (currentState.explicitPolicy == 0) - sel.setPolicy(getMatchingPolicies()); - - /* - * If previous cert has a subject key identifier extension, - * use it to match on authority key identifier extension. - */ - /*if (currentState.subjKeyId != null) { - AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension( - (KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID), - null, null); - sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue()); - }*/ - - /* - * Require CA certs - */ - sel.setBasicConstraints(0); - - /* Retrieve matching certs from CertStores */ - ArrayList reverseCerts = new ArrayList<>(); - addMatchingCerts(sel, certStores, reverseCerts, true); - - /* Sort remaining certs using name constraints */ - Collections.sort(reverseCerts, new PKIXCertComparator()); - - if (debug != null) - debug.println("ReverseBuilder.getMatchingCACerts got " + - reverseCerts.size() + " certs."); - return reverseCerts; - } - - /* - * This inner class compares 2 PKIX certificates according to which - * should be tried first when building a path to the target. For - * now, the algorithm is to look at name constraints in each cert and those - * which constrain the path closer to the target should be - * ranked higher. Later, we may want to consider other components, - * such as key identifiers. - */ - class PKIXCertComparator implements Comparator { - - private Debug debug = Debug.getInstance("certpath"); - - @Override - public int compare(X509Certificate cert1, X509Certificate cert2) { - - /* - * if either cert certifies the target, always - * put at head of list. - */ - X500Principal targetSubject = buildParams.targetSubject(); - if (cert1.getSubjectX500Principal().equals(targetSubject)) { - return -1; - } - if (cert2.getSubjectX500Principal().equals(targetSubject)) { - return 1; - } - - int targetDist1; - int targetDist2; - try { - X500Name targetSubjectName = X500Name.asX500Name(targetSubject); - targetDist1 = Builder.targetDistance( - null, cert1, targetSubjectName); - targetDist2 = Builder.targetDistance( - null, cert2, targetSubjectName); - } catch (IOException e) { - if (debug != null) { - debug.println("IOException in call to Builder.targetDistance"); - e.printStackTrace(); - } - throw new ClassCastException - ("Invalid target subject distinguished name"); - } - - if (targetDist1 == targetDist2) - return 0; - - if (targetDist1 == -1) - return 1; - - if (targetDist1 < targetDist2) - return -1; - - return 1; - } - } - - /** - * Verifies a matching certificate. - * - * This method executes any of the validation steps in the PKIX path validation - * algorithm which were not satisfied via filtering out non-compliant - * certificates with certificate matching rules. - * - * If the last certificate is being verified (the one whose subject - * matches the target subject, then the steps in Section 6.1.4 of the - * Certification Path Validation algorithm are NOT executed, - * regardless of whether or not the last cert is an end-entity - * cert or not. This allows callers to certify CA certs as - * well as EE certs. - * - * @param cert the certificate to be verified - * @param currentState the current state against which the cert is verified - * @param certPathList the certPathList generated thus far - */ - @Override - void verifyCert(X509Certificate cert, State currState, - List certPathList) - throws GeneralSecurityException - { - if (debug != null) { - debug.println("ReverseBuilder.verifyCert(SN: " - + Debug.toHexString(cert.getSerialNumber()) - + "\n Subject: " + cert.getSubjectX500Principal() + ")"); - } - - ReverseState currentState = (ReverseState) currState; - - /* we don't perform any validation of the trusted cert */ - if (currentState.isInitial()) { - return; - } - - // Don't bother to verify untrusted certificate more. - currentState.untrustedChecker.check(cert, - Collections.emptySet()); - - /* - * check for looping - abort a loop if - * ((we encounter the same certificate twice) AND - * ((policyMappingInhibited = true) OR (no policy mapping - * extensions can be found between the occurrences of the same - * certificate))) - * in order to facilitate the check to see if there are - * any policy mapping extensions found between the occurrences - * of the same certificate, we reverse the certpathlist first - */ - if ((certPathList != null) && (!certPathList.isEmpty())) { - List reverseCertList = new ArrayList<>(); - for (X509Certificate c : certPathList) { - reverseCertList.add(0, c); - } - - boolean policyMappingFound = false; - for (X509Certificate cpListCert : reverseCertList) { - X509CertImpl cpListCertImpl = X509CertImpl.toImpl(cpListCert); - PolicyMappingsExtension policyMappingsExt = - cpListCertImpl.getPolicyMappingsExtension(); - if (policyMappingsExt != null) { - policyMappingFound = true; - } - if (debug != null) - debug.println("policyMappingFound = " + policyMappingFound); - if (cert.equals(cpListCert)) { - if ((buildParams.policyMappingInhibited()) || - (!policyMappingFound)){ - if (debug != null) - debug.println("loop detected!!"); - throw new CertPathValidatorException("loop detected"); - } - } - } - } - - /* check if target cert */ - boolean finalCert = cert.getSubjectX500Principal().equals(buildParams.targetSubject()); - - /* check if CA cert */ - boolean caCert = (cert.getBasicConstraints() != -1 ? true : false); - - /* if there are more certs to follow, verify certain constraints */ - if (!finalCert) { - - /* check if CA cert */ - if (!caCert) - throw new CertPathValidatorException("cert is NOT a CA cert"); - - /* If the certificate was not self-issued, verify that - * remainingCerts is greater than zero - */ - if ((currentState.remainingCACerts <= 0) && !X509CertImpl.isSelfIssued(cert)) { - throw new CertPathValidatorException - ("pathLenConstraint violated, path too long", null, - null, -1, PKIXReason.PATH_TOO_LONG); - } - - /* - * Check keyUsage extension (only if CA cert and not final cert) - */ - KeyChecker.verifyCAKeyUsage(cert); - - } else { - - /* - * If final cert, check that it satisfies specified target - * constraints - */ - if (targetCertConstraints.match(cert) == false) { - throw new CertPathValidatorException("target certificate " + - "constraints check failed"); - } - } - - /* - * Check revocation. - */ - if (buildParams.revocationEnabled() && currentState.revChecker != null) { - currentState.revChecker.check(cert, Collections.emptySet()); - } - - /* Check name constraints if this is not a self-issued cert */ - if (finalCert || !X509CertImpl.isSelfIssued(cert)){ - if (currentState.nc != null) { - try { - if (!currentState.nc.verify(cert)){ - throw new CertPathValidatorException - ("name constraints check failed", null, null, -1, - PKIXReason.INVALID_NAME); - } - } catch (IOException ioe) { - throw new CertPathValidatorException(ioe); - } - } - } - - /* - * Check policy - */ - X509CertImpl certImpl = X509CertImpl.toImpl(cert); - currentState.rootNode = PolicyChecker.processPolicies - (currentState.certIndex, initPolicies, - currentState.explicitPolicy, currentState.policyMapping, - currentState.inhibitAnyPolicy, - buildParams.policyQualifiersRejected(), currentState.rootNode, - certImpl, finalCert); - - /* - * Check CRITICAL private extensions - */ - Set unresolvedCritExts = cert.getCriticalExtensionOIDs(); - if (unresolvedCritExts == null) { - unresolvedCritExts = Collections.emptySet(); - } - - /* - * Check that the signature algorithm is not disabled. - */ - currentState.algorithmChecker.check(cert, unresolvedCritExts); - - for (PKIXCertPathChecker checker : currentState.userCheckers) { - checker.check(cert, unresolvedCritExts); - } - - /* - * Look at the remaining extensions and remove any ones we have - * already checked. If there are any left, throw an exception! - */ - if (!unresolvedCritExts.isEmpty()) { - unresolvedCritExts.remove(BasicConstraints_Id.toString()); - unresolvedCritExts.remove(NameConstraints_Id.toString()); - unresolvedCritExts.remove(CertificatePolicies_Id.toString()); - unresolvedCritExts.remove(PolicyMappings_Id.toString()); - unresolvedCritExts.remove(PolicyConstraints_Id.toString()); - unresolvedCritExts.remove(InhibitAnyPolicy_Id.toString()); - unresolvedCritExts.remove(SubjectAlternativeName_Id.toString()); - unresolvedCritExts.remove(KeyUsage_Id.toString()); - unresolvedCritExts.remove(ExtendedKeyUsage_Id.toString()); - - if (!unresolvedCritExts.isEmpty()) - throw new CertPathValidatorException - ("Unrecognized critical extension(s)", null, null, -1, - PKIXReason.UNRECOGNIZED_CRIT_EXT); - } - - /* - * Check signature. - */ - if (buildParams.sigProvider() != null) { - cert.verify(currentState.pubKey, buildParams.sigProvider()); - } else { - cert.verify(currentState.pubKey); - } - } - - /** - * Verifies whether the input certificate completes the path. - * This checks whether the cert is the target certificate. - * - * @param cert the certificate to test - * @return a boolean value indicating whether the cert completes the path. - */ - @Override - boolean isPathCompleted(X509Certificate cert) { - return cert.getSubjectX500Principal().equals(buildParams.targetSubject()); - } - - /** Adds the certificate to the certPathList - * - * @param cert the certificate to be added - * @param certPathList the certification path list - */ - @Override - void addCertToPath(X509Certificate cert, - LinkedList certPathList) { - certPathList.addLast(cert); - } - - /** Removes final certificate from the certPathList - * - * @param certPathList the certification path list - */ - @Override - void removeFinalCertFromPath(LinkedList certPathList) { - certPathList.removeLast(); - } -} diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/security/provider/certpath/ReverseState.java --- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/ReverseState.java Thu Apr 23 10:43:31 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,406 +0,0 @@ -/* - * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.provider.certpath; - -import java.io.IOException; -import java.security.PublicKey; -import java.security.cert.CertificateException; -import java.security.cert.CertPathValidatorException; -import java.security.cert.PKIXCertPathChecker; -import java.security.cert.PKIXRevocationChecker; -import java.security.cert.TrustAnchor; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.ListIterator; -import java.util.Set; -import javax.security.auth.x500.X500Principal; - -import sun.security.provider.certpath.PKIX.BuilderParams; -import sun.security.util.Debug; -import sun.security.x509.NameConstraintsExtension; -import sun.security.x509.SubjectKeyIdentifierExtension; -import sun.security.x509.X509CertImpl; - -/** - * A specification of a reverse PKIX validation state - * which is initialized by each build and updated each time a - * certificate is added to the current path. - * @since 1.4 - * @author Sean Mullan - * @author Yassir Elley - */ - -class ReverseState implements State { - - private static final Debug debug = Debug.getInstance("certpath"); - - /* The subject DN of the last cert in the path */ - X500Principal subjectDN; - - /* The subject public key of the last cert */ - PublicKey pubKey; - - /* The subject key identifier extension (if any) of the last cert */ - SubjectKeyIdentifierExtension subjKeyId; - - /* The PKIX constrained/excluded subtrees state variable */ - NameConstraintsExtension nc; - - /* The PKIX explicit policy, policy mapping, and inhibit_any-policy - state variables */ - int explicitPolicy; - int policyMapping; - int inhibitAnyPolicy; - int certIndex; - PolicyNodeImpl rootNode; - - /* The number of remaining CA certs which may follow in the path. - * -1: previous cert was an EE cert - * 0: only EE certs may follow. - * >0 and userCheckers; - - /* Flag indicating if state is initial (path is just starting) */ - private boolean init = true; - - /* the checker used for revocation status */ - RevocationChecker revChecker; - - /* the algorithm checker */ - AlgorithmChecker algorithmChecker; - - /* the untrusted certificates checker */ - UntrustedChecker untrustedChecker; - - /* the trust anchor used to validate the path */ - TrustAnchor trustAnchor; - - /* Flag indicating if current cert can vouch for the CRL for - * the next cert - */ - boolean crlSign = true; - - /** - * Returns a boolean flag indicating if the state is initial - * (just starting) - * - * @return boolean flag indicating if the state is initial (just starting) - */ - @Override - public boolean isInitial() { - return init; - } - - /** - * Display state for debugging purposes - */ - @Override - public String toString() { - StringBuilder sb = new StringBuilder(); - sb.append("State ["); - sb.append("\n subjectDN of last cert: ").append(subjectDN); - sb.append("\n subjectKeyIdentifier: ").append - (String.valueOf(subjKeyId)); - sb.append("\n nameConstraints: ").append(String.valueOf(nc)); - sb.append("\n certIndex: ").append(certIndex); - sb.append("\n explicitPolicy: ").append(explicitPolicy); - sb.append("\n policyMapping: ").append(policyMapping); - sb.append("\n inhibitAnyPolicy: ").append(inhibitAnyPolicy); - sb.append("\n rootNode: ").append(rootNode); - sb.append("\n remainingCACerts: ").append(remainingCACerts); - sb.append("\n crlSign: ").append(crlSign); - sb.append("\n init: ").append(init); - sb.append("\n]\n"); - return sb.toString(); - } - - /** - * Initialize the state. - * - * @param buildParams builder parameters - */ - public void initState(BuilderParams buildParams) - throws CertPathValidatorException - { - /* - * Initialize number of remainingCACerts. - * Note that -1 maxPathLen implies unlimited. - * 0 implies only an EE cert is acceptable. - */ - int maxPathLen = buildParams.maxPathLength(); - remainingCACerts = (maxPathLen == -1) ? Integer.MAX_VALUE - : maxPathLen; - - /* Initialize explicit policy state variable */ - if (buildParams.explicitPolicyRequired()) { - explicitPolicy = 0; - } else { - // unconstrained if maxPathLen is -1, - // otherwise, we want to initialize this to the value of the - // longest possible path + 1 (i.e. maxpathlen + finalcert + 1) - explicitPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2; - } - - /* Initialize policy mapping state variable */ - if (buildParams.policyMappingInhibited()) { - policyMapping = 0; - } else { - policyMapping = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2; - } - - /* Initialize inhibit any policy state variable */ - if (buildParams.anyPolicyInhibited()) { - inhibitAnyPolicy = 0; - } else { - inhibitAnyPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2; - } - - /* Initialize certIndex */ - certIndex = 1; - - /* Initialize policy tree */ - Set initExpPolSet = new HashSet<>(1); - initExpPolSet.add(PolicyChecker.ANY_POLICY); - - rootNode = new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null, - false, initExpPolSet, false); - - /* - * Initialize each user-defined checker - * Shallow copy the checkers - */ - userCheckers = new ArrayList<>(buildParams.certPathCheckers()); - /* initialize each checker (just in case) */ - for (PKIXCertPathChecker checker : userCheckers) { - checker.init(false); - } - - /* Start by trusting the cert to sign CRLs */ - crlSign = true; - - init = true; - } - - /** - * Update the state with the specified trust anchor. - * - * @param anchor the most-trusted CA - * @param buildParams builder parameters - */ - public void updateState(TrustAnchor anchor, BuilderParams buildParams) - throws CertificateException, IOException, CertPathValidatorException - { - trustAnchor = anchor; - X509Certificate trustedCert = anchor.getTrustedCert(); - if (trustedCert != null) { - updateState(trustedCert); - } else { - X500Principal caName = anchor.getCA(); - updateState(anchor.getCAPublicKey(), caName); - } - - // The user specified AlgorithmChecker and RevocationChecker may not be - // able to set the trust anchor until now. - boolean revCheckerAdded = false; - for (PKIXCertPathChecker checker : userCheckers) { - if (checker instanceof AlgorithmChecker) { - ((AlgorithmChecker)checker).trySetTrustAnchor(anchor); - } else if (checker instanceof PKIXRevocationChecker) { - if (revCheckerAdded) { - throw new CertPathValidatorException( - "Only one PKIXRevocationChecker can be specified"); - } - // if it's our own, initialize it - if (checker instanceof RevocationChecker) { - ((RevocationChecker)checker).init(anchor, buildParams); - } - ((PKIXRevocationChecker)checker).init(false); - revCheckerAdded = true; - } - } - - // only create a RevocationChecker if revocation is enabled and - // a PKIXRevocationChecker has not already been added - if (buildParams.revocationEnabled() && !revCheckerAdded) { - revChecker = new RevocationChecker(anchor, buildParams); - revChecker.init(false); - } - - init = false; - } - - /** - * Update the state. This method is used when the most-trusted CA is - * a trusted public-key and caName, instead of a trusted cert. - * - * @param pubKey the public key of the trusted CA - * @param subjectDN the subject distinguished name of the trusted CA - */ - private void updateState(PublicKey pubKey, X500Principal subjectDN) { - - /* update subject DN */ - this.subjectDN = subjectDN; - - /* update subject public key */ - this.pubKey = pubKey; - } - - /** - * Update the state with the next certificate added to the path. - * - * @param cert the certificate which is used to update the state - */ - public void updateState(X509Certificate cert) - throws CertificateException, IOException, CertPathValidatorException { - - if (cert == null) { - return; - } - - /* update subject DN */ - subjectDN = cert.getSubjectX500Principal(); - - /* check for key needing to inherit alg parameters */ - X509CertImpl icert = X509CertImpl.toImpl(cert); - PublicKey newKey = cert.getPublicKey(); - if (PKIX.isDSAPublicKeyWithoutParams(newKey)) { - newKey = BasicChecker.makeInheritedParamsKey(newKey, pubKey); - } - - /* update subject public key */ - pubKey = newKey; - - /* - * if this is a trusted cert (init == true), then we - * don't update any of the remaining fields - */ - if (init) { - init = false; - return; - } - - /* update subject key identifier */ - subjKeyId = icert.getSubjectKeyIdentifierExtension(); - - /* update crlSign */ - crlSign = RevocationChecker.certCanSignCrl(cert); - - /* update current name constraints */ - if (nc != null) { - nc.merge(icert.getNameConstraintsExtension()); - } else { - nc = icert.getNameConstraintsExtension(); - if (nc != null) { - // Make sure we do a clone here, because we're probably - // going to modify this object later and we don't want to - // be sharing it with a Certificate object! - nc = (NameConstraintsExtension) nc.clone(); - } - } - - /* update policy state variables */ - explicitPolicy = - PolicyChecker.mergeExplicitPolicy(explicitPolicy, icert, false); - policyMapping = - PolicyChecker.mergePolicyMapping(policyMapping, icert); - inhibitAnyPolicy = - PolicyChecker.mergeInhibitAnyPolicy(inhibitAnyPolicy, icert); - certIndex++; - - /* - * Update remaining CA certs - */ - remainingCACerts = - ConstraintsChecker.mergeBasicConstraints(cert, remainingCACerts); - - init = false; - } - - /** - * Returns a boolean flag indicating if a key lacking necessary key - * algorithm parameters has been encountered. - * - * @return boolean flag indicating if key lacking parameters encountered. - */ - @Override - public boolean keyParamsNeeded() { - /* when building in reverse, we immediately get parameters needed - * or else throw an exception - */ - return false; - } - - /* - * Clone current state. The state is cloned as each cert is - * added to the path. This is necessary if backtracking occurs, - * and a prior state needs to be restored. - * - * Note that this is a SMART clone. Not all fields are fully copied, - * because some of them (e.g., subjKeyId) will - * not have their contents modified by subsequent calls to updateState. - */ - @Override - @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly - public Object clone() { - try { - ReverseState clonedState = (ReverseState) super.clone(); - - /* clone checkers, if cloneable */ - clonedState.userCheckers = - (ArrayList)userCheckers.clone(); - ListIterator li = - clonedState.userCheckers.listIterator(); - while (li.hasNext()) { - PKIXCertPathChecker checker = li.next(); - if (checker instanceof Cloneable) { - li.set((PKIXCertPathChecker)checker.clone()); - } - } - - /* make copy of name constraints */ - if (nc != null) { - clonedState.nc = (NameConstraintsExtension) nc.clone(); - } - - /* make copy of policy tree */ - if (rootNode != null) { - clonedState.rootNode = rootNode.copyTree(); - } - - return clonedState; - } catch (CloneNotSupportedException e) { - throw new InternalError(e.toString(), e); - } - } -} diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java --- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Wed Jul 05 20:29:43 2017 +0200 @@ -35,8 +35,6 @@ import java.util.ArrayList; import java.util.Collection; import java.util.Collections; -import java.util.HashSet; -import java.util.Iterator; import java.util.List; import java.util.LinkedList; import java.util.Set; @@ -47,8 +45,7 @@ import sun.security.util.Debug; /** - * This class is able to build certification paths in either the forward - * or reverse directions. + * This class builds certification paths in the forward direction. * *

