--- a/jdk/.hgtags Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/.hgtags Wed Jul 05 17:54:07 2017 +0200
@@ -132,3 +132,4 @@
1c023bcd0c5a01ac07bc7eea728aafbb0d8991e9 jdk8-b08
f1ec21b8142168ff40f3278d2f6b5fe4bd5f3b26 jdk8-b09
4788745572ef2bde34924ef34e7e4d55ba07e979 jdk8-b10
+7ab0d613cd1a271a9763ffb894dc1f0a5b95a7e4 jdk8-b11
--- a/jdk/make/com/sun/security/auth/module/Makefile Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/com/sun/security/auth/module/Makefile Wed Jul 05 17:54:07 2017 +0200
@@ -78,7 +78,3 @@
#
include $(BUILDDIR)/common/Library.gmk
-#
-# JVMDI implementation lives in the VM.
-#
-OTHER_LDLIBS = $(JVMLIB)
--- a/jdk/make/common/Defs.gmk Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/common/Defs.gmk Wed Jul 05 17:54:07 2017 +0200
@@ -220,14 +220,30 @@
JRE_NONEXIST_LOCALES = en en_US de_DE es_ES fr_FR it_IT ja_JP ko_KR sv_SE zh
#
-# All libraries except libjava and libjvm itself link against libjvm and
-# libjava, the latter for its exported common utilities. libjava only links
-# against libjvm. Programs' makefiles take their own responsibility for
+# For now, most libraries except libjava and libjvm itself link against libjvm
+# and libjava, the latter for its exported common utilities. libjava only
+# links against libjvm. Programs' makefiles take their own responsibility for
# adding other libs.
#
+# The makefiles for these packages do not link against libjvm and libjava.
+# This list will eventually go away and each Programs' makefiles
+# will have to explicitly declare that they want to link to libjava/libjvm
+#
+NO_JAVALIB_PKGS = \
+ sun.security.mscapi \
+ sun.security.krb5 \
+ sun.security.pkcs11 \
+ sun.security.jgss \
+ sun.security.jgss.wrapper \
+ sun.security.ec \
+ sun.security.smartcardio \
+ com.sun.security.auth.module
+
ifdef PACKAGE
# put JAVALIB first, but do not lose any platform specific values....
- LDLIBS_COMMON = $(JAVALIB)
+ ifeq (,$(findstring $(PACKAGE),$(NO_JAVALIB_PKGS)))
+ LDLIBS_COMMON = $(JAVALIB)
+ endif
endif # PACKAGE
#
--- a/jdk/make/common/Library.gmk Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/common/Library.gmk Wed Jul 05 17:54:07 2017 +0200
@@ -165,7 +165,7 @@
$(LINK) -dll -out:$(OBJDIR)/$(@F) \
-map:$(OBJDIR)/$(LIBRARY).map \
$(LFLAGS) @$(OBJDIR)/$(LIBRARY).lcf \
- $(OTHER_LCF) $(JAVALIB) $(LDLIBS)
+ $(OTHER_LCF) $(LDLIBS)
$(CP) $(OBJDIR)/$(@F) $@
@$(call binary_file_verification,$@)
$(CP) $(OBJDIR)/$(LIBRARY).map $(@D)
--- a/jdk/make/java/java/mapfile-vers Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/java/java/mapfile-vers Wed Jul 05 17:54:07 2017 +0200
@@ -90,7 +90,6 @@
Java_java_io_FileSystem_getFileSystem;
Java_java_io_ObjectInputStream_bytesToDoubles;
Java_java_io_ObjectInputStream_bytesToFloats;
- Java_java_io_ObjectInputStream_latestUserDefinedLoader;
Java_java_io_ObjectOutputStream_doublesToBytes;
Java_java_io_ObjectOutputStream_floatsToBytes;
Java_java_io_ObjectStreamClass_hasStaticInitializer;
@@ -275,6 +274,7 @@
Java_sun_misc_Version_getJvmVersionInfo;
Java_sun_misc_Version_getJvmSpecialVersion;
Java_sun_misc_VM_getThreadStateValues;
+ Java_sun_misc_VM_latestUserDefinedLoader;
Java_sun_misc_VM_initialize;
Java_sun_misc_VMSupport_initAgentProperties;
--- a/jdk/make/sun/javazic/tzdata/VERSION Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/javazic/tzdata/VERSION Wed Jul 05 17:54:07 2017 +0200
@@ -21,4 +21,4 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
-tzdata2011j
+tzdata2011l
--- a/jdk/make/sun/javazic/tzdata/asia Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/javazic/tzdata/asia Wed Jul 05 17:54:07 2017 +0200
@@ -2216,7 +2216,47 @@
# http://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html
# </a>
+# From Steffen Thorsen (2011-08-26):
+# Gaza and the West Bank did go back to standard time in the beginning of
+# August, and will now enter daylight saving time again on 2011-08-30
+# 00:00 (so two periods of DST in 2011). The pause was because of
+# Ramadan.
+#
+# <a href="http://www.maannews.net/eng/ViewDetails.aspx?ID=416217">
+# http://www.maannews.net/eng/ViewDetails.aspx?ID=416217
+# </a>
+# Additional info:
+# <a href="http://www.timeanddate.com/news/time/palestine-dst-2011.html">
+# http://www.timeanddate.com/news/time/palestine-dst-2011.html
+# </a>
+
+# From Alexander Krivenyshev (2011-08-27):
+# According to the article in The Jerusalem Post:
+# "...Earlier this month, the Palestinian government in the West Bank decided to
+# move to standard time for 30 days, during Ramadan. The Palestinians in the
+# Gaza Strip accepted the change and also moved their clocks one hour back.
+# The Hamas government said on Saturday that it won't observe summertime after
+# the Muslim feast of Id al-Fitr, which begins on Tuesday..."
+# ...
+# <a href="http://www.jpost.com/MiddleEast/Article.aspx?id=235650">
+# http://www.jpost.com/MiddleEast/Article.aspx?id=235650
+# </a>
+# or
+# <a href="http://www.worldtimezone.com/dst_news/dst_news_gazastrip05.html">
+# http://www.worldtimezone.com/dst_news/dst_news_gazastrip05.html
+# </a>
# The rules for Egypt are stolen from the `africa' file.
+
+# From Steffen Thorsen (2011-09-30):
+# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30
+# 00:00).
+# So West Bank and Gaza now have the same time again.
+#
+# Many sources, including:
+# <a href="http://www.maannews.net/eng/ViewDetails.aspx?ID=424808">
+# http://www.maannews.net/eng/ViewDetails.aspx?ID=424808
+# </a>
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule EgyptAsia 1957 only - May 10 0:00 1:00 S
Rule EgyptAsia 1957 1958 - Oct 1 0:00 0 -
@@ -2232,19 +2272,37 @@
Rule Palestine 2006 2008 - Apr 1 0:00 1:00 S
Rule Palestine 2006 only - Sep 22 0:00 0 -
Rule Palestine 2007 only - Sep Thu>=8 2:00 0 -
-Rule Palestine 2008 only - Aug lastFri 2:00 0 -
+Rule Palestine 2008 only - Aug lastFri 0:00 0 -
Rule Palestine 2009 only - Mar lastFri 0:00 1:00 S
-Rule Palestine 2010 max - Mar lastSat 0:01 1:00 S
-Rule Palestine 2009 max - Sep Fri>=1 2:00 0 -
+Rule Palestine 2009 only - Sep Fri>=1 2:00 0 -
+Rule Palestine 2010 only - Mar lastSat 0:01 1:00 S
Rule Palestine 2010 only - Aug 11 0:00 0 -
+# From Arthur David Olson (2011-09-20):
+# 2011 transitions per http://www.timeanddate.com as of 2011-09-20.
+
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Gaza 2:17:52 - LMT 1900 Oct
2:00 Zion EET 1948 May 15
2:00 EgyptAsia EE%sT 1967 Jun 5
2:00 Zion I%sT 1996
2:00 Jordan EE%sT 1999
- 2:00 Palestine EE%sT
+ 2:00 Palestine EE%sT 2011 Apr 2 12:01
+ 2:00 1:00 EEST 2011 Aug 1
+ 2:00 - EET
+
+Zone Asia/Hebron 2:20:23 - LMT 1900 Oct
+ 2:00 Zion EET 1948 May 15
+ 2:00 EgyptAsia EE%sT 1967 Jun 5
+ 2:00 Zion I%sT 1996
+ 2:00 Jordan EE%sT 1999
+ 2:00 Palestine EE%sT 2008 Aug
+ 2:00 1:00 EEST 2008 Sep
+ 2:00 Palestine EE%sT 2011 Apr 1 12:01
+ 2:00 1:00 EEST 2011 Aug 1
+ 2:00 - EET 2011 Aug 30
+ 2:00 1:00 EEST 2011 Sep 30 3:00
+ 2:00 - EET
# Paracel Is
# no information
--- a/jdk/make/sun/javazic/tzdata/australasia Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/javazic/tzdata/australasia Wed Jul 05 17:54:07 2017 +0200
@@ -318,6 +318,18 @@
# http://www.worldtimezone.com/dst_news/dst_news_fiji04.html
# </a>
+# From Steffen Thorsen (2011-10-03):
+# Now the dates have been confirmed, and at least our start date
+# assumption was correct (end date was one week wrong).
+#
+# <a href="http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155">
+# www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155
+# </a>
+# which says
+# Members of the public are reminded to change their time to one hour in
+# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to
+# 2am on February 26 next year.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Fiji 1998 1999 - Nov Sun>=1 2:00 1:00 S
Rule Fiji 1999 2000 - Feb lastSun 3:00 0 -
@@ -325,6 +337,8 @@
Rule Fiji 2010 only - Mar lastSun 3:00 0 -
Rule Fiji 2010 only - Oct 24 2:00 1:00 S
Rule Fiji 2011 only - Mar Sun>=1 3:00 0 -
+Rule Fiji 2011 only - Oct 23 2:00 1:00 S
+Rule Fiji 2012 only - Feb 26 3:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Fiji 11:53:40 - LMT 1915 Oct 26 # Suva
12:00 Fiji FJ%sT # Fiji Time
--- a/jdk/make/sun/javazic/tzdata/europe Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/javazic/tzdata/europe Wed Jul 05 17:54:07 2017 +0200
@@ -583,9 +583,9 @@
#
Rule Russia 1992 only - Mar lastSat 23:00 1:00 S
Rule Russia 1992 only - Sep lastSat 23:00 0 -
-Rule Russia 1993 max - Mar lastSun 2:00s 1:00 S
+Rule Russia 1993 2010 - Mar lastSun 2:00s 1:00 S
Rule Russia 1993 1995 - Sep lastSun 2:00s 0 -
-Rule Russia 1996 max - Oct lastSun 2:00s 0 -
+Rule Russia 1996 2010 - Oct lastSun 2:00s 0 -
# From Alexander Krivenyshev (2011-06-14):
# According to Kremlin press service, Russian President Dmitry Medvedev
@@ -605,7 +605,6 @@
# From Arthur David Olson (2011-06-15):
# Take "abolishing daylight saving time" to mean that time is now considered
# to be standard.
-# At least for now, keep the "old" Russia rules for the benefit of Belarus.
# These are for backward compatibility with older versions.
@@ -711,6 +710,23 @@
1:00 EU CE%sT
# Belarus
+# From Yauhen Kharuzhy (2011-09-16):
+# By latest Belarus government act Europe/Minsk timezone was changed to
+# GMT+3 without DST (was GMT+2 with DST).
+#
+# Sources (Russian language):
+# 1.
+# <a href="http://www.belta.by/ru/all_news/society/V-Belarusi-otmenjaetsja-perexod-na-sezonnoe-vremja_i_572952.html">
+# http://www.belta.by/ru/all_news/society/V-Belarusi-otmenjaetsja-perexod-na-sezonnoe-vremja_i_572952.html
+# </a>
+# 2.
+# <a href="http://naviny.by/rubrics/society/2011/09/16/ic_articles_116_175144/">
+# http://naviny.by/rubrics/society/2011/09/16/ic_articles_116_175144/
+# </a>
+# 3.
+# <a href="http://news.tut.by/society/250578.html">
+# http://news.tut.by/society/250578.html
+# </a>
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Europe/Minsk 1:50:16 - LMT 1880
1:50 - MMT 1924 May 2 # Minsk Mean Time
@@ -722,7 +738,8 @@
2:00 1:00 EEST 1991 Sep 29 2:00s
2:00 - EET 1992 Mar 29 0:00s
2:00 1:00 EEST 1992 Sep 27 0:00s
- 2:00 Russia EE%sT
+ 2:00 Russia EE%sT 2011 Mar 27 2:00s
+ 3:00 - FET # Further-eastern European Time
# Belgium
#
@@ -2056,7 +2073,7 @@
2:00 Poland CE%sT 1946
3:00 Russia MSK/MSD 1991 Mar 31 2:00s
2:00 Russia EE%sT 2011 Mar 27 2:00s
- 3:00 - KALT
+ 3:00 - FET # Further-eastern European Time
#
# From Oscar van Vlijmen (2001-08-25): [This region consists of]
# Respublika Adygeya, Arkhangel'skaya oblast',
@@ -2211,7 +2228,7 @@
# [parts of] Respublika Sakha (Yakutiya), Chitinskaya oblast'.
# From Oscar van Vlijmen (2009-11-29):
-# ...some regions of RUssia were merged with others since 2005...
+# ...some regions of [Russia] were merged with others since 2005...
# Some names were changed, no big deal, except for one instance: a new name.
# YAK/YAKST: UTC+9 Zabajkal'skij kraj.
@@ -2635,6 +2652,28 @@
# of March at 3am the time is changing to 4am and each last Sunday of
# October the time at 4am is changing to 3am"
+# From Alexander Krivenyshev (2011-09-20):
+# On September 20, 2011 the deputies of the Verkhovna Rada agreed to
+# abolish the transfer clock to winter time.
+#
+# Bill number 8330 of MP from the Party of Regions Oleg Nadoshi got
+# approval from 266 deputies.
+#
+# Ukraine abolishes transter back to the winter time (in Russian)
+# <a href="http://news.mail.ru/politics/6861560/">
+# http://news.mail.ru/politics/6861560/
+# </a>
+#
+# The Ukrainians will no longer change the clock (in Russian)
+# <a href="http://www.segodnya.ua/news/14290482.html">
+# http://www.segodnya.ua/news/14290482.html
+# </a>
+#
+# Deputies cancelled the winter time (in Russian)
+# <a href="http://www.pravda.com.ua/rus/news/2011/09/20/6600616/">
+# http://www.pravda.com.ua/rus/news/2011/09/20/6600616/
+# </a>
+
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
# Most of Ukraine since 1970 has been like Kiev.
# "Kyiv" is the transliteration of the Ukrainian name, but
@@ -2648,7 +2687,8 @@
3:00 - MSK 1990 Jul 1 2:00
2:00 - EET 1992
2:00 E-Eur EE%sT 1995
- 2:00 EU EE%sT
+ 2:00 EU EE%sT 2011 Mar lastSun 1:00u
+ 3:00 - FET # Further-eastern European Time
# Ruthenia used CET 1990/1991.
# "Uzhhorod" is the transliteration of the Ukrainian name, but
# "Uzhgorod" is more common in English.
@@ -2662,7 +2702,8 @@
1:00 - CET 1991 Mar 31 3:00
2:00 - EET 1992
2:00 E-Eur EE%sT 1995
- 2:00 EU EE%sT
+ 2:00 EU EE%sT 2011 Mar lastSun 1:00u
+ 3:00 - FET # Further-eastern European Time
# Zaporozh'ye and eastern Lugansk oblasts observed DST 1990/1991.
# "Zaporizhia" is the transliteration of the Ukrainian name, but
# "Zaporozh'ye" is more common in English. Use the common English
@@ -2675,7 +2716,8 @@
1:00 C-Eur CE%sT 1943 Oct 25
3:00 Russia MSK/MSD 1991 Mar 31 2:00
2:00 E-Eur EE%sT 1995
- 2:00 EU EE%sT
+ 2:00 EU EE%sT 2011 Mar lastSun 1:00u
+ 3:00 - FET # Further-eastern European Time
# Central Crimea used Moscow time 1994/1997.
Zone Europe/Simferopol 2:16:24 - LMT 1880
2:16 - SMT 1924 May 2 # Simferopol Mean T
@@ -2700,7 +2742,8 @@
# Assume it happened in March by not changing the clocks.
3:00 Russia MSK/MSD 1997
3:00 - MSK 1997 Mar lastSun 1:00u
- 2:00 EU EE%sT
+ 2:00 EU EE%sT 2011 Mar lastSun 1:00u
+ 3:00 - FET # Further-eastern European Time
###############################################################################
--- a/jdk/make/sun/javazic/tzdata/northamerica Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/javazic/tzdata/northamerica Wed Jul 05 17:54:07 2017 +0200
@@ -505,7 +505,7 @@
-8:00 US P%sT 1983 Oct 30 2:00
-9:00 US Y%sT 1983 Nov 30
-9:00 US AK%sT
-Zone America/Sitka -14:58:47 - LMT 1867 Oct 18
+Zone America/Sitka 14:58:47 - LMT 1867 Oct 18
-9:01:13 - LMT 1900 Aug 20 12:00
-8:00 - PST 1942
-8:00 US P%sT 1946
@@ -1190,31 +1190,21 @@
# INMS (2000-09-12) says that, since 1988 at least, Newfoundland switches
# at 00:01 local time. For now, assume it started in 1987.
-# From Michael Pelley (2011-08-05):
-# The Government of Newfoundland and Labrador has pending changes to
-# modify the hour for daylight savings time to come into effect in
-# November 2011. This modification would change the time from 12:01AM to
-# 2:00AM on the dates of the switches of Daylight Savings Time to/from
-# Standard Time.
-#
-# As a matter of reference, in Canada provinces have the authority of
-# setting time zone information. The legislation has passed our
-# legislative body (The House of Assembly) and is awaiting the
-# proclamation to come into effect. You may find this information at:
-# <a href="http://www.assembly.nl.ca/legislation/sr/lists/Proclamation.htm">
-# http://www.assembly.nl.ca/legislation/sr/lists/Proclamation.htm
-# </a>
-# and
-# search within that web page for Standard Time (Amendment) Act. The Act
-# may be found at:
-# <a href="http://www.assembly.nl.ca/business/bills/Bill1106.htm">
-# http://www.assembly.nl.ca/business/bills/Bill1106.htm
+# From Michael Pelley (2011-09-12):
+# We received today, Monday, September 12, 2011, notification that the
+# changes to the Newfoundland Standard Time Act have been proclaimed.
+# The change in the Act stipulates that the change from Daylight Savings
+# Time to Standard Time and from Standard Time to Daylight Savings Time
+# now occurs at 2:00AM.
+# ...
+# <a href="http://www.assembly.nl.ca/legislation/sr/annualstatutes/2011/1106.chp.htm">
+# http://www.assembly.nl.ca/legislation/sr/annualstatutes/2011/1106.chp.htm
# </a>
# ...
-# MICHAEL PELLEY | Manager of Enterprise Architecture - Solution Delivery
-# Office of the Chief Information Officer Executive Council Government of
-# Newfoundland & Labrador P.O. Box 8700, 40 Higgins Line, St. John's NL
-# A1B 4J6
+# MICHAEL PELLEY | Manager of Enterprise Architecture - Solution Delivery
+# Office of the Chief Information Officer
+# Executive Council
+# Government of Newfoundland & Labrador
Rule StJohns 1987 only - Apr Sun>=1 0:01 1:00 D
Rule StJohns 1987 2006 - Oct lastSun 0:01 0 S
--- a/jdk/make/sun/javazic/tzdata/southamerica Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/javazic/tzdata/southamerica Wed Jul 05 17:54:07 2017 +0200
@@ -819,6 +819,26 @@
# <a href="http://www.timeanddate.com/news/time/brazil-dst-2008-2009.html">
# http://www.timeanddate.com/news/time/brazil-dst-2008-2009.html
# </a>
+#
+# From Alexander Krivenyshev (2011-10-04):
+# State Bahia will return to Daylight savings time this year after 8 years off.
+# The announcement was made by Governor Jaques Wagner in an interview to a
+# television station in Salvador.
+
+# In Portuguese:
+# <a href="http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html">
+# http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html
+# </a> and
+# <a href="http://noticias.terra.com.br/brasil/noticias/0,,OI5390887-EI8139,00-Bahia+volta+a+ter+horario+de+verao+apos+oito+anos.html">
+# http://noticias.terra.com.br/brasil/noticias/0,,OI5390887-EI8139,00-Bahia+volta+a+ter+horario+de+verao+apos+oito+anos.html
+# </a>
+
+# From Guilherme Bernardes Rodrigues (2011-10-07):
+# There is news in the media, however there is still no decree about it.
+# I just send a e-mail to Zulmira Brandão at
+# <a href="http://pcdsh01.on.br/">http://pcdsh01.on.br/</a> the
+# oficial agency about time in Brazil, and she confirmed that the old rule is
+# still in force.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
# Decree <a href="http://pcdsh01.on.br/HV20466.htm">20,466</a> (1931-10-01)
@@ -1057,6 +1077,9 @@
Zone America/Bahia -2:34:04 - LMT 1914
-3:00 Brazil BR%sT 2003 Sep 24
-3:00 - BRT
+# as noted above, not yet in operation.
+# -3:00 - BRT 2011 Oct 16
+# -3:00 Brazil BR%sT
#
# Goias (GO), Distrito Federal (DF), Minas Gerais (MG),
# Espirito Santo (ES), Rio de Janeiro (RJ), Sao Paulo (SP), Parana (PR),
--- a/jdk/make/sun/javazic/tzdata/zone.tab Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/javazic/tzdata/zone.tab Wed Jul 05 17:54:07 2017 +0200
@@ -341,7 +341,8 @@
PM +4703-05620 America/Miquelon
PN -2504-13005 Pacific/Pitcairn
PR +182806-0660622 America/Puerto_Rico
-PS +3130+03428 Asia/Gaza
+PS +3130+03428 Asia/Gaza Gaza Strip
+PS +313200+0350542 Asia/Hebron West Bank
PT +3843-00908 Europe/Lisbon mainland
PT +3238-01654 Atlantic/Madeira Madeira Islands
PT +3744-02540 Atlantic/Azores Azores
--- a/jdk/make/sun/rmi/rmi/Makefile Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/rmi/rmi/Makefile Wed Jul 05 17:54:07 2017 +0200
@@ -30,16 +30,9 @@
BUILDDIR = ../../..
PACKAGE = sun.rmi
PRODUCT = sun
-LIBRARY = rmi
include $(BUILDDIR)/common/Defs.gmk
#
-# Add use of a mapfile
-#
-FILES_m = mapfile-vers
-include $(BUILDDIR)/common/Mapfile-vers.gmk
-
-#
# Java files to compile.
#
AUTO_FILES_JAVA_DIRS = \
@@ -52,31 +45,9 @@
com/sun/rmi
#
-# Native files to compile.
-#
-FILES_c = \
- sun/rmi/server/MarshalInputStream.c
-
-#
-# Add ambient vpath to pick up files not part of sun.rmi package
-#
-vpath %.c $(SHARE_SRC)/native/sun/rmi/server
-
-#
-# Exported files that require generated .h
-#
-FILES_export = \
- sun/rmi/server/MarshalInputStream.java
-
-#
-# Link to JVM for JVM_LatestUserDefinedLoader
-#
-OTHER_LDLIBS = $(JVMLIB)
-
-#
# Rules
#
-include $(BUILDDIR)/common/Library.gmk
+include $(BUILDDIR)/common/Rules.gmk
#
# Full package names of implementations requiring stubs
--- a/jdk/make/sun/rmi/rmi/mapfile-vers Wed Jul 05 17:54:00 2017 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,33 +0,0 @@
-#
-# Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation. Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# Define library interface.
