--- a/jdk/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java Fri Jul 17 08:46:54 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java Tue Jul 21 09:19:19 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -61,7 +61,6 @@
private static final String LFN_SIG = "L" + LFN + ";";
private static final String LL_SIG = "(L" + OBJ + ";)L" + OBJ + ";";
private static final String LLV_SIG = "(L" + OBJ + ";L" + OBJ + ";)V";
- private static final String CLL_SIG = "(L" + CLS + ";L" + OBJ + ";)L" + OBJ + ";";
/** Name of its super class*/
private static final String superName = OBJ;
@@ -571,7 +570,7 @@
mv.visitLdcInsn(constantPlaceholder(cls));
mv.visitTypeInsn(Opcodes.CHECKCAST, CLS);
mv.visitInsn(Opcodes.SWAP);
- mv.visitMethodInsn(Opcodes.INVOKESTATIC, MHI, "castReference", CLL_SIG, false);
+ mv.visitMethodInsn(Opcodes.INVOKEVIRTUAL, CLS, "cast", LL_SIG, false);
if (Object[].class.isAssignableFrom(cls))
mv.visitTypeInsn(Opcodes.CHECKCAST, OBJARY);
else if (PROFILE_LEVEL > 0)
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java Fri Jul 17 08:46:54 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java Tue Jul 21 09:19:19 2015 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -219,7 +219,7 @@
if (convSpec == null) continue;
MethodHandle fn;
if (convSpec instanceof Class) {
- fn = Lazy.MH_castReference.bindTo(convSpec);
+ fn = Lazy.MH_cast.bindTo(convSpec);
} else {
fn = (MethodHandle) convSpec;
}
@@ -239,7 +239,7 @@
if (convSpec == void.class)
fn = null;
else
- fn = Lazy.MH_castReference.bindTo(convSpec);
+ fn = Lazy.MH_cast.bindTo(convSpec);
} else {
fn = (MethodHandle) convSpec;
}
@@ -302,7 +302,7 @@
Name conv;
if (convSpec instanceof Class) {
Class<?> convClass = (Class<?>) convSpec;
- conv = new Name(Lazy.MH_castReference, convClass, names[INARG_BASE + i]);
+ conv = new Name(Lazy.MH_cast, convClass, names[INARG_BASE + i]);
} else {
MethodHandle fn = (MethodHandle) convSpec;
conv = new Name(fn, names[INARG_BASE + i]);
@@ -326,7 +326,7 @@
conv = new Name(LambdaForm.constantZero(BasicType.basicType(srcType.returnType())));
} else if (convSpec instanceof Class) {
Class<?> convClass = (Class<?>) convSpec;
- conv = new Name(Lazy.MH_castReference, convClass, names[OUT_CALL]);
+ conv = new Name(Lazy.MH_cast, convClass, names[OUT_CALL]);
} else {
MethodHandle fn = (MethodHandle) convSpec;
if (fn.type().parameterCount() == 0)
@@ -343,25 +343,6 @@
return SimpleMethodHandle.make(srcType, form);
}
- /**
- * Identity function, with reference cast.
- * @param t an arbitrary reference type
- * @param x an arbitrary reference value
- * @return the same value x
- */
- @ForceInline
- @SuppressWarnings("unchecked")
- static <T,U> T castReference(Class<? extends T> t, U x) {
- // inlined Class.cast because we can't ForceInline it
- if (x != null && !t.isInstance(x))
- throw newClassCastException(t, x);
- return (T) x;
- }
-
- private static ClassCastException newClassCastException(Class<?> t, Object obj) {
- return new ClassCastException("Cannot cast " + obj.getClass().getName() + " to " + t.getName());
- }
-
static Object[] computeValueConversions(MethodType srcType, MethodType dstType,
boolean strict, boolean monobox) {
final int INARG_COUNT = srcType.parameterCount();
@@ -591,6 +572,7 @@
*/
static class Lazy {
private static final Class<?> MHI = MethodHandleImpl.class;
+ private static final Class<?> CLS = Class.class;
private static final MethodHandle[] ARRAYS;
private static final MethodHandle[] FILL_ARRAYS;
@@ -600,7 +582,7 @@
static final NamedFunction NF_throwException;
static final NamedFunction NF_profileBoolean;
- static final MethodHandle MH_castReference;
+ static final MethodHandle MH_cast;
static final MethodHandle MH_selectAlternative;
static final MethodHandle MH_copyAsPrimitiveArray;
static final MethodHandle MH_fillNewTypedArray;
@@ -623,8 +605,8 @@
NF_throwException.resolve();
NF_profileBoolean.resolve();
- MH_castReference = IMPL_LOOKUP.findStatic(MHI, "castReference",
- MethodType.methodType(Object.class, Class.class, Object.class));
+ MH_cast = IMPL_LOOKUP.findVirtual(CLS, "cast",
+ MethodType.methodType(Object.class, Object.class));
MH_copyAsPrimitiveArray = IMPL_LOOKUP.findStatic(MHI, "copyAsPrimitiveArray",
MethodType.methodType(Object.class, Wrapper.class, Object[].class));
MH_arrayIdentity = IMPL_LOOKUP.findStatic(MHI, "identity",
--- a/jdk/src/java.base/share/classes/java/security/CodeSource.java Fri Jul 17 08:46:54 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/CodeSource.java Tue Jul 21 09:19:19 2015 -0700
@@ -339,7 +339,7 @@
* @param strict If true then a strict equality match is performed.
* Otherwise a subset match is performed.
*/
- private boolean matchCerts(CodeSource that, boolean strict)
+ boolean matchCerts(CodeSource that, boolean strict)
{
boolean match;
--- a/jdk/src/java.base/share/classes/java/security/SecureClassLoader.java Fri Jul 17 08:46:54 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/security/SecureClassLoader.java Tue Jul 21 09:19:19 2015 -0700
@@ -25,9 +25,10 @@
package java.security;
-import java.util.Map;
+import java.net.URL;
import java.util.ArrayList;
-import java.net.URL;
+import java.util.Map;
+import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Function;
@@ -50,15 +51,15 @@
private final boolean initialized;
/*
- * Map that maps the CodeSource URL (as a String) to ProtectionDomain.
- * We use a String instead of a CodeSource/URL as the key to avoid
+ * Map that maps the CodeSource to a ProtectionDomain. The key is a
+ * CodeSourceKey class that uses a String instead of a URL to avoid
* potential expensive name service lookups. This does mean that URLs that
* are equivalent after nameservice lookup will be placed in separate
* ProtectionDomains; however during policy enforcement these URLs will be
* canonicalized and resolved resulting in a consistent set of granted
* permissions.