    If successful, it returns a certification path which has successfully * satisfied all the constraints and requirements specified in the @@ -102,10 +99,8 @@ /** * Attempts to build a certification path using the Sun build * algorithm from a trusted anchor(s) to a target subject, which must both - * be specified in the input parameter set. By default, this method will - * attempt to build in the forward direction. In order to build in the - * reverse direction, the caller needs to pass in an instance of - * SunCertPathBuilderParameters with the buildForward flag set to false. + * be specified in the input parameter set. This method will + * attempt to build in the forward direction: from the target to the CA. * *

    The certification path that is constructed is validated * according to the PKIX specification. @@ -162,11 +157,7 @@ policyTreeResult = null; LinkedList certPathList = new LinkedList<>(); try { - if (buildParams.buildForward()) { - buildForward(adjList, certPathList, searchAllCertStores); - } else { - buildReverse(adjList, certPathList); - } + buildForward(adjList, certPathList, searchAllCertStores); } catch (GeneralSecurityException | IOException e) { if (debug != null) { debug.println("SunCertPathBuilder.engineBuild() exception in " @@ -210,81 +201,6 @@ } /* - * Private build reverse method. - */ - private void buildReverse(List> adjacencyList, - LinkedList certPathList) - throws GeneralSecurityException, IOException - { - if (debug != null) { - debug.println("SunCertPathBuilder.buildReverse()..."); - debug.println("SunCertPathBuilder.buildReverse() InitialPolicies: " - + buildParams.initialPolicies()); - } - - ReverseState currentState = new ReverseState(); - /* Initialize adjacency list */ - adjacencyList.clear(); - adjacencyList.add(new LinkedList()); - - /* - * Perform a search using each trust anchor, until a valid - * path is found - */ - Iterator iter = buildParams.trustAnchors().iterator(); - while (iter.hasNext()) { - TrustAnchor anchor = iter.next(); - - /* check if anchor satisfies target constraints */ - if (anchorIsTarget(anchor, buildParams.targetCertConstraints())) { - this.trustAnchor = anchor; - this.pathCompleted = true; - this.finalPublicKey = anchor.getTrustedCert().getPublicKey(); - break; - } - - // skip anchor if it contains a DSA key with no DSA params - X509Certificate trustedCert = anchor.getTrustedCert(); - PublicKey pubKey = trustedCert != null ? trustedCert.getPublicKey() - : anchor.getCAPublicKey(); - - if (PKIX.isDSAPublicKeyWithoutParams(pubKey)) { - continue; - } - - /* Initialize current state */ - currentState.initState(buildParams); - currentState.updateState(anchor, buildParams); - - currentState.algorithmChecker = new AlgorithmChecker(anchor); - currentState.untrustedChecker = new UntrustedChecker(); - try { - depthFirstSearchReverse(null, currentState, - new ReverseBuilder(buildParams), - adjacencyList, certPathList); - } catch (GeneralSecurityException | IOException e) { - // continue on error if more anchors to try - if (iter.hasNext()) - continue; - else - throw e; - } - - // break out of loop if search is successful - if (pathCompleted) { - break; - } - } - - if (debug != null) { - debug.println("SunCertPathBuilder.buildReverse() returned from " - + "depthFirstSearchReverse()"); - debug.println("SunCertPathBuilder.buildReverse() " - + "certPathList.size: " + certPathList.size()); - } - } - - /* * Private build forward method. */ private void buildForward(List> adjacencyList, @@ -632,147 +548,6 @@ } /* - * This method performs a depth first search for a certification - * path while building reverse which meets the requirements set in - * the parameters object. - * It uses an adjacency list to store all certificates which were - * tried (i.e. at one time added to the path - they may not end up in - * the final path if backtracking occurs). This information can - * be used later to debug or demo the build. - * - * See "Data Structure and Algorithms, by Aho, Hopcroft, and Ullman" - * for an explanation of the DFS algorithm. - * - * @param dN the distinguished name being currently searched for certs - * @param currentState the current PKIX validation state - */ - private void depthFirstSearchReverse(X500Principal dN, - ReverseState currentState, - ReverseBuilder builder, - List> adjList, - LinkedList cpList) - throws GeneralSecurityException, IOException - { - if (debug != null) - debug.println("SunCertPathBuilder.depthFirstSearchReverse(" + dN - + ", " + currentState.toString() + ")"); - - /* - * Find all the certificates issued by dN which - * satisfy the PKIX certification path constraints. - */ - Collection certs = - builder.getMatchingCerts(currentState, buildParams.certStores()); - List vertices = addVertices(certs, adjList); - if (debug != null) - debug.println("SunCertPathBuilder.depthFirstSearchReverse(): " - + "certs.size=" + vertices.size()); - - /* - * For each cert in the collection, verify anything - * that hasn't been checked yet (signature, revocation, etc) - * and check for loops. Call depthFirstSearchReverse() - * recursively for each good cert. - */ - for (Vertex vertex : vertices) { - /** - * Restore state to currentState each time through the loop. - * This is important because some of the user-defined - * checkers modify the state, which MUST be restored if - * the cert eventually fails to lead to the target and - * the next matching cert is tried. - */ - ReverseState nextState = (ReverseState) currentState.clone(); - X509Certificate cert = vertex.getCertificate(); - try { - builder.verifyCert(cert, nextState, cpList); - } catch (GeneralSecurityException gse) { - if (debug != null) - debug.println("SunCertPathBuilder.depthFirstSearchReverse()" - + ": validation failed: " + gse); - vertex.setThrowable(gse); - continue; - } - - /* - * Certificate is good, add it to the path (if it isn't a - * self-signed cert) and update state - */ - if (!currentState.isInitial()) - builder.addCertToPath(cert, cpList); - // save trust anchor - this.trustAnchor = currentState.trustAnchor; - - /* - * Check if path is completed, return ASAP if so. - */ - if (builder.isPathCompleted(cert)) { - if (debug != null) - debug.println("SunCertPathBuilder.depthFirstSearchReverse()" - + ": path completed!"); - pathCompleted = true; - - PolicyNodeImpl rootNode = nextState.rootNode; - - if (rootNode == null) - policyTreeResult = null; - else { - policyTreeResult = rootNode.copyTree(); - ((PolicyNodeImpl)policyTreeResult).setImmutable(); - } - - /* - * Extract and save the final target public key - */ - finalPublicKey = cert.getPublicKey(); - if (PKIX.isDSAPublicKeyWithoutParams(finalPublicKey)) { - finalPublicKey = - BasicChecker.makeInheritedParamsKey - (finalPublicKey, currentState.pubKey); - } - - return; - } - - /* Update the PKIX state */ - nextState.updateState(cert); - - /* - * Append an entry for cert in adjacency list and - * set index for current vertex. - */ - adjList.add(new LinkedList()); - vertex.setIndex(adjList.size() - 1); - - /* recursively search for matching certs at next dN */ - depthFirstSearchReverse(cert.getSubjectX500Principal(), nextState, - builder, adjList, cpList); - - /* - * If path has been completed, return ASAP! - */ - if (pathCompleted) { - return; - } else { - /* - * If we get here, it means we have searched all possible - * certs issued by the dN w/o finding any matching certs. This - * means we have to backtrack to the previous cert in the path - * and try some other paths. - */ - if (debug != null) - debug.println("SunCertPathBuilder.depthFirstSearchReverse()" - + ": backtracking"); - if (!currentState.isInitial()) - builder.removeFinalCertFromPath(cpList); - } - } - if (debug != null) - debug.println("SunCertPathBuilder.depthFirstSearchReverse() all " - + "certs in this adjacency list checked"); - } - - /* * Adds a collection of matching certificates to the * adjacency list. */ diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilderParameters.java --- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilderParameters.java Thu Apr 23 10:43:31 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,131 +0,0 @@ -/* - * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.provider.certpath; - -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.cert.*; -import java.util.Set; - -/** - * This class specifies the set of parameters used as input for the Sun - * certification path build algorithm. It is identical to PKIXBuilderParameters - * with the addition of a buildForward parameter which allows - * the caller to specify whether or not the path should be constructed in - * the forward direction. - * - * The default for the buildForward parameter is - * true, which means that the build algorithm should construct paths - * from the target subject back to the trusted anchor. - * - * @since 1.4 - * @author Sean Mullan - * @author Yassir Elley - */ -public class SunCertPathBuilderParameters extends PKIXBuilderParameters { - - private boolean buildForward = true; - - /** - * Creates an instance of SunCertPathBuilderParameters with the - * specified parameter values. - * - * @param trustAnchors a Set of TrustAnchors - * @param targetConstraints a CertSelector specifying the - * constraints on the target certificate - * @throws InvalidAlgorithmParameterException if the specified - * Set is empty (trustAnchors.isEmpty() == true) - * @throws NullPointerException if the specified Set is - * null - * @throws ClassCastException if any of the elements in the Set - * are not of type java.security.cert.TrustAnchor - */ - public SunCertPathBuilderParameters(Set trustAnchors, - CertSelector targetConstraints) throws InvalidAlgorithmParameterException - { - super(trustAnchors, targetConstraints); - setBuildForward(true); - } - - /** - * Creates an instance of SunCertPathBuilderParameters that - * uses the specified KeyStore to populate the set - * of most-trusted CA certificates. - * - * @param keystore A keystore from which the set of most-trusted - * CA certificates will be populated. - * @param targetConstraints a CertSelector specifying the - * constraints on the target certificate - * @throws KeyStoreException if the keystore has not been initialized. - * @throws InvalidAlgorithmParameterException if the keystore does - * not contain at least one trusted certificate entry - * @throws NullPointerException if the keystore is null - */ - public SunCertPathBuilderParameters(KeyStore keystore, - CertSelector targetConstraints) - throws KeyStoreException, InvalidAlgorithmParameterException - { - super(keystore, targetConstraints); - setBuildForward(true); - } - - /** - * Returns the value of the buildForward flag. - * - * @return the value of the buildForward flag - */ - public boolean getBuildForward() { - return this.buildForward; - } - - /** - * Sets the value of the buildForward flag. If true, paths - * are built from the target subject to the trusted anchor. - * If false, paths are built from the trusted anchor to the - * target subject. The default value if not specified is true. - * - * @param buildForward the value of the buildForward flag - */ - public void setBuildForward(boolean buildForward) { - this.buildForward = buildForward; - } - - /** - * Returns a formatted string describing the parameters. - * - * @return a formatted string describing the parameters. - */ - @Override - public String toString() { - StringBuilder sb = new StringBuilder(); - sb.append("[\n"); - sb.append(super.toString()); - sb.append(" Build Forward Flag: " + String.valueOf(buildForward) + "\n"); - sb.append("]\n"); - return sb.toString(); - } -} diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/util/PreHashedMap.java --- a/jdk/src/java.base/share/classes/sun/util/PreHashedMap.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/util/PreHashedMap.java Wed Jul 05 20:29:43 2017 +0200 @@ -166,14 +166,14 @@ } public Set keySet() { - return new AbstractSet () { + return new AbstractSet<> () { public int size() { return size; } public Iterator iterator() { - return new Iterator() { + return new Iterator<>() { private int i = -1; Object[] a = null; String cur = null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/util/logging/PlatformLogger.java --- a/jdk/src/java.base/share/classes/sun/util/logging/PlatformLogger.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/util/logging/PlatformLogger.java Wed Jul 05 20:29:43 2017 +0200 @@ -161,7 +161,7 @@ private static boolean loggingEnabled; static { loggingEnabled = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { public Boolean run() { String cname = System.getProperty("java.util.logging.config.class"); String fname = System.getProperty("java.util.logging.config.file"); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/util/resources/LocaleData.java --- a/jdk/src/java.base/share/classes/sun/util/resources/LocaleData.