--- a/jdk/make/Makefile Tue Nov 09 18:56:39 2010 +0000
+++ b/jdk/make/Makefile Tue Nov 09 18:57:12 2010 +0000
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1995, 2007, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1995, 2010, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -243,6 +243,11 @@
SUBDIRS_tools = launchers
SUBDIRS_misc = org sunw jpda mkdemo mksample
+# Alternate classes implementation
+ifndef OPENJDK
+ SUBDIRS_misc += altclasses
+endif
+
include $(BUILDDIR)/common/Subdirs.gmk
all build::
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/make/altclasses/Makefile Tue Nov 09 18:57:12 2010 +0000
@@ -0,0 +1,84 @@
+#
+# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation. Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+#
+# Makefile for building alternate runtime classes (not used by default)
+#
+
+BUILDDIR = ..
+
+PRODUCT = altclasses
+
+include $(BUILDDIR)/common/Defs.gmk
+
+# Root of alternate class sources
+
+ALTCLASSES_SRCDIR = $(CLOSED_SRC)/share/altclasses
+
+# Alternate runtime classes
+
+ALTRT_JAR_FILE = $(LIBDIR)/alt-rt.jar
+ALTRT_JAR_SOURCE_FILE = $(TEMPDIR)/alt-rt.jarsrclist
+ALTRT_JAR_SOURCES = $(wildcard $(ALTCLASSES_SRCDIR)/java/*/*.java)
+
+# Use a special file suffix for the file that holds the source list
+
+.SUFFIXES: .jarsrclist
+
+# Build rules
+
+all build:
+ @if [ -d $(ALTCLASSES_SRCDIR) ] ; then \
+ $(MAKE) $(ALTRT_JAR_FILE); \
+ fi
+
+# Source list file creation
+
+$(ALTRT_JAR_SOURCE_FILE): $(ALTRT_JAR_SOURCES) FRC
+ $(prep-target)
+ $(ECHO) $(ALTRT_JAR_SOURCES) > $@
+
+clean clobber::
+ $(RM) $(ALTRT_JAR_FILE) $(ALTRT_JAR_SOURCE_FILE)
+ $(RM) -r $(ALTRT_JAR_SOURCE_FILE).classes
+
+include $(BUILDDIR)/common/Classes.gmk
+
+# Pattern rule to turn a source list file into a jar file
+$(LIBDIR)/%.jar : $(TEMPDIR)/%.jarsrclist
+ $(prep-target)
+ $(RM) -r $(<).classes
+ $(MKDIR) -p $(<).classes
+ $(JAVAC_CMD) -implicit:none -d $(<).classes @$<
+ $(BOOT_JAR_CMD) cf $@ -C $(<).classes . $(BOOT_JAR_JFLAGS)
+
+# Force target
+
+FRC:
+
+# Non file targets
+
+.PHONY: all build clean clobber
+
--- a/jdk/src/share/classes/sun/security/krb5/KrbKdcReq.java Tue Nov 09 18:56:39 2010 +0000
+++ b/jdk/src/share/classes/sun/security/krb5/KrbKdcReq.java Tue Nov 09 18:57:12 2010 +0000
@@ -36,8 +36,7 @@
import java.security.Security;
import java.util.Locale;
import sun.security.krb5.internal.Krb5;
-import sun.security.krb5.internal.UDPClient;
-import sun.security.krb5.internal.TCPClient;
+import sun.security.krb5.internal.NetClient;
import java.io.IOException;
import java.net.SocketTimeoutException;
import java.util.StringTokenizer;
@@ -349,12 +348,16 @@
byte[] ibuf = null;
- if (useTCP) {
- TCPClient kdcClient = new TCPClient(kdc, port);
+ for (int i=1; i <= retries; i++) {
+ String proto = useTCP?"TCP":"UDP";
+ NetClient kdcClient = NetClient.getInstance(
+ proto, kdc, port, timeout);
if (DEBUG) {
System.out.println(">>> KDCCommunication: kdc=" + kdc
- + " TCP:"
- + port
+ + " " + proto + ":"
+ + port + ", timeout="
+ + timeout
+ + ",Attempt =" + i
+ ", #bytes=" + obuf.length);
}
try {
@@ -366,51 +369,19 @@
* And get a response.
*/
ibuf = kdcClient.receive();
+ break;
+ } catch (SocketTimeoutException se) {
+ if (DEBUG) {
+ System.out.println ("SocketTimeOutException with " +
+ "attempt: " + i);
+ }
+ if (i == retries) {
+ ibuf = null;
+ throw se;
+ }
} finally {
kdcClient.close();
}
-
- } else {
- // For each KDC we try defaultKdcRetryLimit times to
- // get the response
- for (int i=1; i <= retries; i++) {
- UDPClient kdcClient = new UDPClient(kdc, port, timeout);
-
- if (DEBUG) {
- System.out.println(">>> KDCCommunication: kdc=" + kdc
- + (useTCP ? " TCP:":" UDP:")
- + port + ", timeout="
- + timeout
- + ",Attempt =" + i
- + ", #bytes=" + obuf.length);
- }
- try {
- /*
- * Send the data to the kdc.