*/
- private final Map<String, ProtectionDomain> pdcache
+ private final Map<CodeSourceKey, ProtectionDomain> pdcache
= new ConcurrentHashMap<>(11);
private static final Debug debug = Debug.getInstance("scl");
@@ -209,17 +210,14 @@
return null;
}
- // Use a String form of the URL as the key. It should behave in the
- // same manner as the URL when compared for equality except that no
- // nameservice lookup is done on the hostname (String comparison
+ // Use a CodeSourceKey object key. It should behave in the
+ // same manner as the CodeSource when compared for equality except
+ // that no nameservice lookup is done on the hostname (String comparison
// only), and the fragment is not considered.
- String key = cs.getLocationNoFragString();
- if (key == null) {
- key = "<null>";
- }
+ CodeSourceKey key = new CodeSourceKey(cs);
return pdcache.computeIfAbsent(key, new Function<>() {
@Override
- public ProtectionDomain apply(String key /* not used */) {
+ public ProtectionDomain apply(CodeSourceKey key /* not used */) {
PermissionCollection perms
= SecureClassLoader.this.getPermissions(cs);
ProtectionDomain pd = new ProtectionDomain(
@@ -242,4 +240,37 @@
}
}
+ private static class CodeSourceKey {
+ private final CodeSource cs;
+
+ CodeSourceKey(CodeSource cs) {
+ this.cs = cs;
+ }
+
+ @Override
+ public int hashCode() {
+ String locationNoFrag = cs.getLocationNoFragString();
+ return locationNoFrag != null ? locationNoFrag.hashCode() : 0;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (obj == this) {
+ return true;
+ }
+
+ if (!(obj instanceof CodeSourceKey)) {
+ return false;
+ }
+
+ CodeSourceKey csk = (CodeSourceKey) obj;
+
+ if (!Objects.equals(cs.getLocationNoFragString(),
+ csk.cs.getLocationNoFragString())) {
+ return false;
+ }
+
+ return cs.matchCerts(csk.cs, true);
+ }
+ }
}
--- a/jdk/src/jdk.policytool/share/classes/sun/security/tools/policytool/PolicyTool.java Fri Jul 17 08:46:54 2015 -0700
+++ b/jdk/src/jdk.policytool/share/classes/sun/security/tools/policytool/PolicyTool.java Tue Jul 21 09:19:19 2015 -0700
@@ -633,17 +633,16 @@
type.equals(PolicyParser.PrincipalEntry.REPLACE_NAME)) {
return;
}
- Class<?> PRIN = Class.forName("java.security.Principal");
Class<?> pc = Class.forName(type, true,
Thread.currentThread().getContextClassLoader());
- if (!PRIN.isAssignableFrom(pc)) {
+ if (!Principal.class.isAssignableFrom(pc)) {
MessageFormat form = new MessageFormat(getMessage
("Illegal.Principal.Type.type"));
Object[] source = {type};
throw new InstantiationException(form.format(source));
}
- if (ToolDialog.X500_PRIN_CLASS.equals(pc.getName())) {
+ if (X500Principal.class.getName().equals(pc.getName())) {
// PolicyParser checks validity of X500Principal name
// - PolicyTool needs to as well so that it doesn't store
// an invalid name that can't be read in later
@@ -1563,14 +1562,6 @@
public static final int NEW = 2;
public static final int OPEN = 3;
- public static final String ALL_PERM_CLASS =
- "java.security.AllPermission";
- public static final String FILE_PERM_CLASS =
- "java.io.FilePermission";
-
- public static final String X500_PRIN_CLASS =
- "javax.security.auth.x500.X500Principal";
-
/* popup menus */
public static final String PERM =
PolicyTool.getMessage
@@ -1752,11 +1743,11 @@
for (int i = 0; i < PERM_ARRAY.size(); i++) {
Perm next = PERM_ARRAY.get(i);
if (fullClassName) {
- if (next.FULL_CLASS.equals(clazz)) {
+ if (next.getName().equals(clazz)) {
return next;
}
} else {
- if (next.CLASS.equals(clazz)) {
+ if (next.getSimpleName().equals(clazz)) {
return next;
}
}
@@ -1772,11 +1763,11 @@
for (int i = 0; i < PRIN_ARRAY.size(); i++) {
Prin next = PRIN_ARRAY.get(i);
if (fullClassName) {
- if (next.FULL_CLASS.equals(clazz)) {
+ if (next.getName().equals(clazz)) {
return next;
}
} else {
- if (next.CLASS.equals(clazz)) {
+ if (next.getSimpleName().equals(clazz)) {
return next;
}
}
@@ -2170,7 +2161,7 @@
choice.getAccessibleContext().setAccessibleName(PRIN_TYPE);
for (int i = 0; i < PRIN_ARRAY.size(); i++) {
Prin next = PRIN_ARRAY.get(i);
- choice.addItem(next.CLASS);
+ choice.addItem(next.getSimpleName());
}
if (edit) {
@@ -2180,7 +2171,7 @@
} else {
Prin inputPrin = getPrin(editMe.getPrincipalClass(), true);
if (inputPrin != null) {
- choice.setSelectedItem(inputPrin.CLASS);
+ choice.setSelectedItem(inputPrin.getSimpleName());
}
}
}
@@ -2286,7 +2277,7 @@
choice.getAccessibleContext().setAccessibleName(PERM);
for (int i = 0; i < PERM_ARRAY.size(); i++) {
Perm next = PERM_ARRAY.get(i);
- choice.addItem(next.CLASS);
+ choice.addItem(next.getSimpleName());
}
tw.addNewComponent(newTD, choice, PD_PERM_CHOICE,
0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
@@ -2300,7 +2291,7 @@
if (edit) {
Perm inputPerm = getPerm(editMe.permission, true);
if (inputPerm != null) {
- choice.setSelectedItem(inputPerm.CLASS);
+ choice.setSelectedItem(inputPerm.getSimpleName());
}
}
tw.addNewComponent(newTD, tf, PD_PERM_TEXTFIELD,
@@ -2417,7 +2408,7 @@
"\t'" + pname + "' will be interpreted " +
"as a key store alias.\n" +
"\tThe final principal class will be " +
- ToolDialog.X500_PRIN_CLASS + ".\n" +
+ X500Principal.class.getName() + ".\n" +
"\tThe final principal name will be " +
"determined by the following:\n" +
"\n" +
@@ -2452,7 +2443,7 @@
if (tf.getText().trim().equals("") == false)
name = new String(tf.getText().trim());
if (permission.equals("") ||
- (!permission.equals(ALL_PERM_CLASS) && name == null)) {
+ (!permission.equals(AllPermission.class.getName()) && name == null)) {
throw new InvalidParameterException(PolicyTool.getMessage
("Permission.and.Target.Name.must.have.a.value"));
}
@@ -2467,7 +2458,8 @@
// \\server\share 0, legal
// \\\\server\share 2, illegal
- if (permission.equals(FILE_PERM_CLASS) && name.lastIndexOf("\\\\") > 0) {
+ if (permission.equals(FilePermission.class.getName())