-
-SUNWprivate_1.1 {
- global:
- Java_sun_rmi_server_MarshalInputStream_latestUserDefinedLoader;
- local:
- *;
-};
--- a/jdk/make/sun/security/ec/Makefile Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/security/ec/Makefile Wed Jul 05 17:54:07 2017 +0200
@@ -192,10 +192,8 @@
#
# Libraries to link
#
- ifeq ($(PLATFORM), windows)
- OTHER_LDLIBS += $(JVMLIB)
- else
- OTHER_LDLIBS = -ldl $(JVMLIB) $(LIBCXX)
+ ifneq ($(PLATFORM), windows)
+ OTHER_LDLIBS = $(LIBCXX)
endif
include $(BUILDDIR)/common/Mapfile-vers.gmk
--- a/jdk/make/sun/security/jgss/wrapper/Makefile Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/security/jgss/wrapper/Makefile Wed Jul 05 17:54:07 2017 +0200
@@ -72,5 +72,6 @@
# Libraries to link
#
ifneq ($(PLATFORM), windows)
- OTHER_LDLIBS = -ldl $(JVMLIB)
+ OTHER_LDLIBS = -ldl
endif
+
--- a/jdk/make/sun/security/krb5/Makefile Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/security/krb5/Makefile Wed Jul 05 17:54:07 2017 +0200
@@ -69,15 +69,6 @@
include $(BUILDDIR)/common/Classes.gmk
endif # PLATFORM
-#
-# Libraries to link
-#
-ifeq ($(PLATFORM), windows)
- OTHER_LDLIBS = $(JVMLIB)
-else
- OTHER_LDLIBS = -ldl $(JVMLIB)
-endif
-
build:
ifeq ($(PLATFORM),windows)
$(call make-launcher, kinit, sun.security.krb5.internal.tools.Kinit, , )
--- a/jdk/make/sun/security/mscapi/Makefile Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/security/mscapi/Makefile Wed Jul 05 17:54:07 2017 +0200
@@ -159,7 +159,7 @@
# Libraries to link
#
ifeq ($(PLATFORM), windows)
- OTHER_LDLIBS += $(JVMLIB) Crypt32.Lib
+ OTHER_LDLIBS += Crypt32.Lib
endif
#
--- a/jdk/make/sun/security/other/Makefile Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/security/other/Makefile Wed Jul 05 17:54:07 2017 +0200
@@ -38,6 +38,7 @@
sun/security/acl \
sun/security/jca \
sun/security/pkcs \
+ sun/security/pkcs10 \
sun/security/pkcs12 \
sun/security/provider \
sun/security/rsa \
--- a/jdk/make/sun/security/pkcs11/Makefile Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/security/pkcs11/Makefile Wed Jul 05 17:54:07 2017 +0200
@@ -159,10 +159,8 @@
#
# Libraries to link
#
-ifeq ($(PLATFORM), windows)
- OTHER_LDLIBS = $(JVMLIB)
-else
- OTHER_LDLIBS = -ldl $(JVMLIB)
+ifneq ($(PLATFORM), windows)
+ OTHER_LDLIBS = -ldl
endif
# Other config files
--- a/jdk/make/sun/security/smartcardio/Makefile Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/make/sun/security/smartcardio/Makefile Wed Jul 05 17:54:07 2017 +0200
@@ -73,8 +73,8 @@
# Libraries to link
#
ifeq ($(PLATFORM), windows)
- OTHER_LDLIBS = $(JVMLIB) winscard.lib
+ OTHER_LDLIBS = winscard.lib
else
- OTHER_LDLIBS = -ldl $(JVMLIB)
+ OTHER_LDLIBS = -ldl
OTHER_CFLAGS = -D__sun_jdk
endif
--- a/jdk/src/share/classes/java/io/ObjectInputStream.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/java/io/ObjectInputStream.java Wed Jul 05 17:54:07 2017 +0200
@@ -2025,8 +2025,9 @@
* This method should not be removed or its signature changed without
* corresponding modifications to the above class.
*/
- // REMIND: change name to something more accurate?
- private static native ClassLoader latestUserDefinedLoader();
+ private static ClassLoader latestUserDefinedLoader() {
+ return sun.misc.VM.latestUserDefinedLoader();
+ }
/**
* Default GetField implementation.
--- a/jdk/src/share/classes/java/util/Collections.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/java/util/Collections.java Wed Jul 05 17:54:07 2017 +0200
@@ -2352,6 +2352,64 @@
}
/**
+ * Returns a dynamically typesafe view of the specified queue.
+ * Any attempt to insert an element of the wrong type will result in
+ * an immediate {@link ClassCastException}. Assuming a queue contains
+ * no incorrectly typed elements prior to the time a dynamically typesafe
+ * view is generated, and that all subsequent access to the queue
+ * takes place through the view, it is <i>guaranteed</i> that the
+ * queue cannot contain an incorrectly typed element.
+ *
+ * <p>A discussion of the use of dynamically typesafe views may be
+ * found in the documentation for the {@link #checkedCollection
+ * checkedCollection} method.
+ *
+ * <p>The returned queue will be serializable if the specified queue
+ * is serializable.
+ *
+ * <p>Since {@code null} is considered to be a value of any reference
+ * type, the returned queue permits insertion of {@code null} elements
+ * whenever the backing queue does.
+ *
+ * @param queue the queue for which a dynamically typesafe view is to be
+ * returned
+ * @param type the type of element that {@code queue} is permitted to hold
+ * @return a dynamically typesafe view of the specified queue
+ * @since 1.8
+ */
+ public static <E> Queue<E> checkedQueue(Queue<E> queue, Class<E> type) {
+ return new CheckedQueue<>(queue, type);
+ }
+
+ /**
+ * @serial include
+ */
+ static class CheckedQueue<E>
+ extends CheckedCollection<E>
+ implements Queue<E>, Serializable
+ {
+ private static final long serialVersionUID = 1433151992604707767L;
+ final Queue<E> queue;
+
+ CheckedQueue(Queue<E> queue, Class<E> elementType) {
+ super(queue, elementType);
+ this.queue = queue;
+ }
+
+ public E element() {return queue.element();}
+ public boolean equals(Object o) {return o == this || c.equals(o);}
+ public int hashCode() {return c.hashCode();}
+ public E peek() {return queue.peek();}
+ public E poll() {return queue.poll();}
+ public E remove() {return queue.remove();}
+
+ public boolean offer(E e) {
+ typeCheck(e);
+ return add(e);
+ }
+ }
+
+ /**
* Returns a dynamically typesafe view of the specified set.
* Any attempt to insert an element of the wrong type will result in
* an immediate {@link ClassCastException}. Assuming a set contains
--- a/jdk/src/share/classes/sun/misc/VM.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/misc/VM.java Wed Jul 05 17:54:07 2017 +0200
@@ -371,6 +371,12 @@
private final static int JVMTI_THREAD_STATE_WAITING_INDEFINITELY = 0x0010;
private final static int JVMTI_THREAD_STATE_WAITING_WITH_TIMEOUT = 0x0020;
+ /*
+ * Returns the first non-null class loader up the execution stack,
+ * or null if only code from the null class loader is on the stack.
+ */
+ public static native ClassLoader latestUserDefinedLoader();
+
static {
initialize();
}
--- a/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java Wed Jul 05 17:54:07 2017 +0200
@@ -110,14 +110,6 @@
}
/**
- * Load the "rmi" native library.
- */
- static {
- java.security.AccessController.doPrivileged(
- new sun.security.action.LoadLibraryAction("rmi"));
- }
-
- /**
* Create a new MarshalInputStream object.
*/
public MarshalInputStream(InputStream in)
@@ -262,7 +254,9 @@
* Returns the first non-null class loader up the execution stack, or null
* if only code from the null class loader is on the stack.
*/
- private static native ClassLoader latestUserDefinedLoader();
+ private static ClassLoader latestUserDefinedLoader() {
+ return sun.misc.VM.latestUserDefinedLoader();
+ }
/**
* Fix for 4179055: Need to assist resolving sun stubs; resolve
--- a/jdk/src/share/classes/sun/security/pkcs/EncodingException.java Wed Jul 05 17:54:00 2017 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/**
- * Generic PKCS Encoding exception.
- *
- * @author Benjamin Renaud
- */
-
-package sun.security.pkcs;
-
-public class EncodingException extends Exception {
-
- private static final long serialVersionUID = 4060198374240668325L;
-
- public EncodingException() {
- super();
- }
-
- public EncodingException(String s) {
- super(s);
- }
-}
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS10.java Wed Jul 05 17:54:00 2017 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,353 +0,0 @@
-/*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-
-package sun.security.pkcs;
-
-import java.io.PrintStream;
-import java.io.IOException;
-import java.math.BigInteger;
-
-import java.security.cert.CertificateException;
-import java.security.NoSuchAlgorithmException;
-import java.security.InvalidKeyException;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.PublicKey;
-
-import sun.misc.BASE64Encoder;
-
-import sun.security.util.*;
-import sun.security.x509.AlgorithmId;
-import sun.security.x509.X509Key;
-import sun.security.x509.X500Name;
-
-/**
- * A PKCS #10 certificate request is created and sent to a Certificate
- * Authority, which then creates an X.509 certificate and returns it to
- * the entity that requested it. A certificate request basically consists
- * of the subject's X.500 name, public key, and optionally some attributes,
- * signed using the corresponding private key.
- *
- * The ASN.1 syntax for a Certification Request is:
- * <pre>
- * CertificationRequest ::= SEQUENCE {
- * certificationRequestInfo CertificationRequestInfo,
- * signatureAlgorithm SignatureAlgorithmIdentifier,
- * signature Signature
- * }
- *
- * SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
- * Signature ::= BIT STRING
- *
- * CertificationRequestInfo ::= SEQUENCE {
- * version Version,
- * subject Name,
- * subjectPublicKeyInfo SubjectPublicKeyInfo,
- * attributes [0] IMPLICIT Attributes
- * }
- * Attributes ::= SET OF Attribute
- * </pre>
- *
- * @author David Brownell
- * @author Amit Kapoor
- * @author Hemma Prafullchandra
- */
-public class PKCS10 {
- /**
- * Constructs an unsigned PKCS #10 certificate request. Before this
- * request may be used, it must be encoded and signed. Then it
- * must be retrieved in some conventional format (e.g. string).
- *
- * @param publicKey the public key that should be placed
- * into the certificate generated by the CA.
- */
- public PKCS10(PublicKey publicKey) {
- subjectPublicKeyInfo = publicKey;
- attributeSet = new PKCS10Attributes();
- }
-
- /**
- * Constructs an unsigned PKCS #10 certificate request. Before this
- * request may be used, it must be encoded and signed. Then it
- * must be retrieved in some conventional format (e.g. string).
- *
- * @param publicKey the public key that should be placed
- * into the certificate generated by the CA.
- * @param attributes additonal set of PKCS10 attributes requested
- * for in the certificate.
- */
- public PKCS10(PublicKey publicKey, PKCS10Attributes attributes) {
- subjectPublicKeyInfo = publicKey;
- attributeSet = attributes;
- }
-
- /**
- * Parses an encoded, signed PKCS #10 certificate request, verifying
- * the request's signature as it does so. This constructor would
- * typically be used by a Certificate Authority, from which a new
- * certificate would then be constructed.
- *
- * @param data the DER-encoded PKCS #10 request.
- * @exception IOException for low level errors reading the data
- * @exception SignatureException when the signature is invalid
- * @exception NoSuchAlgorithmException when the signature
- * algorithm is not supported in this environment
- */
- public PKCS10(byte[] data)
- throws IOException, SignatureException, NoSuchAlgorithmException {
- DerInputStream in;
- DerValue[] seq;
- AlgorithmId id;
- byte[] sigData;
- Signature sig;
-
- encoded = data;
-
- //
- // Outer sequence: request, signature algorithm, signature.
- // Parse, and prepare to verify later.
- //
- in = new DerInputStream(data);
- seq = in.getSequence(3);
-
- if (seq.length != 3)
- throw new IllegalArgumentException("not a PKCS #10 request");
-
- data = seq[0].toByteArray(); // reusing this variable
- id = AlgorithmId.parse(seq[1]);
- sigData = seq[2].getBitString();
-
- //
- // Inner sequence: version, name, key, attributes
- //
- BigInteger serial;
- DerValue val;
-
- serial = seq[0].data.getBigInteger();
- if (!serial.equals(BigInteger.ZERO))
- throw new IllegalArgumentException("not PKCS #10 v1");
-
- subject = new X500Name(seq[0].data);
- subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue());
-
- // Cope with a somewhat common illegal PKCS #10 format
- if (seq[0].data.available() != 0)
- attributeSet = new PKCS10Attributes(seq[0].data);
- else
- attributeSet = new PKCS10Attributes();
-
- if (seq[0].data.available() != 0)
- throw new IllegalArgumentException("illegal PKCS #10 data");
-
- //
- // OK, we parsed it all ... validate the signature using the
- // key and signature algorithm we found.
- //
- try {
- sig = Signature.getInstance(id.getName());
- sig.initVerify(subjectPublicKeyInfo);
- sig.update(data);
- if (!sig.verify(sigData))
- throw new SignatureException("Invalid PKCS #10 signature");
- } catch (InvalidKeyException e) {
- throw new SignatureException("invalid key");
- }
- }
-
- /**
- * Create the signed certificate request. This will later be
- * retrieved in either string or binary format.
- *
- * @param subject identifies the signer (by X.500 name).
- * @param signature private key and signing algorithm to use.
- * @exception IOException on errors.
- * @exception CertificateException on certificate handling errors.
- * @exception SignatureException on signature handling errors.
- */
- public void encodeAndSign(X500Name subject, Signature signature)
- throws CertificateException, IOException, SignatureException {
- DerOutputStream out, scratch;
- byte[] certificateRequestInfo;
- byte[] sig;
-
- if (encoded != null)
- throw new SignatureException("request is already signed");
-
- this.subject = subject;
-
- /*
- * Encode cert request info, wrap in a sequence for signing
- */
- scratch = new DerOutputStream();
- scratch.putInteger(BigInteger.ZERO); // PKCS #10 v1.0
- subject.encode(scratch); // X.500 name
- scratch.write(subjectPublicKeyInfo.getEncoded()); // public key
- attributeSet.encode(scratch);
-
- out = new DerOutputStream();
- out.write(DerValue.tag_Sequence, scratch); // wrap it!
- certificateRequestInfo = out.toByteArray();
- scratch = out;
-
- /*
- * Sign it ...
- */
- signature.update(certificateRequestInfo, 0,
- certificateRequestInfo.length);
- sig = signature.sign();
-
- /*
- * Build guts of SIGNED macro
- */
- AlgorithmId algId = null;
- try {
- algId = AlgorithmId.get(signature.getAlgorithm());
- } catch (NoSuchAlgorithmException nsae) {
- throw new SignatureException(nsae);
- }
- algId.encode(scratch); // sig algorithm
- scratch.putBitString(sig); // sig
-
- /*
- * Wrap those guts in a sequence
- */
- out = new DerOutputStream();
- out.write(DerValue.tag_Sequence, scratch);
- encoded = out.toByteArray();
- }
-
- /**
- * Returns the subject's name.
- */
- public X500Name getSubjectName() { return subject; }
-
- /**
- * Returns the subject's public key.
- */
- public PublicKey getSubjectPublicKeyInfo()
- { return subjectPublicKeyInfo; }
-
- /**
- * Returns the additional attributes requested.
- */
- public PKCS10Attributes getAttributes()
- { return attributeSet; }
-
- /**
- * Returns the encoded and signed certificate request as a
- * DER-encoded byte array.
- *
- * @return the certificate request, or null if encodeAndSign()
- * has not yet been called.
- */
- public byte[] getEncoded() {
- if (encoded != null)
- return encoded.clone();
- else
- return null;
- }
-
- /**
- * Prints an E-Mailable version of the certificate request on the print
- * stream passed. The format is a common base64 encoded one, supported
- * by most Certificate Authorities because Netscape web servers have
- * used this for some time. Some certificate authorities expect some
- * more information, in particular contact information for the web
- * server administrator.
- *
- * @param out the print stream where the certificate request
- * will be printed.
- * @exception IOException when an output operation failed
- * @exception SignatureException when the certificate request was
- * not yet signed.
- */
- public void print(PrintStream out)
- throws IOException, SignatureException {
- if (encoded == null)
- throw new SignatureException("Cert request was not signed");
-
- BASE64Encoder encoder = new BASE64Encoder();
-
- out.println("-----BEGIN NEW CERTIFICATE REQUEST-----");
- encoder.encodeBuffer(encoded, out);
- out.println("-----END NEW CERTIFICATE REQUEST-----");
- }
-
- /**
- * Provides a short description of this request.
- */
- public String toString() {
- return "[PKCS #10 certificate request:\n"
- + subjectPublicKeyInfo.toString()
- + " subject: <" + subject + ">" + "\n"
- + " attributes: " + attributeSet.toString()
- + "\n]";
- }
-
- /**
- * Compares this object for equality with the specified
- * object. If the <code>other</code> object is an
- * <code>instanceof</code> <code>PKCS10</code>, then
- * its encoded form is retrieved and compared with the
- * encoded form of this certificate request.
- *
- * @param other the object to test for equality with this object.
- * @return true iff the encoded forms of the two certificate
- * requests match, false otherwise.
- */
- public boolean equals(Object other) {
- if (this == other)
- return true;
- if (!(other instanceof PKCS10))
- return false;
- if (encoded == null) // not signed yet
- return false;
- byte[] otherEncoded = ((PKCS10)other).getEncoded();
- if (otherEncoded == null)
- return false;
-
- return java.util.Arrays.equals(encoded, otherEncoded);
- }
-
- /**
- * Returns a hashcode value for this certificate request from its
- * encoded form.
- *
- * @return the hashcode value.
- */
- public int hashCode() {
- int retval = 0;
- if (encoded != null)
- for (int i = 1; i < encoded.length; i++)
- retval += encoded[i] * i;
- return(retval);
- }
-
- private X500Name subject;
- private PublicKey subjectPublicKeyInfo;
- private PKCS10Attributes attributeSet;
- private byte[] encoded; // signed
-}
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS10Attribute.java Wed Jul 05 17:54:00 2017 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,135 +0,0 @@
-/*
- * Copyright (c) 1997, 1998, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.pkcs;
-
-import java.io.OutputStream;
-import java.io.IOException;
-
-import sun.security.util.*;
-
-/**
- * Represent a PKCS#10 Attribute.
- *
- * <p>Attributes are additonal information which can be inserted in a PKCS#10
- * certificate request. For example a "Driving License Certificate" could have
- * the driving license number as an attribute.
- *
- * <p>Attributes are represented as a sequence of the attribute identifier
- * (Object Identifier) and a set of DER encoded attribute values.
- *
- * ASN.1 definition of Attribute:
- * <pre>
- * Attribute :: SEQUENCE {
- * type AttributeType,
- * values SET OF AttributeValue
- * }
- * AttributeType ::= OBJECT IDENTIFIER
- * AttributeValue ::= ANY defined by type
- * </pre>
- *
- * @author Amit Kapoor
- * @author Hemma Prafullchandra
- */
-public class PKCS10Attribute implements DerEncoder {
-
- protected ObjectIdentifier attributeId = null;
- protected Object attributeValue = null;
-
- /**
- * Constructs an attribute from a DER encoding.
- * This constructor expects the value to be encoded as defined above,
- * i.e. a SEQUENCE of OID and SET OF value(s), not a literal
- * X.509 v3 extension. Only PKCS9 defined attributes are supported
- * currently.
- *
- * @param derVal the der encoded attribute.
- * @exception IOException on parsing errors.
- */
- public PKCS10Attribute(DerValue derVal) throws IOException {
- PKCS9Attribute attr = new PKCS9Attribute(derVal);
- this.attributeId = attr.getOID();
- this.attributeValue = attr.getValue();
- }
-
- /**
- * Constructs an attribute from individual components of
- * ObjectIdentifier and the value (any java object).
- *
- * @param attributeId the ObjectIdentifier of the attribute.
- * @param attributeValue an instance of a class that implements
- * the attribute identified by the ObjectIdentifier.
- */
- public PKCS10Attribute(ObjectIdentifier attributeId,
- Object attributeValue) {
- this.attributeId = attributeId;
- this.attributeValue = attributeValue;
- }
-
- /**
- * Constructs an attribute from PKCS9 attribute.
- *
- * @param attr the PKCS9Attribute to create from.
- */
- public PKCS10Attribute(PKCS9Attribute attr) {
- this.attributeId = attr.getOID();
- this.attributeValue = attr.getValue();
- }
-
- /**
- * DER encode this object onto an output stream.
- * Implements the <code>DerEncoder</code> interface.
- *
- * @param out
- * the OutputStream on which to write the DER encoding.
- *
- * @exception IOException on encoding errors.
- */
- public void derEncode(OutputStream out) throws IOException {
- PKCS9Attribute attr = new PKCS9Attribute(attributeId, attributeValue);
- attr.derEncode(out);
- }
-
- /**
- * Returns the ObjectIdentifier of the attribute.
- */
- public ObjectIdentifier getAttributeId() {
- return (attributeId);
- }
-
- /**
- * Returns the attribute value.
- */
- public Object getAttributeValue() {
- return (attributeValue);
- }
-
- /**
- * Returns the attribute in user readable form.
- */
- public String toString() {
- return (attributeValue.toString());
- }
-}
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS10Attributes.java Wed Jul 05 17:54:00 2017 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,219 +0,0 @@
-/*
- * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.pkcs;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.cert.CertificateException;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.Hashtable;
-
-import sun.security.util.*;
-
-/**
- * This class defines the PKCS10 attributes for the request.
- * The ASN.1 syntax for this is:
- * <pre>
- * Attributes ::= SET OF Attribute
- * </pre>
- *
- * @author Amit Kapoor
- * @author Hemma Prafullchandra
- * @see PKCS10
- * @see PKCS10Attribute
- */
-public class PKCS10Attributes implements DerEncoder {
-
- private Hashtable<String, PKCS10Attribute> map =
- new Hashtable<String, PKCS10Attribute>(3);
-
- /**
- * Default constructor for the PKCS10 attribute.
- */
- public PKCS10Attributes() { }
-
- /**
- * Create the object from the array of PKCS10Attribute objects.
- *
- * @param attrs the array of PKCS10Attribute objects.
- */
- public PKCS10Attributes(PKCS10Attribute[] attrs) {
- for (int i = 0; i < attrs.length; i++) {
- map.put(attrs[i].getAttributeId().toString(), attrs[i]);
- }
- }
-
- /**
- * Create the object, decoding the values from the passed DER stream.
- * The DER stream contains the SET OF Attribute.
- *
- * @param in the DerInputStream to read the attributes from.
- * @exception IOException on decoding errors.
- */
- public PKCS10Attributes(DerInputStream in) throws IOException {
- DerValue[] attrs = in.getSet(3, true);
-
- if (attrs == null)
- throw new IOException("Illegal encoding of attributes");
- for (int i = 0; i < attrs.length; i++) {
- PKCS10Attribute attr = new PKCS10Attribute(attrs[i]);
- map.put(attr.getAttributeId().toString(), attr);
- }
- }
-
- /**
- * Encode the attributes in DER form to the stream.
- *
- * @param out the OutputStream to marshal the contents to.
- * @exception IOException on encoding errors.
- */
- public void encode(OutputStream out) throws IOException {
- derEncode(out);
- }
-
- /**
- * Encode the attributes in DER form to the stream.
- * Implements the <code>DerEncoder</code> interface.
- *
- * @param out the OutputStream to marshal the contents to.
- * @exception IOException on encoding errors.
- */
- public void derEncode(OutputStream out) throws IOException {
- // first copy the elements into an array
- Collection<PKCS10Attribute> allAttrs = map.values();
- PKCS10Attribute[] attribs =
- allAttrs.toArray(new PKCS10Attribute[map.size()]);
-
- DerOutputStream attrOut = new DerOutputStream();
- attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT,
- true, (byte)0),
- attribs);
- out.write(attrOut.toByteArray());
- }
-
- /**
- * Set the attribute value.
- */
- public void setAttribute(String name, Object obj) {
- if (obj instanceof PKCS10Attribute) {
- map.put(name, (PKCS10Attribute)obj);
- }
- }
-
- /**
- * Get the attribute value.
- */
- public Object getAttribute(String name) {
- return map.get(name);
- }
-
- /**
- * Delete the attribute value.