- */
-
- kdcClient.send(obuf);
-
- /*
- * And get a response.
- */
- try {
- ibuf = kdcClient.receive();
- break;
- } catch (SocketTimeoutException se) {
- if (DEBUG) {
- System.out.println ("SocketTimeOutException with " +
- "attempt: " + i);
- }
- if (i == retries) {
- ibuf = null;
- throw se;
- }
- }
- } finally {
- kdcClient.close();
- }
- }
}
return ibuf;
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/krb5/internal/NetClient.java Tue Nov 09 18:57:12 2010 +0000
@@ -0,0 +1,221 @@
+/*
+ * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ *
+ * (C) Copyright IBM Corp. 1999 All Rights Reserved.
+ * Copyright 1997 The Open Group Research Institute. All rights reserved.
+ */
+
+package sun.security.krb5.internal;
+
+import java.io.*;
+import java.net.*;
+
+public abstract class NetClient {
+ public static NetClient getInstance(String protocol, String hostname, int port,
+ int timeout) throws IOException {
+ if (protocol.equals("TCP")) {
+ return new TCPClient(hostname, port, timeout);
+ } else {
+ return new UDPClient(hostname, port, timeout);
+ }
+ }
+
+ abstract public void send(byte[] data) throws IOException;
+
+ abstract public byte[] receive() throws IOException;
+
+ abstract public void close() throws IOException;
+}
+
+class TCPClient extends NetClient {
+
+ private Socket tcpSocket;
+ private BufferedOutputStream out;
+ private BufferedInputStream in;
+
+ TCPClient(String hostname, int port, int timeout)
+ throws IOException {
+ tcpSocket = new Socket(hostname, port);
+ out = new BufferedOutputStream(tcpSocket.getOutputStream());
+ in = new BufferedInputStream(tcpSocket.getInputStream());
+ tcpSocket.setSoTimeout(timeout);
+ }
+
+ @Override
+ public void send(byte[] data) throws IOException {
+ byte[] lenField = new byte[4];
+ intToNetworkByteOrder(data.length, lenField, 0, 4);
+ out.write(lenField);
+
+ out.write(data);
+ out.flush();
+ }
+
+ @Override
+ public byte[] receive() throws IOException {
+ byte[] lenField = new byte[4];
+ int count = readFully(lenField, 4);
+
+ if (count != 4) {
+ if (Krb5.DEBUG) {
+ System.out.println(
+ ">>>DEBUG: TCPClient could not read length field");
+ }
+ return null;
+ }
+
+ int len = networkByteOrderToInt(lenField, 0, 4);
+ if (Krb5.DEBUG) {
+ System.out.println(
+ ">>>DEBUG: TCPClient reading " + len + " bytes");
+ }
+ if (len <= 0) {
+ if (Krb5.DEBUG) {
+ System.out.println(
+ ">>>DEBUG: TCPClient zero or negative length field: "+len);
+ }
+ return null;
+ }
+
+ byte data[] = new byte[len];
+ count = readFully(data, len);
+ if (count != len) {
+ if (Krb5.DEBUG) {
+ System.out.println(
+ ">>>DEBUG: TCPClient could not read complete packet (" +
+ len + "/" + count + ")");
+ }
+ return null;
+ } else {
+ return data;
+ }
+ }
+
+ @Override
+ public void close() throws IOException {
+ tcpSocket.close();
+ }
+
+ /**
+ * Read requested number of bytes before returning.
+ * @return The number of bytes actually read; -1 if none read
+ */
+ private int readFully(byte[] inBuf, int total) throws IOException {
+ int count, pos = 0;
+
+ while (total > 0) {
+ count = in.read(inBuf, pos, total);
+
+ if (count == -1) {
+ return (pos == 0? -1 : pos);
+ }
+ pos += count;
+ total -= count;
+ }
+ return pos;
+ }
+
+ /**
+ * Returns the integer represented by 4 bytes in network byte order.
+ */
+ private static int networkByteOrderToInt(byte[] buf, int start,
+ int count) {
+ if (count > 4) {
+ throw new IllegalArgumentException(
+ "Cannot handle more than 4 bytes");
+ }
+
+ int answer = 0;
+
+ for (int i = 0; i < count; i++) {
+ answer <<= 8;
+ answer |= ((int)buf[start+i] & 0xff);
+ }
+ return answer;
+ }
+
+ /**
+ * Encodes an integer into 4 bytes in network byte order in the buffer
+ * supplied.