+ && name.lastIndexOf("\\\\") > 0) {
char result = tw.displayYesNoDialog(this,
PolicyTool.getMessage("Warning"),
PolicyTool.getMessage(
@@ -3645,7 +3637,7 @@
if (prinField.getText() != null &&
prinField.getText().length() > 0) {
Prin inputPrin = ToolDialog.getPrin(prinField.getText(), true);
- prin.setSelectedItem(inputPrin.CLASS);
+ prin.setSelectedItem(inputPrin.getSimpleName());
}
return;
}
@@ -3660,7 +3652,7 @@
// set of names and actions
Prin inputPrin = ToolDialog.getPrin((String)e.getItem(), false);
if (inputPrin != null) {
- prinField.setText(inputPrin.FULL_CLASS);
+ prinField.setText(inputPrin.getName());
}
}
}
@@ -3711,7 +3703,7 @@
Perm inputPerm = ToolDialog.getPerm(permField.getText(), true);
if (inputPerm != null) {
- perms.setSelectedItem(inputPerm.CLASS);
+ perms.setSelectedItem(inputPerm.getSimpleName());
}
}
return;
@@ -3732,7 +3724,7 @@
if (inputPerm == null) {
permField.setText("");
} else {
- permField.setText(inputPerm.FULL_CLASS);
+ permField.setText(inputPerm.getName());
}
td.setPermissionNames(inputPerm, names, nameField);
td.setPermissionActions(inputPerm, actions, actionsField);
@@ -4082,26 +4074,30 @@
*/
class Prin {
- public final String CLASS;
- public final String FULL_CLASS;
-
- public Prin(String clazz, String fullClass) {
+ final Class<? extends Principal> CLASS;
+
+ Prin(Class<? extends Principal> clazz) {
this.CLASS = clazz;
- this.FULL_CLASS = fullClass;
+ }
+
+ String getName() {
+ return CLASS.getName();
+ }
+
+ String getSimpleName() {
+ return CLASS.getSimpleName();
}
}
class KrbPrin extends Prin {
- public KrbPrin() {
- super("KerberosPrincipal",
- "javax.security.auth.kerberos.KerberosPrincipal");
+ KrbPrin() {
+ super(javax.security.auth.kerberos.KerberosPrincipal.class);
}
}
class X500Prin extends Prin {
- public X500Prin() {
- super("X500Principal",
- "javax.security.auth.x500.X500Principal");
+ X500Prin() {
+ super(javax.security.auth.x500.X500Principal.class);
}
}
@@ -4110,44 +4106,48 @@
*/
class Perm {
- public final String CLASS;
- public final String FULL_CLASS;
- public final String[] TARGETS;
- public final String[] ACTIONS;
-
- public Perm(String clazz, String fullClass,
+ final Class<? extends Permission> CLASS;
+ final String[] TARGETS;
+ final String[] ACTIONS;
+
+ Perm(Class<? extends Permission> clazz,
String[] targets, String[] actions) {
this.CLASS = clazz;
- this.FULL_CLASS = fullClass;
this.TARGETS = targets;
this.ACTIONS = actions;
}
+
+ String getName() {
+ return CLASS.getName();
+ }
+
+ String getSimpleName() {
+ return CLASS.getSimpleName();
+ }
}
class AllPerm extends Perm {
- public AllPerm() {
- super("AllPermission", "java.security.AllPermission", null, null);
+ AllPerm() {
+ super(java.security.AllPermission.class, null, null);
}
}
class AudioPerm extends Perm {
- public AudioPerm() {
- super("AudioPermission",
- "javax.sound.sampled.AudioPermission",
- new String[] {
+ AudioPerm() {
+ super(javax.sound.sampled.AudioPermission.class,
+ new String[] {
"play",
"record"
},
- null);
+ null);
}
}
class AuthPerm extends Perm {
- public AuthPerm() {
- super("AuthPermission",
- "javax.security.auth.AuthPermission",
- new String[] {
+ AuthPerm() {
+ super(javax.security.auth.AuthPermission.class,
+ new String[] {
"doAs",
"doAsPrivileged",
"getSubject",
@@ -4165,15 +4165,14 @@
PolicyTool.getMessage("configuration.type") + ">",
"refreshLoginConfiguration"
},
- null);
+ null);
}
}
class AWTPerm extends Perm {
- public AWTPerm() {
- super("AWTPermission",
- "java.awt.AWTPermission",
- new String[] {
+ AWTPerm() {
+ super(java.awt.AWTPermission.class,
+ new String[] {
"accessClipboard",
"accessEventQueue",
"accessSystemTray",
@@ -4187,30 +4186,28 @@
"showWindowWithoutWarningBanner",
"toolkitModality",
"watchMousePointer"
- },
- null);
+ },
+ null);
}
}
class DelegationPerm extends Perm {
- public DelegationPerm() {
- super("DelegationPermission",
- "javax.security.auth.kerberos.DelegationPermission",
- new String[] {
+ DelegationPerm() {
+ super(javax.security.auth.kerberos.DelegationPermission.class,
+ new String[] {
// allow user input
},
- null);
+ null);
}
}
class FilePerm extends Perm {
- public FilePerm() {
- super("FilePermission",
- "java.io.FilePermission",
- new String[] {
+ FilePerm() {
+ super(java.io.FilePermission.class,
+ new String[] {
"<<ALL FILES>>"
},
- new String[] {
+ new String[] {
"read",
"write",
"delete",
@@ -4220,64 +4217,59 @@
}
class URLPerm extends Perm {
- public URLPerm() {
- super("URLPermission",
- "java.net.URLPermission",
- new String[] {
- "<"+ PolicyTool.getMessage("url") + ">",
- },
- new String[] {
- "<" + PolicyTool.getMessage("method.list") + ">:<"
- + PolicyTool.getMessage("request.headers.list") + ">",
- });
+ URLPerm() {
+ super(java.net.URLPermission.class,
+ new String[] {
+ "<"+ PolicyTool.getMessage("url") + ">",
+ },
+ new String[] {
+ "<" + PolicyTool.getMessage("method.list") + ">:<"
+ + PolicyTool.getMessage("request.headers.list") + ">",
+ });
}
}
class InqSecContextPerm extends Perm {
- public InqSecContextPerm() {
- super("InquireSecContextPermission",
- "com.sun.security.jgss.InquireSecContextPermission",
- new String[] {
+ InqSecContextPerm() {
+ super(com.sun.security.jgss.InquireSecContextPermission.class,
+ new String[] {
"KRB5_GET_SESSION_KEY",
"KRB5_GET_TKT_FLAGS",
"KRB5_GET_AUTHZ_DATA",
"KRB5_GET_AUTHTIME"
},
- null);
+ null);
}
}
class LogPerm extends Perm {
- public LogPerm() {
- super("LoggingPermission",
- "java.util.logging.LoggingPermission",
- new String[] {
+ LogPerm() {
+ super(java.util.logging.LoggingPermission.class,
+ new String[] {
"control"
},
- null);
+ null);
}
}
class MgmtPerm extends Perm {
- public MgmtPerm() {
- super("ManagementPermission",
- "java.lang.management.ManagementPermission",
- new String[] {
+ MgmtPerm() {