- */
- public void deleteAttribute(String name) {
- map.remove(name);
- }
-
- /**
- * Return an enumeration of names of attributes existing within this
- * attribute.
- */
- public Enumeration<PKCS10Attribute> getElements() {
- return (map.elements());
- }
-
- /**
- * Return a Collection of attributes existing within this
- * PKCS10Attributes object.
- */
- public Collection<PKCS10Attribute> getAttributes() {
- return (Collections.unmodifiableCollection(map.values()));
- }
-
- /**
- * Compares this PKCS10Attributes for equality with the specified
- * object. If the <code>other</code> object is an
- * <code>instanceof</code> <code>PKCS10Attributes</code>, then
- * all the entries are compared with the entries from this.
- *
- * @param other the object to test for equality with this PKCS10Attributes.
- * @return true if all the entries match that of the Other,
- * false otherwise.
- */
- public boolean equals(Object other) {
- if (this == other)
- return true;
- if (!(other instanceof PKCS10Attributes))
- return false;
-
- Collection<PKCS10Attribute> othersAttribs =
- ((PKCS10Attributes)other).getAttributes();
- PKCS10Attribute[] attrs =
- othersAttribs.toArray(new PKCS10Attribute[othersAttribs.size()]);
- int len = attrs.length;
- if (len != map.size())
- return false;
- PKCS10Attribute thisAttr, otherAttr;
- String key = null;
- for (int i=0; i < len; i++) {
- otherAttr = attrs[i];
- key = otherAttr.getAttributeId().toString();
-
- if (key == null)
- return false;
- thisAttr = map.get(key);
- if (thisAttr == null)
- return false;
- if (! thisAttr.equals(otherAttr))
- return false;
- }
- return true;
- }
-
- /**
- * Returns a hashcode value for this PKCS10Attributes.
- *
- * @return the hashcode value.
- */
- public int hashCode() {
- return map.hashCode();
- }
-
- /**
- * Returns a string representation of this <tt>PKCS10Attributes</tt> object
- * in the form of a set of entries, enclosed in braces and separated
- * by the ASCII characters "<tt>, </tt>" (comma and space).
- * <p>Overrides the <tt>toString</tt> method of <tt>Object</tt>.
- *
- * @return a string representation of this PKCS10Attributes.
- */
- public String toString() {
- String s = map.size() + "\n" + map.toString();
- return s;
- }
-}
--- a/jdk/src/share/classes/sun/security/pkcs/PKCS7.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/pkcs/PKCS7.java Wed Jul 05 17:54:07 2017 +0200
@@ -27,6 +27,7 @@
import java.io.*;
import java.math.BigInteger;
+import java.net.URI;
import java.util.*;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
@@ -35,6 +36,7 @@
import java.security.cert.CertificateFactory;
import java.security.*;
+import sun.security.timestamp.*;
import sun.security.util.*;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateIssuerName;
@@ -68,6 +70,30 @@
private Principal[] certIssuerNames;
+ /*
+ * Random number generator for creating nonce values
+ */
+ private static final SecureRandom RANDOM;
+ static {
+ SecureRandom tmp = null;
+ try {
+ tmp = SecureRandom.getInstance("SHA1PRNG");
+ } catch (NoSuchAlgorithmException e) {
+ // should not happen
+ }
+ RANDOM = tmp;
+ }
+
+ /*
+ * Object identifier for the timestamping key purpose.
+ */
+ private static final String KP_TIMESTAMPING_OID = "1.3.6.1.5.5.7.3.8";
+
+ /*
+ * Object identifier for extendedKeyUsage extension
+ */
+ private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37";
+
/**
* Unmarshals a PKCS7 block from its encoded form, parsing the
* encoded bytes from the InputStream.
@@ -733,4 +759,164 @@
public boolean isOldStyle() {
return this.oldStyle;
}
+
+ /**
+ * Assembles a PKCS #7 signed data message that optionally includes a
+ * signature timestamp.
+ *
+ * @param signature the signature bytes
+ * @param signerChain the signer's X.509 certificate chain
+ * @param content the content that is signed; specify null to not include
+ * it in the PKCS7 data
+ * @param signatureAlgorithm the name of the signature algorithm
+ * @param tsaURI the URI of the Timestamping Authority; or null if no
+ * timestamp is requested
+ * @return the bytes of the encoded PKCS #7 signed data message
+ * @throws NoSuchAlgorithmException The exception is thrown if the signature
+ * algorithm is unrecognised.
+ * @throws CertificateException The exception is thrown if an error occurs
+ * while processing the signer's certificate or the TSA's
+ * certificate.
+ * @throws IOException The exception is thrown if an error occurs while
+ * generating the signature timestamp or while generating the signed
+ * data message.
+ */
+ public static byte[] generateSignedData(byte[] signature,
+ X509Certificate[] signerChain,
+ byte[] content,
+ String signatureAlgorithm,
+ URI tsaURI)
+ throws CertificateException, IOException, NoSuchAlgorithmException
+ {
+
+ // Generate the timestamp token
+ PKCS9Attributes unauthAttrs = null;
+ if (tsaURI != null) {
+ // Timestamp the signature
+ HttpTimestamper tsa = new HttpTimestamper(tsaURI);
+ byte[] tsToken = generateTimestampToken(tsa, signature);
+
+ // Insert the timestamp token into the PKCS #7 signer info element
+ // (as an unsigned attribute)
+ unauthAttrs =
+ new PKCS9Attributes(new PKCS9Attribute[]{
+ new PKCS9Attribute(
+ PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR,
+ tsToken)});
+ }
+
+ // Create the SignerInfo
+ X500Name issuerName =
+ X500Name.asX500Name(signerChain[0].getIssuerX500Principal());
+ BigInteger serialNumber = signerChain[0].getSerialNumber();
+ String encAlg = AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm);
+ String digAlg = AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm);
+ SignerInfo signerInfo = new SignerInfo(issuerName, serialNumber,
+ AlgorithmId.get(digAlg), null,
+ AlgorithmId.get(encAlg),
+ signature, unauthAttrs);
+
+ // Create the PKCS #7 signed data message
+ SignerInfo[] signerInfos = {signerInfo};
+ AlgorithmId[] algorithms = {signerInfo.getDigestAlgorithmId()};
+ // Include or exclude content
+ ContentInfo contentInfo = (content == null)
+ ? new ContentInfo(ContentInfo.DATA_OID, null)
+ : new ContentInfo(content);
+ PKCS7 pkcs7 = new PKCS7(algorithms, contentInfo,
+ signerChain, signerInfos);
+ ByteArrayOutputStream p7out = new ByteArrayOutputStream();
+ pkcs7.encodeSignedData(p7out);
+
+ return p7out.toByteArray();
+ }
+
+ /**
+ * Requests, processes and validates a timestamp token from a TSA using
+ * common defaults. Uses the following defaults in the timestamp request:
+ * SHA-1 for the hash algorithm, a 64-bit nonce, and request certificate
+ * set to true.
+ *
+ * @param tsa the timestamping authority to use
+ * @param toBeTimestamped the token that is to be timestamped
+ * @return the encoded timestamp token
+ * @throws IOException The exception is thrown if an error occurs while
+ * communicating with the TSA.
+ * @throws CertificateException The exception is thrown if the TSA's
+ * certificate is not permitted for timestamping.
+ */
+ private static byte[] generateTimestampToken(Timestamper tsa,
+ byte[] toBeTimestamped)
+ throws IOException, CertificateException
+ {
+ // Generate a timestamp
+ MessageDigest messageDigest = null;
+ TSRequest tsQuery = null;
+ try {
+ // SHA-1 is always used.
+ messageDigest = MessageDigest.getInstance("SHA-1");
+ tsQuery = new TSRequest(toBeTimestamped, messageDigest);
+ } catch (NoSuchAlgorithmException e) {
+ // ignore
+ }
+
+ // Generate a nonce
+ BigInteger nonce = null;
+ if (RANDOM != null) {
+ nonce = new BigInteger(64, RANDOM);
+ tsQuery.setNonce(nonce);
+ }
+ tsQuery.requestCertificate(true);
+
+ TSResponse tsReply = tsa.generateTimestamp(tsQuery);
+ int status = tsReply.getStatusCode();
+ // Handle TSP error
+ if (status != 0 && status != 1) {
+ throw new IOException("Error generating timestamp: " +
+ tsReply.getStatusCodeAsText() + " " +
+ tsReply.getFailureCodeAsText());
+ }
+ PKCS7 tsToken = tsReply.getToken();
+
+ TimestampToken tst = tsReply.getTimestampToken();
+ if (!tst.getHashAlgorithm().getName().equals("SHA")) {
+ throw new IOException("Digest algorithm not SHA-1 in "
+ + "timestamp token");
+ }
+ if (!MessageDigest.isEqual(tst.getHashedMessage(),
+ tsQuery.getHashedMessage())) {
+ throw new IOException("Digest octets changed in timestamp token");
+ }
+
+ BigInteger replyNonce = tst.getNonce();
+ if (replyNonce == null && nonce != null) {
+ throw new IOException("Nonce missing in timestamp token");
+ }
+ if (replyNonce != null && !replyNonce.equals(nonce)) {
+ throw new IOException("Nonce changed in timestamp token");
+ }
+
+ // Examine the TSA's certificate (if present)
+ for (SignerInfo si: tsToken.getSignerInfos()) {
+ X509Certificate cert = si.getCertificate(tsToken);
+ if (cert == null) {
+ // Error, we've already set tsRequestCertificate = true
+ throw new CertificateException(
+ "Certificate not included in timestamp token");
+ } else {
+ if (!cert.getCriticalExtensionOIDs().contains(
+ EXTENDED_KEY_USAGE_OID)) {
+ throw new CertificateException(
+ "Certificate is not valid for timestamping");
+ }
+ List<String> keyPurposes = cert.getExtendedKeyUsage();
+ if (keyPurposes == null ||
+ !keyPurposes.contains(KP_TIMESTAMPING_OID)) {
+ throw new CertificateException(
+ "Certificate is not valid for timestamping");
+ }
+ }
+ }
+ return tsReply.getEncodedToken();
+ }
}
--- a/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java Wed Jul 05 17:54:07 2017 +0200
@@ -28,10 +28,14 @@
import java.io.OutputStream;
import java.io.IOException;
import java.math.BigInteger;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.security.*;
import java.util.ArrayList;
+import sun.security.timestamp.TimestampToken;
import sun.security.util.*;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X500Name;
@@ -51,6 +55,8 @@
AlgorithmId digestAlgorithmId;
AlgorithmId digestEncryptionAlgorithmId;
byte[] encryptedDigest;
+ Timestamp timestamp;
+ private boolean hasTimestamp = true;
PKCS9Attributes authenticatedAttributes;
PKCS9Attributes unauthenticatedAttributes;
@@ -442,6 +448,62 @@
return unauthenticatedAttributes;
}
+ /*
+ * Extracts a timestamp from a PKCS7 SignerInfo.
+ *
+ * Examines the signer's unsigned attributes for a
+ * <tt>signatureTimestampToken</tt> attribute. If present,
+ * then it is parsed to extract the date and time at which the
+ * timestamp was generated.
+ *
+ * @param info A signer information element of a PKCS 7 block.
+ *
+ * @return A timestamp token or null if none is present.
+ * @throws IOException if an error is encountered while parsing the
+ * PKCS7 data.
+ * @throws NoSuchAlgorithmException if an error is encountered while
+ * verifying the PKCS7 object.
+ * @throws SignatureException if an error is encountered while
+ * verifying the PKCS7 object.
+ * @throws CertificateException if an error is encountered while generating
+ * the TSA's certpath.
+ */
+ public Timestamp getTimestamp()
+ throws IOException, NoSuchAlgorithmException, SignatureException,
+ CertificateException
+ {
+ if (timestamp != null || !hasTimestamp)
+ return timestamp;
+
+ if (unauthenticatedAttributes == null) {
+ hasTimestamp = false;
+ return null;
+ }
+ PKCS9Attribute tsTokenAttr =
+ unauthenticatedAttributes.getAttribute(
+ PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
+ if (tsTokenAttr == null) {
+ hasTimestamp = false;
+ return null;
+ }
+
+ PKCS7 tsToken = new PKCS7((byte[])tsTokenAttr.getValue());
+ // Extract the content (an encoded timestamp token info)
+ byte[] encTsTokenInfo = tsToken.getContentInfo().getData();
+ // Extract the signer (the Timestamping Authority)
+ // while verifying the content
+ SignerInfo[] tsa = tsToken.verify(encTsTokenInfo);
+ // Expect only one signer
+ ArrayList<X509Certificate> chain = tsa[0].getCertificateChain(tsToken);
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ CertPath tsaChain = cf.generateCertPath(chain);
+ // Create a timestamp token info object
+ TimestampToken tsTokenInfo = new TimestampToken(encTsTokenInfo);
+ // Create a timestamp object
+ timestamp = new Timestamp(tsTokenInfo.getDate(), tsaChain);
+ return timestamp;
+ }
+
public String toString() {
HexDumpEncoder hexDump = new HexDumpEncoder();
@@ -467,5 +529,4 @@
}
return out;
}
-
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java Wed Jul 05 17:54:07 2017 +0200
@@ -0,0 +1,353 @@
+/*
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+
+package sun.security.pkcs10;
+
+import java.io.PrintStream;
+import java.io.IOException;
+import java.math.BigInteger;
+
+import java.security.cert.CertificateException;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.PublicKey;
+
+import sun.misc.BASE64Encoder;
+
+import sun.security.util.*;
+import sun.security.x509.AlgorithmId;
+import sun.security.x509.X509Key;
+import sun.security.x509.X500Name;
+
+/**
+ * A PKCS #10 certificate request is created and sent to a Certificate
+ * Authority, which then creates an X.509 certificate and returns it to
+ * the entity that requested it. A certificate request basically consists
+ * of the subject's X.500 name, public key, and optionally some attributes,
+ * signed using the corresponding private key.
+ *
+ * The ASN.1 syntax for a Certification Request is:
+ * <pre>
+ * CertificationRequest ::= SEQUENCE {
+ * certificationRequestInfo CertificationRequestInfo,
+ * signatureAlgorithm SignatureAlgorithmIdentifier,
+ * signature Signature
+ * }
+ *
+ * SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
+ * Signature ::= BIT STRING
+ *
+ * CertificationRequestInfo ::= SEQUENCE {
+ * version Version,
+ * subject Name,
+ * subjectPublicKeyInfo SubjectPublicKeyInfo,
+ * attributes [0] IMPLICIT Attributes
+ * }
+ * Attributes ::= SET OF Attribute
+ * </pre>
+ *
+ * @author David Brownell
+ * @author Amit Kapoor
+ * @author Hemma Prafullchandra
+ */
+public class PKCS10 {
+ /**
+ * Constructs an unsigned PKCS #10 certificate request. Before this
+ * request may be used, it must be encoded and signed. Then it
+ * must be retrieved in some conventional format (e.g. string).
+ *
+ * @param publicKey the public key that should be placed
+ * into the certificate generated by the CA.
+ */
+ public PKCS10(PublicKey publicKey) {
+ subjectPublicKeyInfo = publicKey;
+ attributeSet = new PKCS10Attributes();
+ }
+
+ /**
+ * Constructs an unsigned PKCS #10 certificate request. Before this
+ * request may be used, it must be encoded and signed. Then it
+ * must be retrieved in some conventional format (e.g. string).
+ *
+ * @param publicKey the public key that should be placed
+ * into the certificate generated by the CA.
+ * @param attributes additonal set of PKCS10 attributes requested
+ * for in the certificate.
+ */
+ public PKCS10(PublicKey publicKey, PKCS10Attributes attributes) {
+ subjectPublicKeyInfo = publicKey;
+ attributeSet = attributes;
+ }
+
+ /**
+ * Parses an encoded, signed PKCS #10 certificate request, verifying
+ * the request's signature as it does so. This constructor would
+ * typically be used by a Certificate Authority, from which a new
+ * certificate would then be constructed.
+ *
+ * @param data the DER-encoded PKCS #10 request.
+ * @exception IOException for low level errors reading the data
+ * @exception SignatureException when the signature is invalid
+ * @exception NoSuchAlgorithmException when the signature
+ * algorithm is not supported in this environment
+ */
+ public PKCS10(byte[] data)
+ throws IOException, SignatureException, NoSuchAlgorithmException {
+ DerInputStream in;
+ DerValue[] seq;
+ AlgorithmId id;
+ byte[] sigData;
+ Signature sig;
+
+ encoded = data;
+
+ //
+ // Outer sequence: request, signature algorithm, signature.
+ // Parse, and prepare to verify later.
+ //
+ in = new DerInputStream(data);
+ seq = in.getSequence(3);
+
+ if (seq.length != 3)
+ throw new IllegalArgumentException("not a PKCS #10 request");
+
+ data = seq[0].toByteArray(); // reusing this variable
+ id = AlgorithmId.parse(seq[1]);
+ sigData = seq[2].getBitString();
+
+ //
+ // Inner sequence: version, name, key, attributes
+ //
+ BigInteger serial;
+ DerValue val;
+
+ serial = seq[0].data.getBigInteger();
+ if (!serial.equals(BigInteger.ZERO))
+ throw new IllegalArgumentException("not PKCS #10 v1");
+
+ subject = new X500Name(seq[0].data);
+ subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue());
+
+ // Cope with a somewhat common illegal PKCS #10 format
+ if (seq[0].data.available() != 0)
+ attributeSet = new PKCS10Attributes(seq[0].data);
+ else
+ attributeSet = new PKCS10Attributes();
+
+ if (seq[0].data.available() != 0)
+ throw new IllegalArgumentException("illegal PKCS #10 data");
+
+ //
+ // OK, we parsed it all ... validate the signature using the
+ // key and signature algorithm we found.
+ //
+ try {
+ sig = Signature.getInstance(id.getName());
+ sig.initVerify(subjectPublicKeyInfo);
+ sig.update(data);
+ if (!sig.verify(sigData))
+ throw new SignatureException("Invalid PKCS #10 signature");
+ } catch (InvalidKeyException e) {
+ throw new SignatureException("invalid key");
+ }
+ }
+
+ /**
+ * Create the signed certificate request. This will later be
+ * retrieved in either string or binary format.
+ *
+ * @param subject identifies the signer (by X.500 name).
+ * @param signature private key and signing algorithm to use.
+ * @exception IOException on errors.
+ * @exception CertificateException on certificate handling errors.
+ * @exception SignatureException on signature handling errors.
+ */
+ public void encodeAndSign(X500Name subject, Signature signature)
+ throws CertificateException, IOException, SignatureException {
+ DerOutputStream out, scratch;
+ byte[] certificateRequestInfo;
+ byte[] sig;
+
+ if (encoded != null)
+ throw new SignatureException("request is already signed");
+
+ this.subject = subject;
+
+ /*
+ * Encode cert request info, wrap in a sequence for signing
+ */
+ scratch = new DerOutputStream();
+ scratch.putInteger(BigInteger.ZERO); // PKCS #10 v1.0
+ subject.encode(scratch); // X.500 name
+ scratch.write(subjectPublicKeyInfo.getEncoded()); // public key
+ attributeSet.encode(scratch);
+
+ out = new DerOutputStream();
+ out.write(DerValue.tag_Sequence, scratch); // wrap it!
+ certificateRequestInfo = out.toByteArray();
+ scratch = out;
+
+ /*
+ * Sign it ...
+ */
+ signature.update(certificateRequestInfo, 0,
+ certificateRequestInfo.length);
+ sig = signature.sign();
+
+ /*
+ * Build guts of SIGNED macro
+ */
+ AlgorithmId algId = null;
+ try {
+ algId = AlgorithmId.get(signature.getAlgorithm());
+ } catch (NoSuchAlgorithmException nsae) {
+ throw new SignatureException(nsae);
+ }
+ algId.encode(scratch); // sig algorithm
+ scratch.putBitString(sig); // sig
+
+ /*
+ * Wrap those guts in a sequence
+ */
+ out = new DerOutputStream();
+ out.write(DerValue.tag_Sequence, scratch);
+ encoded = out.toByteArray();
+ }
+
+ /**
+ * Returns the subject's name.
+ */
+ public X500Name getSubjectName() { return subject; }
+
+ /**
+ * Returns the subject's public key.
+ */
+ public PublicKey getSubjectPublicKeyInfo()
+ { return subjectPublicKeyInfo; }
+
+ /**
+ * Returns the additional attributes requested.
+ */
+ public PKCS10Attributes getAttributes()
+ { return attributeSet; }
+
+ /**
+ * Returns the encoded and signed certificate request as a
+ * DER-encoded byte array.
+ *
+ * @return the certificate request, or null if encodeAndSign()
+ * has not yet been called.
+ */
+ public byte[] getEncoded() {
+ if (encoded != null)
+ return encoded.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Prints an E-Mailable version of the certificate request on the print
+ * stream passed. The format is a common base64 encoded one, supported
+ * by most Certificate Authorities because Netscape web servers have
+ * used this for some time. Some certificate authorities expect some
+ * more information, in particular contact information for the web
+ * server administrator.
+ *
+ * @param out the print stream where the certificate request
+ * will be printed.
+ * @exception IOException when an output operation failed
+ * @exception SignatureException when the certificate request was
+ * not yet signed.
+ */
+ public void print(PrintStream out)
+ throws IOException, SignatureException {
+ if (encoded == null)
+ throw new SignatureException("Cert request was not signed");
+
+ BASE64Encoder encoder = new BASE64Encoder();
+
+ out.println("-----BEGIN NEW CERTIFICATE REQUEST-----");
+ encoder.encodeBuffer(encoded, out);
+ out.println("-----END NEW CERTIFICATE REQUEST-----");
+ }
+
+ /**
+ * Provides a short description of this request.
+ */
+ public String toString() {
+ return "[PKCS #10 certificate request:\n"
+ + subjectPublicKeyInfo.toString()
+ + " subject: <" + subject + ">" + "\n"
+ + " attributes: " + attributeSet.toString()
+ + "\n]";
+ }
+
+ /**
+ * Compares this object for equality with the specified
+ * object. If the <code>other</code> object is an
+ * <code>instanceof</code> <code>PKCS10</code>, then
+ * its encoded form is retrieved and compared with the
+ * encoded form of this certificate request.
+ *
+ * @param other the object to test for equality with this object.
+ * @return true iff the encoded forms of the two certificate
+ * requests match, false otherwise.
+ */
+ public boolean equals(Object other) {
+ if (this == other)
+ return true;
+ if (!(other instanceof PKCS10))
+ return false;
+ if (encoded == null) // not signed yet
+ return false;
+ byte[] otherEncoded = ((PKCS10)other).getEncoded();
+ if (otherEncoded == null)
+ return false;
+
+ return java.util.Arrays.equals(encoded, otherEncoded);
+ }
+
+ /**
+ * Returns a hashcode value for this certificate request from its
+ * encoded form.
+ *
+ * @return the hashcode value.
+ */
+ public int hashCode() {
+ int retval = 0;
+ if (encoded != null)
+ for (int i = 1; i < encoded.length; i++)
+ retval += encoded[i] * i;
+ return(retval);
+ }
+
+ private X500Name subject;
+ private PublicKey subjectPublicKeyInfo;
+ private PKCS10Attributes attributeSet;
+ private byte[] encoded; // signed
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/pkcs10/PKCS10Attribute.java Wed Jul 05 17:54:07 2017 +0200
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.pkcs10;
+
+import java.io.OutputStream;
+import java.io.IOException;
+
+import sun.security.pkcs.PKCS9Attribute;
+import sun.security.util.*;
+
+/**
+ * Represent a PKCS#10 Attribute.
+ *
+ * <p>Attributes are additonal information which can be inserted in a PKCS#10
+ * certificate request. For example a "Driving License Certificate" could have
+ * the driving license number as an attribute.
+ *
+ * <p>Attributes are represented as a sequence of the attribute identifier
+ * (Object Identifier) and a set of DER encoded attribute values.