+ */
+ private static void intToNetworkByteOrder(int num, byte[] buf,
+ int start, int count) {
+ if (count > 4) {
+ throw new IllegalArgumentException(
+ "Cannot handle more than 4 bytes");
+ }
+
+ for (int i = count-1; i >= 0; i--) {
+ buf[start+i] = (byte)(num & 0xff);
+ num >>>= 8;
+ }
+ }
+}
+
+class UDPClient extends NetClient {
+ InetAddress iaddr;
+ int iport;
+ int bufSize = 65507;
+ DatagramSocket dgSocket;
+ DatagramPacket dgPacketIn;
+
+ UDPClient(String hostname, int port, int timeout)
+ throws UnknownHostException, SocketException {
+ iaddr = InetAddress.getByName(hostname);
+ iport = port;
+ dgSocket = new DatagramSocket();
+ dgSocket.setSoTimeout(timeout);
+ }
+
+ @Override
+ public void send(byte[] data) throws IOException {
+ DatagramPacket dgPacketOut = new DatagramPacket(data, data.length,
+ iaddr, iport);
+ dgSocket.send(dgPacketOut);
+ }
+
+ @Override
+ public byte[] receive() throws IOException {
+ byte ibuf[] = new byte[bufSize];
+ dgPacketIn = new DatagramPacket(ibuf, ibuf.length);
+ try {
+ dgSocket.receive(dgPacketIn);
+ }
+ catch (SocketException e) {
+ dgSocket.receive(dgPacketIn);
+ }
+ byte[] data = new byte[dgPacketIn.getLength()];
+ System.arraycopy(dgPacketIn.getData(), 0, data, 0,
+ dgPacketIn.getLength());
+ return data;
+ }
+
+ @Override
+ public void close() {
+ dgSocket.close();
+ }
+}
--- a/jdk/src/share/classes/sun/security/krb5/internal/TCPClient.java Tue Nov 09 18:56:39 2010 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,155 +0,0 @@
-/*
- * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- *
- * (C) Copyright IBM Corp. 1999 All Rights Reserved.
- * Copyright 1997 The Open Group Research Institute. All rights reserved.
- */
-
-package sun.security.krb5.internal;
-
-import java.io.*;
-import java.net.*;
-
-public class TCPClient {
-
- private Socket tcpSocket;
- private BufferedOutputStream out;
- private BufferedInputStream in;
-
- public TCPClient(String hostname, int port) throws IOException {
- tcpSocket = new Socket(hostname, port);
- out = new BufferedOutputStream(tcpSocket.getOutputStream());
- in = new BufferedInputStream(tcpSocket.getInputStream());
- }
-
- public void send(byte[] data) throws IOException {
- byte[] lenField = new byte[4];
- intToNetworkByteOrder(data.length, lenField, 0, 4);
- out.write(lenField);
-
- out.write(data);
- out.flush();
- }
-
- public byte[] receive() throws IOException {
- byte[] lenField = new byte[4];
- int count = readFully(lenField, 4);
-
- if (count != 4) {
- if (Krb5.DEBUG) {
- System.out.println(
- ">>>DEBUG: TCPClient could not read length field");
- }
- return null;
- }
-
- int len = networkByteOrderToInt(lenField, 0, 4);
- if (Krb5.DEBUG) {
- System.out.println(
- ">>>DEBUG: TCPClient reading " + len + " bytes");
- }
- if (len <= 0) {
- if (Krb5.DEBUG) {
- System.out.println(
- ">>>DEBUG: TCPClient zero or negative length field: "+len);
- }
- return null;
- }
-
- byte data[] = new byte[len];
- count = readFully(data, len);
- if (count != len) {
- if (Krb5.DEBUG) {
- System.out.println(
- ">>>DEBUG: TCPClient could not read complete packet (" +
- len + "/" + count + ")");
- }
- return null;
- } else {
- return data;
- }
- }
-
- public void close() throws IOException {
- tcpSocket.close();
- }
-
- /**
- * Read requested number of bytes before returning.
- * @return The number of bytes actually read; -1 if none read
- */
- private int readFully(byte[] inBuf, int total) throws IOException {
- int count, pos = 0;
-
- while (total > 0) {
- count = in.read(inBuf, pos, total);
-
- if (count == -1) {
- return (pos == 0? -1 : pos);
- }
- pos += count;
- total -= count;
- }
- return pos;
- }
-
- /**
- * Returns the integer represented by 4 bytes in network byte order.