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/util/resources/LocaleData.java Wed Jul 05 20:29:43 2017 +0200 @@ -159,7 +159,7 @@ } public static ResourceBundle getBundle(final String baseName, final Locale locale) { - return AccessController.doPrivileged(new PrivilegedAction() { + return AccessController.doPrivileged(new PrivilegedAction<>() { @Override public ResourceBundle run() { return ResourceBundle @@ -169,7 +169,7 @@ } private static OpenListResourceBundle getSupplementary(final String baseName, final Locale locale) { - return AccessController.doPrivileged(new PrivilegedAction() { + return AccessController.doPrivileged(new PrivilegedAction<>() { @Override public OpenListResourceBundle run() { OpenListResourceBundle rb = null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/share/classes/sun/util/resources/ParallelListResourceBundle.java --- a/jdk/src/java.base/share/classes/sun/util/resources/ParallelListResourceBundle.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/share/classes/sun/util/resources/ParallelListResourceBundle.java Wed Jul 05 20:29:43 2017 +0200 @@ -213,7 +213,7 @@ if (parent == null) { return set.iterator(); } - return new Iterator() { + return new Iterator<>() { private Iterator itr = set.iterator(); private boolean usingParent; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/unix/classes/java/lang/ProcessEnvironment.java --- a/jdk/src/java.base/unix/classes/java/lang/ProcessEnvironment.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/unix/classes/java/lang/ProcessEnvironment.java Wed Jul 05 20:29:43 2017 +0200 @@ -99,7 +99,7 @@ /* Only for use by Runtime.exec(...String[]envp...) */ static Map emptyEnvironment(int capacity) { - return new StringEnvironment(new HashMap(capacity)); + return new StringEnvironment(new HashMap<>(capacity)); } private static native byte[][] environ(); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/unix/classes/sun/net/PortConfig.java --- a/jdk/src/java.base/unix/classes/sun/net/PortConfig.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/unix/classes/sun/net/PortConfig.java Wed Jul 05 20:29:43 2017 +0200 @@ -42,7 +42,7 @@ static { AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); String os = System.getProperty("os.name"); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/unix/classes/sun/net/dns/ResolverConfigurationImpl.java --- a/jdk/src/java.base/unix/classes/sun/net/dns/ResolverConfigurationImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/unix/classes/sun/net/dns/ResolverConfigurationImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -85,6 +85,15 @@ if (val.charAt(0) == '#' || val.charAt(0) == ';') { break; } + if ("nameserver".equals(keyword)) { + if (val.indexOf(':') >= 0 && + val.indexOf('.') < 0 && // skip for IPv4 literals with port + val.indexOf('[') < 0 && + val.indexOf(']') < 0 ) { + // IPv6 literal, in non-BSD-style. + val = "[" + val + "]"; + } + } ll.add(val); if (--maxvalues == 0) { break; @@ -122,7 +131,7 @@ // get the name servers from /etc/resolv.conf nameservers = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction>() { + new java.security.PrivilegedAction<>() { public LinkedList run() { // typically MAXNS is 3 but we've picked 5 here // to allow for additional servers if required. @@ -147,7 +156,7 @@ // first try the search keyword in /etc/resolv.conf sl = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction>() { + new java.security.PrivilegedAction<>() { public LinkedList run() { LinkedList ll; @@ -173,7 +182,7 @@ String localDomain = localDomain0(); if (localDomain != null && localDomain.length() > 0) { - sl = new LinkedList(); + sl = new LinkedList<>(); sl.add(localDomain); return sl; } @@ -181,7 +190,7 @@ // try domain keyword in /etc/resolv.conf sl = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction>() { + new java.security.PrivilegedAction<>() { public LinkedList run() { LinkedList ll; @@ -251,7 +260,7 @@ static { java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public Void run() { System.loadLibrary("net"); return null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/unix/classes/sun/net/sdp/SdpProvider.java --- a/jdk/src/java.base/unix/classes/sun/net/sdp/SdpProvider.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/unix/classes/sun/net/sdp/SdpProvider.java Wed Jul 05 20:29:43 2017 +0200 @@ -198,7 +198,7 @@ { Scanner scanner = new Scanner(new File(file)); try { - List result = new ArrayList(); + List result = new ArrayList<>(); while (scanner.hasNextLine()) { String line = scanner.nextLine().trim(); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java --- a/jdk/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Wed Jul 05 20:29:43 2017 +0200 @@ -95,7 +95,7 @@ private void init0() { hostname = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { + new java.security.PrivilegedAction<>() { public String run() { String localhost; try { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/unix/classes/sun/nio/ch/UnixAsynchronousServerSocketChannelImpl.java --- a/jdk/src/java.base/unix/classes/sun/nio/ch/UnixAsynchronousServerSocketChannelImpl.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/unix/classes/sun/nio/ch/UnixAsynchronousServerSocketChannelImpl.java Wed Jul 05 20:29:43 2017 +0200 @@ -216,7 +216,7 @@ // permission check must always be in initiator's context try { if (acc != null) { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { SecurityManager sm = System.getSecurityManager(); if (sm != null) { @@ -287,7 +287,7 @@ synchronized (updateLock) { if (handler == null) { this.acceptHandler = null; - result = new PendingFuture(this); + result = new PendingFuture<>(this); this.acceptFuture = result; } else { this.acceptHandler = handler; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/unix/classes/sun/nio/fs/GnomeFileTypeDetector.java --- a/jdk/src/java.base/unix/classes/sun/nio/fs/GnomeFileTypeDetector.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/unix/classes/sun/nio/fs/GnomeFileTypeDetector.java Wed Jul 05 20:29:43 2017 +0200 @@ -93,7 +93,7 @@ private static native byte[] probeUsingGnomeVfs(long pathAddress); static { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { System.loadLibrary("nio"); return null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/unix/classes/sun/nio/fs/MimeTypesFileTypeDetector.java --- a/jdk/src/java.base/unix/classes/sun/nio/fs/MimeTypesFileTypeDetector.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/unix/classes/sun/nio/fs/MimeTypesFileTypeDetector.java Wed Jul 05 20:29:43 2017 +0200 @@ -106,7 +106,7 @@ synchronized (this) { if (!loaded) { List lines = AccessController.doPrivileged( - new PrivilegedAction>() { + new PrivilegedAction<>() { @Override public List run() { try { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/unix/classes/sun/nio/fs/UnixCopyFile.java --- a/jdk/src/java.base/unix/classes/sun/nio/fs/UnixCopyFile.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/unix/classes/sun/nio/fs/UnixCopyFile.java Wed Jul 05 20:29:43 2017 +0200 @@ -606,7 +606,7 @@ throws UnixException; static { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { @Override public Void run() { System.loadLibrary("nio"); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/unix/classes/sun/nio/fs/UnixFileStore.java --- a/jdk/src/java.base/unix/classes/sun/nio/fs/UnixFileStore.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/unix/classes/sun/nio/fs/UnixFileStore.java Wed Jul 05 20:29:43 2017 +0200 @@ -222,7 +222,7 @@ synchronized (loadLock) { if (props == null) { props = AccessController.doPrivileged( - new PrivilegedAction() { + new PrivilegedAction<>() { @Override public Properties run() { return loadProperties(); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/unix/classes/sun/nio/fs/UnixFileSystem.java --- a/jdk/src/java.base/unix/classes/sun/nio/fs/UnixFileSystem.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/unix/classes/sun/nio/fs/UnixFileSystem.java Wed Jul 05 20:29:43 2017 +0200 @@ -152,7 +152,7 @@ public final Iterable getRootDirectories() { final List allowedList = Collections.unmodifiableList(Arrays.asList((Path)rootDirectory)); - return new Iterable() { + return new Iterable<>() { public Iterator iterator() { try { SecurityManager sm = System.getSecurityManager(); @@ -254,7 +254,7 @@ return Collections.emptyList(); } } - return new Iterable() { + return new Iterable<>() { public Iterator iterator() { return new FileStoreIterator(); } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/unix/classes/sun/nio/fs/UnixNativeDispatcher.java --- a/jdk/src/java.base/unix/classes/sun/nio/fs/UnixNativeDispatcher.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/unix/classes/sun/nio/fs/UnixNativeDispatcher.java Wed Jul 05 20:29:43 2017 +0200 @@ -568,7 +568,7 @@ private static native int init(); static { - AccessController.doPrivileged(new PrivilegedAction() { + AccessController.doPrivileged(new PrivilegedAction<>() { public Void run() { System.loadLibrary("nio"); return null; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.base/unix/classes/sun/nio/fs/UnixPath.java --- a/jdk/src/java.base/unix/classes/sun/nio/fs/UnixPath.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.base/unix/classes/sun/nio/fs/UnixPath.java Wed Jul 05 20:29:43 2017 +0200 @@ -121,7 +121,7 @@ ce = Util.jnuEncoding().newEncoder() .onMalformedInput(CodingErrorAction.REPORT) .onUnmappableCharacter(CodingErrorAction.REPORT); - encoder.set(new SoftReference(ce)); + encoder.set(new SoftReference<>(ce)); } char[] ca = fs.normalizeNativePath(input.toCharArray()); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapURL.java --- a/jdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapURL.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapURL.java Wed Jul 05 20:29:43 2017 +0200 @@ -26,9 +26,6 @@ package com.sun.jndi.ldap; import javax.naming.*; -import javax.naming.directory.*; -import javax.naming.spi.*; -import java.net.URL; import java.net.MalformedURLException; import java.io.UnsupportedEncodingException; import java.util.StringTokenizer; @@ -211,43 +208,52 @@ // query begins with a '?' or is null - if (query == null) { + if (query == null || query.length() < 2) { + return; + } + + int currentIndex = 1; + int nextQmark; + int endIndex; + + // attributes: + nextQmark = query.indexOf('?', currentIndex); + endIndex = nextQmark == -1 ? query.length() : nextQmark; + if (endIndex - currentIndex > 0) { + attributes = query.substring(currentIndex, endIndex); + } + currentIndex = endIndex + 1; + if (currentIndex >= query.length()) { return; } - int qmark2 = query.indexOf('?', 1); - - if (qmark2 < 0) { - attributes = query.substring(1); + // scope: + nextQmark = query.indexOf('?', currentIndex); + endIndex = nextQmark == -1 ? query.length() : nextQmark; + if (endIndex - currentIndex > 0) { + scope = query.substring(currentIndex, endIndex); + } + currentIndex = endIndex + 1; + if (currentIndex >= query.length()) { return; - } else if (qmark2 != 1) { - attributes = query.substring(1, qmark2); } - int qmark3 = query.indexOf('?', qmark2 + 1); - - if (qmark3 < 0) { - scope = query.substring(qmark2 + 1); + // filter: + nextQmark = query.indexOf('?', currentIndex); + endIndex = nextQmark == -1 ? query.length() : nextQmark; + if (endIndex - currentIndex > 0) { + filter = query.substring(currentIndex, endIndex); + filter = UrlUtil.decode(filter, "UTF8"); + } + currentIndex = endIndex + 1; + if (currentIndex >= query.length()) { return; - } else if (qmark3 != qmark2 + 1) { - scope = query.substring(qmark2 + 1, qmark3); } - int qmark4 = query.indexOf('?', qmark3 + 1); - - if (qmark4 < 0) { - filter = query.substring(qmark3 + 1); - } else { - if (qmark4 != qmark3 + 1) { - filter = query.substring(qmark3 + 1, qmark4); - } - extensions = query.substring(qmark4 + 1); - if (extensions.length() > 0) { - extensions = UrlUtil.decode(extensions, "UTF8"); - } - } - if (filter != null && filter.length() > 0) { - filter = UrlUtil.decode(filter, "UTF8"); + // extensions: + if (query.length() - currentIndex > 0) { + extensions = query.substring(currentIndex); + extensions = UrlUtil.decode(extensions, "UTF8"); } } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.security.jgss/share/classes/org/ietf/jgss/GSSCredential.java --- a/jdk/src/java.security.jgss/share/classes/org/ietf/jgss/GSSCredential.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.security.jgss/share/classes/org/ietf/jgss/GSSCredential.java Wed Jul 05 20:29:43 2017 +0200 @@ -35,7 +35,7 @@ * may be used to perform context initiation, acceptance, or both.