+ super(java.lang.management.ManagementPermission.class,
+ new String[] {
"control",
"monitor"
},
- null);
+ null);
}
}
class MBeanPerm extends Perm {
- public MBeanPerm() {
- super("MBeanPermission",
- "javax.management.MBeanPermission",
- new String[] {
+ MBeanPerm() {
+ super(javax.management.MBeanPermission.class,
+ new String[] {
// allow user input
},
- new String[] {
+ new String[] {
"addNotificationListener",
"getAttribute",
"getClassLoader",
@@ -4300,35 +4292,32 @@
}
class MBeanSvrPerm extends Perm {
- public MBeanSvrPerm() {
- super("MBeanServerPermission",
- "javax.management.MBeanServerPermission",
- new String[] {
+ MBeanSvrPerm() {
+ super(javax.management.MBeanServerPermission.class,
+ new String[] {
"createMBeanServer",
"findMBeanServer",
"newMBeanServer",
"releaseMBeanServer"
},
- null);
+ null);
}
}
class MBeanTrustPerm extends Perm {
- public MBeanTrustPerm() {
- super("MBeanTrustPermission",
- "javax.management.MBeanTrustPermission",
- new String[] {
+ MBeanTrustPerm() {
+ super(javax.management.MBeanTrustPermission.class,
+ new String[] {
"register"
},
- null);
+ null);
}
}
class NetPerm extends Perm {
- public NetPerm() {
- super("NetPermission",
- "java.net.NetPermission",
- new String[] {
+ NetPerm() {
+ super(java.net.NetPermission.class,
+ new String[] {
"allowHttpTrace",
"setDefaultAuthenticator",
"requestPasswordAuthentication",
@@ -4341,43 +4330,40 @@
"setResponseCache",
"getResponseCache"
},
- null);
+ null);
}
}
class NetworkPerm extends Perm {
- public NetworkPerm() {
- super("NetworkPermission",
- "jdk.net.NetworkPermission",
- new String[] {
+ NetworkPerm() {
+ super(jdk.net.NetworkPermission.class,
+ new String[] {
"setOption.SO_FLOW_SLA",
"getOption.SO_FLOW_SLA"
},
- null);
+ null);
}
}
class PrivCredPerm extends Perm {
- public PrivCredPerm() {
- super("PrivateCredentialPermission",
- "javax.security.auth.PrivateCredentialPermission",
- new String[] {
+ PrivCredPerm() {
+ super(javax.security.auth.PrivateCredentialPermission.class,
+ new String[] {
// allow user input
},
- new String[] {
+ new String[] {
"read"
});
}
}
class PropPerm extends Perm {
- public PropPerm() {
- super("PropertyPermission",
- "java.util.PropertyPermission",
- new String[] {
+ PropPerm() {
+ super(java.util.PropertyPermission.class,
+ new String[] {
// allow user input
},
- new String[] {
+ new String[] {
"read",
"write"
});
@@ -4385,21 +4371,19 @@
}
class ReflectPerm extends Perm {
- public ReflectPerm() {
- super("ReflectPermission",
- "java.lang.reflect.ReflectPermission",
- new String[] {
+ ReflectPerm() {
+ super(java.lang.reflect.ReflectPermission.class,
+ new String[] {
"suppressAccessChecks"
},
- null);
+ null);
}
}
class RuntimePerm extends Perm {
- public RuntimePerm() {
- super("RuntimePermission",
- "java.lang.RuntimePermission",
- new String[] {
+ RuntimePerm() {
+ super(java.lang.RuntimePermission.class,
+ new String[] {
"createClassLoader",
"getClassLoader",
"setContextClassLoader",
@@ -4432,15 +4416,14 @@
"usePolicy",
// "inheritedChannel"
},
- null);
+ null);
}
}
class SecurityPerm extends Perm {
- public SecurityPerm() {
- super("SecurityPermission",
- "java.security.SecurityPermission",
- new String[] {
+ SecurityPerm() {
+ super(java.security.SecurityPermission.class,
+ new String[] {
"createAccessControlContext",
"getDomainCombiner",
"getPolicy",
@@ -4470,30 +4453,28 @@
//"getSignerPrivateKey",
//"setSignerKeyPair"
},
- null);
+ null);
}
}
class SerialPerm extends Perm {
- public SerialPerm() {
- super("SerializablePermission",
- "java.io.SerializablePermission",
- new String[] {
+ SerialPerm() {
+ super(java.io.SerializablePermission.class,
+ new String[] {
"enableSubclassImplementation",
"enableSubstitution"
},
- null);
+ null);
}
}
class ServicePerm extends Perm {
- public ServicePerm() {
- super("ServicePermission",
- "javax.security.auth.kerberos.ServicePermission",
- new String[] {
+ ServicePerm() {
+ super(javax.security.auth.kerberos.ServicePermission.class,
+ new String[] {
// allow user input
},
- new String[] {
+ new String[] {
"initiate",
"accept"
});
@@ -4501,13 +4482,12 @@
}
class SocketPerm extends Perm {
- public SocketPerm() {
- super("SocketPermission",
- "java.net.SocketPermission",
- new String[] {
+ SocketPerm() {
+ super(java.net.SocketPermission.class,
+ new String[] {
// allow user input
},
- new String[] {
+ new String[] {
"accept",
"connect",
"listen",
@@ -4517,38 +4497,35 @@
}
class SQLPerm extends Perm {
- public SQLPerm() {
- super("SQLPermission",
- "java.sql.SQLPermission",
- new String[] {
+ SQLPerm() {
+ super(java.sql.SQLPermission.class,
+ new String[] {
"setLog",
"callAbort",
"setSyncFactory",
"setNetworkTimeout",
},
- null);
+ null);
}
}
class SSLPerm extends Perm {
- public SSLPerm() {
- super("SSLPermission",
- "javax.net.ssl.SSLPermission",
- new String[] {
+ SSLPerm() {
+ super(javax.net.ssl.SSLPermission.class,
+ new String[] {
"setHostnameVerifier",
"getSSLSessionContext"
},
- null);
+ null);
}
}
class SubjDelegPerm extends Perm {
- public SubjDelegPerm() {
- super("SubjectDelegationPermission",
- "javax.management.remote.SubjectDelegationPermission",
- new String[] {
+ SubjDelegPerm() {
+ super(javax.management.remote.SubjectDelegationPermission.class,
+ new String[] {
// allow user input
},
- null);
+ null);
}
}
--- a/jdk/test/TEST.groups Fri Jul 17 08:46:54 2015 -0700
+++ b/jdk/test/TEST.groups Tue Jul 21 09:19:19 2015 -0700
@@ -42,7 +42,8 @@
:jdk_svc
tier3 = \
- :jdk_rmi
+ :jdk_rmi \
+ :jdk_beans
###############################################################################
#
--- a/jdk/test/java/security/SecureClassLoader/DefineClass.java Fri Jul 17 08:46:54 2015 -0700
+++ b/jdk/test/java/security/SecureClassLoader/DefineClass.java Tue Jul 21 09:19:19 2015 -0700
@@ -21,28 +21,44 @@
* questions.