+ *
+ * ASN.1 definition of Attribute:
+ * <pre>
+ * Attribute :: SEQUENCE {
+ * type AttributeType,
+ * values SET OF AttributeValue
+ * }
+ * AttributeType ::= OBJECT IDENTIFIER
+ * AttributeValue ::= ANY defined by type
+ * </pre>
+ *
+ * @author Amit Kapoor
+ * @author Hemma Prafullchandra
+ */
+public class PKCS10Attribute implements DerEncoder {
+
+ protected ObjectIdentifier attributeId = null;
+ protected Object attributeValue = null;
+
+ /**
+ * Constructs an attribute from a DER encoding.
+ * This constructor expects the value to be encoded as defined above,
+ * i.e. a SEQUENCE of OID and SET OF value(s), not a literal
+ * X.509 v3 extension. Only PKCS9 defined attributes are supported
+ * currently.
+ *
+ * @param derVal the der encoded attribute.
+ * @exception IOException on parsing errors.
+ */
+ public PKCS10Attribute(DerValue derVal) throws IOException {
+ PKCS9Attribute attr = new PKCS9Attribute(derVal);
+ this.attributeId = attr.getOID();
+ this.attributeValue = attr.getValue();
+ }
+
+ /**
+ * Constructs an attribute from individual components of
+ * ObjectIdentifier and the value (any java object).
+ *
+ * @param attributeId the ObjectIdentifier of the attribute.
+ * @param attributeValue an instance of a class that implements
+ * the attribute identified by the ObjectIdentifier.
+ */
+ public PKCS10Attribute(ObjectIdentifier attributeId,
+ Object attributeValue) {
+ this.attributeId = attributeId;
+ this.attributeValue = attributeValue;
+ }
+
+ /**
+ * Constructs an attribute from PKCS9 attribute.
+ *
+ * @param attr the PKCS9Attribute to create from.
+ */
+ public PKCS10Attribute(PKCS9Attribute attr) {
+ this.attributeId = attr.getOID();
+ this.attributeValue = attr.getValue();
+ }
+
+ /**
+ * DER encode this object onto an output stream.
+ * Implements the <code>DerEncoder</code> interface.
+ *
+ * @param out
+ * the OutputStream on which to write the DER encoding.
+ *
+ * @exception IOException on encoding errors.
+ */
+ public void derEncode(OutputStream out) throws IOException {
+ PKCS9Attribute attr = new PKCS9Attribute(attributeId, attributeValue);
+ attr.derEncode(out);
+ }
+
+ /**
+ * Returns the ObjectIdentifier of the attribute.
+ */
+ public ObjectIdentifier getAttributeId() {
+ return (attributeId);
+ }
+
+ /**
+ * Returns the attribute value.
+ */
+ public Object getAttributeValue() {
+ return (attributeValue);
+ }
+
+ /**
+ * Returns the attribute in user readable form.
+ */
+ public String toString() {
+ return (attributeValue.toString());
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/pkcs10/PKCS10Attributes.java Wed Jul 05 17:54:07 2017 +0200
@@ -0,0 +1,219 @@
+/*
+ * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.pkcs10;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.security.cert.CertificateException;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+import sun.security.util.*;
+
+/**
+ * This class defines the PKCS10 attributes for the request.
+ * The ASN.1 syntax for this is:
+ * <pre>
+ * Attributes ::= SET OF Attribute
+ * </pre>
+ *
+ * @author Amit Kapoor
+ * @author Hemma Prafullchandra
+ * @see PKCS10
+ * @see PKCS10Attribute
+ */
+public class PKCS10Attributes implements DerEncoder {
+
+ private Hashtable<String, PKCS10Attribute> map =
+ new Hashtable<String, PKCS10Attribute>(3);
+
+ /**
+ * Default constructor for the PKCS10 attribute.
+ */
+ public PKCS10Attributes() { }
+
+ /**
+ * Create the object from the array of PKCS10Attribute objects.
+ *
+ * @param attrs the array of PKCS10Attribute objects.
+ */
+ public PKCS10Attributes(PKCS10Attribute[] attrs) {
+ for (int i = 0; i < attrs.length; i++) {
+ map.put(attrs[i].getAttributeId().toString(), attrs[i]);
+ }
+ }
+
+ /**
+ * Create the object, decoding the values from the passed DER stream.
+ * The DER stream contains the SET OF Attribute.
+ *
+ * @param in the DerInputStream to read the attributes from.
+ * @exception IOException on decoding errors.
+ */
+ public PKCS10Attributes(DerInputStream in) throws IOException {
+ DerValue[] attrs = in.getSet(3, true);
+
+ if (attrs == null)
+ throw new IOException("Illegal encoding of attributes");
+ for (int i = 0; i < attrs.length; i++) {
+ PKCS10Attribute attr = new PKCS10Attribute(attrs[i]);
+ map.put(attr.getAttributeId().toString(), attr);
+ }
+ }
+
+ /**
+ * Encode the attributes in DER form to the stream.
+ *
+ * @param out the OutputStream to marshal the contents to.
+ * @exception IOException on encoding errors.
+ */
+ public void encode(OutputStream out) throws IOException {
+ derEncode(out);
+ }
+
+ /**
+ * Encode the attributes in DER form to the stream.
+ * Implements the <code>DerEncoder</code> interface.
+ *
+ * @param out the OutputStream to marshal the contents to.
+ * @exception IOException on encoding errors.
+ */
+ public void derEncode(OutputStream out) throws IOException {
+ // first copy the elements into an array
+ Collection<PKCS10Attribute> allAttrs = map.values();
+ PKCS10Attribute[] attribs =
+ allAttrs.toArray(new PKCS10Attribute[map.size()]);
+
+ DerOutputStream attrOut = new DerOutputStream();
+ attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT,
+ true, (byte)0),
+ attribs);
+ out.write(attrOut.toByteArray());
+ }
+
+ /**
+ * Set the attribute value.
+ */
+ public void setAttribute(String name, Object obj) {
+ if (obj instanceof PKCS10Attribute) {
+ map.put(name, (PKCS10Attribute)obj);
+ }
+ }
+
+ /**
+ * Get the attribute value.
+ */
+ public Object getAttribute(String name) {
+ return map.get(name);
+ }
+
+ /**
+ * Delete the attribute value.
+ */
+ public void deleteAttribute(String name) {
+ map.remove(name);
+ }
+
+ /**
+ * Return an enumeration of names of attributes existing within this
+ * attribute.
+ */
+ public Enumeration<PKCS10Attribute> getElements() {
+ return (map.elements());
+ }
+
+ /**
+ * Return a Collection of attributes existing within this
+ * PKCS10Attributes object.
+ */
+ public Collection<PKCS10Attribute> getAttributes() {
+ return (Collections.unmodifiableCollection(map.values()));
+ }
+
+ /**
+ * Compares this PKCS10Attributes for equality with the specified
+ * object. If the <code>other</code> object is an
+ * <code>instanceof</code> <code>PKCS10Attributes</code>, then
+ * all the entries are compared with the entries from this.
+ *
+ * @param other the object to test for equality with this PKCS10Attributes.
+ * @return true if all the entries match that of the Other,
+ * false otherwise.
+ */
+ public boolean equals(Object other) {
+ if (this == other)
+ return true;
+ if (!(other instanceof PKCS10Attributes))
+ return false;
+
+ Collection<PKCS10Attribute> othersAttribs =
+ ((PKCS10Attributes)other).getAttributes();
+ PKCS10Attribute[] attrs =
+ othersAttribs.toArray(new PKCS10Attribute[othersAttribs.size()]);
+ int len = attrs.length;
+ if (len != map.size())
+ return false;
+ PKCS10Attribute thisAttr, otherAttr;
+ String key = null;
+ for (int i=0; i < len; i++) {
+ otherAttr = attrs[i];
+ key = otherAttr.getAttributeId().toString();
+
+ if (key == null)
+ return false;
+ thisAttr = map.get(key);
+ if (thisAttr == null)
+ return false;
+ if (! thisAttr.equals(otherAttr))
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Returns a hashcode value for this PKCS10Attributes.
+ *
+ * @return the hashcode value.
+ */
+ public int hashCode() {
+ return map.hashCode();
+ }
+
+ /**
+ * Returns a string representation of this <tt>PKCS10Attributes</tt> object
+ * in the form of a set of entries, enclosed in braces and separated
+ * by the ASCII characters "<tt>, </tt>" (comma and space).
+ * <p>Overrides the <tt>toString</tt> method of <tt>Object</tt>.
+ *
+ * @return a string representation of this PKCS10Attributes.
+ */
+ public String toString() {
+ String s = map.size() + "\n" + map.toString();
+ return s;
+ }
+}
--- a/jdk/src/share/classes/sun/security/pkcs11/Config.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/pkcs11/Config.java Wed Jul 05 17:54:07 2017 +0200
@@ -192,6 +192,11 @@
// works only for NSS providers created via the Secmod API
private boolean nssUseSecmodTrust = false;
+ // Flag to indicate whether the X9.63 encoding for EC points shall be used
+ // (true) or whether that encoding shall be wrapped in an ASN.1 OctetString
+ // (false).
+ private boolean useEcX963Encoding = false;
+
private Config(String filename, InputStream in) throws IOException {
if (in == null) {
if (filename.startsWith("--")) {
@@ -320,6 +325,10 @@
return nssUseSecmodTrust;
}
+ boolean getUseEcX963Encoding() {
+ return useEcX963Encoding;
+ }
+
private static String expand(final String s) throws IOException {
try {
return PropertyExpander.expand(s);
@@ -440,6 +449,8 @@
parseNSSArgs(word);
} else if (word.equals("nssUseSecmodTrust")) {
nssUseSecmodTrust = parseBooleanEntry(word);
+ } else if (word.equals("useEcX963Encoding")) {
+ useEcX963Encoding = parseBooleanEntry(word);
} else {
throw new ConfigurationException
("Unknown keyword '" + word + "', line " + st.lineno());
--- a/jdk/src/share/classes/sun/security/pkcs11/KeyCache.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/pkcs11/KeyCache.java Wed Jul 05 17:54:07 2017 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -48,7 +48,7 @@
*/
final class KeyCache {
- private final Cache strongCache;
+ private final Cache<IdentityWrapper, P11Key> strongCache;
private WeakReference<Map<Key,P11Key>> cacheReference;
@@ -77,7 +77,7 @@
}
synchronized P11Key get(Key key) {
- P11Key p11Key = (P11Key)strongCache.get(new IdentityWrapper(key));
+ P11Key p11Key = strongCache.get(new IdentityWrapper(key));
if (p11Key != null) {
return p11Key;
}
@@ -94,8 +94,8 @@
Map<Key,P11Key> map =
(cacheReference == null) ? null : cacheReference.get();
if (map == null) {
- map = new IdentityHashMap<Key,P11Key>();
- cacheReference = new WeakReference<Map<Key,P11Key>>(map);
+ map = new IdentityHashMap<>();
+ cacheReference = new WeakReference<>(map);
}
map.put(key, p11Key);
}
--- a/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Wed Jul 05 17:54:07 2017 +0200
@@ -203,14 +203,20 @@
private PublicKey generatePublic(ECPoint point, ECParameterSpec params) throws PKCS11Exception {
byte[] encodedParams = ECParameters.encodeParameters(params);
- byte[] encodedPoint = null;
- DerValue pkECPoint = new DerValue(DerValue.tag_OctetString,
- ECParameters.encodePoint(point, params.getCurve()));
+ byte[] encodedPoint =
+ ECParameters.encodePoint(point, params.getCurve());
- try {
- encodedPoint = pkECPoint.toByteArray();
- } catch (IOException e) {
- throw new IllegalArgumentException("Could not DER encode point", e);
+ // Check whether the X9.63 encoding of an EC point shall be wrapped
+ // in an ASN.1 OCTET STRING
+ if (!token.config.getUseEcX963Encoding()) {
+ try {
+ encodedPoint =
+ new DerValue(DerValue.tag_OctetString, encodedPoint)
+ .toByteArray();
+ } catch (IOException e) {
+ throw new
+ IllegalArgumentException("Could not DER encode point", e);
+ }
}
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
--- a/jdk/src/share/classes/sun/security/pkcs11/P11Key.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11Key.java Wed Jul 05 17:54:07 2017 +0200
@@ -1028,28 +1028,21 @@
try {
params = P11ECKeyFactory.decodeParameters
(attributes[1].getByteArray());
-
- /*
- * An uncompressed EC point may be in either of two formats.
- * First try the OCTET STRING encoding:
- * 04 <length> 04 <X-coordinate> <Y-coordinate>
- *
- * Otherwise try the raw encoding:
- * 04 <X-coordinate> <Y-coordinate>
- */
byte[] ecKey = attributes[0].getByteArray();
- try {
+ // Check whether the X9.63 encoding of an EC point is wrapped
+ // in an ASN.1 OCTET STRING
+ if (!token.config.getUseEcX963Encoding()) {
DerValue wECPoint = new DerValue(ecKey);
- if (wECPoint.getTag() != DerValue.tag_OctetString)
- throw new IOException("Unexpected tag: " +
- wECPoint.getTag());
+ if (wECPoint.getTag() != DerValue.tag_OctetString) {
+ throw new IOException("Could not DER decode EC point." +
+ " Unexpected tag: " + wECPoint.getTag());
+ }
w = P11ECKeyFactory.decodePoint
(wECPoint.getDataBytes(), params.getCurve());
- } catch (IOException e) {
- // Failover
+ } else {
w = P11ECKeyFactory.decodePoint(ecKey, params.getCurve());
}
--- a/jdk/src/share/classes/sun/security/provider/X509Factory.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/provider/X509Factory.java Wed Jul 05 17:54:07 2017 +0200
@@ -64,8 +64,10 @@
private static final int ENC_MAX_LENGTH = 4096 * 1024; // 4 MB MAX
- private static final Cache certCache = Cache.newSoftMemoryCache(750);
- private static final Cache crlCache = Cache.newSoftMemoryCache(750);
+ private static final Cache<Object, X509CertImpl> certCache
+ = Cache.newSoftMemoryCache(750);
+ private static final Cache<Object, X509CRLImpl> crlCache
+ = Cache.newSoftMemoryCache(750);
/**
* Generates an X.509 certificate object and initializes it with
@@ -90,7 +92,7 @@
try {
byte[] encoding = readOneBlock(is);
if (encoding != null) {
- X509CertImpl cert = (X509CertImpl)getFromCache(certCache, encoding);
+ X509CertImpl cert = getFromCache(certCache, encoding);
if (cert != null) {
return cert;
}
@@ -151,7 +153,7 @@
} else {
encoding = c.getEncoded();
}
- X509CertImpl newC = (X509CertImpl)getFromCache(certCache, encoding);
+ X509CertImpl newC = getFromCache(certCache, encoding);
if (newC != null) {
return newC;
}
@@ -181,7 +183,7 @@
} else {
encoding = c.getEncoded();
}
- X509CRLImpl newC = (X509CRLImpl)getFromCache(crlCache, encoding);
+ X509CRLImpl newC = getFromCache(crlCache, encoding);
if (newC != null) {
return newC;
}
@@ -198,18 +200,17 @@
/**
* Get the X509CertImpl or X509CRLImpl from the cache.
*/
- private static synchronized Object getFromCache(Cache cache,
+ private static synchronized <K,V> V getFromCache(Cache<K,V> cache,
byte[] encoding) {
Object key = new Cache.EqualByteArray(encoding);
- Object value = cache.get(key);
- return value;
+ return cache.get(key);
}
/**
* Add the X509CertImpl or X509CRLImpl to the cache.
*/
- private static synchronized void addToCache(Cache cache, byte[] encoding,
- Object value) {
+ private static synchronized <V> void addToCache(Cache<Object, V> cache,
+ byte[] encoding, V value) {
if (encoding.length > ENC_MAX_LENGTH) {
return;
}
@@ -361,7 +362,7 @@
try {
byte[] encoding = readOneBlock(is);
if (encoding != null) {
- X509CRLImpl crl = (X509CRLImpl)getFromCache(crlCache, encoding);
+ X509CRLImpl crl = getFromCache(crlCache, encoding);
if (crl != null) {
return crl;
}
@@ -669,6 +670,23 @@
bout.write(midByte);
bout.write(lowByte);
length = (highByte << 16) | (midByte << 8) | lowByte;
+ } else if (n == 0x84) {
+ int highByte = is.read();
+ int nextByte = is.read();
+ int midByte = is.read();
+ int lowByte = is.read();
+ if (lowByte == -1) {
+ throw new IOException("Incomplete BER/DER length info");
+ }
+ if (highByte > 127) {
+ throw new IOException("Invalid BER/DER data (a little huge?)");
+ }
+ bout.write(highByte);
+ bout.write(nextByte);
+ bout.write(midByte);
+ bout.write(lowByte);
+ length = (highByte << 24 ) | (nextByte << 16) |
+ (midByte << 8) | lowByte;
} else { // ignore longer length forms
throw new IOException("Invalid BER/DER data (too huge?)");
}
--- a/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java Wed Jul 05 17:54:07 2017 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,32 +27,87 @@
import java.net.URI;
import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+import java.security.AccessController;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidAlgorithmParameterException;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.security.cert.CertStore;
import java.security.cert.X509CertSelector;
import java.security.cert.X509CRLSelector;
import javax.security.auth.x500.X500Principal;
import java.io.IOException;
+import sun.security.util.Cache;
+
/**
- * Helper used by URICertStore when delegating to another CertStore to
- * fetch certs and CRLs.
+ * Helper used by URICertStore and others when delegating to another CertStore
+ * to fetch certs and CRLs.
*/
-public interface CertStoreHelper {
+public abstract class CertStoreHelper {
+
+ private static final int NUM_TYPES = 2;
+ private final static Map<String,String> classMap = new HashMap<>(NUM_TYPES);
+ static {
+ classMap.put(
+ "LDAP",
+ "sun.security.provider.certpath.ldap.LDAPCertStoreHelper");
+ classMap.put(
+ "SSLServer",
+ "sun.security.provider.certpath.ssl.SSLServerCertStoreHelper");
+ };
+ private static Cache<String, CertStoreHelper> cache
+ = Cache.newSoftMemoryCache(NUM_TYPES);
+
+ public static CertStoreHelper getInstance(final String type)
+ throws NoSuchAlgorithmException
+ {
+ CertStoreHelper helper = cache.get(type);
+ if (helper != null) {
+ return helper;
+ }
+ final String cl = classMap.get(type);
+ if (cl == null) {
+ throw new NoSuchAlgorithmException(type + " not available");
+ }
+ try {
+ helper = AccessController.doPrivileged(
+ new PrivilegedExceptionAction<CertStoreHelper>() {
+ public CertStoreHelper run() throws ClassNotFoundException {
+ try {
+ Class<?> c = Class.forName(cl, true, null);
+ CertStoreHelper csh
+ = (CertStoreHelper)c.newInstance();
+ cache.put(type, csh);
+ return csh;
+ } catch (InstantiationException e) {
+ throw new AssertionError(e);
+ } catch (IllegalAccessException e) {
+ throw new AssertionError(e);
+ }
+ }
+ });
+ return helper;
+ } catch (PrivilegedActionException e) {
+ throw new NoSuchAlgorithmException(type + " not available",
+ e.getException());
+ }
+ }
/**
* Returns a CertStore using the given URI as parameters.
*/
- CertStore getCertStore(URI uri)
+ public abstract CertStore getCertStore(URI uri)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
/**
* Wraps an existing X509CertSelector when needing to avoid DN matching
* issues.
*/
- X509CertSelector wrap(X509CertSelector selector,
+ public abstract X509CertSelector wrap(X509CertSelector selector,
X500Principal certSubject,
String dn)
throws IOException;
@@ -61,7 +116,7 @@
* Wraps an existing X509CRLSelector when needing to avoid DN matching
* issues.
*/
- X509CRLSelector wrap(X509CRLSelector selector,
+ public abstract X509CRLSelector wrap(X509CRLSelector selector,
Collection<X500Principal> certIssuers,
String dn)
throws IOException;
--- a/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java Wed Jul 05 17:54:07 2017 +0200
@@ -30,8 +30,6 @@
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URLConnection;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
@@ -102,8 +100,7 @@
private final CertificateFactory factory;
// cached Collection of X509Certificates (may be empty, never null)
- private Collection<X509Certificate> certs =
- Collections.<X509Certificate>emptySet();
+ private Collection<X509Certificate> certs = Collections.emptySet();
// cached X509CRL (may be null)
private X509CRL crl;
@@ -120,36 +117,11 @@
// true if URI is ldap
private boolean ldap = false;
+ private CertStoreHelper ldapHelper;
private CertStore ldapCertStore;
private String ldapPath;
/**
- * Holder class to lazily load LDAPCertStoreHelper if present.
- */
- private static class LDAP {
- private static final String CERT_STORE_HELPER =
- "sun.security.provider.certpath.ldap.LDAPCertStoreHelper";
- private static final CertStoreHelper helper =
- AccessController.doPrivileged(
- new PrivilegedAction<CertStoreHelper>() {
- public CertStoreHelper run() {
- try {
- Class<?> c = Class.forName(CERT_STORE_HELPER, true, null);
- return (CertStoreHelper)c.newInstance();
- } catch (ClassNotFoundException cnf) {
- return null;
- } catch (InstantiationException e) {
- throw new AssertionError(e);
- } catch (IllegalAccessException e) {
- throw new AssertionError(e);
- }
- }});
- static CertStoreHelper helper() {
- return helper;
- }
- }
-
- /**
* Creates a URICertStore.
*
* @param parameters specifying the URI
@@ -164,10 +136,9 @@
this.uri = ((URICertStoreParameters) params).uri;
// if ldap URI, use an LDAPCertStore to fetch certs and CRLs
if (uri.getScheme().toLowerCase(Locale.ENGLISH).equals("ldap")) {
- if (LDAP.helper() == null)
- throw new NoSuchAlgorithmException("LDAP not present");
ldap = true;
- ldapCertStore = LDAP.helper().getCertStore(uri);
+ ldapHelper = CertStoreHelper.getInstance("LDAP");
+ ldapCertStore = ldapHelper.getCertStore(uri);
ldapPath = uri.getPath();
// strip off leading '/'
if (ldapPath.charAt(0) == '/') {
@@ -185,14 +156,14 @@
* Returns a URI CertStore. This method consults a cache of
* CertStores (shared per JVM) using the URI as a key.