    * * Credentials are instantiated using one of the - * createCredential methods in the {@link GSSManager + * {@code createCredential} methods in the {@link GSSManager * GSSManager} class. GSS-API credential creation is not * intended to provide a "login to the network" function, as such a * function would involve the creation of new credentials rather than @@ -75,7 +75,7 @@ * * Oid [] mechs = cred.getMechs(); * if (mechs != null) { - * for (int i = 0; i < mechs.length; i++) + * for (int i = 0; i{@literal <} mechs.length; i++) * System.out.println(mechs[i].toString()); * } * @@ -297,8 +297,8 @@ * with a variety of clients using different security mechanisms.

    * * This routine adds the new credential element "in-place". To add the - * element in a new credential, first call clone to obtain a - * copy of this credential, then call its add method.

    + * element in a new credential, first call {@code clone} to obtain a + * copy of this credential, then call its {@code add} method.

    * * As always, GSS-API implementations must impose a local access-control * policy on callers to prevent unauthorized callers from acquiring @@ -311,7 +311,7 @@ * getRemainingAcceptLifetime} on the credential. * * @param name the name of the principal for whom this credential is to - * be acquired. Use null to specify the default + * be acquired. Use {@code null} to specify the default * principal. * @param initLifetime the number of seconds that the credential element * should remain valid for initiating of security contexts. Use {@link @@ -354,8 +354,8 @@ * object. The two credentials must be acquired over the same * mechanisms and must refer to the same principal. * - * @return true if the two GSSCredentials assert the same - * entity; false otherwise. + * @return {@code true} if the two GSSCredentials assert the same + * entity; {@code false} otherwise. * @param another another GSSCredential for comparison to this one */ public boolean equals(Object another); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dom/package.html --- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dom/package.html Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dom/package.html Wed Jul 05 20:29:43 2017 +0200 @@ -44,11 +44,7 @@ RFC 3275: XML-Signature Syntax and Processing -

    -

    -
    Since:
    -
    1.6
    -
    +@since 1.6 diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/dom/package.html --- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/dom/package.html Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/dom/package.html Wed Jul 05 20:29:43 2017 +0200 @@ -44,11 +44,7 @@ RFC 3275: XML-Signature Syntax and Processing -

    -

    -
    Since:
    -
    1.6
    -
    +@since 1.6 diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/package.html --- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/package.html Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/package.html Wed Jul 05 20:29:43 2017 +0200 @@ -55,11 +55,7 @@ RFC 3275: XML-Signature Syntax and Processing -

    -

    -
    Since:
    -
    1.6
    -
    +@since 1.6 diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/package.html --- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/package.html Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/package.html Wed Jul 05 20:29:43 2017 +0200 @@ -65,11 +65,7 @@ RFC 3275: XML-Signature Syntax and Processing -

    -

    -
    Since:
    -
    1.6
    -
    +@since 1.6 diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/package.html --- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/package.html Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/package.html Wed Jul 05 20:29:43 2017 +0200 @@ -49,11 +49,7 @@ XPath Filter 2.0 Transform Algorithm: W3C Recommendation -

    -

    -
    Since:
    -
    1.6
    -
    +@since 1.6 diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/package.html --- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/package.html Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/package.html Wed Jul 05 20:29:43 2017 +0200 @@ -42,11 +42,7 @@ RFC 3275: XML-Signature Syntax and Processing -