*/
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.InputStream;
import java.io.IOException;
+import java.io.OutputStream;
import java.net.URL;
import java.security.CodeSource;
+import java.security.Key;
+import java.security.KeyStoreException;
+import java.security.KeyStoreSpi;
+import java.security.NoSuchAlgorithmException;
import java.security.Permission;
import java.security.Policy;
import java.security.ProtectionDomain;
+import java.security.Provider;
import java.security.SecureClassLoader;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.URIParameter;
import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
import java.util.List;
import java.util.PropertyPermission;
/*
* @test
- * @bug 6826789
+ * @bug 6826789 8131486
* @summary Make sure equivalent ProtectionDomains are granted the same
* permissions when the CodeSource URLs are different but resolve
* to the same ip address after name service resolution.
- * @run main/othervm/java.security.policy=DefineClass.policy DefineClass
+ * @run main/othervm DefineClass
*/
public class DefineClass {
@@ -53,42 +69,100 @@
new PropertyPermission("user.name", "read")
};
- // Base64 encoded bytes of a simple class: "public class Foo {}"
+ // Base64 encoded bytes of simple class: "package foo; public class Foo {}"
private final static String FOO_CLASS =
+ "yv66vgAAADMADQoAAwAKBwALBwAMAQAGPGluaXQ+AQADKClWAQAEQ29kZQEA" +
+ "D0xpbmVOdW1iZXJUYWJsZQEAClNvdXJjZUZpbGUBAAhGb28uamF2YQwABAAF" +
+ "AQAHZm9vL0ZvbwEAEGphdmEvbGFuZy9PYmplY3QAIQACAAMAAAAAAAEAAQAE" +
+ "AAUAAQAGAAAAHQABAAEAAAAFKrcAAbEAAAABAAcAAAAGAAEAAAABAAEACAAA" +
+ "AAIACQ==";
+
+ // Base64 encoded bytes of simple class: "package bar; public class Bar {}"
+ private final static String BAR_CLASS =
+ "yv66vgAAADMADQoAAwAKBwALBwAMAQAGPGluaXQ+AQADKClWAQAEQ29kZQEA" +
+ "D0xpbmVOdW1iZXJUYWJsZQEAClNvdXJjZUZpbGUBAAhCYXIuamF2YQwABAAF" +
+ "AQAHYmFyL0JhcgEAEGphdmEvbGFuZy9PYmplY3QAIQACAAMAAAAAAAEAAQAE" +
+ "AAUAAQAGAAAAHQABAAEAAAAFKrcAAbEAAAABAAcAAAAGAAEAAAABAAEACAAA" +
+ "AAIACQ==";
+
+ // Base64 encoded bytes of simple class: "package baz; public class Baz {}"
+ private final static String BAZ_CLASS =
"yv66vgAAADQADQoAAwAKBwALBwAMAQAGPGluaXQ+AQADKClWAQAEQ29kZQEA" +
- "D0xpbmVOdW1iZXJUYWJsZQEAClNvdXJjZUZpbGUBAAhGb28uamF2YQwABAAF" +
- "AQADRm9vAQAQamF2YS9sYW5nL09iamVjdAAhAAIAAwAAAAAAAQABAAQABQAB" +
- "AAYAAAAdAAEAAQAAAAUqtwABsQAAAAEABwAAAAYAAQAAAAEAAQAIAAAAAgAJ";
+ "D0xpbmVOdW1iZXJUYWJsZQEAClNvdXJjZUZpbGUBAAhCYXouamF2YQwABAAF" +
+ "AQAHYmF6L0JhegEAEGphdmEvbGFuZy9PYmplY3QAIQACAAMAAAAAAAEAAQAE" +
+ "AAUAAQAGAAAAHQABAAEAAAAFKrcAAbEAAAABAAcAAAAGAAEAAAABAAEACAAA" +
+ "AAIACQ==";
- // Base64 encoded bytes of a simple class: "public class Bar {}"
- private final static String BAR_CLASS =
- "yv66vgAAADQADQoAAwAKBwALBwAMAQAGPGluaXQ+AQADKClWAQAEQ29kZQEA" +
- "D0xpbmVOdW1iZXJUYWJsZQEAClNvdXJjZUZpbGUBAAhCYXIuamF2YQwABAAF" +
- "AQADQmFyAQAQamF2YS9sYW5nL09iamVjdAAhAAIAAwAAAAAAAQABAAQABQAB" +
- "AAYAAAAdAAEAAQAAAAUqtwABsQAAAAEABwAAAAYAAQAAAAEAAQAIAAAAAgAJ";
+ private final static String BAZ_CERT =
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIIEFzCCA8OgAwIBAgIESpPf8TANBglghkgBZQMEAwIFADAOMQwwCgYDVQQDEwNG\n" +
+ "b28wHhcNMTUwNzE1MTY1ODM5WhcNMTUxMDEzMTY1ODM5WjAOMQwwCgYDVQQDEwNG\n" +
+ "b28wggNCMIICNQYHKoZIzjgEATCCAigCggEBAI95Ndm5qum/q+2Ies9JUbbzLsWe\n" +
+ "O683GOjqxJYfPv02BudDUanEGDM5uAnnwq4cU5unR1uF0BGtuLR5h3VJhGlcrA6P\n" +
+ "FLM2CCiiL/onEQo9YqmTRTQJoP5pbEZY+EvdIIGcNwmgEFexla3NACM9ulSEtikf\n" +
+ "nWSO+INEhneXnOwEtDSmrC516Zhd4j2wKS/BEYyf+p2BgeczjbeStzDXueNJWS9o\n" +
+ "CZhyFTkV6j1ri0ZTxjNFj4A7MqTC4PJykCVuTj+KOwg4ocRQ5OGMGimjfd9eoUPe\n" +
+ "S2b/BJA+1c8WI+FY1IfGCOl/IRzYHcojy244B2X4IuNCvkhMBXY5OWAc1mcCHQC6\n" +