- */
- private static final int networkByteOrderToInt(byte[] buf, int start,
- int count) {
- if (count > 4) {
- throw new IllegalArgumentException(
- "Cannot handle more than 4 bytes");
- }
-
- int answer = 0;
-
- for (int i = 0; i < count; i++) {
- answer <<= 8;
- answer |= ((int)buf[start+i] & 0xff);
- }
- return answer;
- }
-
- /**
- * Encodes an integer into 4 bytes in network byte order in the buffer
- * supplied.
- */
- private static final void intToNetworkByteOrder(int num, byte[] buf,
- int start, int count) {
- if (count > 4) {
- throw new IllegalArgumentException(
- "Cannot handle more than 4 bytes");
- }
-
- for (int i = count-1; i >= 0; i--) {
- buf[start+i] = (byte)(num & 0xff);
- num >>>= 8;
- }
- }
-}
--- a/jdk/src/share/classes/sun/security/krb5/internal/UDPClient.java Tue Nov 09 18:56:39 2010 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,99 +0,0 @@
-/*
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- *
- * (C) Copyright IBM Corp. 1999 All Rights Reserved.
- * Copyright 1997 The Open Group Research Institute. All rights reserved.
- */
-
-package sun.security.krb5.internal;
-
-import java.io.*;
-import java.net.*;
-
-public class UDPClient {
- InetAddress iaddr;
- int iport;
- int bufSize = 65507;
- DatagramSocket dgSocket;
- DatagramPacket dgPacketIn;
-
- public UDPClient(InetAddress newIAddr, int port)
- throws SocketException {
- iaddr = newIAddr;
- iport = port;
- dgSocket = new DatagramSocket();
- }
-
- public UDPClient(String hostname, int port)
- throws UnknownHostException, SocketException {
- iaddr = InetAddress.getByName(hostname);
- iport = port;
- dgSocket = new DatagramSocket();
- }
-
- public UDPClient(String hostname, int port, int timeout)
- throws UnknownHostException, SocketException {
- iaddr = InetAddress.getByName(hostname);
- iport = port;
- dgSocket = new DatagramSocket();
- dgSocket.setSoTimeout(timeout);
- }
-
- public void setBufSize(int newBufSize) {
- bufSize = newBufSize;
- }
-
- public InetAddress getInetAddress() {
- if (dgPacketIn != null)
- return dgPacketIn.getAddress();
- return null;
- }
-
- public void send(byte[] data) throws IOException {
- DatagramPacket dgPacketOut = new DatagramPacket(data, data.length,
- iaddr, iport);
- dgSocket.send(dgPacketOut);
- }
-
- public byte[] receive() throws IOException {
- byte ibuf[] = new byte[bufSize];
- dgPacketIn = new DatagramPacket(ibuf, ibuf.length);
- try {
- dgSocket.receive(dgPacketIn);
- }
- catch (SocketException e) {
- dgSocket.receive(dgPacketIn);
- }
- byte[] data = new byte[dgPacketIn.getLength()];
- System.arraycopy(dgPacketIn.getData(), 0, data, 0,
- dgPacketIn.getLength());
- return data;
- }
-
- public void close() {
- dgSocket.close();
- }
-}
--- a/jdk/src/solaris/classes/sun/net/www/protocol/http/NTLMAuthentication.java Tue Nov 09 18:56:39 2010 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,427 +0,0 @@
-/*
- * Copyright (c) 2005, 2008, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.net.www.protocol.http;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.InetAddress;
-import java.net.PasswordAuthentication;
-import java.net.UnknownHostException;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import javax.crypto.Cipher;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.DESKeySpec;
-
-import sun.net.www.HeaderParser;
-
-/**
- * NTLMAuthentication:
- *
- * @author Michael McMahon
- */
-
-/*
- * NTLM authentication is nominally based on the framework defined in RFC2617,
- * but differs from the standard (Basic & Digest) schemes as follows:
- *
- * 1. A complete authentication requires three request/response transactions
- * as shown below:
- * REQ ------------------------------->
- * <---- 401 (signalling NTLM) --------
- *
- * REQ (with type1 NTLM msg) --------->
- * <---- 401 (with type 2 NTLM msg) ---
- *
- * REQ (with type3 NTLM msg) --------->
- * <---- OK ---------------------------
- *
- * 2. The scope of the authentication is the TCP connection (which must be kept-alive)
- * after the type2 response is received. This means that NTLM does not work end-to-end
- * through a proxy, rather between client and proxy, or between client and server (with no proxy)
- */
-
-class NTLMAuthentication extends AuthenticationInfo {