    -

    -
    Since:
    -
    1.6
    -
    +@since 1.6 diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/com/sun/jdi/JdbReadTwiceTest.sh --- a/jdk/test/com/sun/jdi/JdbReadTwiceTest.sh Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/test/com/sun/jdi/JdbReadTwiceTest.sh Wed Jul 05 20:29:43 2017 +0200 @@ -206,39 +206,6 @@ echo echo "+++++++++++++++++++++++++++++++++++" -echo "Read an unreadable file - verify the read fails." - -canMakeUnreadable=No -id > $HOME/jdb.ini -if chmod a-r $HOME/jdb.ini -then - grep -q 'uid=0(' $HOME/jdb.ini 2> /dev/null - case $? in - 0) - echo "Error! Can't make file unreadable running as root" - ;; - 1) - echo "Error! Can't make file unreadable for some other reason (windows?)" - ;; - *) - echo "OK. the file is unreadable" - canMakeUnreadable=Yes - ;; - esac -else - echo "Error! Can't create or chmod file" -fi - -if [ "$canMakeUnreadable" = "Yes" ] -then - doit - failIfNot 1 "open: $HOME/jdb.ini" -fi -clean - - -echo -echo "+++++++++++++++++++++++++++++++++++" echo "Read a directory - verify the read fails" # If the file (IE. directory) exists, we try to read it. The # read will fail. diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/com/sun/jndi/dns/IPv6NameserverPlatformParsingTest.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/com/sun/jndi/dns/IPv6NameserverPlatformParsingTest.java Wed Jul 05 20:29:43 2017 +0200 @@ -0,0 +1,104 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.lang.reflect.Field; +import java.util.Hashtable; + +import javax.naming.Context; +import javax.naming.NamingException; +import javax.naming.spi.NamingManager; + +import com.sun.jndi.dns.DnsContext; + +/** + * @test + * @bug 6991580 + * @summary IPv6 Nameservers in resolv.conf throws NumberFormatException + * @run main/manual IPv6NameserverPlatformParsingTest + * + * In order to run this test be sure to place, for example, the following + * snippet into your platform's {@code /etc/resolv.conf}: + * 
    + * nameserver 127.0.0.1
+ * nameserver 2001:4860:4860::8888
+ * nameserver [::1]:5353
+ * nameserver 127.0.0.1:5353
+ *
    + * + * Then, run this test as manual jtreg test. + * + * @author Severin Gehwolf + * + */ +public class IPv6NameserverPlatformParsingTest { + + private static boolean foundIPv6 = false; + + public static void main(String[] args) { + Hashtable env = new Hashtable<>(); + env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.dns.DnsContextFactory.class.getName()); + + String[] servers; + try { + Context ctx = NamingManager.getInitialContext(env); + if (!com.sun.jndi.dns.DnsContextFactory.platformServersAvailable()) { + throw new RuntimeException("FAIL: no platform servers available, test does not make sense"); + } + DnsContext context = (DnsContext)ctx; + servers = getServersFromContext(context); + } catch (NamingException e) { + throw new RuntimeException(e); + } + for (String server: servers) { + System.out.println("DEBUG: 'nameserver = " + server + "'"); + if (server.indexOf(':') >= 0 && server.indexOf('.') < 0) { + System.out.println("DEBUG: ==> Found IPv6 address in servers list: " + server); + foundIPv6 = true; + } + } + try { + new com.sun.jndi.dns.DnsClient(servers, 100, 1); + } catch (NumberFormatException e) { + throw new RuntimeException("FAIL: Tried to parse non-[]-encapsulated IPv6 address.", e); + } catch (Exception e) { + throw new RuntimeException("ERROR: Something unexpected happened."); + } + if (!foundIPv6) { + // This is a manual test, since it requires changing /etc/resolv.conf on Linux/Unix + // platforms. See comment as to how to run this test. + throw new RuntimeException("ERROR: No IPv6 address returned from platform."); + } + System.out.println("PASS: Found IPv6 address and DnsClient parsed it correctly."); + } + + private static String[] getServersFromContext(DnsContext context) { + try { + Field serversField = DnsContext.class.getDeclaredField("servers"); + serversField.setAccessible(true); + return (String[])serversField.get(context); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + +} diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/com/sun/jndi/ldap/LdapURLOptionalFields.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/com/sun/jndi/ldap/LdapURLOptionalFields.java Wed Jul 05 20:29:43 2017 +0200 @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2015, Red Hat, Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8074761 + * @summary RFC-2255 allows attribute, scope and filter to be empty. + */ + +import com.sun.jndi.ldap.LdapURL; + +public class LdapURLOptionalFields { + + private static final String[] TEST_URLS = { + "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com", + "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com?", + "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com??", + "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com???", + "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com????" + }; + + public static void main(String[] args) throws Exception { + for (int i = 0; i < TEST_URLS.length; i++) { + String url = TEST_URLS[i]; + checkEmptyAttributes(url); + } + } + + private static void checkEmptyAttributes(String urlString) throws Exception { + LdapURL url = new LdapURL(urlString); + if (url.getAttributes() != null) { + throw new Exception("Expected null attributes for url: '" + urlString + "'"); + } + if (url.getScope() != null) { + throw new Exception("Expected null scope for url: '" + urlString + "'"); + } + if (url.getFilter() != null) { + throw new Exception("Expected null filter for url: '" + urlString + "'"); + } + } + +} diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/com/sun/security/auth/login/ConfigFile/InconsistentError.java --- a/jdk/test/com/sun/security/auth/login/ConfigFile/InconsistentError.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/test/com/sun/security/auth/login/ConfigFile/InconsistentError.java Wed Jul 05 20:29:43 2017 +0200 @@ -26,6 +26,7 @@ * @bug 4406033 * @summary ConfigFile throws an inconsistent error message * when the configuration file is not found + * @run main/othervm -Duser.language=en InconsistentError */ import com.sun.security.auth.login.*; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java --- a/jdk/test/com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/test/com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java Wed Jul 05 20:29:43 2017 +0200 @@ -25,6 +25,7 @@ * @test * @bug 4919147 * @summary Support for token-based KeyStores + * @run main/othervm -Duser.language=en OptionTest */ import java.io.File; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/java/net/URL/HandlersPkgPrefix/HandlersPkgPrefix.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/java/net/URL/HandlersPkgPrefix/HandlersPkgPrefix.java Wed Jul 05 20:29:43 2017 +0200 @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.net.MalformedURLException; +import java.net.URL; +import java.util.function.Consumer; + +/* + * @test + * @bug 8075139 + * @summary Basic test for java.protocol.handler.pkgs + * @compile handlers/foo/Handler.java handlers/bar/Handler.java HandlersPkgPrefix.java + * @run main/othervm HandlersPkgPrefix + */ + +public class HandlersPkgPrefix { + static final Consumer KNOWN = r -> { + if (r.exception != null) + throw new RuntimeException("Unexpected exception " + r.exception); + String p = r.url.getProtocol(); + if (!r.protocol.equals(p)) + throw new RuntimeException("Expected:" + r.protocol + ", got:" + p); + }; + static final Consumer UNKNOWN = r -> { + if (r.url != null) + throw new RuntimeException("Unexpected url:" + r.url); + if (!(r.exception instanceof MalformedURLException)) + throw new RuntimeException("Expected MalformedURLException, got:" + + r.exception); + }; + + public static void main(String[] args) { + withPrefix("unknown", "", UNKNOWN); + withPrefix("unknown", "handlers", UNKNOWN); + + withPrefix("foo", "", UNKNOWN); + withPrefix("foo", "xxx|yyy|zzz", UNKNOWN); + withPrefix("foo", "||||", UNKNOWN); + withPrefix("foo", "|a|b|c|handlers", KNOWN); + + withPrefix("bar", "", UNKNOWN); + withPrefix("bar", "x.y.z|y.y.y|z.z.z", UNKNOWN); + withPrefix("bar", " x.y.z | y.y.y | z.z.z| | ", UNKNOWN); + withPrefix("bar", "| a | b | c | handlers | d | e", KNOWN); + } + + static void withPrefix(String protocol, String pkgPrefix, + Consumer resultChecker) { + System.out.println("Testing, " + protocol + ", " + pkgPrefix); + + // The long standing implementation behavior is that the + // property is read multiple times, not cached. + System.setProperty("java.protocol.handler.pkgs", pkgPrefix); + URL url = null; + Exception exception = null; + try { + url = new URL(protocol + "://"); + } catch (MalformedURLException x) { + exception = x; + } + resultChecker.accept(new Result(protocol, url, exception)); + } + + static class Result { + final String protocol; + final URL url; + final Exception exception; + Result(String protocol, URL url, Exception exception) { + this.protocol = protocol; + this.url = url; + this.exception = exception; + } + } +} + diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/java/net/URL/HandlersPkgPrefix/handlers/bar/Handler.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/java/net/URL/HandlersPkgPrefix/handlers/bar/Handler.java Wed Jul 05 20:29:43 2017 +0200 @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package handlers.bar; + +import java.io.IOException; +import java.net.URL; +import java.net.URLConnection; +import java.net.URLStreamHandler; + +public class Handler extends URLStreamHandler { + @Override + protected URLConnection openConnection(URL u) throws IOException { + return null; + } +} + diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/java/net/URL/HandlersPkgPrefix/handlers/foo/Handler.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/java/net/URL/HandlersPkgPrefix/handlers/foo/Handler.java Wed Jul 05 20:29:43 2017 +0200 @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package handlers.foo; + +import java.io.IOException; +import java.net.URL; +import java.net.URLConnection; +import java.net.URLStreamHandler; + +public class Handler extends URLStreamHandler { + @Override + protected URLConnection openConnection(URL u) throws IOException { + return null; + } +} + diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/javax/security/auth/login/LoginContext/CustomLoginModule.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/security/auth/login/LoginContext/CustomLoginModule.java Wed Jul 05 20:29:43 2017 +0200 @@ -0,0 +1,275 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.IOException; +import java.security.Principal; +import java.util.Arrays; +import java.util.Locale; +import java.util.Map; +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.ChoiceCallback; +import javax.security.auth.callback.ConfirmationCallback; +import javax.security.auth.callback.LanguageCallback; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.TextInputCallback; +import javax.security.auth.callback.TextOutputCallback; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.FailedLoginException; +import javax.security.auth.login.LoginException; +import javax.security.auth.spi.LoginModule; + +public class CustomLoginModule implements LoginModule { + + static final String HELLO = "Hello"; + + private Subject subject; + private CallbackHandler callbackHandler; + private boolean loginSucceeded = false; + private String username; + private char[] password; + + /* + * Initialize this LoginModule. + */ + @Override + public void initialize(Subject subject, CallbackHandler callbackHandler, + Map sharedState, Map options) { + this.subject = subject; + this.callbackHandler = callbackHandler; + + // check if custom parameter is passed from comfiguration + if (options == null) { + throw new RuntimeException("options is null"); + } + + // read username/password from configuration + Object o = options.get("username"); + if (o == null) { + throw new RuntimeException("Custom parameter not passed"); + } + if (!(o instanceof String)) { + throw new RuntimeException("Password is not a string"); + } + username = (String) o; + + o = options.get("password"); + if (o == null) { + throw new RuntimeException("Custom parameter not passed"); + } + if (!