*/
- private static final Cache certStoreCache =
- Cache.newSoftMemoryCache(CACHE_SIZE);
+ private static final Cache<URICertStoreParameters, CertStore>
+ certStoreCache = Cache.newSoftMemoryCache(CACHE_SIZE);
static synchronized CertStore getInstance(URICertStoreParameters params)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
if (debug != null) {
debug.println("CertStore URI:" + params.uri);
}
- CertStore ucs = (CertStore) certStoreCache.get(params);
+ CertStore ucs = certStoreCache.get(params);
if (ucs == null) {
ucs = new UCS(new URICertStore(params), null, "URI", params);
certStoreCache.put(params, ucs);
@@ -251,7 +222,7 @@
if (ldap) {
X509CertSelector xsel = (X509CertSelector) selector;
try {
- xsel = LDAP.helper().wrap(xsel, xsel.getSubject(), ldapPath);
+ xsel = ldapHelper.wrap(xsel, xsel.getSubject(), ldapPath);
} catch (IOException ioe) {
throw new CertStoreException(ioe);
}
@@ -273,62 +244,49 @@
return getMatchingCerts(certs, selector);
}
lastChecked = time;
- InputStream in = null;
try {
URLConnection connection = uri.toURL().openConnection();
if (lastModified != 0) {
connection.setIfModifiedSince(lastModified);
}
- in = connection.getInputStream();
long oldLastModified = lastModified;
- lastModified = connection.getLastModified();
- if (oldLastModified != 0) {
- if (oldLastModified == lastModified) {
- if (debug != null) {
- debug.println("Not modified, using cached copy");
- }
- return getMatchingCerts(certs, selector);
- } else if (connection instanceof HttpURLConnection) {
- // some proxy servers omit last modified
- HttpURLConnection hconn = (HttpURLConnection) connection;
- if (hconn.getResponseCode()
- == HttpURLConnection.HTTP_NOT_MODIFIED) {
+ try (InputStream in = connection.getInputStream()) {
+ lastModified = connection.getLastModified();
+ if (oldLastModified != 0) {
+ if (oldLastModified == lastModified) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCerts(certs, selector);
+ } else if (connection instanceof HttpURLConnection) {
+ // some proxy servers omit last modified
+ HttpURLConnection hconn = (HttpURLConnection)connection;
+ if (hconn.getResponseCode()
+ == HttpURLConnection.HTTP_NOT_MODIFIED) {
+ if (debug != null) {
+ debug.println("Not modified, using cached copy");
+ }
+ return getMatchingCerts(certs, selector);
+ }
}
}
- }
- if (debug != null) {
- debug.println("Downloading new certificates...");
+ if (debug != null) {
+ debug.println("Downloading new certificates...");
+ }
+ // Safe cast since factory is an X.509 certificate factory
+ certs = (Collection<X509Certificate>)
+ factory.generateCertificates(in);
}
- // Safe cast since factory is an X.509 certificate factory
- certs = (Collection<X509Certificate>)
- factory.generateCertificates(in);
return getMatchingCerts(certs, selector);
- } catch (IOException e) {
+ } catch (IOException | CertificateException e) {
if (debug != null) {
debug.println("Exception fetching certificates:");
e.printStackTrace();
}
- } catch (CertificateException e) {
- if (debug != null) {
- debug.println("Exception fetching certificates:");
- e.printStackTrace();
- }
- } finally {
- if (in != null) {
- try {
- in.close();
- } catch (IOException e) {
- // ignore
- }
- }
}
// exception, forget previous values
lastModified = 0;
- certs = Collections.<X509Certificate>emptySet();
+ certs = Collections.emptySet();
return certs;
}
@@ -343,8 +301,7 @@
if (selector == null) {
return certs;
}
- List<X509Certificate> matchedCerts =
- new ArrayList<X509Certificate>(certs.size());
+ List<X509Certificate> matchedCerts = new ArrayList<>(certs.size());
for (X509Certificate cert : certs) {
if (selector.match(cert)) {
matchedCerts.add(cert);
@@ -374,7 +331,7 @@
if (ldap) {
X509CRLSelector xsel = (X509CRLSelector) selector;
try {
- xsel = LDAP.helper().wrap(xsel, null, ldapPath);
+ xsel = ldapHelper.wrap(xsel, null, ldapPath);
} catch (IOException ioe) {
throw new CertStoreException(ioe);
}
@@ -395,61 +352,48 @@
return getMatchingCRLs(crl, selector);
}
lastChecked = time;
- InputStream in = null;
try {
URLConnection connection = uri.toURL().openConnection();
if (lastModified != 0) {
connection.setIfModifiedSince(lastModified);
}
- in = connection.getInputStream();
long oldLastModified = lastModified;
- lastModified = connection.getLastModified();
- if (oldLastModified != 0) {
- if (oldLastModified == lastModified) {
- if (debug != null) {
- debug.println("Not modified, using cached copy");
- }
- return getMatchingCRLs(crl, selector);
- } else if (connection instanceof HttpURLConnection) {
- // some proxy servers omit last modified
- HttpURLConnection hconn = (HttpURLConnection) connection;
- if (hconn.getResponseCode()
- == HttpURLConnection.HTTP_NOT_MODIFIED) {
+ try (InputStream in = connection.getInputStream()) {
+ lastModified = connection.getLastModified();
+ if (oldLastModified != 0) {
+ if (oldLastModified == lastModified) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCRLs(crl, selector);
+ } else if (connection instanceof HttpURLConnection) {
+ // some proxy servers omit last modified
+ HttpURLConnection hconn = (HttpURLConnection)connection;
+ if (hconn.getResponseCode()
+ == HttpURLConnection.HTTP_NOT_MODIFIED) {
+ if (debug != null) {
+ debug.println("Not modified, using cached copy");
+ }
+ return getMatchingCRLs(crl, selector);
+ }
}
}
- }
- if (debug != null) {
- debug.println("Downloading new CRL...");
+ if (debug != null) {
+ debug.println("Downloading new CRL...");
+ }
+ crl = (X509CRL) factory.generateCRL(in);
}
- crl = (X509CRL) factory.generateCRL(in);
return getMatchingCRLs(crl, selector);
- } catch (IOException e) {
+ } catch (IOException | CRLException e) {
if (debug != null) {
debug.println("Exception fetching CRL:");
e.printStackTrace();
}
- } catch (CRLException e) {
- if (debug != null) {
- debug.println("Exception fetching CRL:");
- e.printStackTrace();
- }
- } finally {
- if (in != null) {
- try {
- in.close();
- } catch (IOException e) {
- // ignore
- }
- }
}
// exception, forget previous values
lastModified = 0;
crl = null;
- return Collections.<X509CRL>emptyList();
+ return Collections.emptyList();
}
/**
@@ -459,9 +403,9 @@
private static Collection<X509CRL> getMatchingCRLs
(X509CRL crl, CRLSelector selector) {
if (selector == null || (crl != null && selector.match(crl))) {
- return Collections.<X509CRL>singletonList(crl);
+ return Collections.singletonList(crl);
} else {
- return Collections.<X509CRL>emptyList();
+ return Collections.emptyList();
}
}
--- a/jdk/src/share/classes/sun/security/provider/certpath/X509CertificatePair.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/X509CertificatePair.java Wed Jul 05 17:54:07 2017 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -79,7 +79,8 @@
private X509Certificate reverse;
private byte[] encoded;
- private static final Cache cache = Cache.newSoftMemoryCache(750);
+ private static final Cache<Object, X509CertificatePair> cache
+ = Cache.newSoftMemoryCache(750);
/**
* Creates an empty instance of X509CertificatePair.
@@ -114,7 +115,7 @@
*
* For internal use only, external code should use generateCertificatePair.
*/
- private X509CertificatePair(byte[] encoded)throws CertificateException {
+ private X509CertificatePair(byte[] encoded) throws CertificateException {
try {
parse(new DerValue(encoded));
this.encoded = encoded;
@@ -138,7 +139,7 @@
public static synchronized X509CertificatePair generateCertificatePair
(byte[] encoded) throws CertificateException {
Object key = new Cache.EqualByteArray(encoded);
- X509CertificatePair pair = (X509CertificatePair)cache.get(key);
+ X509CertificatePair pair = cache.get(key);
if (pair != null) {
return pair;
}
--- a/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Wed Jul 05 17:54:07 2017 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -103,7 +103,7 @@
* @author Steve Hanna
* @author Andreas Sterbenz
*/
-public class LDAPCertStore extends CertStoreSpi {
+public final class LDAPCertStore extends CertStoreSpi {
private static final Debug debug = Debug.getInstance("certpath");
@@ -160,7 +160,7 @@
*/
private boolean prefetchCRLs = false;
- private final Cache valueCache;
+ private final Cache<String, byte[][]> valueCache;
private int cacheHits = 0;
private int cacheMisses = 0;
@@ -207,10 +207,11 @@
* Returns an LDAP CertStore. This method consults a cache of
* CertStores (shared per JVM) using the LDAP server/port as a key.
*/
- private static final Cache certStoreCache = Cache.newSoftMemoryCache(185);
+ private static final Cache<LDAPCertStoreParameters, CertStore>
+ certStoreCache = Cache.newSoftMemoryCache(185);
static synchronized CertStore getInstance(LDAPCertStoreParameters params)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
- CertStore lcs = (CertStore) certStoreCache.get(params);
+ CertStore lcs = certStoreCache.get(params);
if (lcs == null) {
lcs = CertStore.getInstance("LDAP", params);
certStoreCache.put(params, lcs);
@@ -232,7 +233,7 @@
private void createInitialDirContext(String server, int port)
throws InvalidAlgorithmParameterException {
String url = "ldap://" + server + ":" + port;
- Hashtable<String,Object> env = new Hashtable<String,Object>();
+ Hashtable<String,Object> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, url);
@@ -283,7 +284,7 @@
LDAPRequest(String name) {
this.name = name;
- requestedAttributes = new ArrayList<String>(5);
+ requestedAttributes = new ArrayList<>(5);
}
String getName() {
@@ -311,7 +312,7 @@
+ cacheMisses);
}
String cacheKey = name + "|" + attrId;
- byte[][] values = (byte[][])valueCache.get(cacheKey);
+ byte[][] values = valueCache.get(cacheKey);
if (values != null) {
cacheHits++;
return values;
@@ -347,7 +348,7 @@
System.out.println("LDAP requests: " + requests);
}
}
- valueMap = new HashMap<String, byte[][]>(8);
+ valueMap = new HashMap<>(8);
String[] attrIds = requestedAttributes.toArray(STRING0);
Attributes attrs;
try {
@@ -429,10 +430,10 @@
int n = encodedCert.length;
if (n == 0) {
- return Collections.<X509Certificate>emptySet();
+ return Collections.emptySet();
}
- List<X509Certificate> certs = new ArrayList<X509Certificate>(n);
+ List<X509Certificate> certs = new ArrayList<>(n);
/* decode certs and check if they satisfy selector */
for (int i = 0; i < n; i++) {
ByteArrayInputStream bais = new ByteArrayInputStream(encodedCert[i]);
@@ -477,11 +478,10 @@
int n = encodedCertPair.length;
if (n == 0) {
- return Collections.<X509CertificatePair>emptySet();
+ return Collections.emptySet();
}
- List<X509CertificatePair> certPairs =
- new ArrayList<X509CertificatePair>(n);
+ List<X509CertificatePair> certPairs = new ArrayList<>(n);
/* decode each cert pair and add it to the Collection */
for (int i = 0; i < n; i++) {
try {
@@ -528,8 +528,7 @@
getCertPairs(request, CROSS_CERT);
// Find Certificates that match and put them in a list
- ArrayList<X509Certificate> matchingCerts =
- new ArrayList<X509Certificate>();
+ ArrayList<X509Certificate> matchingCerts = new ArrayList<>();
for (X509CertificatePair certPair : certPairs) {
X509Certificate cert;
if (forward != null) {
@@ -587,7 +586,7 @@
int basicConstraints = xsel.getBasicConstraints();
String subject = xsel.getSubjectAsString();
String issuer = xsel.getIssuerAsString();
- HashSet<X509Certificate> certs = new HashSet<X509Certificate>();
+ HashSet<X509Certificate> certs = new HashSet<>();
if (debug != null) {
debug.println("LDAPCertStore.engineGetCertificates() basicConstraints: "
+ basicConstraints);
@@ -706,10 +705,10 @@
int n = encodedCRL.length;
if (n == 0) {
- return Collections.<X509CRL>emptySet();
+ return Collections.emptySet();
}
- List<X509CRL> crls = new ArrayList<X509CRL>(n);
+ List<X509CRL> crls = new ArrayList<>(n);
/* decode each crl and check if it matches selector */
for (int i = 0; i < n; i++) {
try {
@@ -765,13 +764,13 @@
throw new CertStoreException("need X509CRLSelector to find CRLs");
}
X509CRLSelector xsel = (X509CRLSelector) selector;
- HashSet<X509CRL> crls = new HashSet<X509CRL>();
+ HashSet<X509CRL> crls = new HashSet<>();
// Look in directory entry for issuer of cert we're checking.
Collection<Object> issuerNames;
X509Certificate certChecking = xsel.getCertificateChecking();
if (certChecking != null) {
- issuerNames = new HashSet<Object>();
+ issuerNames = new HashSet<>();
X500Principal issuer = certChecking.getIssuerX500Principal();
issuerNames.add(issuer.getName(X500Principal.RFC2253));
} else {
@@ -796,7 +795,7 @@
issuerName = (String)nameObject;
}
// If all we want is CA certs, try to get the (probably shorter) ARL
- Collection<X509CRL> entryCRLs = Collections.<X509CRL>emptySet();
+ Collection<X509CRL> entryCRLs = Collections.emptySet();
if (certChecking == null || certChecking.getBasicConstraints() != -1) {
LDAPRequest request = new LDAPRequest(issuerName);
request.addRequestedAttribute(CROSS_CERT);
@@ -1028,9 +1027,9 @@
throws IOException {
this.selector = selector == null ? new X509CRLSelector() : selector;
this.certIssuers = certIssuers;
- issuerNames = new HashSet<Object>();
+ issuerNames = new HashSet<>();
issuerNames.add(ldapDN);
- issuers = new HashSet<X500Principal>();
+ issuers = new HashSet<>();
issuers.add(new X500Name(ldapDN).asX500Principal());
}
// we only override the get (accessor methods) since the set methods
--- a/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java Wed Jul 05 17:54:07 2017 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -41,11 +41,9 @@
* LDAP implementation of CertStoreHelper.
*/
-public class LDAPCertStoreHelper
- implements CertStoreHelper
+public final class LDAPCertStoreHelper
+ extends CertStoreHelper
{
- public LDAPCertStoreHelper() { }
-
@Override
public CertStore getCertStore(URI uri)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStore.java Wed Jul 05 17:54:07 2017 +0200
@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.provider.certpath.ssl;
+
+import java.io.IOException;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.Provider;
+import java.security.cert.CertificateException;
+import java.security.cert.CertSelector;
+import java.security.cert.CertStore;
+import java.security.cert.CertStoreException;
+import java.security.cert.CertStoreParameters;
+import java.security.cert.CertStoreSpi;
+import java.security.cert.CRLSelector;
+import java.security.cert.X509Certificate;
+import java.security.cert.X509CRL;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * A CertStore that retrieves an SSL server's certificate chain.
+ */
+public final class SSLServerCertStore extends CertStoreSpi {
+
+ private final URI uri;
+
+ SSLServerCertStore(URI uri) throws InvalidAlgorithmParameterException {
+ super(null);
+ this.uri = uri;
+ }
+
+ public synchronized Collection<X509Certificate> engineGetCertificates
+ (CertSelector selector) throws CertStoreException
+ {
+ try {
+ SSLContext sc = SSLContext.getInstance("SSL");
+ GetChainTrustManager xtm = new GetChainTrustManager();
+ sc.init(null, new TrustManager[] { xtm }, null);
+ HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+ HttpsURLConnection.setDefaultHostnameVerifier(
+ new HostnameVerifier() {
+ public boolean verify(String hostname, SSLSession session) {
+ return true;
+ }
+ });
+ uri.toURL().openConnection().connect();
+ return getMatchingCerts(xtm.serverChain, selector);
+ } catch (GeneralSecurityException | IOException e) {
+ throw new CertStoreException(e);
+ }
+ }
+
+ private static List<X509Certificate> getMatchingCerts
+ (List<X509Certificate> certs, CertSelector selector)
+ {
+ // if selector not specified, all certs match
+ if (selector == null) {
+ return certs;
+ }
+ List<X509Certificate> matchedCerts = new ArrayList<>(certs.size());
+ for (X509Certificate cert : certs) {
+ if (selector.match(cert)) {
+ matchedCerts.add(cert);
+ }
+ }
+ return matchedCerts;
+ }
+
+ public Collection<X509CRL> engineGetCRLs(CRLSelector selector)
+ throws CertStoreException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ static synchronized CertStore getInstance(URI uri)
+ throws InvalidAlgorithmParameterException
+ {
+ return new CS(new SSLServerCertStore(uri), null, "SSLServer", null);
+ }
+
+ /*
+ * An X509TrustManager that simply stores a reference to the server's
+ * certificate chain.
+ */
+ private static class GetChainTrustManager implements X509TrustManager {
+ private List<X509Certificate> serverChain;
+
+ public X509Certificate[] getAcceptedIssuers() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void checkClientTrusted(X509Certificate[] chain,
+ String authType)
+ throws CertificateException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ public void checkServerTrusted(X509Certificate[] chain,
+ String authType)
+ throws CertificateException
+ {
+ this.serverChain = (chain == null)
+ ? Collections.<X509Certificate>emptyList()
+ : Arrays.asList(chain);
+ }
+ }
+
+ /**
+ * This class allows the SSLServerCertStore to be accessed as a CertStore.
+ */
+ private static class CS extends CertStore {
+ protected CS(CertStoreSpi spi, Provider p, String type,
+ CertStoreParameters params)
+ {
+ super(spi, p, type, params);
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java Wed Jul 05 17:54:07 2017 +0200
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.provider.certpath.ssl;
+
+import java.net.URI;
+import java.util.Collection;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.cert.CertStore;
+import java.security.cert.X509CertSelector;
+import java.security.cert.X509CRLSelector;
+import javax.security.auth.x500.X500Principal;
+import java.io.IOException;
+
+import sun.security.provider.certpath.CertStoreHelper;
+
+/**
+ * SSL implementation of CertStoreHelper.
+ */
+public final class SSLServerCertStoreHelper extends CertStoreHelper {
+
+ @Override
+ public CertStore getCertStore(URI uri)
+ throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
+ {
+ return SSLServerCertStore.getInstance(uri);
+ }
+
+ @Override
+ public X509CertSelector wrap(X509CertSelector selector,
+ X500Principal certSubject,
+ String ldapDN)
+ throws IOException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public X509CRLSelector wrap(X509CRLSelector selector,
+ Collection<X500Principal> certIssuers,
+ String ldapDN)
+ throws IOException
+ {
+ throw new UnsupportedOperationException();
+ }
+}
--- a/jdk/src/share/classes/sun/security/ssl/CipherBox.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/ssl/CipherBox.java Wed Jul 05 17:54:07 2017 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -305,9 +305,11 @@
byte[] buf = null;
int limit = bb.limit();
if (bb.hasArray()) {
+ int arrayOffset = bb.arrayOffset();
buf = bb.array();
- System.arraycopy(buf, pos,
- buf, pos + prefix.length, limit - pos);
+ System.arraycopy(buf, arrayOffset + pos,
+ buf, arrayOffset + pos + prefix.length,
+ limit - pos);
bb.limit(limit + prefix.length);
} else {
buf = new byte[limit - pos];
@@ -491,9 +493,10 @@
byte[] buf = null;
int limit = bb.limit();
if (bb.hasArray()) {
+ int arrayOffset = bb.arrayOffset();
buf = bb.array();
- System.arraycopy(buf, pos + blockSize,
- buf, pos, limit - pos - blockSize);
+ System.arraycopy(buf, arrayOffset + pos + blockSize,
+ buf, arrayOffset + pos, limit - pos - blockSize);
bb.limit(limit - blockSize);
} else {
buf = new byte[limit - pos - blockSize];
--- a/jdk/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java Wed Jul 05 17:54:07 2017 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -43,11 +43,14 @@
import javax.net.ssl.SSLSession;
import sun.security.util.Cache;
+import sun.security.util.Cache.CacheVisitor;
final class SSLSessionContextImpl implements SSLSessionContext {
- private Cache sessionCache; // session cache, session id as key
- private Cache sessionHostPortCache; // session cache, "host:port" as key
+ private Cache<SessionId, SSLSessionImpl> sessionCache;
+ // session cache, session id as key
+ private Cache<String, SSLSessionImpl> sessionHostPortCache;
+ // session cache, "host:port" as key
private int cacheLimit; // the max cache size
private int timeout; // timeout in seconds
@@ -71,8 +74,7 @@
throw new NullPointerException("session id cannot be null");
}
- SSLSessionImpl sess =
- (SSLSessionImpl)sessionCache.get(new SessionId(sessionId));
+ SSLSessionImpl sess = sessionCache.get(new SessionId(sessionId));
if (!isTimedout(sess)) {
return sess;
}
@@ -157,8 +159,7 @@
return null;
}
- SSLSessionImpl sess =
- (SSLSessionImpl)sessionHostPortCache.get(getKey(hostname, port));
+ SSLSessionImpl sess = sessionHostPortCache.get(getKey(hostname, port));
if (!isTimedout(sess)) {
return sess;
}
@@ -193,7 +194,7 @@
// package-private method, remove a cached SSLSession
void remove(SessionId key) {
- SSLSessionImpl s = (SSLSessionImpl)sessionCache.get(key);
+ SSLSessionImpl s = sessionCache.get(key);
if (s != null) {
sessionCache.remove(key);
sessionHostPortCache.remove(
@@ -233,17 +234,17 @@
}
final class SessionCacheVisitor
- implements sun.security.util.Cache.CacheVisitor {
+ implements Cache.CacheVisitor<SessionId, SSLSessionImpl> {
Vector<byte[]> ids = null;
- // public void visit(java.util.Map<Object, Object> map) {}
- public void visit(java.util.Map<Object, Object> map) {
- ids = new Vector<byte[]>(map.size());
+ // public void visit(java.util.Map<K,V> map) {}
+ public void visit(java.util.Map<SessionId, SSLSessionImpl> map) {
+ ids = new Vector<>(map.size());
- for (Object key : map.keySet()) {
- SSLSessionImpl value = (SSLSessionImpl)map.get(key);
+ for (SessionId key : map.keySet()) {
+ SSLSessionImpl value = map.get(key);
if (!isTimedout(value)) {
- ids.addElement(((SessionId)key).getId());
+ ids.addElement(key.getId());
}
}
}
--- a/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java Wed Jul 05 17:54:07 2017 +0200
@@ -28,13 +28,13 @@
import java.io.BufferedInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
+import java.net.URI;
import java.net.URL;
import java.net.HttpURLConnection;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
import sun.misc.IOUtils;
+import sun.security.util.Debug;
/**
* A timestamper that communicates with a Timestamping Authority (TSA)
@@ -58,20 +58,23 @@
private static final String TS_REPLY_MIME_TYPE =
"application/timestamp-reply";
- private static final boolean DEBUG = false;
+ private static final Debug debug = Debug.getInstance("ts");
/*
- * HTTP URL identifying the location of the TSA
+ * HTTP URI identifying the location of the TSA
*/
- private String tsaUrl = null;
+ private URI tsaURI = null;
/**
* Creates a timestamper that connects to the specified TSA.
*
- * @param tsa The location of the TSA. It must be an HTTP URL.
+ * @param tsa The location of the TSA. It must be an HTTP URI.
+ * @throws IllegalArgumentException if tsaURI is not an HTTP URI
*/
- public HttpTimestamper(String tsaUrl) {
- this.tsaUrl = tsaUrl;
+ public HttpTimestamper(URI tsaURI) {
+ if (!tsaURI.getScheme().equalsIgnoreCase("http"))
+ throw new IllegalArgumentException("TSA must be an HTTP URI");
+ this.tsaURI = tsaURI;
}
/**
@@ -85,7 +88,7 @@
public TSResponse generateTimestamp(TSRequest tsQuery) throws IOException {
HttpURLConnection connection =
- (HttpURLConnection) new URL(tsaUrl).openConnection();
+ (HttpURLConnection) tsaURI.toURL().openConnection();
connection.setDoOutput(true);
connection.setUseCaches(false); // ignore cache
connection.setRequestProperty("Content-Type", TS_QUERY_MIME_TYPE);
@@ -93,15 +96,15 @@
// Avoids the "hang" when a proxy is required but none has been set.
connection.setConnectTimeout(CONNECT_TIMEOUT);
- if (DEBUG) {
+ if (debug != null) {
Set<Map.Entry<String, List<String>>> headers =
- connection.getRequestProperties().entrySet();
- System.out.println(connection.getRequestMethod() + " " + tsaUrl +
+ connection.getRequestProperties().entrySet();
+ debug.println(connection.getRequestMethod() + " " + tsaURI +
" HTTP/1.1");
- for (Map.Entry<String, List<String>> entry : headers) {
- System.out.println(" " + entry);
+ for (Map.Entry<String, List<String>> e : headers) {
+ debug.println(" " + e);
}
- System.out.println();
+ debug.println();
}
connection.connect(); // No HTTP authentication is performed
@@ -112,8 +115,8 @@
byte[] request = tsQuery.encode();
output.write(request, 0, request.length);
output.flush();
- if (DEBUG) {
- System.out.println("sent timestamp query (length=" +
+ if (debug != null) {
+ debug.println("sent timestamp query (length=" +
request.length + ")");
}
} finally {
@@ -127,17 +130,17 @@
byte[] replyBuffer = null;
try {
input = new BufferedInputStream(connection.getInputStream());
- if (DEBUG) {
+ if (debug != null) {
String header = connection.getHeaderField(0);
- System.out.println(header);
+ debug.println(header);
int i = 1;
while ((header = connection.getHeaderField(i)) != null) {
String key = connection.getHeaderFieldKey(i);
- System.out.println(" " + ((key==null) ? "" : key + ": ") +
+ debug.println(" " + ((key==null) ? "" : key + ": ") +
header);
i++;
}
- System.out.println();
+ debug.println();
}
verifyMimeType(connection.getContentType());
@@ -145,8 +148,8 @@
int contentLength = connection.getContentLength();
replyBuffer = IOUtils.readFully(input, contentLength, false);
- if (DEBUG) {
- System.out.println("received timestamp response (length=" +
+ if (debug != null) {
+ debug.println("received timestamp response (length=" +
total + ")");
}
} finally {
--- a/jdk/src/share/classes/sun/security/timestamp/TSRequest.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/timestamp/TSRequest.java Wed Jul 05 17:54:07 2017 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,10 +27,13 @@
import java.io.IOException;
import java.math.BigInteger;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Extension;
import sun.security.util.DerValue;
import sun.security.util.DerOutputStream;
import sun.security.util.ObjectIdentifier;
+import sun.security.x509.AlgorithmId;
/**
* This class provides a timestamp request, as defined in
@@ -64,24 +67,9 @@
public class TSRequest {
- private static final ObjectIdentifier SHA1_OID;
- private static final ObjectIdentifier MD5_OID;
- static {
- ObjectIdentifier sha1 = null;
- ObjectIdentifier md5 = null;
- try {
- sha1 = new ObjectIdentifier("1.3.14.3.2.26");
- md5 = new ObjectIdentifier("1.2.840.113549.2.5");
- } catch (IOException ioe) {
- // should not happen
- }
- SHA1_OID = sha1;
- MD5_OID = md5;
- }
-
private int version = 1;
- private ObjectIdentifier hashAlgorithmId = null;
+ private AlgorithmId hashAlgorithmId = null;
private byte[] hashValue;
@@ -94,30 +82,21 @@
private X509Extension[] extensions = null;
/**
- * Constructs a timestamp request for the supplied hash value..