+ "9pamhXj3397n+mfJd8eF7zKyM7rlgMC81WldAoIBABamXFggSFBwTnUCo5dXBA00\n" +
+ "2jo0eMFU1OSlwC0kLuBPluYeS9CQSr2sjzfuseCfMYLSPJBDy2QviABBYO35ygmz\n" +
+ "IHannDKmJ/JHPpGHm6LE50S9IIFUTLVbgCw2jR+oPtSJ6U4PoGiOMkKKXHjEeMaN\n" +
+ "BSe3HJo6uwsL4SxEaJY559POdNsQGmWqK4f2TGgm2z7HL0tVmYNLtO2wL3yQ6aSW\n" +
+ "06VdU1vr/EXU9hn2Pz3tu4c5JcLyJOB3MSltqIfsHkdI+H77X963VIQxayIy3uVT\n" +
+ "3a8CESsNHwLaMJcyJP4nrtqLnUspItm6i+Oe2eEDpjxSgQvGiLfi7UMW4e8X294D\n" +
+ "ggEFAAKCAQBsGeU8/STExzQsJ8kFM9xarA/2VAFMzyUpd3IQ2UGHQC5rEnGh/RiU\n" +
+ "T20y7a2hCpQ1f/qgLnY8hku9GRVY3z8WamBzWLzCAEAx67EsS58mf4o8R3sUbkH5\n" +
+ "/mRaZoNVSPUy+tXoLmTzIetU4W+JT8Rq4OcXXU9uo9TreeBehhVexS3vpVgQeUIn\n" +
+ "MmMma8WHpovIJQQlp4cyjalX7Beda/tqX/HPLkAS4TRqQAz7hFr3FqFrVMKFSGo4\n" +
+ "fTS06GGdQ4tw9c6NQLuQ9WF9BxYSwSk9yENQvKDZaBNarqPMnsh1Gi/QcKMRBVhM\n" +
+ "RT/9vb4QUi/pOowhhKCDBLgjY60QgX3HoyEwHzAdBgNVHQ4EFgQUa787CE+3ZNAb\n" +
+ "g1ql9yJVVrRCdx0wDQYJYIZIAWUDBAMCBQADPwAwPAIcCUkZIRrBlKdTzhKYBEOm\n" +
+ "E1i45MMum1RuHc28agIcfHQkkjBA4FfH5UMRgKpIyRR8V/dVboxDj4hKOA==\n" +
+ "-----END CERTIFICATE-----";
public static void main(String[] args) throws Exception {
+ Security.addProvider(new TestProvider());
+
MySecureClassLoader scl = new MySecureClassLoader();
- Policy p = Policy.getPolicy();
+
+ File policyFile = new File(System.getProperty("test.src", "."),
+ "DefineClass.policy");
+ Policy p = Policy.getInstance("JavaPolicy",
+ new URIParameter(policyFile.toURI()));
+ Policy.setPolicy(p);
+
+ System.setSecurityManager(new SecurityManager());
ArrayList<Permission> perms1 = getPermissions(scl, p,
"http://localhost/",
- "Foo", FOO_CLASS);
+ "foo.Foo", FOO_CLASS,
+ null);
checkPerms(perms1, GRANTED_PERMS);
ArrayList<Permission> perms2 = getPermissions(scl, p,
"http://127.0.0.1/",
- "Bar", BAR_CLASS);
+ "bar.Bar", BAR_CLASS,
+ null);
checkPerms(perms2, GRANTED_PERMS);
assert(perms1.equals(perms2));
+
+ // check that class signed by baz is granted an additional permission
+ Certificate[] chain = new Certificate[] {getCert(BAZ_CERT)};
+ ArrayList<Permission> perms3 = getPermissions(scl, p,
+ "http://localhost/",
+ "baz.Baz", BAZ_CLASS,
+ chain);
+ List<Permission> perms = new ArrayList<>(Arrays.asList(GRANTED_PERMS));
+ perms.add(new PropertyPermission("user.dir", "read"));
+ checkPerms(perms3, perms.toArray(new Permission[0]));
}
// returns the permissions granted to the codebase URL
private static ArrayList<Permission> getPermissions(MySecureClassLoader scl,
Policy p, String url,
String className,
- String classBytes)
+ String classBytes,
+ Certificate[] chain)
throws IOException {
- CodeSource cs = new CodeSource(new URL(url), (Certificate[])null);
+ CodeSource cs = new CodeSource(new URL(url), chain);
Base64.Decoder bd = Base64.getDecoder();
byte[] bytes = bd.decode(classBytes);
Class<?> c = scl.defineMyClass(className, bytes, cs);
@@ -105,10 +179,125 @@
}
}
+ private static Certificate getCert(String base64Cert) throws Exception {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ InputStream is = new ByteArrayInputStream(base64Cert.getBytes("UTF-8"));
+ return cf.generateCertificate(is);
+ }
+
// A SecureClassLoader that allows the test to define its own classes
private static class MySecureClassLoader extends SecureClassLoader {
Class<?> defineMyClass(String name, byte[] b, CodeSource cs) {
return super.defineClass(name, b, 0, b.length, cs);
}
}
+
+ private static class TestProvider extends Provider {
+ TestProvider() {
+ super("Test8131486", 0.0, "For testing only");
+ putService(new Provider.Service(this, "KeyStore", "Test8131486",
+ "DefineClass$TestKeyStore", null, null));
+ }
+ }
+
+ /**
+ * A KeyStore containing a single certificate entry named "baz".