(o instanceof String)) { + throw new RuntimeException("Password is not a string"); + } + password = ((String) o).toCharArray(); + } + + /* + * Authenticate the user. + */ + @Override + public boolean login() throws LoginException { + // prompt for a user name and password + if (callbackHandler == null) { + throw new LoginException("No CallbackHandler available"); + } + + // standard callbacks + NameCallback name = new NameCallback("username: ", "default"); + PasswordCallback passwd = new PasswordCallback("password: ", false); + + LanguageCallback language = new LanguageCallback(); + + TextOutputCallback error = new TextOutputCallback( + TextOutputCallback.ERROR, "This is an error"); + TextOutputCallback warning = new TextOutputCallback( + TextOutputCallback.WARNING, "This is a warning"); + TextOutputCallback info = new TextOutputCallback( + TextOutputCallback.INFORMATION, "This is a FYI"); + + TextInputCallback text = new TextInputCallback("Please type " + HELLO, + "Bye"); + + ChoiceCallback choice = new ChoiceCallback("Choice: ", + new String[] { "pass", "fail" }, 1, true); + + ConfirmationCallback confirmation = new ConfirmationCallback( + "confirmation: ", ConfirmationCallback.INFORMATION, + ConfirmationCallback.YES_NO_OPTION, ConfirmationCallback.NO); + + CustomCallback custom = new CustomCallback(); + + Callback[] callbacks = new Callback[] { + choice, info, warning, error, name, passwd, text, language, + confirmation, custom + }; + + boolean uce = false; + try { + callbackHandler.handle(callbacks); + } catch (UnsupportedCallbackException e) { + Callback callback = e.getCallback(); + if (custom.equals(callback)) { + uce = true; + System.out.println("CustomLoginModule: " + + "custom callback not supported as expected"); + } else { + throw new LoginException("Unsupported callback: " + callback); + } + } catch (IOException ioe) { + throw new LoginException(ioe.toString()); + } + + if (!uce) { + throw new RuntimeException("UnsupportedCallbackException " + + "not thrown"); + } + + if (!HELLO.equals(text.getText())) { + System.out.println("Text: " + text.getText()); + throw new FailedLoginException("No hello"); + } + + if (!Locale.GERMANY.equals(language.getLocale())) { + System.out.println("Selected locale: " + language.getLocale()); + throw new FailedLoginException("Achtung bitte"); + } + + String readUsername = name.getName(); + char[] readPassword = passwd.getPassword(); + if (readPassword == null) { + // treat a NULL password as an empty password + readPassword = new char[0]; + } + passwd.clearPassword(); + + // verify the username/password + if (!username.equals(readUsername) + || !Arrays.equals(password, readPassword)) { + loginSucceeded = false; + throw new FailedLoginException("Username/password is not correct"); + } + + // check chosen option + int[] selected = choice.getSelectedIndexes(); + if (selected == null || selected.length == 0) { + throw new FailedLoginException("Nothing selected"); + } + + if (selected[0] != 0) { + throw new FailedLoginException("Wrong choice: " + selected[0]); + } + + // check confirmation + if (confirmation.getSelectedIndex() != ConfirmationCallback.YES) { + throw new FailedLoginException("Not confirmed: " + + confirmation.getSelectedIndex()); + } + + loginSucceeded = true; + System.out.println("CustomLoginModule: authentication succeeded"); + return true; + } + + /* + * This method is called if the LoginContext's overall authentication + * succeeded. + */ + @Override + public boolean commit() throws LoginException { + if (loginSucceeded) { + // add a Principal to the Subject + Principal principal = new TestPrincipal(username); + if (!subject.getPrincipals().contains(principal)) { + subject.getPrincipals().add(principal); + } + return true; + } + + return false; + } + + /* + * This method is called if the LoginContext's overall authentication + * failed. + */ + @Override + public boolean abort() throws LoginException { + loginSucceeded = false; + return true; + } + + /* + * Logout the user. + */ + @Override + public boolean logout() throws LoginException { + loginSucceeded = false; + boolean removed = subject.getPrincipals().remove( + new TestPrincipal(username)); + if (!removed) { + throw new LoginException("Coundn't remove a principal: " + + username); + } + return true; + } + + static class TestPrincipal implements Principal { + + private final String name; + + public TestPrincipal(String name) { + this.name = name; + } + + @Override + public String getName() { + return name; + } + + @Override + public String toString() { + return("TestPrincipal [name =" + name + "]"); + } + + @Override + public int hashCode() { + return name.hashCode(); + } + + @Override + public boolean equals(Object o) { + if (o == null) { + return false; + } + if (!(o instanceof TestPrincipal)) { + return false; + } + TestPrincipal other = (TestPrincipal) o; + return name != null ? name.equals(other.name) : other.name == null; + } + } + + static class CustomCallback implements Callback {} +} diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/javax/security/auth/login/LoginContext/SharedState.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/security/auth/login/LoginContext/SharedState.java Wed Jul 05 20:29:43 2017 +0200 @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.util.Map; +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; +import javax.security.auth.spi.LoginModule; + +/** + * @test + * @bug 8048138 + * @summary Check if shared state is passed to login module + * @run main/othervm SharedState + */ +public class SharedState { + + static final String NAME = "name"; + static final String VALUE = "shared"; + + public static void main(String[] args) throws LoginException { + System.setProperty("java.security.auth.login.config", + System.getProperty("test.src") + + System.getProperty("file.separator") + + "shared.config"); + + new LoginContext("SharedState").login(); + } + + public static abstract class Module implements LoginModule { + + @Override + public boolean login() throws LoginException { + return true; + } + + @Override + public boolean commit() throws LoginException { + return true; + } + + @Override + public boolean abort() throws LoginException { + return true; + } + + @Override + public boolean logout() throws LoginException { + return true; + } + } + + public static class FirstModule extends Module { + + @Override + public void initialize(Subject subject, CallbackHandler callbackHandler, + Map sharedState, Map options) { + ((Map)sharedState).put(NAME, VALUE); + } + + } + + public static class SecondModule extends Module { + + @Override + public void initialize(Subject subject, CallbackHandler callbackHandler, + Map sharedState, Map options) { + // check shared object + Object shared = sharedState.get(NAME); + if (!VALUE.equals(shared)) { + throw new RuntimeException("Unexpected shared object: " + + shared); + } + } + + } +} diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/javax/security/auth/login/LoginContext/StandardCallbacks.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/security/auth/login/LoginContext/StandardCallbacks.java Wed Jul 05 20:29:43 2017 +0200 @@ -0,0 +1,189 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.security.Principal; +import java.util.Arrays; +import java.util.Locale; +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.ChoiceCallback; +import javax.security.auth.callback.ConfirmationCallback; +import javax.security.auth.callback.LanguageCallback; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.TextInputCallback; +import javax.security.auth.callback.TextOutputCallback; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; + +/* + * @test + * @bug 8048138 + * @summary Checks if JAAS login works fine with standard callbacks + * @compile DefaultHandlerModule.java + * @run main/othervm StandardCallbacks + */ +public class StandardCallbacks { + + private static final String USERNAME = "username"; + private static final char[] PASSWORD = "password".toCharArray(); + + public static void main(String[] args) throws LoginException { + System.setProperty("java.security.auth.login.config", + System.getProperty("test.src") + + System.getProperty("file.separator") + + "custom.config"); + + CustomCallbackHandler handler = new CustomCallbackHandler(USERNAME); + LoginContext context = new LoginContext("StandardCallbacks", handler); + + handler.setPassword(PASSWORD); + System.out.println("Try to login with correct password, " + + "successful authentication is expected"); + context.login(); + System.out.println("Authentication succeeded!"); + + Subject subject = context.getSubject(); + System.out.println("Authenticated user has the following principals [" + + subject.getPrincipals().size() + " ]:"); + boolean found = true; + for (Principal principal : subject.getPrincipals()) { + System.out.println("principal: " + principal); + if (principal instanceof CustomLoginModule.TestPrincipal) { + CustomLoginModule.TestPrincipal testPrincipal = + (CustomLoginModule.TestPrincipal) principal; + if (USERNAME.equals(testPrincipal.getName())) { + System.out.println("Found test principal: " + + testPrincipal); + found = true; + break; + } + } + } + + if (!found) { + throw new RuntimeException("TestPrincipal not found"); + } + + // check if all expected text output callbacks have been called + if (!handler.info) { + throw new RuntimeException("TextOutputCallback.INFO not called"); + } + + if (!handler.warning) { + throw new RuntimeException("TextOutputCallback.WARNING not called"); + } + + if (!handler.error) { + throw new RuntimeException("TextOutputCallback.ERROR not called"); + } + + System.out.println("Authenticated user has the following public " + + "credentials [" + subject.getPublicCredentials().size() + + "]:"); + subject.getPublicCredentials().stream(). + forEach((o) -> { + System.out.println("public credential: " + o); + }); + + context.logout(); + + System.out.println("Test passed"); + } + + private static class CustomCallbackHandler implements CallbackHandler { + + private final String username; + private char[] password; + private boolean info = false; + private boolean warning = false; + private boolean error = false; + + CustomCallbackHandler(String username) { + this.username = username; + } + + void setPassword(char[] password) { + this.password = password; + } + + @Override + public void handle(Callback[] callbacks) + throws UnsupportedCallbackException { + for (Callback callback : callbacks) { + if (callback instanceof TextOutputCallback) { + TextOutputCallback toc = (TextOutputCallback) callback; + switch (toc.getMessageType()) { + case TextOutputCallback.INFORMATION: + System.out.println("INFO: " + toc.getMessage()); + info = true; + break; + case TextOutputCallback.ERROR: + System.out.println("ERROR: " + toc.getMessage()); + error = true; + break; + case TextOutputCallback.WARNING: + System.out.println("WARNING: " + toc.getMessage()); + warning = true; + break; + default: + throw new UnsupportedCallbackException(toc, + "Unsupported message type: " + + toc.getMessageType()); + } + } else if (callback instanceof TextInputCallback) { + TextInputCallback tic = (TextInputCallback) callback; + System.out.println(tic.getPrompt()); + tic.setText(CustomLoginModule.HELLO); + } else if (callback instanceof LanguageCallback) { + LanguageCallback lc = (LanguageCallback) callback; + lc.setLocale(Locale.GERMANY); + } else if (callback instanceof ConfirmationCallback) { + ConfirmationCallback cc = (ConfirmationCallback) callback; + System.out.println(cc.getPrompt()); + cc.setSelectedIndex(ConfirmationCallback.YES); + } else if (callback instanceof ChoiceCallback) { + ChoiceCallback cc = (ChoiceCallback) callback; + System.out.println(cc.getPrompt() + + Arrays.toString(cc.getChoices())); + cc.setSelectedIndex(0); + } else if (callback instanceof NameCallback) { + NameCallback nc = (NameCallback) callback; + System.out.println(nc.getPrompt()); + nc.setName(username); + } else if (callback instanceof PasswordCallback) { + PasswordCallback pc = (PasswordCallback) callback; + System.out.println(pc.getPrompt()); + pc.setPassword(password); + } else { + throw new UnsupportedCallbackException(callback, + "Unknown callback"); + } + } + } + + } + +} diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/javax/security/auth/login/LoginContext/custom.config --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/security/auth/login/LoginContext/custom.config Wed Jul 05 20:29:43 2017 +0200 @@ -0,0 +1,4 @@ +StandardCallbacks { + DefaultHandlerModule required; + CustomLoginModule required username="username" password="password"; +}; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/javax/security/auth/login/LoginContext/shared.config --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/jdk/test/javax/security/auth/login/LoginContext/shared.config Wed Jul 05 20:29:43 2017 +0200 @@ -0,0 +1,4 @@ +SharedState { + SharedState$FirstModule required; + SharedState$SecondModule required; +}; \ No newline at end of file diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/javax/xml/ws/8046817/GenerateEnumSchema.java --- a/jdk/test/javax/xml/ws/8046817/GenerateEnumSchema.