- private static final long serialVersionUID = -2403849171106437142L;
-
- private byte[] type1;
- private byte[] type3;
-
- private SecretKeyFactory fac;
- private Cipher cipher;
- private MessageDigest md4;
- private String hostname;
- private static String defaultDomain; /* Domain to use if not specified by user */
-
- static {
- defaultDomain = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("http.auth.ntlm.domain",
- "domain"));
- };
-
- static boolean supportsTransparentAuth () {
- return false;
- }
-
- private void init0() {
- type1 = new byte[256];
- type3 = new byte[256];
- System.arraycopy (new byte[] {'N','T','L','M','S','S','P',0,1}, 0, type1, 0, 9);
- type1[12] = (byte) 3;
- type1[13] = (byte) 0xb2;
- type1[28] = (byte) 0x20;
- System.arraycopy (new byte[] {'N','T','L','M','S','S','P',0,3}, 0, type3, 0, 9);
- type3[12] = (byte) 0x18;
- type3[14] = (byte) 0x18;
- type3[20] = (byte) 0x18;
- type3[22] = (byte) 0x18;
- type3[32] = (byte) 0x40;
- type3[60] = (byte) 1;
- type3[61] = (byte) 0x82;
-
- try {
- hostname = java.security.AccessController.doPrivileged(
- new java.security.PrivilegedAction<String>() {
- public String run() {
- String localhost;
- try {
- localhost = InetAddress.getLocalHost().getHostName().toUpperCase();
- } catch (UnknownHostException e) {
- localhost = "localhost";
- }
- return localhost;
- }
- });
- int x = hostname.indexOf ('.');
- if (x != -1) {
- hostname = hostname.substring (0, x);
- }
- fac = SecretKeyFactory.getInstance ("DES");
- cipher = Cipher.getInstance ("DES/ECB/NoPadding");
- md4 = sun.security.provider.MD4.getInstance();
- } catch (NoSuchPaddingException e) {
- assert false;
- } catch (NoSuchAlgorithmException e) {
- assert false;
- }
- };
-
- PasswordAuthentication pw;
- String username;
- String ntdomain;
- String password;
-
- /**
- * Create a NTLMAuthentication:
- * Username may be specified as domain<BACKSLASH>username in the application Authenticator.
- * If this notation is not used, then the domain will be taken
- * from a system property: "http.auth.ntlm.domain".
- */
- public NTLMAuthentication(boolean isProxy, URL url, PasswordAuthentication pw) {
- super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION,
- AuthScheme.NTLM,
- url,
- "");
- init (pw);
- }
-
- private void init (PasswordAuthentication pw) {
- this.pw = pw;
- String s = pw.getUserName();
- int i = s.indexOf ('\\');
- if (i == -1) {
- username = s;
- ntdomain = defaultDomain;
- } else {
- ntdomain = s.substring (0, i).toUpperCase();
- username = s.substring (i+1);
- }
- password = new String (pw.getPassword());
- init0();
- }
-
- /**
- * Constructor used for proxy entries
- */
- public NTLMAuthentication(boolean isProxy, String host, int port,
- PasswordAuthentication pw) {
- super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION,
- AuthScheme.NTLM,
- host,
- port,
- "");
- init (pw);
- }
-
- /**
- * @return true if this authentication supports preemptive authorization
- */
- boolean supportsPreemptiveAuthorization() {
- return false;
- }
-
- /**
- * @return the name of the HTTP header this authentication wants set
- */
- String getHeaderName() {
- if (type == SERVER_AUTHENTICATION) {
- return "Authorization";
- } else {
- return "Proxy-authorization";
- }
- }
-
- /**
- * Not supported. Must use the setHeaders() method
- */
- String getHeaderValue(URL url, String method) {
- throw new RuntimeException ("getHeaderValue not supported");
- }
-
- /**
- * Check if the header indicates that the current auth. parameters are stale.
- * If so, then replace the relevant field with the new value
- * and return true. Otherwise return false.
- * returning true means the request can be retried with the same userid/password
- * returning false means we have to go back to the user to ask for a new
- * username password.
- */
- boolean isAuthorizationStale (String header) {
- return false; /* should not be called for ntlm */
- }
-
- /**
- * Set header(s) on the given connection.
- * @param conn The connection to apply the header(s) to
- * @param p A source of header values for this connection, not used because
- * HeaderParser converts the fields to lower case, use raw instead
- * @param raw The raw header field.
- * @return true if all goes well, false if no headers were set.