+ * Constructs a timestamp request for the supplied data.
*
- * @param hashValue The hash value. This is the data to be timestamped.
- * @param hashAlgorithm The name of the hash algorithm.
+ * @param toBeTimeStamped The data to be timestamped.
+ * @param messageDigest The MessageDigest of the hash algorithm to use.
+ * @throws NoSuchAlgorithmException if the hash algorithm is not supported
*/
- public TSRequest(byte[] hashValue, String hashAlgorithm) {
+ public TSRequest(byte[] toBeTimeStamped, MessageDigest messageDigest)
+ throws NoSuchAlgorithmException {
- // Check the common hash algorithms
- if ("MD5".equalsIgnoreCase(hashAlgorithm)) {
- hashAlgorithmId = MD5_OID;
- // Check that the hash value matches the hash algorithm
- assert hashValue.length == 16;
+ this.hashAlgorithmId = AlgorithmId.get(messageDigest.getAlgorithm());
+ this.hashValue = messageDigest.digest(toBeTimeStamped);
+ }
- } else if ("SHA-1".equalsIgnoreCase(hashAlgorithm) ||
- "SHA".equalsIgnoreCase(hashAlgorithm) ||
- "SHA1".equalsIgnoreCase(hashAlgorithm)) {
- hashAlgorithmId = SHA1_OID;
- // Check that the hash value matches the hash algorithm
- assert hashValue.length == 20;
-
- }
- // Clone the hash value
- this.hashValue = new byte[hashValue.length];
- System.arraycopy(hashValue, 0, this.hashValue, 0, hashValue.length);
+ public byte[] getHashedMessage() {
+ return hashValue.clone();
}
/**
@@ -176,9 +155,7 @@
// encode messageImprint
DerOutputStream messageImprint = new DerOutputStream();
- DerOutputStream hashAlgorithm = new DerOutputStream();
- hashAlgorithm.putOID(hashAlgorithmId);
- messageImprint.write(DerValue.tag_Sequence, hashAlgorithm);
+ hashAlgorithmId.encode(messageImprint);
messageImprint.putOctetString(hashValue);
request.write(DerValue.tag_Sequence, messageImprint);
--- a/jdk/src/share/classes/sun/security/timestamp/TSResponse.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/timestamp/TSResponse.java Wed Jul 05 17:54:07 2017 +0200
@@ -27,6 +27,7 @@
import java.io.IOException;
import sun.security.pkcs.PKCS7;
+import sun.security.util.Debug;
import sun.security.util.DerValue;
/**
@@ -175,18 +176,20 @@
*/
public static final int SYSTEM_FAILURE = 25;
- private static final boolean DEBUG = false;
+ private static final Debug debug = Debug.getInstance("ts");
private int status;
private String[] statusString = null;
- private int failureInfo = -1;
+ private boolean[] failureInfo = null;
private byte[] encodedTsToken = null;
private PKCS7 tsToken = null;
+ private TimestampToken tstInfo;
+
/**
* Constructs an object to store the response to a timestamp request.
*
@@ -215,11 +218,11 @@
}
/**
- * Retrieve the failure code returned by the TSA.
+ * Retrieve the failure info returned by the TSA.
*
- * @return If -1 then no failure code was received.
+ * @return the failure info, or null if no failure code was received.
*/
- public int getFailureCode() {
+ public boolean[] getFailureInfo() {
return failureInfo;
}
@@ -250,42 +253,38 @@
}
}
+ private boolean isSet(int position) {
+ return failureInfo[position];
+ }
+
public String getFailureCodeAsText() {
- if (failureInfo == -1) {
- return null;
+ if (failureInfo == null) {
+ return "";
}
- switch (failureInfo) {
-
- case BAD_ALG:
- return "Unrecognized or unsupported alrorithm identifier.";
-
- case BAD_REQUEST:
- return "The requested transaction is not permitted or supported.";
-
- case BAD_DATA_FORMAT:
- return "The data submitted has the wrong format.";
-
- case TIME_NOT_AVAILABLE:
- return "The TSA's time source is not available.";
+ try {
+ if (isSet(BAD_ALG))
+ return "Unrecognized or unsupported algorithm identifier.";
+ if (isSet(BAD_REQUEST))
+ return "The requested transaction is not permitted or " +
+ "supported.";
+ if (isSet(BAD_DATA_FORMAT))
+ return "The data submitted has the wrong format.";
+ if (isSet(TIME_NOT_AVAILABLE))
+ return "The TSA's time source is not available.";
+ if (isSet(UNACCEPTED_POLICY))
+ return "The requested TSA policy is not supported by the TSA.";
+ if (isSet(UNACCEPTED_EXTENSION))
+ return "The requested extension is not supported by the TSA.";
+ if (isSet(ADD_INFO_NOT_AVAILABLE))
+ return "The additional information requested could not be " +
+ "understood or is not available.";
+ if (isSet(SYSTEM_FAILURE))
+ return "The request cannot be handled due to system failure.";
+ } catch (ArrayIndexOutOfBoundsException ex) {}
- case UNACCEPTED_POLICY:
- return "The requested TSA policy is not supported by the TSA.";
-
- case UNACCEPTED_EXTENSION:
- return "The requested extension is not supported by the TSA.";
-
- case ADD_INFO_NOT_AVAILABLE:
- return "The additional information requested could not be " +
- "understood or is not available.";
-
- case SYSTEM_FAILURE:
- return "The request cannot be handled due to system failure.";
-
- default:
- return ("unknown status code " + status);
- }
+ return ("unknown failure code");
}
/**
@@ -297,6 +296,10 @@
return tsToken;
}
+ public TimestampToken getTimestampToken() {
+ return tstInfo;
+ }
+
/**
* Retrieve the ASN.1 BER encoded timestamp token returned by the TSA.
*
@@ -323,29 +326,30 @@
// Parse status
- DerValue status = derValue.data.getDerValue();
- // Parse status
- this.status = status.data.getInteger();
- if (DEBUG) {
- System.out.println("timestamp response: status=" + this.status);
+ DerValue statusInfo = derValue.data.getDerValue();
+ this.status = statusInfo.data.getInteger();
+ if (debug != null) {
+ debug.println("timestamp response: status=" + this.status);
}
// Parse statusString, if present
- if (status.data.available() > 0) {
- DerValue[] strings = status.data.getSequence(1);
- statusString = new String[strings.length];
- for (int i = 0; i < strings.length; i++) {
- statusString[i] = strings[i].data.getUTF8String();
+ if (statusInfo.data.available() > 0) {
+ byte tag = (byte)statusInfo.data.peekByte();
+ if (tag == DerValue.tag_SequenceOf) {
+ DerValue[] strings = statusInfo.data.getSequence(1);
+ statusString = new String[strings.length];
+ for (int i = 0; i < strings.length; i++) {
+ statusString[i] = strings[i].getUTF8String();
+ if (debug != null) {
+ debug.println("timestamp response: statusString=" +
+ statusString[i]);
+ }
+ }
}
}
// Parse failInfo, if present
- if (status.data.available() > 0) {
- byte[] failInfo = status.data.getBitString();
- int failureInfo = (new Byte(failInfo[0])).intValue();
- if (failureInfo < 0 || failureInfo > 25 || failInfo.length != 1) {
- throw new IOException("Bad encoding for timestamp response: " +
- "unrecognized value for the failInfo element");
- }
- this.failureInfo = failureInfo;
+ if (statusInfo.data.available() > 0) {
+ this.failureInfo
+ = statusInfo.data.getUnalignedBitString().toBooleanArray();
}
// Parse timeStampToken, if present
@@ -353,6 +357,7 @@
DerValue timestampToken = derValue.data.getDerValue();
encodedTsToken = timestampToken.toByteArray();
tsToken = new PKCS7(encodedTsToken);
+ tstInfo = new TimestampToken(tsToken.getContentInfo().getData());
}
// Check the format of the timestamp response
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/tools/CertAndKeyGen.java Wed Jul 05 17:54:07 2017 +0200
@@ -0,0 +1,313 @@
+/*
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.tools;
+
+import java.io.IOException;
+import java.security.cert.X509Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateEncodingException;
+import java.security.*;
+import java.util.Date;
+
+import sun.security.pkcs10.PKCS10;
+import sun.security.x509.AlgorithmId;
+import sun.security.x509.CertificateAlgorithmId;
+import sun.security.x509.CertificateIssuerName;
+import sun.security.x509.CertificateSerialNumber;
+import sun.security.x509.CertificateSubjectName;
+import sun.security.x509.CertificateValidity;
+import sun.security.x509.CertificateVersion;
+import sun.security.x509.CertificateX509Key;
+import sun.security.x509.X500Name;
+import sun.security.x509.X509CertImpl;
+import sun.security.x509.X509CertInfo;
+import sun.security.x509.X509Key;
+
+
+/**
+ * Generate a pair of keys, and provide access to them. This class is
+ * provided primarily for ease of use.
+ *
+ * <P>This provides some simple certificate management functionality.
+ * Specifically, it allows you to create self-signed X.509 certificates
+ * as well as PKCS 10 based certificate signing requests.
+ *
+ * <P>Keys for some public key signature algorithms have algorithm
+ * parameters, such as DSS/DSA. Some sites' Certificate Authorities
+ * adopt fixed algorithm parameters, which speeds up some operations
+ * including key generation and signing. <em>At this time, this interface
+ * does not provide a way to provide such algorithm parameters, e.g.
+ * by providing the CA certificate which includes those parameters.</em>
+ *
+ * <P>Also, note that at this time only signature-capable keys may be
+ * acquired through this interface. Diffie-Hellman keys, used for secure
+ * key exchange, may be supported later.
+ *
+ * @author David Brownell
+ * @author Hemma Prafullchandra
+ * @see PKCS10
+ * @see X509CertImpl
+ */
+public final class CertAndKeyGen {
+ /**
+ * Creates a CertAndKeyGen object for a particular key type
+ * and signature algorithm.
+ *
+ * @param keyType type of key, e.g. "RSA", "DSA"
+ * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA",
+ * "MD2WithRSA", "SHAwithDSA".
+ * @exception NoSuchAlgorithmException on unrecognized algorithms.
+ */
+ public CertAndKeyGen (String keyType, String sigAlg)
+ throws NoSuchAlgorithmException
+ {
+ keyGen = KeyPairGenerator.getInstance(keyType);
+ this.sigAlg = sigAlg;
+ }
+
+ /**
+ * Creates a CertAndKeyGen object for a particular key type,
+ * signature algorithm, and provider.
+ *
+ * @param keyType type of key, e.g. "RSA", "DSA"
+ * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA",
+ * "MD2WithRSA", "SHAwithDSA".
+ * @param providerName name of the provider
+ * @exception NoSuchAlgorithmException on unrecognized algorithms.
+ * @exception NoSuchProviderException on unrecognized providers.
+ */
+ public CertAndKeyGen (String keyType, String sigAlg, String providerName)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (providerName == null) {
+ keyGen = KeyPairGenerator.getInstance(keyType);
+ } else {
+ try {
+ keyGen = KeyPairGenerator.getInstance(keyType, providerName);
+ } catch (Exception e) {
+ // try first available provider instead
+ keyGen = KeyPairGenerator.getInstance(keyType);
+ }
+ }
+ this.sigAlg = sigAlg;
+ }
+
+ /**
+ * Sets the source of random numbers used when generating keys.
+ * If you do not provide one, a system default facility is used.
+ * You may wish to provide your own source of random numbers
+ * to get a reproducible sequence of keys and signatures, or
+ * because you may be able to take advantage of strong sources
+ * of randomness/entropy in your environment.
+ */
+ public void setRandom (SecureRandom generator)
+ {
+ prng = generator;
+ }
+
+ // want "public void generate (X509Certificate)" ... inherit DSA/D-H param
+
+ /**
+ * Generates a random public/private key pair, with a given key
+ * size. Different algorithms provide different degrees of security
+ * for the same key size, because of the "work factor" involved in
+ * brute force attacks. As computers become faster, it becomes
+ * easier to perform such attacks. Small keys are to be avoided.
+ *
+ * <P>Note that not all values of "keyBits" are valid for all
+ * algorithms, and not all public key algorithms are currently
+ * supported for use in X.509 certificates. If the algorithm
+ * you specified does not produce X.509 compatible keys, an
+ * invalid key exception is thrown.
+ *
+ * @param keyBits the number of bits in the keys.
+ * @exception InvalidKeyException if the environment does not
+ * provide X.509 public keys for this signature algorithm.
+ */
+ public void generate (int keyBits)
+ throws InvalidKeyException
+ {
+ KeyPair pair;
+
+ try {
+ if (prng == null) {
+ prng = new SecureRandom();
+ }
+ keyGen.initialize(keyBits, prng);
+ pair = keyGen.generateKeyPair();
+
+ } catch (Exception e) {
+ throw new IllegalArgumentException(e.getMessage());
+ }
+
+ publicKey = pair.getPublic();
+ privateKey = pair.getPrivate();
+ }
+
+
+ /**
+ * Returns the public key of the generated key pair if it is of type
+ * <code>X509Key</code>, or null if the public key is of a different type.
+ *
+ * XXX Note: This behaviour is needed for backwards compatibility.
+ * What this method really should return is the public key of the
+ * generated key pair, regardless of whether or not it is an instance of
+ * <code>X509Key</code>. Accordingly, the return type of this method
+ * should be <code>PublicKey</code>.
+ */
+ public X509Key getPublicKey()
+ {
+ if (!(publicKey instanceof X509Key)) {
+ return null;
+ }
+ return (X509Key)publicKey;
+ }
+
+
+ /**
+ * Returns the private key of the generated key pair.
+ *
+ * <P><STRONG><em>Be extremely careful when handling private keys.
+ * When private keys are not kept secret, they lose their ability
+ * to securely authenticate specific entities ... that is a huge
+ * security risk!</em></STRONG>
+ */
+ public PrivateKey getPrivateKey ()
+ {
+ return privateKey;
+ }
+
+
+ /**
+ * Returns a self-signed X.509v3 certificate for the public key.
+ * The certificate is immediately valid. No extensions.
+ *
+ * <P>Such certificates normally are used to identify a "Certificate
+ * Authority" (CA). Accordingly, they will not always be accepted by
+ * other parties. However, such certificates are also useful when
+ * you are bootstrapping your security infrastructure, or deploying
+ * system prototypes.
+ *
+ * @param myname X.500 name of the subject (who is also the issuer)
+ * @param firstDate the issue time of the certificate
+ * @param validity how long the certificate should be valid, in seconds
+ * @exception CertificateException on certificate handling errors.
+ * @exception InvalidKeyException on key handling errors.
+ * @exception SignatureException on signature handling errors.
+ * @exception NoSuchAlgorithmException on unrecognized algorithms.
+ * @exception NoSuchProviderException on unrecognized providers.
+ */
+ public X509Certificate getSelfCertificate (
+ X500Name myname, Date firstDate, long validity)
+ throws CertificateException, InvalidKeyException, SignatureException,
+ NoSuchAlgorithmException, NoSuchProviderException
+ {
+ X509CertImpl cert;
+ Date lastDate;
+
+ try {
+ lastDate = new Date ();
+ lastDate.setTime (firstDate.getTime () + validity * 1000);
+
+ CertificateValidity interval =
+ new CertificateValidity(firstDate,lastDate);
+
+ X509CertInfo info = new X509CertInfo();
+ // Add all mandatory attributes
+ info.set(X509CertInfo.VERSION,
+ new CertificateVersion(CertificateVersion.V3));
+ info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
+ new java.util.Random().nextInt() & 0x7fffffff));
+ AlgorithmId algID = AlgorithmId.get(sigAlg);
+ info.set(X509CertInfo.ALGORITHM_ID,
+ new CertificateAlgorithmId(algID));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname));
+ info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
+ info.set(X509CertInfo.VALIDITY, interval);
+ info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
+
+ cert = new X509CertImpl(info);
+ cert.sign(privateKey, this.sigAlg);
+
+ return (X509Certificate)cert;
+
+ } catch (IOException e) {
+ throw new CertificateEncodingException("getSelfCert: " +
+ e.getMessage());
+ }
+ }
+
+ // Keep the old method
+ public X509Certificate getSelfCertificate (X500Name myname, long validity)
+ throws CertificateException, InvalidKeyException, SignatureException,
+ NoSuchAlgorithmException, NoSuchProviderException
+ {
+ return getSelfCertificate(myname, new Date(), validity);
+ }
+
+ /**
+ * Returns a PKCS #10 certificate request. The caller uses either
+ * <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code>
+ * operations on the result, to get the request in an appropriate
+ * transmission format.
+ *
+ * <P>PKCS #10 certificate requests are sent, along with some proof
+ * of identity, to Certificate Authorities (CAs) which then issue
+ * X.509 public key certificates.
+ *
+ * @param myname X.500 name of the subject
+ * @exception InvalidKeyException on key handling errors.
+ * @exception SignatureException on signature handling errors.
+ */
+ public PKCS10 getCertRequest (X500Name myname)
+ throws InvalidKeyException, SignatureException
+ {
+ PKCS10 req = new PKCS10 (publicKey);
+
+ try {
+ Signature signature = Signature.getInstance(sigAlg);
+ signature.initSign (privateKey);
+ req.encodeAndSign(myname, signature);
+
+ } catch (CertificateException e) {
+ throw new SignatureException (sigAlg + " CertificateException");
+
+ } catch (IOException e) {
+ throw new SignatureException (sigAlg + " IOException");
+
+ } catch (NoSuchAlgorithmException e) {
+ // "can't happen"
+ throw new SignatureException (sigAlg + " unavailable?");
+ }
+ return req;
+ }
+
+ private SecureRandom prng;
+ private String sigAlg;
+ private KeyPairGenerator keyGen;
+ private PublicKey publicKey;
+ private PrivateKey privateKey;
+}
--- a/jdk/src/share/classes/sun/security/tools/JarSigner.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/tools/JarSigner.java Wed Jul 05 17:54:07 2017 +0200
@@ -1277,11 +1277,10 @@
System.out.println(rb.getString("TSA.location.") + tsaUrl);
}
if (tsaCert != null) {
- String certUrl =
- TimestampedSigner.getTimestampingUrl(tsaCert);
- if (certUrl != null) {
+ URI tsaURI = TimestampedSigner.getTimestampingURI(tsaCert);
+ if (tsaURI != null) {
System.out.println(rb.getString("TSA.location.") +
- certUrl);
+ tsaURI);
}
System.out.println(rb.getString("TSA.certificate.") +
printCert("", tsaCert, false, 0, false));
--- a/jdk/src/share/classes/sun/security/tools/KeyTool.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java Wed Jul 05 17:54:07 2017 +0200
@@ -38,10 +38,12 @@
import java.security.Timestamp;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
+import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
+import java.security.cert.CertStoreException;
import java.security.cert.CRL;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
@@ -63,23 +65,16 @@
import javax.security.auth.x500.X500Principal;
import sun.misc.BASE64Encoder;
import sun.security.util.ObjectIdentifier;
-import sun.security.pkcs.PKCS10;
+import sun.security.pkcs10.PKCS10;
+import sun.security.pkcs10.PKCS10Attribute;
import sun.security.provider.X509Factory;
+import sun.security.provider.certpath.CertStoreHelper;
import sun.security.util.Password;
-import sun.security.util.PathList;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
import sun.misc.BASE64Decoder;
-import sun.security.pkcs.PKCS10Attribute;
import sun.security.pkcs.PKCS9Attribute;
-import sun.security.provider.certpath.ldap.LDAPCertStoreHelper;
import sun.security.util.DerValue;
import sun.security.x509.*;
@@ -917,18 +912,13 @@
// Perform the specified command
if (command == CERTREQ) {
- PrintStream ps = null;
if (filename != null) {
- ps = new PrintStream(new FileOutputStream
- (filename));
- out = ps;
- }
- try {
+ try (PrintStream ps = new PrintStream(new FileOutputStream
+ (filename))) {
+ doCertReq(alias, sigAlgName, ps);
+ }
+ } else {
doCertReq(alias, sigAlgName, out);
- } finally {
- if (ps != null) {
- ps.close();
- }
}
if (verbose && filename != null) {
MessageFormat form = new MessageFormat(rb.getString
@@ -941,18 +931,13 @@
doDeleteEntry(alias);
kssave = true;
} else if (command == EXPORTCERT) {
- PrintStream ps = null;
if (filename != null) {
- ps = new PrintStream(new FileOutputStream
- (filename));
- out = ps;
- }
- try {
+ try (PrintStream ps = new PrintStream(new FileOutputStream
+ (filename))) {
+ doExportCert(alias, ps);
+ }
+ } else {
doExportCert(alias, out);
- } finally {
- if (ps != null) {
- ps.close();
- }
}
if (filename != null) {
MessageFormat form = new MessageFormat(rb.getString
@@ -973,16 +958,12 @@
doGenSecretKey(alias, keyAlgName, keysize);
kssave = true;
} else if (command == IDENTITYDB) {
- InputStream inStream = System.in;
if (filename != null) {
- inStream = new FileInputStream(filename);
- }
- try {
- doImportIdentityDatabase(inStream);
- } finally {
- if (inStream != System.in) {
- inStream.close();
+ try (InputStream inStream = new FileInputStream(filename)) {
+ doImportIdentityDatabase(inStream);
}
+ } else {
+ doImportIdentityDatabase(System.in);
}
} else if (command == IMPORTCERT) {
InputStream inStream = System.in;
@@ -1101,29 +1082,21 @@
if (alias == null) {
alias = keyAlias;
}
- PrintStream ps = null;
if (filename != null) {
- ps = new PrintStream(new FileOutputStream(filename));
- out = ps;
- }
- try {
+ try (PrintStream ps =
+ new PrintStream(new FileOutputStream(filename))) {
+ doGenCRL(ps);
+ }
+ } else {
doGenCRL(out);
- } finally {
- if (ps != null) {
- ps.close();
- }
}
} else if (command == PRINTCERTREQ) {
- InputStream inStream = System.in;
if (filename != null) {
- inStream = new FileInputStream(filename);
- }
- try {
- doPrintCertReq(inStream, out);
- } finally {
- if (inStream != System.in) {
- inStream.close();
+ try (InputStream inStream = new FileInputStream(filename)) {
+ doPrintCertReq(inStream, out);
}
+ } else {
+ doPrintCertReq(System.in, out);
}
} else if (command == PRINTCRL) {
doPrintCRL(filename, out);
@@ -2070,12 +2043,13 @@
}
}
} else { // must be LDAP, and uri is not null
+ // Lazily load LDAPCertStoreHelper if present
+ CertStoreHelper helper = CertStoreHelper.getInstance("LDAP");
String path = uri.getPath();
if (path.charAt(0) == '/') path = path.substring(1);
- LDAPCertStoreHelper h = new LDAPCertStoreHelper();
- CertStore s = h.getCertStore(uri);
+ CertStore s = helper.getCertStore(uri);
X509CRLSelector sel =
- h.wrap(new X509CRLSelector(), null, path);
+ helper.wrap(new X509CRLSelector(), null, path);
return s.getCRLs(sel);
}
}
@@ -2259,18 +2233,12 @@
int pos = 0;
while (entries.hasMoreElements()) {
JarEntry je = entries.nextElement();
- InputStream is = null;
- try {
- is = jf.getInputStream(je);
+ try (InputStream is = jf.getInputStream(je)) {
while (is.read(buffer) != -1) {
// we just read. this will throw a SecurityException
// if a signature/digest check fails. This also
// populate the signers
}
- } finally {
- if (is != null) {
- is.close();
- }
}
CodeSigner[] signers = je.getCodeSigners();
if (signers != null) {
@@ -2316,85 +2284,52 @@
out.println(rb.getString("Not.a.signed.jar.file"));
}
} else if (sslserver != null) {
- SSLContext sc = SSLContext.getInstance("SSL");
- final boolean[] certPrinted = new boolean[1];
- sc.init(null, new TrustManager[] {
- new X509TrustManager() {
-
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return null;
- }
-
- public void checkClientTrusted(
- java.security.cert.X509Certificate[] certs, String authType) {
+ // Lazily load SSLCertStoreHelper if present
+ CertStoreHelper helper = CertStoreHelper.getInstance("SSLServer");
+ CertStore cs = helper.getCertStore(new URI("https://" + sslserver));
+ Collection<? extends Certificate> chain;
+ try {
+ chain = cs.getCertificates(null);
+ if (chain.isEmpty()) {
+ // If the certs are not retrieved, we consider it an error
+ // even if the URL connection is successful.