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/test/javax/xml/ws/8046817/GenerateEnumSchema.java Wed Jul 05 20:29:43 2017 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,57 +23,83 @@ /* * @test - * @bug 8046817 - * @summary schemagen fails to generate xsd for enum types + * @bug 8046817 8073357 + * @summary schemagen fails to generate xsd for enum types. + * Check that order of Enum values is preserved. * @run main/othervm GenerateEnumSchema */ import java.io.BufferedReader; import java.io.File; -import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStreamReader; +import java.nio.file.Files; import java.nio.file.Paths; -import java.util.Scanner; +import java.util.stream.Collectors; public class GenerateEnumSchema { private static final String SCHEMA_OUTPUT_FILENAME = "schema1.xsd"; private static final File schemaOutputFile = new File(SCHEMA_OUTPUT_FILENAME); + private static final String[] expectedEnums = { + "\"FIRST\"", "\"ONE\"", "\"TWO\"", "\"THREE\"", + "\"FOUR\"", "\"FIVE\"", "\"SIX\"", "\"LAST\""}; + private static String schemaContent = ""; - public static void main(String[] args) throws Exception, IOException { + public static void main(String[] args) throws Exception { + //Check schema generation for class type runSchemaGen("TestClassType.java"); checkIfSchemaGenerated(); + readSchemaContent(); checkSchemaContent(""); checkSchemaContent(""); - schemaOutputFile.delete(); + //Check schema generation for enum type runSchemaGen("TestEnumType.java"); checkIfSchemaGenerated(); + readSchemaContent(); + //Check if Enum type schema is generated checkSchemaContent(""); - checkSchemaContent(""); - checkSchemaContent(""); - checkSchemaContent(""); + //Check the sequence of enum values order + checkEnumOrder(); schemaOutputFile.delete(); } + // Check if schema file successfully generated by schemagen private static void checkIfSchemaGenerated() { if (!schemaOutputFile.exists()) { throw new RuntimeException("FAIL:" + SCHEMA_OUTPUT_FILENAME + " was not generated by schemagen tool"); } } - private static void checkSchemaContent(String exp_token) throws FileNotFoundException { - System.out.print("Check if generated schema contains '" + exp_token + "' string: "); - try (Scanner scanner = new Scanner(schemaOutputFile)) { - if (scanner.findWithinHorizon(exp_token, 0) != null) { - System.out.println("OK"); - return; - } + //Read schema content from file + private static void readSchemaContent() throws Exception { + schemaContent = Files.lines(schemaOutputFile.toPath()).collect(Collectors.joining("")); + } + + // Check if schema file contains specific string + private static void checkSchemaContent(String expContent) { + System.out.print("Check if generated schema contains '" + expContent + "' string: "); + if (schemaContent.contains(expContent)) { + System.out.println("OK"); + return; } System.out.println("FAIL"); - throw new RuntimeException("The '" + exp_token + "' is not found in generated schema"); + throw new RuntimeException("The '" + expContent + "' is not found in generated schema"); + } + // Check if the generated schema contains all enum constants + // and their order is preserved + private static void checkEnumOrder() throws Exception { + int prevElem = -1; + for (String elem : expectedEnums) { + int curElem = schemaContent.indexOf(elem); + System.out.println(elem + " position = " + curElem); + if (curElem < prevElem) { + throw new RuntimeException("FAIL: Enum values order is incorrect or " + elem + " element is not found"); + } + prevElem = curElem; + } } private static String getClassFilePath(String filename) { diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/javax/xml/ws/8046817/TestEnumType.java --- a/jdk/test/javax/xml/ws/8046817/TestEnumType.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/test/javax/xml/ws/8046817/TestEnumType.java Wed Jul 05 20:29:43 2017 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,5 +25,5 @@ @XmlEnum(String.class) public enum TestEnumType { - ONE, TWO, THREE + FIRST, ONE, TWO, THREE, FOUR, FIVE, SIX, LAST } diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh --- a/jdk/test/sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/test/sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh Wed Jul 05 20:29:43 2017 +0200 @@ -1,5 +1,5 @@ # -# Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ # @library /lib/testlibrary # @build jdk.testlibrary.* TestLogger Utils RmiBootstrapTest # @run shell/timeout=300 RmiSslBootstrapTest.sh +# @ignore 8077924 # Define the Java class test name TESTCLASS="RmiBootstrapTest" diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/sun/security/pkcs11/sslecc/CipherTest.java --- a/jdk/test/sun/security/pkcs11/sslecc/CipherTest.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/test/sun/security/pkcs11/sslecc/CipherTest.java Wed Jul 05 20:29:43 2017 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,7 +45,7 @@ public class CipherTest { // use any available port for the server socket - static int serverPort = 0; + static volatile int serverPort = 0; final int THREADS; diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java --- a/jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java Thu Apr 23 10:43:31 2015 -0700 +++ b/jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java Wed Jul 05 20:29:43 2017 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,7 +42,7 @@ serverContext.init(new KeyManager[] {cipherTest.keyManager}, new TrustManager[] {cipherTest.trustManager}, cipherTest.secureRandom); SSLServerSocketFactory factory = (SSLServerSocketFactory)serverContext.getServerSocketFactory(); - serverSocket = (SSLServerSocket)factory.createServerSocket(cipherTest.serverPort); + serverSocket = (SSLServerSocket)factory.createServerSocket(0); cipherTest.serverPort = serverSocket.getLocalPort(); serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites()); serverSocket.setWantClientAuth(true); diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/sun/security/provider/certpath/ReverseBuilder/BuildPath.java --- a/jdk/test/sun/security/provider/certpath/ReverseBuilder/BuildPath.java Thu Apr 23 10:43:31 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,58 +0,0 @@ -/* - * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/** - * @test - * @bug 6511784 - * @summary Make sure that building a path to a CRL issuer works in the - * reverse direction - * @library ../../../../../java/security/testlibrary - * @build CertUtils - * @run main BuildPath - */ -import java.security.cert.*; -import java.util.Collections; -import sun.security.provider.certpath.SunCertPathBuilderParameters; - -public class BuildPath { - - public static void main(String[] args) throws Exception { - - TrustAnchor anchor = - new TrustAnchor(CertUtils.getCertFromFile("mgrM2mgrM"), null); - X509Certificate target = CertUtils.getCertFromFile("mgrM2leadMA"); - X509CertSelector xcs = new X509CertSelector(); - xcs.setSubject("CN=leadMA,CN=mgrM,OU=prjM,OU=divE,OU=Comp,O=sun,C=us"); - xcs.setCertificate(target); - SunCertPathBuilderParameters params = - new SunCertPathBuilderParameters(Collections.singleton(anchor),xcs); - params.setBuildForward(false); - CertStore cs = CertUtils.createStore(new String[] - {"mgrM2prjM", "prjM2mgrM", "prjM2divE", "mgrM2leadMA" }); - params.addCertStore(cs); - CertStore cs2 = CertUtils.createCRLStore - (new String[] {"mgrMcrl", "prjMcrl"}); - params.addCertStore(cs2); - PKIXCertPathBuilderResult res = CertUtils.build(params); - } -} diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java --- a/jdk/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java Thu Apr 23 10:43:31 2015 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,356 +0,0 @@ -/* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -// -// Security properties, once set, cannot revert to unset. To avoid -// conflicts with tests running in the same VM isolate this test by -// running it in otherVM mode. -// - -/* - * @test - * @bug 7167988 - * @summary PKIX CertPathBuilder in reverse mode doesn't work if more than - * one trust anchor is specified - * @run main/othervm ReverseBuild - */ -import java.io.*; -import java.util.*; -import java.security.cert.*; -import java.security.Security; - -import sun.security.provider.certpath.SunCertPathBuilderParameters; - -public class ReverseBuild { - // Certificate information: - // Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org - // Validity - // Not Before: Dec 8 02:43:36 2008 GMT - // Not After : Aug 25 02:43:36 2028 GMT - // Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org - // X509v3 Subject Key Identifier: - // FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 - // X509v3 Authority Key Identifier: - // keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 - // DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org - // serial:00 - static String NoiceTrusedCertStr = - "-----BEGIN CERTIFICATE-----\n" + - "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + - "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + - "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" + - "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + - "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" + - "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" + - "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" + - "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" + - "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" + - "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" + - "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" + - "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" + - "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" + - "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" + - "6Mvf0r1PNTY2hwTJLJmKtg==\n" + - "-----END CERTIFICATE-----"; - - // Certificate information: - // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce - // Validity - // Not Before: Aug 19 01:52:19 2011 GMT - // Not After : Jul 29 01:52:19 2032 GMT - // Subject: C=US, O=Java, OU=SunJSSE Test Serivce - - // X509v3 Subject Key Identifier: - // B9:7C:D5:D9:DF:A7:4C:03:AE:FD:0E:27:5B:31:95:6C:C7:F3:75:E1 - // X509v3 Authority Key Identifier: - // keyid:B9:7C:D5:D9:DF:A7:4C:03:AE:FD:0E:27:5B:31:95:6C:C7:F3:75:E1 - // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce - // serial:00 - static String NoiceTrusedCertStr_2nd = - "-----BEGIN CERTIFICATE-----\n" + - "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + - "MTEwODE5MDE1MjE5WhcNMzIwNzI5MDE1MjE5WjA7MQswCQYDVQQGEwJVUzENMAsG\n" + - "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" + - "KoZIhvcNAQEBBQADgY0AMIGJAoGBAM8orG08DtF98TMSscjGsidd1ZoN4jiDpi8U\n" + - "ICz+9dMm1qM1d7O2T+KH3/mxyox7Rc2ZVSCaUD0a3CkhPMnlAx8V4u0H+E9sqso6\n" + - "iDW3JpOyzMExvZiRgRG/3nvp55RMIUV4vEHOZ1QbhuqG4ebN0Vz2DkRft7+flthf\n" + - "vDld6f5JAgMBAAGjgaUwgaIwHQYDVR0OBBYEFLl81dnfp0wDrv0OJ1sxlWzH83Xh\n" + - "MGMGA1UdIwRcMFqAFLl81dnfp0wDrv0OJ1sxlWzH83XhoT+kPTA7MQswCQYDVQQG\n" + - "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" + - "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEE\n" + - "BQADgYEALlgaH1gWtoBZ84EW8Hu6YtGLQ/L9zIFmHonUPZwn3Pr//icR9Sqhc3/l\n" + - "pVTxOINuFHLRz4BBtEylzRIOPzK3tg8XwuLb1zd0db90x3KBCiAL6E6cklGEPwLe\n" + - "XYMHDn9eDsaq861Tzn6ZwzMgw04zotPMoZN0mVd/3Qca8UJFucE=\n" + - "-----END CERTIFICATE-----"; - - - // Certificate information: - // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce - // Validity - // Not Before: May 5 02:40:50 2012 GMT - // Not After : Apr 15 02:40:50 2033 GMT - // Subject: C=US, O=Java, OU=SunJSSE Test Serivce - // X509v3 Subject Key Identifier: - // DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B - // X509v3 Authority Key Identifier: - // keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B - // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce - // serial:00 - static String trustedCertStr = - "-----BEGIN CERTIFICATE-----\n" + - "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + - "MTIwNTA1MDI0MDUwWhcNMzMwNDE1MDI0MDUwWjA7MQswCQYDVQQGEwJVUzENMAsG\n" + - "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" + - "KoZIhvcNAQEBBQADgY0AMIGJAoGBANtiq0AIJK+iVRwFrqcD7fYXTCbMYC5Qz/k6\n" + - "AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwvzuURbc9+paOBWeHbN+Sc\n" + - "x3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStFhSHXATjtdbskNOAYGLTV\n" + - "x8uEy9GbAgMBAAGjgaUwgaIwHQYDVR0OBBYEFN1OjSoRwIMD8Kzror/58n3IaR+b\n" + - "MGMGA1UdIwRcMFqAFN1OjSoRwIMD8Kzror/58n3IaR+boT+kPTA7MQswCQYDVQQG\n" + - "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" + - "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC\n" + - "BQADgYEAjjkJesQrkbr36N40egybaIxw7RcqT6iy5fkAGS1JYlBDk8uSCK1o6bCH\n" + - "ls5EpYcGeEoabSS73WRdkO1lgeyWDduO4ef8cCCSpmpT6/YdZG0QS1PtcREeVig+\n" + - "Zr25jNemS4ADHX0aaXP4kiV/G80cR7nX5t5XCUm4bYdbwM07NgI=\n" + - "-----END CERTIFICATE-----"; - static String trustedPrivateKey = // Private key in the format of PKCS#8 - "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANtiq0AIJK+iVRwF\n" + - "rqcD7fYXTCbMYC5Qz/k6AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwv\n" + - "zuURbc9+paOBWeHbN+Scx3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStF\n" + - "hSHXATjtdbskNOAYGLTVx8uEy9GbAgMBAAECgYEA2VjHkIiA0ABjkX+PqKeb+VLb\n" + - "fxS7tSca5C8zfdRhLxAWRui0/3ihst0eCJNrBDuxvAOACovsDWyLuaUjtI2v2ysz\n" + - "vz6SPyGy82PhQOFzyKQuQ814N6EpothpiZzF0yFchfKIGhUsdY89UrGs9nM7m6NT\n" + - "rztYvgIu4avg2VPR2AECQQD+pFAqipR2BplQRIuuRSZfHRxvoEyDjT1xnHJsC6WP\n" + - "I5hCLghL91MhQGWbP4EJMKYQOTRVukWlcp2Kycpf+P5hAkEA3I43gmVUAPEdyZdY\n" + - "fatW7OaLlbbYJb6qEtpCZ1Rwe/BIvm6H6E3qSi/lpz7Ia7WDulpbF6BawHH3pRFq\n" + - "CUY5ewJBAP3pUDqrRpBN0jB0uSeDslhjSciQ+dqvSpZv3rSYBHUvlBJhnkpJiy37\n" + - "7ZUZhIxqYxyIPgRBolLwb+FFh7OdL+ECQCtldDic9WVmC+VheRDpCKZ+SlK/8lGi\n" + - "7VXeShiIvcU1JysJFoa35fSI7hf1O3wt7+hX5PqGG7Un94EsJwACKEcCQQC1TWt6\n" + - "ArKH6tRxKjOxFtqfs8fgEVYUaOr3j1jF4KBUuX2mtQtddZe3VfJ2wPsuKMMxmhkB\n" + - "e7xWWZnJsErt2e+E"; - - // Certificate information: - // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce - // Validity - // Not Before: May 5 02:40:53 2012 GMT - // Not After : Jan 21 02:40:53 2032 GMT - // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner - // X509v3 Subject Key Identifier: - // 13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A - // X509v3 Authority Key Identifier: - // keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B - // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce - // serial:00 - static String caSignerStr = - "-----BEGIN CERTIFICATE-----\n" + - "MIICqDCCAhGgAwIBAgIBAjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" + - "MTIwNTA1MDI0MDUzWhcNMzIwMTIxMDI0MDUzWjBOMQswCQYDVQQGEwJVUzENMAsG\n" + - "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAPBgNV\n" + - "BAMTCGNhc2lnbmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+x8+o7oM0\n" + - "ct/LZmZLXBL4CQ8jrULD5P7NtEW0hg/zxBFZfBHf+44Oo2eMPYZj+7xaREOH5BmV\n" + - "KRYlzRtONAaC5Ng4Mrm5UKNPcMIIUjUOvm7vWM4oSTMSfoEcSX+vp99uUAkw3w7Z\n" + - "+frYDm1M4At/j0b+lLij71GFN2L8drpgPQIDAQABo4GoMIGlMB0GA1UdDgQWBBQT\n" + - "B+ARB9vrMyOHMdDbfhZWvhGQCjBjBgNVHSMEXDBagBTdTo0qEcCDA/Cs66K/+fJ9\n" + - "yGkfm6E/pD0wOzELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsT\n" + - "FFN1bkpTU0UgVGVzdCBTZXJpdmNlggEAMBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYD\n" + - "VR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBAI+LXA/UCPkTANablUkt80JNPWsl\n" + - "pS4XLNgPxWaN0bkRDs5oI4ooWAz1rwpeJ/nfetOvWlpmrVjSeovBFja5Hl+dUHTf\n" + - "VfuyzkxXbhuNiJIpo1mVBpNsjwu9YRxuwX6UA2LTUQpgvtVJEE012x3zRvxBCbu2\n" + - "Y/v1R5fZ4c+hXDfC\n" + - "-----END CERTIFICATE-----"; - static String caSignerPrivateKey = // Private key in the format of PKCS#8 - "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL7Hz6jugzRy38tm\n" + - "ZktcEvgJDyOtQsPk/s20RbSGD/PEEVl8Ed/7jg6jZ4w9hmP7vFpEQ4fkGZUpFiXN\n" + - "G040BoLk2DgyublQo09wwghSNQ6+bu9YzihJMxJ+gRxJf6+n325QCTDfDtn5+tgO\n" + - "bUzgC3+PRv6UuKPvUYU3Yvx2umA9AgMBAAECgYBYvu30cW8LONyt62Zua9hPFTe7\n" + - "qt9B7QYyfkdmoG5PQMepTrOp84SzfoOukvgvDm0huFuJnSvhXQl2cCDhkgXskvFj\n" + - "Hh7KBCFViVXokGdq5YoS0/KYMyQV0TZfJUvILBl51uc4/siQ2tClC/N4sa+1JhgW\n" + - "a6dFGfRjiUKSSlmMwQJBAPWpIz3Q/c+DYMvoQr5OD8EaYwYIevlTdXb97RnJJh2b\n" + - "UnhB9jrqesJiHYVzPmP0ukyPOXOwlp2T5Am4Kw0LFOkCQQDGz150NoHOp28Mvyc4\n" + - "CTqz/zYzUhy2eCJESl196uyP4N65Y01VYQ3JDww4DlsXiU17tVSbgA9TCcfTYOzy\n" + - "vyw1AkARUky+1hafZCcWGZljK8PmnMKwsTZikCTvL/Zg5BMA8Wu+OQBwpQnk3OAy\n" + - "Aa87gw0DyvGFG8Vy9POWT9sRP1/JAkBqP0hrMvYMSs6+MSn0eHo2151PsAJIQcuO\n" + - "U2/Da1khSzu8N6WMi2GiobgV/RYRbf9KrY2ZzMZjykZQYOxAjopBAkEAghCu38cN\n" + - "aOsW6ueo24uzsWI1FTdE+qWNVEi3RSP120xXBCyhaBjIq4WVSlJK9K2aBaJpit3j\n" + - "iQ5tl6zrLlxQhg=="; - - // Certificate information: - // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner - // Validity - // Not Before: May 5 02:40:57 2012 GMT - // Not After : Jan 21 02:40:57 2032 GMT - // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer - // X509v3 Subject Key Identifier: - // 39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8 - // X509v3 Authority Key Identifier: - // keyid:13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A - // DirName:/C=US/O=Java/OU=SunJSSE Test Serivce - // serial:02 - static String certIssuerStr = - "-----BEGIN CERTIFICATE-----\n" + - "MIICvjCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAP\n" + - "BgNVBAMTCGNhc2lnbmVyMB4XDTEyMDUwNTAyNDA1N1oXDTMyMDEyMTAyNDA1N1ow\n" + - "UDELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0Ug\n" + - "VGVzdCBTZXJpdmNlMRMwEQYDVQQDEwpjZXJ0aXNzdWVyMIGfMA0GCSqGSIb3DQEB\n" + - "AQUAA4GNADCBiQKBgQCyz55zinU6kNL/LeiTNiBI0QWYmDG0YTotuC4D75liBNqs\n" + - "7Mmladsh2mTtQUAwmuGaGzaZV25a+cUax0DXZoyBwdbTI09u1bUYsZcaUUKbPoCC\n" + - "HH26e4jLFL4olW13Sv4ZAd57tIYevMw+Fp5f4fLPFGegCJTFlv2Qjpmic/cuvQID\n" + - "AQABo4GpMIGmMB0GA1UdDgQWBBQ5DsYzsVC8cwcx5dgE97uXVc+byDBjBgNVHSME\n" + - "XDBagBQTB+ARB9vrMyOHMdDbfhZWvhGQCqE/pD0wOzELMAkGA1UEBhMCVVMxDTAL\n" + - "BgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0UgVGVzdCBTZXJpdmNlggECMBMG\n" + - "A1UdEwEB/wQJMAcBAf8CAgQAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOB\n" + - "gQCQTagenCdClT98C+oTJGJrw/dUBD9K3tE6ZJKPMc/2bUia8G5ei1C0eXj4mWG2\n" + - "lu9umR6C90/A6qB050QB2h50qtqxSrkpu+ym1yypauZpg7U3nUY9wZWJNI1vqrQZ\n" + - "pqUMRcXY3iQIVKx+Qj+4/Za1wwFQzpEoGmqRW31V1SdMEw==\n" + - "-----END CERTIFICATE-----"; - static String certIssuerPrivateKey = // Private key in the format of PKCS#8 - "MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBALLPnnOKdTqQ0v8t\n" + - "6JM2IEjRBZiYMbRhOi24LgPvmWIE2qzsyaVp2yHaZO1BQDCa4ZobNplXblr5xRrH\n" + - "QNdmjIHB1tMjT27VtRixlxpRQps+gIIcfbp7iMsUviiVbXdK/hkB3nu0hh68zD4W\n" + - "nl/h8s8UZ6AIlMWW/ZCOmaJz9y69AgMBAAECgYEAjtew2tgm4gxDojqIauF4VPM1\n" + - "pzsdqd1p3pAdomNLgrQiBLZ8N7oiph6TNb1EjA+OXc+ThFgF/oM9ZDD8qZZwcvjN\n" + - "qDZlpTkFs2TaGcyEZfUaMB45NHVs6Nn+pSkagSNwwy3xeyAct7sQEzGNTDlEwVv5\n" + - "7V9LQutQtBd6xT48KzkCQQDpNRfv2OFNG/6GtzJoO68oJhpnpl2MsYNi4ntRkre/\n" + - "6uXpiCYaDskcrPMRwOOs0m7mxG+Ev+uKnLnSoEMm1GCbAkEAxEmDtiD0Psb8Z9BL\n" + - "ZRb83Jqho3xe2MCAh3xUfz9b/Mhae9dZ44o4OCgQZuwvW1mczF0NtpgZl93BmYa2\n" + - "hTwHhwJBAKHrEj6ep/fA6x0gD2idoATRR94VfbiU+7NpqtO9ecVP0+gsdr/66hn1\n" + - "3yLBeZLh3MxvMTrLgkAQh1i9m0JXjOcCQQClLXAHHegrw+u3uNMZeKTFR+Lp3sk6\n" + - "AZSnbvr0Me9I45kxSeG81x3ENALJecvIRbrrRws5MvmmkNhQR8rkh8WVAkEAk6b+\n" + - "aVtmBgUaTS5+FFlHGHJY9HFrfT1a1C/dwyMuqlmbC3YsBmZaMOlKli5TXNybLff8\n" + - "5KMeGEpXMzgC7AscGA=="; - - // Certificate information: - // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer - // Validity - // Not Before: May 5 02:41:01 2012 GMT - // Not After : Jan 21 02:41:01 2032 GMT - // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=localhost - // X509v3 Subject Key Identifier: - // AD:C0:2C:4C:E4:C2:2E:A1:BB:5D:92:BE:66:E0:4E:E0:0D:2F:11:EF - // X509v3 Authority Key Identifier: - // keyid:39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8 - static String targetCertStr = - "-----BEGIN CERTIFICATE-----\n" + - "MIICjTCCAfagAwIBAgIBBDANBgkqhkiG9w0BAQQFADBQMQswCQYDVQQGEwJVUzEN\n" + - "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEzAR\n" + - "BgNVBAMTCmNlcnRpc3N1ZXIwHhcNMTIwNTA1MDI0MTAxWhcNMzIwMTIxMDI0MTAx\n" + - "WjBPMQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNT\n" + - "RSBUZXN0IFNlcml2Y2UxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B\n" + - "AQEFAAOBjQAwgYkCgYEAvwaUd7wmBSKqycEstYLWD26vkU08DM39EtaT8wL9HnQ0\n" + - "fgPblwBFI4zdLa2cuYXRZcFUb04N8nrkcpR0D6kkE+AlFAoRWrrZF80B7JTbtEK4\n" + - "1PIeurihXvUT+4MpzGLOojIihMfvM4ufelblD56SInso4WFHm7t4qCln88J1gjkC\n" + - "AwEAAaN4MHYwCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBStwCxM5MIuobtdkr5m4E7g\n" + - "DS8R7zAfBgNVHSMEGDAWgBQ5DsYzsVC8cwcx5dgE97uXVc+byDAnBgNVHSUEIDAe\n" + - "BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBAUAA4GB\n" + - "AGfwcfdvEG/nSCiAn2MGbYHp34mgF3OA1SJLWUW0LvWJhwm2cn4AXlSoyvbwrkaB\n" + - "IDDCwhJvvc0vUyL2kTx7sqVaFTq3mDs+ktlB/FfH0Pb+i8FE+g+7T42Iw/j0qxHL\n" + - "YmgbrjBQf5WYN1AvBE/rrPt9aOtS3UsqtVGW574b0shW\n" + - "-----END CERTIFICATE-----"; - static String targetPrivateKey = // Private key in the format of PKCS#8 - "MIICdAIBADANBgkqhkiG9w0BAQEFAASCAl4wggJaAgEAAoGBAL8GlHe8JgUiqsnB\n" + - "LLWC1g9ur5FNPAzN/RLWk/MC/R50NH4D25cARSOM3S2tnLmF0WXBVG9ODfJ65HKU\n" + - "dA+pJBPgJRQKEVq62RfNAeyU27RCuNTyHrq4oV71E/uDKcxizqIyIoTH7zOLn3pW\n" + - "5Q+ekiJ7KOFhR5u7eKgpZ/PCdYI5AgMBAAECf3CscOYvFD3zNMnMJ5LomVqA7w3F\n" + - "gKYM2jlCWAH+wU41PMEXhW6Lujw92jgXL1o+lERwxFzirVdZJWZwKgUSvzP1G0h3\n" + - "fkucq1/UWnToK+8NSXNM/yS8hXbBgSEoJo5f7LKcIi1Ev6doBVofMxs+njzyWKbM\n" + - "Nb7rOLHadghoon0CQQDgQzbzzSN8Dc1YmmylhI5v+0sQRHH0DL7D24k4Weh4vInG\n" + - "EAbt4x8M7ZKEo8/dv0s4hbmNmAnJl93/RRxIyEqLAkEA2g87DiswSQam2pZ8GlrO\n" + - "+w4Qg9mH8uxx8ou2rl0XlHzH1XiTNbkjfY0EZoL7L31BHFk9n11Fb2P85g6ws+Hy\n" + - "ywJAM/xgyLNM/nzUlS128geAXUULaYH0SHaL4isJ7B4rXZGW/mrIsGxtzjlkNYsj\n" + - "rGujrD6TfNc5rZmexIXowJZtcQJBAIww+pCzZ4mrgx5JXWQ8OZHiiu+ZrPOa2+9J\n" + - "r5sOMpi+WGN/73S8oHqZbNjTINZ5OqEVJq8MchWZPQBTNXuQql0CQHEjUzzkCQa3\n" + - "j6JTa2KAdqyvLOx0XF9zcc1gA069uNQI2gPUHS8V215z57f/gMGnDNhVfLs/vMKz\n" + - "sFkVZ3zg7As="; - - - public static void main(String args[]) throws Exception { - // MD5 is used in this test case, don't disable MD5 algorithm. - Security.setProperty( - "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); - - // generate certificate from cert string - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - - // create a set of trust anchors - LinkedHashSet trustAnchors = new LinkedHashSet<>(); - - ByteArrayInputStream is = - new ByteArrayInputStream(NoiceTrusedCertStr.getBytes()); - Certificate trustedCert = cf.generateCertificate(is); - is.close(); - TrustAnchor anchor = - new TrustAnchor((X509Certificate)trustedCert, null); - trustAnchors.add(anchor); - - is = new ByteArrayInputStream(trustedCertStr.getBytes()); - trustedCert = cf.generateCertificate(is); - is.close(); - anchor = new TrustAnchor((X509Certificate)trustedCert, null); - trustAnchors.add(anchor); - - is = new ByteArrayInputStream(NoiceTrusedCertStr_2nd.getBytes()); - trustedCert = cf.generateCertificate(is); - is.close(); - anchor = new TrustAnchor((X509Certificate)trustedCert, null); - trustAnchors.add(anchor); - - // create a list of certificates - List chainList = new ArrayList<>(); - - is = new ByteArrayInputStream(targetCertStr.getBytes()); - Certificate cert = cf.generateCertificate(is); - is.close(); - chainList.add(cert); - - is = new ByteArrayInputStream(certIssuerStr.getBytes()); - cert = cf.generateCertificate(is); - is.close(); - chainList.add(cert); - - is = new ByteArrayInputStream(caSignerStr.getBytes()); - cert = cf.generateCertificate(is); - is.close(); - chainList.add(cert); - - // create a certificate selector - X509CertSelector xcs = new X509CertSelector(); - X509Certificate eeCert = (X509Certificate)chainList.get(0); - xcs.setSubject(eeCert.getSubjectX500Principal()); - - // reverse build - SunCertPathBuilderParameters params = - new SunCertPathBuilderParameters(trustAnchors, xcs); - params.setBuildForward(false); - params.setRevocationEnabled(false); - - CollectionCertStoreParameters ccsp = - new CollectionCertStoreParameters(chainList); - params.addCertStore(CertStore.getInstance("Collection", ccsp)); - - CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); - CertPathBuilderResult res = cpb.build(params); - } -} diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrM2leadMA Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrM2leadMA has changed diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrM2mgrM Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrM2mgrM has changed diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrM2prjM Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrM2prjM has changed diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrMcrl Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrMcrl has changed diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/sun/security/provider/certpath/ReverseBuilder/prjM2divE Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/prjM2divE has changed diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/sun/security/provider/certpath/ReverseBuilder/prjM2mgrM Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/prjM2mgrM has changed diff -r 27f6a088fa6a -r de68c8dd1de2 jdk/test/sun/security/provider/certpath/ReverseBuilder/prjMcrl Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/prjMcrl has changed diff -r 27f6a088fa6a -r de68c8dd1de2 make/Images.gmk --- a/make/Images.gmk Thu Apr 23 10:43:31 2015 -0700 +++ b/make/Images.gmk Wed Jul 05 20:29:43 2017 +0200 @@ -38,7 +38,7 @@ ############################################################################ MAIN_MODULES += java.se java.smartcardio jdk.httpserver jdk.sctp \ - jdk.security.auth jdk.security.jgss jdk.pack200 + jdk.security.auth jdk.security.jgss jdk.pack200 jdk.xml.dom # providers PROVIDER_MODULES += jdk.charsets jdk.crypto.ec jdk.crypto.pkcs11 jdk.jvmstat jdk.localedata \