+ */
+ public static class TestKeyStore extends KeyStoreSpi {
+ private final String baz = "baz";
+ private final List<String> aliases = Collections.singletonList(baz);
+ private final Certificate bazCert;
+
+ public TestKeyStore() {
+ try {
+ this.bazCert = getCert(BAZ_CERT);
+ } catch (Exception e) {
+ throw new Error();
+ }
+ }
+
+ @Override
+ public Enumeration<String> engineAliases() {
+ return Collections.enumeration(aliases);
+ }
+
+ @Override
+ public boolean engineContainsAlias(String alias) {
+ return alias.equals(baz);
+ }
+
+ @Override
+ public void engineDeleteEntry(String alias) throws KeyStoreException {
+ throw new KeyStoreException();
+ }
+
+ @Override
+ public Certificate engineGetCertificate(String alias) {
+ return alias.equals(baz) ? bazCert : null;
+ }
+
+ @Override
+ public String engineGetCertificateAlias(Certificate cert) {
+ return cert.equals(bazCert) ? baz : null;
+ }
+
+ @Override
+ public Certificate[] engineGetCertificateChain(String alias) {
+ return alias.equals(baz) ? new Certificate[] {bazCert} : null;
+ }
+
+ @Override
+ public Date engineGetCreationDate(String alias) {
+ return alias.equals(baz) ? new Date() : null;
+ }
+
+ @Override
+ public Key engineGetKey(String alias, char[] password)
+ throws NoSuchAlgorithmException, UnrecoverableKeyException {
+ return null;
+ }
+
+ @Override
+ public boolean engineIsCertificateEntry(String alias) {
+ return alias.equals(baz);
+ }
+
+ @Override
+ public boolean engineIsKeyEntry(String alias) {
+ return false;
+ }
+
+ @Override
+ public void engineLoad(InputStream stream, char[] password)
+ throws IOException, NoSuchAlgorithmException, CertificateException {
+ }
+
+ @Override
+ public void engineSetCertificateEntry(String alias, Certificate cert)
+ throws KeyStoreException {
+ throw new KeyStoreException();
+ }
+
+ @Override
+ public void engineSetKeyEntry(String alias, byte[] key,
+ Certificate[] chain)
+ throws KeyStoreException {
+ throw new KeyStoreException();
+ }
+
+ @Override
+ public void engineSetKeyEntry(String alias, Key key, char[] password,
+ Certificate[] chain)
+ throws KeyStoreException {
+ throw new KeyStoreException();
+ }
+
+ @Override
+ public int engineSize() { return 1; }
+
+ @Override
+ public void engineStore(OutputStream stream, char[] password)
+ throws IOException, NoSuchAlgorithmException, CertificateException {
+ }
+ }
}
--- a/jdk/test/java/security/SecureClassLoader/DefineClass.policy Fri Jul 17 08:46:54 2015 -0700
+++ b/jdk/test/java/security/SecureClassLoader/DefineClass.policy Tue Jul 21 09:19:19 2015 -0700
@@ -1,7 +1,7 @@
+keystore "NONE", "Test8131486", "Test8131486";
+
grant {
- permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
- permission java.security.SecurityPermission "getPolicy";
};
grant codebase "http://localhost/" {
permission java.util.PropertyPermission "user.home", "read";
@@ -9,3 +9,6 @@
grant codebase "http://127.0.0.1/" {
permission java.util.PropertyPermission "user.name", "read";
};
+grant codebase "http://localhost/", signedby "baz" {
+ permission java.util.PropertyPermission "user.dir", "read";
+};
--- a/jdk/test/java/util/concurrent/ConcurrentHashMap/ConcurrentAssociateTest.java Fri Jul 17 08:46:54 2015 -0700
+++ b/jdk/test/java/util/concurrent/ConcurrentHashMap/ConcurrentAssociateTest.java Tue Jul 21 09:19:19 2015 -0700
@@ -120,7 +120,8 @@
}
};
- int ps = Runtime.getRuntime().availableProcessors();
+ // Bound concurrency to avoid degenerate performance
+ int ps = Math.min(Runtime.getRuntime().availableProcessors(), 32);
Stream<CompletableFuture> runners = IntStream.range(0, ps)
.mapToObj(i -> sr.get())
.map(CompletableFuture::runAsync);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/BogusKDC.java Tue Jul 21 09:19:19 2015 -0700
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.File;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.HashMap;
+import java.util.Map;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+/*
+ * @test
+ * @bug 4515853 8075297
+ * @summary Checks that Kerberos client tries slave KDC
+ * if master KDC is not responding
+ * @run main/othervm BogusKDC
+ */
+public class BogusKDC {
+
+ static final String TEST_SRC = System.getProperty("test.src", ".");
+ static final String HOST = "localhost";
+ static final String NOT_EXISTING_HOST = "not.existing.host";
+ static final String REALM = "TEST.REALM";
+ static final String USER = "USER";
+ static final String USER_PRINCIPAL = USER + "@" + REALM;
+ static final String USER_PASSWORD = "password";
+ static final String KRBTGT_PRINCIPAL = "krbtgt/" + REALM;
+ static final String KRB5_CONF = "krb5.conf";
+ static final int WRONG_KDC_PORT = 21;
+
+ static final String KRB5_CONF_TEMPLATE = ""
+ + "[libdefaults]\n"
+ + "default_realm = TEST.REALM\n"
+ + "max_retries = 1\n"
+ + "\n"
+ + "[realms]\n"
+ + "TEST.REALM = {\n"
+ + " kdc = %s\n"
+ + " kdc = localhost:%d\n"
+ + "}";
+
+ public static void main(String[] args) throws LoginException, IOException {
+ Map<String, String> principals = new HashMap<>();
+ principals.put(USER_PRINCIPAL, USER_PASSWORD);
+ principals.put(KRBTGT_PRINCIPAL, null);
+
+ System.setProperty("java.security.krb5.conf", KRB5_CONF);
+
+ // start a local KDC
+ KDC kdc = KDC.startKDC(HOST, KRB5_CONF, REALM, principals, null, null);
+
+ System.setProperty("java.security.auth.login.config",
+ TEST_SRC + File.separator + "refreshKrb5Config.jaas");
+
+ CallbackHandler handler = new Helper.UserPasswordHandler(
+ USER, USER_PASSWORD);
+
+ // create a krb5 config with non-existing host for master KDC,
+ // and wrong port for slave KDC
+ try (PrintWriter w = new PrintWriter(new FileWriter(KRB5_CONF))) {
+ w.write(String.format(KRB5_CONF_TEMPLATE,
+ KDC.KDCNameService.NOT_EXISTING_HOST, WRONG_KDC_PORT));
+ w.flush();
+ }
+
+ // login with not-refreshable config
+ try {
+ new LoginContext("NotRefreshable", handler).login();
+ throw new RuntimeException("Expected exception not thrown");
+ } catch (LoginException le) {
+ System.out.println("Expected login failure: " + le);
+ }
+
+ // create a krb5 config with non-existing host for master KDC,