- */
- synchronized boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw) {
-
- try {
- String response;
- if (raw.length() < 6) { /* NTLM<sp> */
- response = buildType1Msg ();
- } else {
- String msg = raw.substring (5); /* skip NTLM<sp> */
- response = buildType3Msg (msg);
- }
- conn.setAuthenticationProperty(getHeaderName(), response);
- return true;
- } catch (IOException e) {
- return false;
- } catch (GeneralSecurityException e) {
- return false;
- }
- }
-
- private void copybytes (byte[] dest, int destpos, String src, String enc) {
- try {
- byte[] x = src.getBytes(enc);
- System.arraycopy (x, 0, dest, destpos, x.length);
- } catch (UnsupportedEncodingException e) {
- assert false;
- }
- }
-
- private String buildType1Msg () {
- int dlen = ntdomain.length();
- type1[16]= (byte) (dlen % 256);
- type1[17]= (byte) (dlen / 256);
- type1[18] = type1[16];
- type1[19] = type1[17];
-
- int hlen = hostname.length();
- type1[24]= (byte) (hlen % 256);
- type1[25]= (byte) (hlen / 256);
- type1[26] = type1[24];
- type1[27] = type1[25];
-
- copybytes (type1, 32, hostname, "ISO8859_1");
- copybytes (type1, hlen+32, ntdomain, "ISO8859_1");
- type1[20] = (byte) ((hlen+32) % 256);
- type1[21] = (byte) ((hlen+32) / 256);
-
- byte[] msg = new byte [32 + hlen + dlen];
- System.arraycopy (type1, 0, msg, 0, 32 + hlen + dlen);
- String result = "NTLM " + (new B64Encoder()).encode (msg);
- return result;
- }
-
-
- /* Convert a 7 byte array to an 8 byte array (for a des key with parity)
- * input starts at offset off
- */
- private byte[] makeDesKey (byte[] input, int off) {
- int[] in = new int [input.length];
- for (int i=0; i<in.length; i++ ) {
- in[i] = input[i]<0 ? input[i]+256: input[i];
- }
- byte[] out = new byte[8];
- out[0] = (byte)in[off+0];
- out[1] = (byte)(((in[off+0] << 7) & 0xFF) | (in[off+1] >> 1));
- out[2] = (byte)(((in[off+1] << 6) & 0xFF) | (in[off+2] >> 2));
- out[3] = (byte)(((in[off+2] << 5) & 0xFF) | (in[off+3] >> 3));
- out[4] = (byte)(((in[off+3] << 4) & 0xFF) | (in[off+4] >> 4));
- out[5] = (byte)(((in[off+4] << 3) & 0xFF) | (in[off+5] >> 5));
- out[6] = (byte)(((in[off+5] << 2) & 0xFF) | (in[off+6] >> 6));
- out[7] = (byte)((in[off+6] << 1) & 0xFF);
- return out;
- }
-
- private byte[] calcLMHash () throws GeneralSecurityException {
- byte[] magic = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
- byte[] pwb = password.toUpperCase ().getBytes();
- byte[] pwb1 = new byte [14];
- int len = password.length();
- if (len > 14)
- len = 14;
- System.arraycopy (pwb, 0, pwb1, 0, len); /* Zero padded */
-
- DESKeySpec dks1 = new DESKeySpec (makeDesKey (pwb1, 0));
- DESKeySpec dks2 = new DESKeySpec (makeDesKey (pwb1, 7));
-
- SecretKey key1 = fac.generateSecret (dks1);
- SecretKey key2 = fac.generateSecret (dks2);
- cipher.init (Cipher.ENCRYPT_MODE, key1);
- byte[] out1 = cipher.doFinal (magic, 0, 8);
- cipher.init (Cipher.ENCRYPT_MODE, key2);
- byte[] out2 = cipher.doFinal (magic, 0, 8);
-
- byte[] result = new byte [21];
- System.arraycopy (out1, 0, result, 0, 8);
- System.arraycopy (out2, 0, result, 8, 8);
- return result;
- }
-
- private byte[] calcNTHash () throws GeneralSecurityException {
- byte[] pw = null;
- try {
- pw = password.getBytes ("UnicodeLittleUnmarked");
- } catch (UnsupportedEncodingException e) {
- assert false;
- }
- byte[] out = md4.digest (pw);
- byte[] result = new byte [21];
- System.arraycopy (out, 0, result, 0, 16);
- return result;
- }
-
- /* key is a 21 byte array. Split it into 3 7 byte chunks,
- * Convert each to 8 byte DES keys, encrypt the text arg with
- * each key and return the three results in a sequential []
- */
- private byte[] calcResponse (byte[] key, byte[] text)
- throws GeneralSecurityException {
- assert key.length == 21;
- DESKeySpec dks1 = new DESKeySpec (makeDesKey (key, 0));
- DESKeySpec dks2 = new DESKeySpec (makeDesKey (key, 7));