+ throw new Exception(rb.getString(
+ "No.certificate.from.the.SSL.server"));
+ }
+ } catch (CertStoreException cse) {
+ if (cse.getCause() instanceof IOException) {
+ throw new Exception(rb.getString(
+ "No.certificate.from.the.SSL.server"),
+ cse.getCause());
+ } else {
+ throw cse;
+ }
+ }
+
+ int i = 0;
+ for (Certificate cert : chain) {
+ try {
+ if (rfc) {
+ dumpCert(cert, out);
+ } else {
+ out.println("Certificate #" + i++);
+ out.println("====================================");
+ printX509Cert((X509Certificate)cert, out);
+ out.println();
}
-
- public void checkServerTrusted(
- java.security.cert.X509Certificate[] certs, String authType) {
- for (int i=0; i<certs.length; i++) {
- X509Certificate cert = certs[i];
- try {
- if (rfc) {
- dumpCert(cert, out);
- } else {
- out.println("Certificate #" + i);
- out.println("====================================");
- printX509Cert(cert, out);
- out.println();
- }
- } catch (Exception e) {
- if (debug) {
- e.printStackTrace();
- }
- }
- }
-
- // Set to true where there's something to print
- if (certs.length > 0) {
- certPrinted[0] = true;
- }
+ } catch (Exception e) {
+ if (debug) {
+ e.printStackTrace();
}
}
- }, null);
- HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
- HttpsURLConnection.setDefaultHostnameVerifier(
- new HostnameVerifier() {
- public boolean verify(String hostname, SSLSession session) {
- return true;
- }
- });
- // HTTPS instead of raw SSL, so that -Dhttps.proxyHost and
- // -Dhttps.proxyPort can be used. Since we only go through
- // the handshake process, an HTTPS server is not needed.
- // This program should be able to deal with any SSL-based
- // network service.
- Exception ex = null;
- try {
- new URL("https://" + sslserver).openConnection().connect();
- } catch (Exception e) {
- ex = e;
- }
- // If the certs are not printed out, we consider it an error even
- // if the URL connection is successful.
- if (!certPrinted[0]) {
- Exception e = new Exception(
- rb.getString("No.certificate.from.the.SSL.server"));
- if (ex != null) {
- e.initCause(ex);
- }
- throw e;
}
} else {
- InputStream inStream = System.in;
if (filename != null) {
- inStream = new FileInputStream(filename);
- }
- try {
- printCertFromStream(inStream, out);
- } finally {
- if (inStream != System.in) {
- inStream.close();
+ try (FileInputStream inStream = new FileInputStream(filename)) {
+ printCertFromStream(inStream, out);
}
+ } else {
+ printCertFromStream(System.in, out);
}
}
}
@@ -2590,9 +2525,7 @@
X509Certificate cert = null;
try {
cert = (X509Certificate)cf.generateCertificate(in);
- } catch (ClassCastException cce) {
- throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
- } catch (CertificateException ce) {
+ } catch (ClassCastException | CertificateException ce) {
throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
}
@@ -3441,16 +3374,10 @@
if (!file.exists()) {
return null;
}
- FileInputStream fis = null;
KeyStore caks = null;
- try {
- fis = new FileInputStream(file);
+ try (FileInputStream fis = new FileInputStream(file)) {
caks = KeyStore.getInstance(JKS);
caks.load(fis, null);
- } finally {
- if (fis != null) {
- fis.close();
- }
}
return caks;
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/tools/PathList.java Wed Jul 05 17:54:07 2017 +0200
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.tools;
+
+import java.io.File;
+import java.io.IOException;
+import java.lang.String;
+import java.util.StringTokenizer;
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.net.MalformedURLException;
+
+/**
+ * A utility class for handle path list
+ *
+ */
+public class PathList {
+ /**
+ * Utility method for appending path from pathFrom to pathTo.
+ *
+ * @param pathTo the target path
+ * @param pathSource the path to be appended to pathTo
+ * @return the resulting path
+ */
+ public static String appendPath(String pathTo, String pathFrom) {
+ if (pathTo == null || pathTo.length() == 0) {
+ return pathFrom;
+ } else if (pathFrom == null || pathFrom.length() == 0) {
+ return pathTo;
+ } else {
+ return pathTo + File.pathSeparator + pathFrom;
+ }
+ }
+
+ /**
+ * Utility method for converting a search path string to an array
+ * of directory and JAR file URLs.
+ *
+ * @param path the search path string
+ * @return the resulting array of directory and JAR file URLs
+ */
+ public static URL[] pathToURLs(String path) {
+ StringTokenizer st = new StringTokenizer(path, File.pathSeparator);
+ URL[] urls = new URL[st.countTokens()];
+ int count = 0;
+ while (st.hasMoreTokens()) {
+ URL url = fileToURL(new File(st.nextToken()));
+ if (url != null) {
+ urls[count++] = url;
+ }
+ }
+ if (urls.length != count) {
+ URL[] tmp = new URL[count];
+ System.arraycopy(urls, 0, tmp, 0, count);
+ urls = tmp;
+ }
+ return urls;
+ }
+
+ /**
+ * Returns the directory or JAR file URL corresponding to the specified
+ * local file name.
+ *
+ * @param file the File object
+ * @return the resulting directory or JAR file URL, or null if unknown
+ */
+ private static URL fileToURL(File file) {
+ String name;
+ try {
+ name = file.getCanonicalPath();
+ } catch (IOException e) {
+ name = file.getAbsolutePath();
+ }
+ name = name.replace(File.separatorChar, '/');
+ if (!name.startsWith("/")) {
+ name = "/" + name;
+ }
+ // If the file does not exist, then assume that it's a directory
+ if (!file.isFile()) {
+ name = name + "/";
+ }
+ try {
+ return new URL("file", "", name);
+ } catch (MalformedURLException e) {
+ throw new IllegalArgumentException("file");
+ }
+ }
+}
--- a/jdk/src/share/classes/sun/security/tools/TimestampedSigner.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/tools/TimestampedSigner.java Wed Jul 05 17:54:07 2017 +0200
@@ -25,22 +25,14 @@
package sun.security.tools;
-import java.io.ByteArrayOutputStream;
import java.io.IOException;
-import java.math.BigInteger;
import java.net.URI;
-import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
-import java.security.Principal;
-import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
-import java.util.List;
import com.sun.jarsigner.*;
-import java.util.Arrays;
-import sun.security.pkcs.*;
-import sun.security.timestamp.*;
+import sun.security.pkcs.PKCS7;
import sun.security.util.*;
import sun.security.x509.*;
@@ -57,36 +49,12 @@
public final class TimestampedSigner extends ContentSigner {
/*
- * Random number generator for creating nonce values
- */
- private static final SecureRandom RANDOM;
- static {
- SecureRandom tmp = null;
- try {
- tmp = SecureRandom.getInstance("SHA1PRNG");
- } catch (NoSuchAlgorithmException e) {
- // should not happen
- }
- RANDOM = tmp;
- }
-
- /*
* Object identifier for the subject information access X.509 certificate
* extension.
*/
private static final String SUBJECT_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.11";
/*
- * Object identifier for the timestamping key purpose.
- */
- private static final String KP_TIMESTAMPING_OID = "1.3.6.1.5.5.7.3.8";
-
- /*
- * Object identifier for extendedKeyUsage extension
- */
- private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37";
-
- /*
* Object identifier for the timestamping access descriptors.
*/
private static final ObjectIdentifier AD_TIMESTAMPING_Id;
@@ -100,26 +68,6 @@
AD_TIMESTAMPING_Id = tmp;
}
- /*
- * Location of the TSA.
- */
- private String tsaUrl = null;
-
- /*
- * TSA's X.509 certificate.
- */
- private X509Certificate tsaCertificate = null;
-
- /*
- * Generates an SHA-1 hash value for the data to be timestamped.
- */
- private MessageDigest messageDigest = null;
-
- /*
- * Parameters for the timestamping protocol.
- */
- private boolean tsRequestCertificate = true;
-
/**
* Instantiates a content signer that supports timestamped signatures.
*/
@@ -134,7 +82,7 @@
* and optionally the content that was signed, are packaged into a PKCS #7
* signed data message.
*
- * @param parameters The non-null input parameters.
+ * @param params The non-null input parameters.
* @param omitContent true if the content should be omitted from the
* signed data message. Otherwise the content is included.
* @param applyTimestamp true if the signature should be timestamped.
@@ -151,98 +99,41 @@
* @throws NullPointerException The exception is thrown if parameters is
* null.
*/
- public byte[] generateSignedData(ContentSignerParameters parameters,
+ public byte[] generateSignedData(ContentSignerParameters params,
boolean omitContent, boolean applyTimestamp)
throws NoSuchAlgorithmException, CertificateException, IOException {
- if (parameters == null) {
+ if (params == null) {
throw new NullPointerException();
}
- // Parse the signature algorithm to extract the digest and key
- // algorithms. The expected format is:
+ // Parse the signature algorithm to extract the digest
+ // algorithm. The expected format is:
// "<digest>with<encryption>"
// or "<digest>with<encryption>and<mgf>"
- String signatureAlgorithm = parameters.getSignatureAlgorithm();
- String keyAlgorithm =
- AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm);
- String digestAlgorithm =
- AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm);
- AlgorithmId digestAlgorithmId = AlgorithmId.get(digestAlgorithm);
+ String signatureAlgorithm = params.getSignatureAlgorithm();
- // Examine signer's certificate
- X509Certificate[] signerCertificateChain =
- parameters.getSignerCertificateChain();
- Principal issuerName = signerCertificateChain[0].getIssuerDN();
- if (!(issuerName instanceof X500Name)) {
- // must extract the original encoded form of DN for subsequent
- // name comparison checks (converting to a String and back to
- // an encoded DN could cause the types of String attribute
- // values to be changed)
- X509CertInfo tbsCert = new
- X509CertInfo(signerCertificateChain[0].getTBSCertificate());
- issuerName = (Principal)
- tbsCert.get(CertificateIssuerName.NAME + "." +
- CertificateIssuerName.DN_NAME);
- }
- BigInteger serialNumber = signerCertificateChain[0].getSerialNumber();
+ X509Certificate[] signerChain = params.getSignerCertificateChain();
+ byte[] signature = params.getSignature();
// Include or exclude content
- byte[] content = parameters.getContent();
- ContentInfo contentInfo;
- if (omitContent) {
- contentInfo = new ContentInfo(ContentInfo.DATA_OID, null);
- } else {
- contentInfo = new ContentInfo(content);
- }
+ byte[] content = (omitContent == true) ? null : params.getContent();
- // Generate the timestamp token
- byte[] signature = parameters.getSignature();
- SignerInfo signerInfo = null;
+ URI tsaURI = null;
if (applyTimestamp) {
-
- tsaCertificate = parameters.getTimestampingAuthorityCertificate();
- URI tsaUri = parameters.getTimestampingAuthority();
- if (tsaUri != null) {
- tsaUrl = tsaUri.toString();
- } else {
+ tsaURI = params.getTimestampingAuthority();
+ if (tsaURI == null) {
// Examine TSA cert
- String certUrl = getTimestampingUrl(tsaCertificate);
- if (certUrl == null) {
+ tsaURI = getTimestampingURI(
+ params.getTimestampingAuthorityCertificate());
+ if (tsaURI == null) {
throw new CertificateException(
"Subject Information Access extension not found");
}
- tsaUrl = certUrl;
}
-
- // Timestamp the signature
- byte[] tsToken = generateTimestampToken(signature);
-
- // Insert the timestamp token into the PKCS #7 signer info element
- // (as an unsigned attribute)
- PKCS9Attributes unsignedAttrs =
- new PKCS9Attributes(new PKCS9Attribute[]{
- new PKCS9Attribute(
- PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR,
- tsToken)});
- signerInfo = new SignerInfo((X500Name)issuerName, serialNumber,
- digestAlgorithmId, null, AlgorithmId.get(keyAlgorithm),
- signature, unsignedAttrs);
- } else {
- signerInfo = new SignerInfo((X500Name)issuerName, serialNumber,
- digestAlgorithmId, AlgorithmId.get(keyAlgorithm), signature);
}
-
- SignerInfo[] signerInfos = {signerInfo};
- AlgorithmId[] algorithms = {digestAlgorithmId};
-
- // Create the PKCS #7 signed data message
- PKCS7 p7 = new PKCS7(algorithms, contentInfo, signerCertificateChain,
- null, signerInfos);
- ByteArrayOutputStream p7out = new ByteArrayOutputStream();
- p7.encodeSignedData(p7out);
-
- return p7out.toByteArray();
+ return PKCS7.generateSignedData(signature, signerChain, content,
+ params.getSignatureAlgorithm(), tsaURI);
}
/**
@@ -253,9 +144,9 @@
* <tt>accessLocation</tt> field should contain an HTTP or HTTPS URL.
*
* @param tsaCertificate An X.509 certificate for the TSA.
- * @return An HTTP or HTTPS URL or null if none was found.
+ * @return An HTTP or HTTPS URI or null if none was found.
*/
- public static String getTimestampingUrl(X509Certificate tsaCertificate) {
+ public static URI getTimestampingURI(X509Certificate tsaCertificate) {
if (tsaCertificate == null) {
return null;
@@ -282,7 +173,7 @@
uri = (URIName) location.getName();
if (uri.getScheme().equalsIgnoreCase("http") ||
uri.getScheme().equalsIgnoreCase("https")) {
- return uri.getName();
+ return uri.getURI();
}
}
}
@@ -292,97 +183,4 @@
}
return null;
}
-
- /*
- * Returns a timestamp token from a TSA for the given content.
- * Performs a basic check on the token to confirm that it has been signed
- * by a certificate that is permitted to sign timestamps.
- *
- * @param toBeTimestamped The data to be timestamped.
- * @throws IOException The exception is throw if an error occurs while
- * communicating with the TSA.
- * @throws CertificateException The exception is throw if the TSA's
- * certificate is not permitted for timestamping.
- */
- private byte[] generateTimestampToken(byte[] toBeTimestamped)
- throws CertificateException, IOException {
-
- // Generate hash value for the data to be timestamped
- // SHA-1 is always used.
- if (messageDigest == null) {
- try {
- messageDigest = MessageDigest.getInstance("SHA-1");
- } catch (NoSuchAlgorithmException e) {
- // ignore
- }
- }
- byte[] digest = messageDigest.digest(toBeTimestamped);
-
- // Generate a timestamp
- TSRequest tsQuery = new TSRequest(digest, "SHA-1");
- // Generate a nonce
- BigInteger nonce = null;
- if (RANDOM != null) {
- nonce = new BigInteger(64, RANDOM);
- tsQuery.setNonce(nonce);
- }
- tsQuery.requestCertificate(tsRequestCertificate);
-
- Timestamper tsa = new HttpTimestamper(tsaUrl); // use supplied TSA
- TSResponse tsReply = tsa.generateTimestamp(tsQuery);
- int status = tsReply.getStatusCode();
- // Handle TSP error
- if (status != 0 && status != 1) {
- int failureCode = tsReply.getFailureCode();
- if (failureCode == -1) {
- throw new IOException("Error generating timestamp: " +
- tsReply.getStatusCodeAsText());
- } else {
- throw new IOException("Error generating timestamp: " +
- tsReply.getStatusCodeAsText() + " " +
- tsReply.getFailureCodeAsText());
- }
- }
- PKCS7 tsToken = tsReply.getToken();
-
- TimestampToken tst = new TimestampToken(tsToken.getContentInfo().getData());
- if (!tst.getHashAlgorithm().equals(
- new AlgorithmId(new ObjectIdentifier("1.3.14.3.2.26")))) {
- throw new IOException("Digest algorithm not SHA-1 in timestamp token");
- }
- if (!Arrays.equals(tst.getHashedMessage(), digest)) {
- throw new IOException("Digest octets changed in timestamp token");
- }
-
- BigInteger replyNonce = tst.getNonce();
- if (replyNonce == null && nonce != null) {
- throw new IOException("Nonce missing in timestamp token");
- }
- if (replyNonce != null && !replyNonce.equals(nonce)) {
- throw new IOException("Nonce changed in timestamp token");
- }
-
- // Examine the TSA's certificate (if present)
- for (SignerInfo si: tsToken.getSignerInfos()) {
- X509Certificate cert = si.getCertificate(tsToken);
- if (cert == null) {
- // Error, we've already set tsRequestCertificate = true
- throw new CertificateException(
- "Certificate not included in timestamp token");
- } else {
- if (!cert.getCriticalExtensionOIDs().contains(
- EXTENDED_KEY_USAGE_OID)) {
- throw new CertificateException(
- "Certificate is not valid for timestamping");
- }
- List<String> keyPurposes = cert.getExtendedKeyUsage();
- if (keyPurposes == null ||
- ! keyPurposes.contains(KP_TIMESTAMPING_OID)) {
- throw new CertificateException(
- "Certificate is not valid for timestamping");
- }
- }
- }
- return tsReply.getEncodedToken();
- }
}
--- a/jdk/src/share/classes/sun/security/util/BigInt.java Wed Jul 05 17:54:00 2017 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,198 +0,0 @@
-/*
- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.util;
-
-import java.math.BigInteger;
-
-
-/**
- * A low-overhead arbitrary-precision <em>unsigned</em> integer.
- * This is intended for use with ASN.1 parsing, and printing of
- * such parsed values. Convert to "BigInteger" if you need to do
- * arbitrary precision arithmetic, rather than just represent
- * the number as a wrapped array of bytes.
- *
- * <P><em><b>NOTE:</b> This class may eventually disappear, to
- * be supplanted by big-endian byte arrays which hold both signed
- * and unsigned arbitrary-precision integers.</em>
- *
- * @author David Brownell
- */
-public final class BigInt {
-
- // Big endian -- MSB first.
- private byte[] places;
-
- /**
- * Constructs a "Big" integer from a set of (big-endian) bytes.
- * Leading zeroes should be stripped off.
- *
- * @param data a sequence of bytes, most significant bytes/digits
- * first. CONSUMED.
- */
- public BigInt(byte[] data) { places = data.clone(); }
-
- /**
- * Constructs a "Big" integer from a "BigInteger", which must be
- * positive (or zero) in value.
- */
- public BigInt(BigInteger i) {
- byte[] temp = i.toByteArray();
-
- if ((temp[0] & 0x80) != 0)
- throw new IllegalArgumentException("negative BigInteger");
-
- // XXX we assume exactly _one_ sign byte is used...
-
- if (temp[0] != 0)
- places = temp;
- else {
- places = new byte[temp.length - 1];
- for (int j = 1; j < temp.length; j++)
- places[j - 1] = temp[j];
- }
- }
-
- /**
- * Constructs a "Big" integer from a normal Java integer.
- *
- * @param i the java primitive integer
- */
- public BigInt(int i) {
- if (i < (1 << 8)) {
- places = new byte[1];
- places[0] = (byte) i;
- } else if (i < (1 << 16)) {
- places = new byte[2];
- places[0] = (byte) (i >> 8);
- places[1] = (byte) i;
- } else if (i < (1 << 24)) {
- places = new byte[3];
- places[0] = (byte) (i >> 16);
- places[1] = (byte) (i >> 8);
- places[2] = (byte) i;
- } else {
- places = new byte[4];
- places[0] = (byte) (i >> 24);
- places[1] = (byte) (i >> 16);
- places[2] = (byte) (i >> 8);
- places[3] = (byte) i;
- }
- }
-
- /**
- * Converts the "big" integer to a java primitive integer.
- *
- * @excpet NumberFormatException if 32 bits is insufficient.
- */
- public int toInt() {
- if (places.length > 4)
- throw new NumberFormatException("BigInt.toLong, too big");
- int retval = 0, i = 0;
- for (; i < places.length; i++)
- retval = (retval << 8) + ((int)places[i] & 0xff);
- return retval;
- }
-
- /**
- * Returns a hexadecimal printed representation. The value is
- * formatted to fit on lines of at least 75 characters, with
- * embedded newlines. Words are separated for readability,
- * with eight words (32 bytes) per line.
- */
- public String toString() { return hexify(); }
-
- /**
- * Returns a BigInteger value which supports many arithmetic
- * operations. Assumes negative values will never occur.
- */
- public BigInteger toBigInteger()
- { return new BigInteger(1, places); }
-
- /**
- * Returns the data as a byte array. The most significant bit
- * of the array is bit zero (as in <code>java.math.BigInteger</code>).
- */
- public byte[] toByteArray() { return places.clone(); }
-
- private static final String digits = "0123456789abcdef";
- private String hexify() {
- if (places.length == 0)
- return " 0 ";
-
- StringBuffer buf = new StringBuffer(places.length * 2);
- buf.append(" "); // four spaces
- for (int i = 0; i < places.length; i++) {
- buf.append(digits.charAt((places[i] >> 4) & 0x0f));
- buf.append(digits.charAt(places[i] & 0x0f));
- if (((i + 1) % 32) == 0) {
- if ((i + 1) != places.length)
- buf.append("\n "); // line after four words
- } else if (((i + 1) % 4) == 0)
- buf.append(' '); // space between words
- }
- return buf.toString();
- }
-
- /**
- * Returns true iff the parameter is a numerically equivalent
- * BigInt.
- *
- * @param other the object being compared with this one.
- */
- public boolean equals(Object other) {
- if (other instanceof BigInt)
- return equals((BigInt) other);
- return false;
- }
-
- /**
- * Returns true iff the parameter is numerically equivalent.
- *
- * @param other the BigInt being compared with this one.
- */
- public boolean equals(BigInt other) {
- if (this == other)
- return true;
-
- byte[] otherPlaces = other.toByteArray();
- if (places.length != otherPlaces.length)
- return false;
- for (int i = 0; i < places.length; i++)
- if (places[i] != otherPlaces[i])
- return false;
- return true;
- }
-
- /**
- * Returns a hashcode for this BigInt.
- *
- * @return a hashcode for this BigInt.