+ // but correct port for slave KDC
+ try (PrintWriter w = new PrintWriter(new FileWriter(KRB5_CONF))) {
+ w.write(String.format(KRB5_CONF_TEMPLATE,
+ KDC.KDCNameService.NOT_EXISTING_HOST, kdc.getPort()));
+ w.flush();
+ }
+
+ // login with not-refreshable config
+ try {
+ new LoginContext("NotRefreshable", handler).login();
+ throw new RuntimeException("Expected exception not thrown");
+ } catch (LoginException le) {
+ System.out.println("Expected login failure: " + le);
+ }
+
+ // login with refreshable config
+ new LoginContext("Refreshable", handler).login();
+
+ System.out.println("Test passed");
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/Helper.java Tue Jul 21 09:19:19 2015 -0700
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+public class Helper {
+
+ static class UserPasswordHandler implements CallbackHandler {
+
+ private final String name;
+ private final String password;
+
+ UserPasswordHandler(String name, String password) {
+ this.name = name;
+ this.password = password;
+ }
+
+ @Override
+ public void handle(Callback[] callbacks)
+ throws UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ if (callback instanceof PasswordCallback) {
+ ((PasswordCallback) callback).setPassword(
+ password.toCharArray());
+ } else if (callback instanceof NameCallback) {
+ ((NameCallback)callback).setName(name);
+ } else {
+ throw new UnsupportedCallbackException(callback);
+ }
+ }
+ }
+ }
+}
--- a/jdk/test/sun/security/krb5/auto/KDC.java Fri Jul 17 08:46:54 2015 -0700
+++ b/jdk/test/sun/security/krb5/auto/KDC.java Tue Jul 21 09:19:19 2015 -0700
@@ -1320,14 +1320,17 @@
}
}
- public static void startKDC(final String host, final String krbConfFileName,
+ public static KDC startKDC(final String host, final String krbConfFileName,
final String realm, final Map<String, String> principals,
final String ktab, final KtabMode mode) {
+ KDC kdc;
try {
- KDC kdc = KDC.create(realm, host, 0, true);
+ kdc = KDC.create(realm, host, 0, true);
kdc.setOption(KDC.Option.PREAUTH_REQUIRED, Boolean.FALSE);
- KDC.saveConfig(krbConfFileName, kdc);
+ if (krbConfFileName != null) {
+ KDC.saveConfig(krbConfFileName, kdc);
+ }
// Add principals
if (principals != null) {
@@ -1379,6 +1382,7 @@
throw new RuntimeException("KDC: unexpected exception", e);
}
+ return kdc;
}
/**
@@ -1428,13 +1432,20 @@
}
public static class KDCNameService implements NameServiceDescriptor {
+
+ public static String NOT_EXISTING_HOST = "not.existing.host";
+
@Override
public NameService createNameService() throws Exception {
NameService ns = new NameService() {
@Override
public InetAddress[] lookupAllHostAddr(String host)
throws UnknownHostException {
- // Everything is localhost
+ // Everything is localhost except NOT_EXISTING_HOST
+ if (NOT_EXISTING_HOST.equals(host)) {
+ throw new UnknownHostException("Unknown host name: "
+ + NOT_EXISTING_HOST);
+ }
return new InetAddress[]{
InetAddress.getByAddress(host, new byte[]{127,0,0,1})
};
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/RefreshKrb5Config.java Tue Jul 21 09:19:19 2015 -0700
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.File;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+/*
+ * @test
+ * @bug 4745056 8075297
+ * @summary Checks if refreshKrb5Config is set to true for Krb5LoginModule,
+ * then configuration will be refreshed before login() method is called
+ * @run main/othervm RefreshKrb5Config
+ */
+public class RefreshKrb5Config {
+
+ static final String TEST_SRC = System.getProperty("test.src", ".");
+ static final String HOST = "localhost";
+ static final String NOT_EXISTING_HOST = "not.existing.host";
+ static final String REALM = "TEST.REALM";
+ static final String USER = "USER";
+ static final String USER_PRINCIPAL = USER + "@" + REALM;
+ static final String USER_PASSWORD = "password";
+ static final String KRBTGT_PRINCIPAL = "krbtgt/" + REALM;
+ static final String KRB5_CONF_FILENAME = "krb5.conf";
+
+ public static void main(String[] args) throws LoginException, IOException {
+ Map<String, String> principals = new HashMap<>();
+ principals.put(USER_PRINCIPAL, USER_PASSWORD);
+ principals.put(KRBTGT_PRINCIPAL, null);
+
+ System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
+
+ // start a local KDC, and save krb5 config
+ KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
+ KDC.saveConfig(KRB5_CONF_FILENAME, kdc, "max_retries = 1");
+
+ System.setProperty("java.security.auth.login.config",
+ TEST_SRC + File.separator + "refreshKrb5Config.jaas");
+
+ CallbackHandler handler = new Helper.UserPasswordHandler(
+ USER, USER_PASSWORD);
+
+ // set incorrect KDC
+ System.out.println("java.security.krb5.kdc = " + NOT_EXISTING_HOST);
+ System.setProperty("java.security.krb5.kdc", NOT_EXISTING_HOST);
+ System.out.println("java.security.krb5.realm = " + REALM);
+ System.setProperty("java.security.krb5.realm", REALM);
+ try {
+ new LoginContext("Refreshable", handler).login();
+ throw new RuntimeException("Expected exception not thrown");
+ } catch (LoginException le) {
+ System.out.println("Expected login failure: " + le);
+ }
+
+ // reset properties
+ System.out.println("Reset java.security.krb5.kdc");
+ System.clearProperty("java.security.krb5.kdc");
+ System.out.println("Reset java.security.krb5.realm");
+ System.clearProperty("java.security.krb5.realm");
+
+ // login with not-refreshable config
+ try {
+ new LoginContext("NotRefreshable", handler).login();
+ throw new RuntimeException("Expected exception not thrown");
+ } catch (LoginException le) {
+ System.out.println("Expected login failure: " + le);
+ }
+
+ // login with refreshable config
+ new LoginContext("Refreshable", handler).login();
+
+ System.out.println("Test passed");
+ }
+
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/refreshKrb5Config.jaas Tue Jul 21 09:19:19 2015 -0700
@@ -0,0 +1,11 @@
+Refreshable {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useTicketCache=false
+ refreshKrb5Config=true;
+};
+
+NotRefreshable {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useTicketCache=false
+ refreshKrb5Config=false;
+};