- DESKeySpec dks3 = new DESKeySpec (makeDesKey (key, 14));
- SecretKey key1 = fac.generateSecret (dks1);
- SecretKey key2 = fac.generateSecret (dks2);
- SecretKey key3 = fac.generateSecret (dks3);
- cipher.init (Cipher.ENCRYPT_MODE, key1);
- byte[] out1 = cipher.doFinal (text, 0, 8);
- cipher.init (Cipher.ENCRYPT_MODE, key2);
- byte[] out2 = cipher.doFinal (text, 0, 8);
- cipher.init (Cipher.ENCRYPT_MODE, key3);
- byte[] out3 = cipher.doFinal (text, 0, 8);
- byte[] result = new byte [24];
- System.arraycopy (out1, 0, result, 0, 8);
- System.arraycopy (out2, 0, result, 8, 8);
- System.arraycopy (out3, 0, result, 16, 8);
- return result;
- }
-
- private String buildType3Msg (String challenge) throws GeneralSecurityException,
- IOException {
- /* First decode the type2 message to get the server nonce */
- /* nonce is located at type2[24] for 8 bytes */
-
- byte[] type2 = (new sun.misc.BASE64Decoder()).decodeBuffer (challenge);
- byte[] nonce = new byte [8];
- System.arraycopy (type2, 24, nonce, 0, 8);
-
- int ulen = username.length()*2;
- type3[36] = type3[38] = (byte) (ulen % 256);
- type3[37] = type3[39] = (byte) (ulen / 256);
- int dlen = ntdomain.length()*2;
- type3[28] = type3[30] = (byte) (dlen % 256);
- type3[29] = type3[31] = (byte) (dlen / 256);
- int hlen = hostname.length()*2;
- type3[44] = type3[46] = (byte) (hlen % 256);
- type3[45] = type3[47] = (byte) (hlen / 256);
-
- int l = 64;
- copybytes (type3, l, ntdomain, "UnicodeLittleUnmarked");
- type3[32] = (byte) (l % 256);
- type3[33] = (byte) (l / 256);
- l += dlen;
- copybytes (type3, l, username, "UnicodeLittleUnmarked");
- type3[40] = (byte) (l % 256);
- type3[41] = (byte) (l / 256);
- l += ulen;
- copybytes (type3, l, hostname, "UnicodeLittleUnmarked");
- type3[48] = (byte) (l % 256);
- type3[49] = (byte) (l / 256);
- l += hlen;
-
- byte[] lmhash = calcLMHash();
- byte[] lmresponse = calcResponse (lmhash, nonce);
- byte[] nthash = calcNTHash();
- byte[] ntresponse = calcResponse (nthash, nonce);
- System.arraycopy (lmresponse, 0, type3, l, 24);
- type3[16] = (byte) (l % 256);
- type3[17] = (byte) (l / 256);
- l += 24;
- System.arraycopy (ntresponse, 0, type3, l, 24);
- type3[24] = (byte) (l % 256);
- type3[25] = (byte) (l / 256);
- l += 24;
- type3[56] = (byte) (l % 256);
- type3[57] = (byte) (l / 256);
-
- byte[] msg = new byte [l];
- System.arraycopy (type3, 0, msg, 0, l);
- String result = "NTLM " + (new B64Encoder()).encode (msg);
- return result;
- }
-
-}
-
-
-class B64Encoder extends sun.misc.BASE64Encoder {
- /* to force it to to the entire encoding in one line */
- protected int bytesPerLine () {
- return 1024;
- }
-}
--- a/jdk/test/java/lang/reflect/Generics/Probe.java Tue Nov 09 18:56:39 2010 +0000
+++ b/jdk/test/java/lang/reflect/Generics/Probe.java Tue Nov 09 18:57:12 2010 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -47,9 +47,6 @@
"java.util.WeakHashMap$EntryIterator",
"java.util.WeakHashMap$KeyIterator",
"java.util.WeakHashMap$ValueIterator",
- "java.util.TreeMap$EntryIterator",
- "java.util.TreeMap$KeyIterator",
- "java.util.TreeMap$ValueIterator",
"java.util.HashMap$EntryIterator",
"java.util.HashMap$KeyIterator",
"java.util.HashMap$ValueIterator",
--- a/jdk/test/java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java Tue Nov 09 18:56:39 2010 +0000
+++ b/jdk/test/java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java Tue Nov 09 18:57:12 2010 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 4684810
+ * @bug 4684810 6994717
* @summary Verify that RFC822 name constraints are checked correctly
*/
@@ -38,6 +38,7 @@
import java.util.ArrayList;
import java.util.Collections;
+import java.util.Date;
import java.util.List;
import java.util.Set;
@@ -100,6 +101,9 @@
Set<TrustAnchor> anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
+ // The certificates expired on 10/22/10, so set the validity date to
+ // 05/01/2009 to avoid expiration failures
+ params.setDate(new Date(1243828800000l));
}
/*
--- a/jdk/test/java/util/NavigableMap/LockStep.java Tue Nov 09 18:56:39 2010 +0000
+++ b/jdk/test/java/util/NavigableMap/LockStep.java Tue Nov 09 18:57:12 2010 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,9 @@
* @test
* @bug 6420753 6242436 6691185
* @summary Compare NavigableMap implementations for identical behavior
+ * @run main LockStep
+ * @run main/othervm -XX:+AggressiveOpts LockStep
+ * @run main/othervm -XX:+AggressiveOpts -Dthorough=true LockStep
* @author Martin Buchholz
*/
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/TcpTimeout.java Tue Nov 09 18:57:12 2010 +0000
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6952519
+ * @run main/timeout=40/othervm TcpTimeout
+ * @summary kdc_timeout is not being honoured when using TCP
+ */
+
+import java.io.*;
+import java.net.ServerSocket;
+import sun.security.krb5.Config;
+
+public class TcpTimeout {
+ public static void main(String[] args)
+ throws Exception {
+
+ System.setProperty("sun.security.krb5.debug", "true");
+ final int p1 = 10000 + new java.util.Random().nextInt(10000);
+ final int p2 = 20000 + new java.util.Random().nextInt(10000);
+ final int p3 = 30000 + new java.util.Random().nextInt(10000);
+
+ KDC k = new KDC(OneKDC.REALM, OneKDC.KDCHOST, p3, true);
+ k.addPrincipal(OneKDC.USER, OneKDC.PASS);
+ k.addPrincipalRandKey("krbtgt/" + OneKDC.REALM);
+
+ // Start two listener that does not communicate, simulate timeout
+ new Thread() {
+ public void run() {
+ try {
+ new ServerSocket(p1).accept();
+ } catch (Exception e) {
+ }}
+ }.start();
+ new Thread() {
+ public void run() {
+ try {
+ new ServerSocket(p2).accept();
+ } catch (Exception e) {
+ }}
+ }.start();
+
+ FileWriter fw = new FileWriter("alternative-krb5.conf");
+
+ fw.write("[libdefaults]\n" +
+ "udp_preference_limit = 1\n" +
+ "max_retries = 2\n" +
+ "default_realm = " + OneKDC.REALM + "\n" +
+ "kdc_timeout = 5000\n");
+ fw.write("[realms]\n" + OneKDC.REALM + " = {\n" +
+ "kdc = " + OneKDC.KDCHOST + ":" + p1 + "\n" +
+ "kdc = " + OneKDC.KDCHOST + ":" + p2 + "\n" +
+ "kdc = " + OneKDC.KDCHOST + ":" + p3 + "\n" +
+ "}\n");
+
+ fw.close();
+ System.setProperty("java.security.krb5.conf", "alternative-krb5.conf");
+ Config.refresh();
+
+ // The correct behavior should be:
+ // 5 sec on p1, 5 sec on p1, fail
+ // 5 sec on p2, 5 sec on p2, fail
+ // p3 ok, p3 ok again for preauth.
+ // The total time should be 20sec + 2x. x is processing time for AS-REQ.
+ int count = 6;
+ long start = System.nanoTime();
+
+ ByteArrayOutputStream bo = new ByteArrayOutputStream();
+ PrintStream oldout = System.out;
+ System.setOut(new PrintStream(bo));
+ Context c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
+ System.setOut(oldout);
+
+ String[] lines = new String(bo.toByteArray()).split("\n");
+ for (String line: lines) {
+ if (line.startsWith(">>> KDCCommunication")) {
+ System.out.println(line);
+ count--;
+ }
+ }
+ if (count != 0) {
+ throw new Exception("Retry count is " + count + " less");
+ }
+
+ long end = System.nanoTime();
+ if ((end - start)/1000000000L < 20) {
+ throw new Exception("Too fast? " + (end - start)/1000000000L);
+ }
+ }
+
+ private static KDC on(int p) throws Exception {
+ KDC k = new KDC(OneKDC.REALM, OneKDC.KDCHOST, p, true);
+ k.addPrincipal(OneKDC.USER, OneKDC.PASS);
+ k.addPrincipalRandKey("krbtgt/" + OneKDC.REALM);
+ return k;
+ }
+
+ private static void addFakeKDCs()
+ throws Exception {
+ BufferedReader fr = new BufferedReader(new FileReader(OneKDC.KRB5_CONF));
+ FileWriter fw = new FileWriter("alternative-krb5.conf");
+ while (true) {
+ String s = fr.readLine();
+ if (s == null) {
+ break;
+ }
+ if (s.trim().startsWith("kdc = ")) {
+ fw.write(" kdc = localhost:33333\n");
+ fw.write(" kdc = localhost:22222\n");
+ }
+ fw.write(s + "\n");
+ }
+ fr.close();
+ fw.close();
+ sun.security.krb5.Config.refresh();
+ }
+}