- */
- public int hashCode() {
- return hexify().hashCode();
- }
-}
--- a/jdk/src/share/classes/sun/security/util/Cache.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/util/Cache.java Wed Jul 05 17:54:07 2017 +0200
@@ -43,7 +43,7 @@
*
* . optional lifetime, specified in seconds.
*
- * . save for concurrent use by multiple threads
+ * . safe for concurrent use by multiple threads
*
* . values are held by either standard references or via SoftReferences.
* SoftReferences have the advantage that they are automatically cleared
@@ -69,7 +69,7 @@
*
* @author Andreas Sterbenz
*/
-public abstract class Cache {
+public abstract class Cache<K,V> {
protected Cache() {
// empty
@@ -88,12 +88,12 @@
/**
* Add an entry to the cache.
*/
- public abstract void put(Object key, Object value);
+ public abstract void put(K key, V value);
/**
* Get a value from the cache.
*/
- public abstract Object get(Object key);
+ public abstract V get(Object key);
/**
* Remove an entry from the cache.
@@ -113,14 +113,14 @@
/**
* accept a visitor
*/
- public abstract void accept(CacheVisitor visitor);
+ public abstract void accept(CacheVisitor<K,V> visitor);
/**
* Return a new memory cache with the specified maximum size, unlimited
* lifetime for entries, with the values held by SoftReferences.
*/
- public static Cache newSoftMemoryCache(int size) {
- return new MemoryCache(true, size);
+ public static <K,V> Cache<K,V> newSoftMemoryCache(int size) {
+ return new MemoryCache<>(true, size);
}
/**
@@ -128,23 +128,24 @@
* specified maximum lifetime (in seconds), with the values held
* by SoftReferences.
*/
- public static Cache newSoftMemoryCache(int size, int timeout) {
- return new MemoryCache(true, size, timeout);
+ public static <K,V> Cache<K,V> newSoftMemoryCache(int size, int timeout) {
+ return new MemoryCache<>(true, size, timeout);
}
/**
* Return a new memory cache with the specified maximum size, unlimited
* lifetime for entries, with the values held by standard references.
*/
- public static Cache newHardMemoryCache(int size) {
- return new MemoryCache(false, size);
+ public static <K,V> Cache<K,V> newHardMemoryCache(int size) {
+ return new MemoryCache<>(false, size);
}
/**
* Return a dummy cache that does nothing.
*/
- public static Cache newNullCache() {
- return NullCache.INSTANCE;
+ @SuppressWarnings("unchecked")
+ public static <K,V> Cache<K,V> newNullCache() {
+ return (Cache<K,V>) NullCache.INSTANCE;
}
/**
@@ -152,8 +153,8 @@
* specified maximum lifetime (in seconds), with the values held
* by standard references.
*/
- public static Cache newHardMemoryCache(int size, int timeout) {
- return new MemoryCache(false, size, timeout);
+ public static <K,V> Cache<K,V> newHardMemoryCache(int size, int timeout) {
+ return new MemoryCache<>(false, size, timeout);
}
/**
@@ -193,15 +194,15 @@
}
}
- public interface CacheVisitor {
- public void visit(Map<Object, Object> map);
+ public interface CacheVisitor<K,V> {
+ public void visit(Map<K,V> map);
}
}
-class NullCache extends Cache {
+class NullCache<K,V> extends Cache<K,V> {
- final static Cache INSTANCE = new NullCache();
+ final static Cache<Object,Object> INSTANCE = new NullCache<>();
private NullCache() {
// empty
@@ -215,11 +216,11 @@
// empty
}
- public void put(Object key, Object value) {
+ public void put(K key, V value) {
// empty
}
- public Object get(Object key) {
+ public V get(Object key) {
return null;
}
@@ -235,23 +236,26 @@
// empty
}
- public void accept(CacheVisitor visitor) {
+ public void accept(CacheVisitor<K,V> visitor) {
// empty
}
}
-class MemoryCache extends Cache {
+class MemoryCache<K,V> extends Cache<K,V> {
private final static float LOAD_FACTOR = 0.75f;
// XXXX
private final static boolean DEBUG = false;
- private final Map<Object, CacheEntry> cacheMap;
+ private final Map<K, CacheEntry<K,V>> cacheMap;
private int maxSize;
private long lifetime;
- private final ReferenceQueue<Object> queue;
+
+ // ReferenceQueue is of type V instead of Cache<K,V>
+ // to allow SoftCacheEntry to extend SoftReference<V>
+ private final ReferenceQueue<V> queue;
public MemoryCache(boolean soft, int maxSize) {
this(soft, maxSize, 0);
@@ -260,10 +264,13 @@
public MemoryCache(boolean soft, int maxSize, int lifetime) {
this.maxSize = maxSize;
this.lifetime = lifetime * 1000;
- this.queue = soft ? new ReferenceQueue<Object>() : null;
+ if (soft)
+ this.queue = new ReferenceQueue<>();
+ else
+ this.queue = null;
+
int buckets = (int)(maxSize / LOAD_FACTOR) + 1;
- cacheMap = new LinkedHashMap<Object, CacheEntry>(buckets,
- LOAD_FACTOR, true);
+ cacheMap = new LinkedHashMap<>(buckets, LOAD_FACTOR, true);
}
/**
@@ -279,16 +286,17 @@
}
int startSize = cacheMap.size();
while (true) {
- CacheEntry entry = (CacheEntry)queue.poll();
+ @SuppressWarnings("unchecked")
+ CacheEntry<K,V> entry = (CacheEntry<K,V>)queue.poll();
if (entry == null) {
break;
}
- Object key = entry.getKey();
+ K key = entry.getKey();
if (key == null) {
// key is null, entry has already been removed
continue;
}
- CacheEntry currentEntry = cacheMap.remove(key);
+ CacheEntry<K,V> currentEntry = cacheMap.remove(key);
// check if the entry in the map corresponds to the expired
// entry. If not, readd the entry
if ((currentEntry != null) && (entry != currentEntry)) {
@@ -314,9 +322,9 @@
}
int cnt = 0;
long time = System.currentTimeMillis();
- for (Iterator<CacheEntry> t = cacheMap.values().iterator();
+ for (Iterator<CacheEntry<K,V>> t = cacheMap.values().iterator();
t.hasNext(); ) {
- CacheEntry entry = t.next();
+ CacheEntry<K,V> entry = t.next();
if (entry.isValid(time) == false) {
t.remove();
cnt++;
@@ -339,7 +347,7 @@
if (queue != null) {
// if this is a SoftReference cache, first invalidate() all
// entries so that GC does not have to enqueue them
- for (CacheEntry entry : cacheMap.values()) {
+ for (CacheEntry<K,V> entry : cacheMap.values()) {
entry.invalidate();
}
while (queue.poll() != null) {
@@ -349,12 +357,12 @@
cacheMap.clear();
}
- public synchronized void put(Object key, Object value) {
+ public synchronized void put(K key, V value) {
emptyQueue();
long expirationTime = (lifetime == 0) ? 0 :
System.currentTimeMillis() + lifetime;
- CacheEntry newEntry = newEntry(key, value, expirationTime, queue);
- CacheEntry oldEntry = cacheMap.put(key, newEntry);
+ CacheEntry<K,V> newEntry = newEntry(key, value, expirationTime, queue);
+ CacheEntry<K,V> oldEntry = cacheMap.put(key, newEntry);
if (oldEntry != null) {
oldEntry.invalidate();
return;
@@ -362,8 +370,8 @@
if (maxSize > 0 && cacheMap.size() > maxSize) {
expungeExpiredEntries();
if (cacheMap.size() > maxSize) { // still too large?
- Iterator<CacheEntry> t = cacheMap.values().iterator();
- CacheEntry lruEntry = t.next();
+ Iterator<CacheEntry<K,V>> t = cacheMap.values().iterator();
+ CacheEntry<K,V> lruEntry = t.next();
if (DEBUG) {
System.out.println("** Overflow removal "
+ lruEntry.getKey() + " | " + lruEntry.getValue());
@@ -374,9 +382,9 @@
}
}
- public synchronized Object get(Object key) {
+ public synchronized V get(Object key) {
emptyQueue();
- CacheEntry entry = cacheMap.get(key);
+ CacheEntry<K,V> entry = cacheMap.get(key);
if (entry == null) {
return null;
}
@@ -393,7 +401,7 @@
public synchronized void remove(Object key) {
emptyQueue();
- CacheEntry entry = cacheMap.remove(key);
+ CacheEntry<K,V> entry = cacheMap.remove(key);
if (entry != null) {
entry.invalidate();
}
@@ -402,9 +410,9 @@
public synchronized void setCapacity(int size) {
expungeExpiredEntries();
if (size > 0 && cacheMap.size() > size) {
- Iterator<CacheEntry> t = cacheMap.values().iterator();
+ Iterator<CacheEntry<K,V>> t = cacheMap.values().iterator();
for (int i = cacheMap.size() - size; i > 0; i--) {
- CacheEntry lruEntry = t.next();
+ CacheEntry<K,V> lruEntry = t.next();
if (DEBUG) {
System.out.println("** capacity reset removal "
+ lruEntry.getKey() + " | " + lruEntry.getValue());
@@ -431,60 +439,61 @@
}
// it is a heavyweight method.
- public synchronized void accept(CacheVisitor visitor) {
+ public synchronized void accept(CacheVisitor<K,V> visitor) {
expungeExpiredEntries();
- Map<Object, Object> cached = getCachedEntries();
+ Map<K,V> cached = getCachedEntries();
visitor.visit(cached);
}
- private Map<Object, Object> getCachedEntries() {
- Map<Object,Object> kvmap = new HashMap<Object,Object>(cacheMap.size());
+ private Map<K,V> getCachedEntries() {
+ Map<K,V> kvmap = new HashMap<>(cacheMap.size());
- for (CacheEntry entry : cacheMap.values()) {
+ for (CacheEntry<K,V> entry : cacheMap.values()) {
kvmap.put(entry.getKey(), entry.getValue());
}
return kvmap;
}
- protected CacheEntry newEntry(Object key, Object value,
- long expirationTime, ReferenceQueue<Object> queue) {
+ protected CacheEntry<K,V> newEntry(K key, V value,
+ long expirationTime, ReferenceQueue<V> queue) {
if (queue != null) {
- return new SoftCacheEntry(key, value, expirationTime, queue);
+ return new SoftCacheEntry<>(key, value, expirationTime, queue);
} else {
- return new HardCacheEntry(key, value, expirationTime);
+ return new HardCacheEntry<>(key, value, expirationTime);
}
}
- private static interface CacheEntry {
+ private static interface CacheEntry<K,V> {
boolean isValid(long currentTime);
void invalidate();
- Object getKey();
+ K getKey();
- Object getValue();
+ V getValue();
}
- private static class HardCacheEntry implements CacheEntry {
+ private static class HardCacheEntry<K,V> implements CacheEntry<K,V> {
- private Object key, value;
+ private K key;
+ private V value;
private long expirationTime;
- HardCacheEntry(Object key, Object value, long expirationTime) {
+ HardCacheEntry(K key, V value, long expirationTime) {
this.key = key;
this.value = value;
this.expirationTime = expirationTime;
}
- public Object getKey() {
+ public K getKey() {
return key;
}
- public Object getValue() {
+ public V getValue() {
return value;
}
@@ -503,24 +512,25 @@
}
}
- private static class SoftCacheEntry
- extends SoftReference<Object> implements CacheEntry {
+ private static class SoftCacheEntry<K,V>
+ extends SoftReference<V>
+ implements CacheEntry<K,V> {
- private Object key;
+ private K key;
private long expirationTime;
- SoftCacheEntry(Object key, Object value, long expirationTime,
- ReferenceQueue<Object> queue) {
+ SoftCacheEntry(K key, V value, long expirationTime,
+ ReferenceQueue<V> queue) {
super(value, queue);
this.key = key;
this.expirationTime = expirationTime;
}
- public Object getKey() {
+ public K getKey() {
return key;
}
- public Object getValue() {
+ public V getValue() {
return get();
}
--- a/jdk/src/share/classes/sun/security/util/Debug.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/util/Debug.java Wed Jul 05 17:54:07 2017 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -80,6 +80,7 @@
System.err.println("policy loading and granting");
System.err.println("provider security provider debugging");
System.err.println("scl permissions SecureClassLoader assigns");
+ System.err.println("ts timestamping");
System.err.println();
System.err.println("The following can be used with access:");
System.err.println();
--- a/jdk/src/share/classes/sun/security/util/PathList.java Wed Jul 05 17:54:00 2017 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,111 +0,0 @@
-/*
- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.util;
-
-import java.io.File;
-import java.io.IOException;
-import java.lang.String;
-import java.util.StringTokenizer;
-import java.net.URL;
-import java.net.URLClassLoader;
-import java.net.MalformedURLException;
-
-/**
- * A utility class for handle path list
- *
- */
-public class PathList {
- /**
- * Utility method for appending path from pathFrom to pathTo.
- *
- * @param pathTo the target path
- * @param pathSource the path to be appended to pathTo
- * @return the resulting path
- */
- public static String appendPath(String pathTo, String pathFrom) {
- if (pathTo == null || pathTo.length() == 0) {
- return pathFrom;
- } else if (pathFrom == null || pathFrom.length() == 0) {
- return pathTo;
- } else {
- return pathTo + File.pathSeparator + pathFrom;
- }
- }
-
- /**
- * Utility method for converting a search path string to an array
- * of directory and JAR file URLs.
- *
- * @param path the search path string
- * @return the resulting array of directory and JAR file URLs
- */
- public static URL[] pathToURLs(String path) {
- StringTokenizer st = new StringTokenizer(path, File.pathSeparator);
- URL[] urls = new URL[st.countTokens()];
- int count = 0;
- while (st.hasMoreTokens()) {
- URL url = fileToURL(new File(st.nextToken()));
- if (url != null) {
- urls[count++] = url;
- }
- }
- if (urls.length != count) {
- URL[] tmp = new URL[count];
- System.arraycopy(urls, 0, tmp, 0, count);
- urls = tmp;
- }
- return urls;
- }
-
- /**
- * Returns the directory or JAR file URL corresponding to the specified
- * local file name.
- *
- * @param file the File object
- * @return the resulting directory or JAR file URL, or null if unknown
- */
- private static URL fileToURL(File file) {
- String name;
- try {
- name = file.getCanonicalPath();
- } catch (IOException e) {
- name = file.getAbsolutePath();
- }
- name = name.replace(File.separatorChar, '/');
- if (!name.startsWith("/")) {
- name = "/" + name;
- }
- // If the file does not exist, then assume that it's a directory
- if (!file.isFile()) {
- name = name + "/";
- }
- try {
- return new URL("file", "", name);
- } catch (MalformedURLException e) {
- throw new IllegalArgumentException("file");
- }
- }
-}
--- a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java Wed Jul 05 17:54:07 2017 +0200
@@ -35,7 +35,6 @@
import java.util.jar.*;
import sun.security.pkcs.*;
-import sun.security.timestamp.TimestampToken;
import sun.misc.BASE64Decoder;
import sun.security.jca.Providers;
@@ -485,7 +484,7 @@
signers = new ArrayList<CodeSigner>();
}
// Append the new code signer
- signers.add(new CodeSigner(certChain, getTimestamp(info)));
+ signers.add(new CodeSigner(certChain, info.getTimestamp()));
if (debug != null) {
debug.println("Signature Block Certificate: " +
@@ -500,62 +499,6 @@
}
}
- /*
- * Examines a signature timestamp token to generate a timestamp object.
- *
- * Examines the signer's unsigned attributes for a
- * <tt>signatureTimestampToken</tt> attribute. If present,
- * then it is parsed to extract the date and time at which the
- * timestamp was generated.
- *
- * @param info A signer information element of a PKCS 7 block.
- *
- * @return A timestamp token or null if none is present.
- * @throws IOException if an error is encountered while parsing the
- * PKCS7 data.
- * @throws NoSuchAlgorithmException if an error is encountered while
- * verifying the PKCS7 object.
- * @throws SignatureException if an error is encountered while
- * verifying the PKCS7 object.
- * @throws CertificateException if an error is encountered while generating
- * the TSA's certpath.
- */
- private Timestamp getTimestamp(SignerInfo info)
- throws IOException, NoSuchAlgorithmException, SignatureException,
- CertificateException {
-
- Timestamp timestamp = null;
-
- // Extract the signer's unsigned attributes
- PKCS9Attributes unsignedAttrs = info.getUnauthenticatedAttributes();
- if (unsignedAttrs != null) {
- PKCS9Attribute timestampTokenAttr =
- unsignedAttrs.getAttribute("signatureTimestampToken");
- if (timestampTokenAttr != null) {
- PKCS7 timestampToken =
- new PKCS7((byte[])timestampTokenAttr.getValue());
- // Extract the content (an encoded timestamp token info)
- byte[] encodedTimestampTokenInfo =
- timestampToken.getContentInfo().getData();
- // Extract the signer (the Timestamping Authority)
- // while verifying the content
- SignerInfo[] tsa =
- timestampToken.verify(encodedTimestampTokenInfo);
- // Expect only one signer
- ArrayList<X509Certificate> chain =
- tsa[0].getCertificateChain(timestampToken);
- CertPath tsaChain = certificateFactory.generateCertPath(chain);
- // Create a timestamp token info object
- TimestampToken timestampTokenInfo =
- new TimestampToken(encodedTimestampTokenInfo);
- // Create a timestamp object
- timestamp =
- new Timestamp(timestampTokenInfo.getDate(), tsaChain);
- }
- }
- return timestamp;
- }
-
// for the toHex function
private static final char[] hexc =
{'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
--- a/jdk/src/share/classes/sun/security/x509/CertAndKeyGen.java Wed Jul 05 17:54:00 2017 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,301 +0,0 @@
-/*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.x509;
-
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateEncodingException;
-import java.security.*;
-import java.util.Date;
-
-import sun.security.pkcs.PKCS10;
-
-
-/**
- * Generate a pair of keys, and provide access to them. This class is
- * provided primarily for ease of use.
- *
- * <P>This provides some simple certificate management functionality.
- * Specifically, it allows you to create self-signed X.509 certificates
- * as well as PKCS 10 based certificate signing requests.
- *
- * <P>Keys for some public key signature algorithms have algorithm
- * parameters, such as DSS/DSA. Some sites' Certificate Authorities
- * adopt fixed algorithm parameters, which speeds up some operations
- * including key generation and signing. <em>At this time, this interface
- * does not provide a way to provide such algorithm parameters, e.g.
- * by providing the CA certificate which includes those parameters.</em>
- *
- * <P>Also, note that at this time only signature-capable keys may be
- * acquired through this interface. Diffie-Hellman keys, used for secure
- * key exchange, may be supported later.
- *
- * @author David Brownell
- * @author Hemma Prafullchandra
- * @see PKCS10
- * @see X509CertImpl
- */
-public final class CertAndKeyGen {
- /**
- * Creates a CertAndKeyGen object for a particular key type
- * and signature algorithm.
- *
- * @param keyType type of key, e.g. "RSA", "DSA"
- * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA",
- * "MD2WithRSA", "SHAwithDSA".
- * @exception NoSuchAlgorithmException on unrecognized algorithms.
- */
- public CertAndKeyGen (String keyType, String sigAlg)
- throws NoSuchAlgorithmException
- {
- keyGen = KeyPairGenerator.getInstance(keyType);
- this.sigAlg = sigAlg;
- }
-
- /**
- * Creates a CertAndKeyGen object for a particular key type,
- * signature algorithm, and provider.
- *
- * @param keyType type of key, e.g. "RSA", "DSA"
- * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA",
- * "MD2WithRSA", "SHAwithDSA".
- * @param providerName name of the provider
- * @exception NoSuchAlgorithmException on unrecognized algorithms.
- * @exception NoSuchProviderException on unrecognized providers.
- */
- public CertAndKeyGen (String keyType, String sigAlg, String providerName)
- throws NoSuchAlgorithmException, NoSuchProviderException
- {
- if (providerName == null) {
- keyGen = KeyPairGenerator.getInstance(keyType);
- } else {
- try {
- keyGen = KeyPairGenerator.getInstance(keyType, providerName);
- } catch (Exception e) {
- // try first available provider instead
- keyGen = KeyPairGenerator.getInstance(keyType);
- }
- }
- this.sigAlg = sigAlg;
- }
-
- /**
- * Sets the source of random numbers used when generating keys.
- * If you do not provide one, a system default facility is used.
- * You may wish to provide your own source of random numbers
- * to get a reproducible sequence of keys and signatures, or
- * because you may be able to take advantage of strong sources
- * of randomness/entropy in your environment.
- */
- public void setRandom (SecureRandom generator)
- {
- prng = generator;
- }
-
- // want "public void generate (X509Certificate)" ... inherit DSA/D-H param
-
- /**
- * Generates a random public/private key pair, with a given key
- * size. Different algorithms provide different degrees of security
- * for the same key size, because of the "work factor" involved in
- * brute force attacks. As computers become faster, it becomes
- * easier to perform such attacks. Small keys are to be avoided.
- *
- * <P>Note that not all values of "keyBits" are valid for all
- * algorithms, and not all public key algorithms are currently
- * supported for use in X.509 certificates. If the algorithm
- * you specified does not produce X.509 compatible keys, an
- * invalid key exception is thrown.
- *
- * @param keyBits the number of bits in the keys.
- * @exception InvalidKeyException if the environment does not
- * provide X.509 public keys for this signature algorithm.
- */
- public void generate (int keyBits)
- throws InvalidKeyException
- {
- KeyPair pair;
-
- try {
- if (prng == null) {
- prng = new SecureRandom();
- }
- keyGen.initialize(keyBits, prng);
- pair = keyGen.generateKeyPair();
-
- } catch (Exception e) {
- throw new IllegalArgumentException(e.getMessage());
- }
-
- publicKey = pair.getPublic();
- privateKey = pair.getPrivate();
- }
-
-
- /**
- * Returns the public key of the generated key pair if it is of type
- * <code>X509Key</code>, or null if the public key is of a different type.
- *
- * XXX Note: This behaviour is needed for backwards compatibility.
- * What this method really should return is the public key of the
- * generated key pair, regardless of whether or not it is an instance of
- * <code>X509Key</code>. Accordingly, the return type of this method
- * should be <code>PublicKey</code>.
- */
- public X509Key getPublicKey()
- {
- if (!(publicKey instanceof X509Key)) {
- return null;
- }
- return (X509Key)publicKey;
- }
-
-
- /**
- * Returns the private key of the generated key pair.
- *
- * <P><STRONG><em>Be extremely careful when handling private keys.
- * When private keys are not kept secret, they lose their ability
- * to securely authenticate specific entities ... that is a huge
- * security risk!</em></STRONG>
- */
- public PrivateKey getPrivateKey ()
- {
- return privateKey;
- }
-
-
- /**
- * Returns a self-signed X.509v3 certificate for the public key.
- * The certificate is immediately valid. No extensions.
- *
- * <P>Such certificates normally are used to identify a "Certificate
- * Authority" (CA). Accordingly, they will not always be accepted by
- * other parties. However, such certificates are also useful when
- * you are bootstrapping your security infrastructure, or deploying
- * system prototypes.
- *
- * @param myname X.500 name of the subject (who is also the issuer)
- * @param firstDate the issue time of the certificate
- * @param validity how long the certificate should be valid, in seconds
- * @exception CertificateException on certificate handling errors.
- * @exception InvalidKeyException on key handling errors.
- * @exception SignatureException on signature handling errors.
- * @exception NoSuchAlgorithmException on unrecognized algorithms.
- * @exception NoSuchProviderException on unrecognized providers.
- */
- public X509Certificate getSelfCertificate (
- X500Name myname, Date firstDate, long validity)
- throws CertificateException, InvalidKeyException, SignatureException,
- NoSuchAlgorithmException, NoSuchProviderException
- {
- X509CertImpl cert;
- Date lastDate;
-
- try {
- lastDate = new Date ();
- lastDate.setTime (firstDate.getTime () + validity * 1000);
-
- CertificateValidity interval =
- new CertificateValidity(firstDate,lastDate);
-
- X509CertInfo info = new X509CertInfo();
- // Add all mandatory attributes
- info.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
- info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
- new java.util.Random().nextInt() & 0x7fffffff));
- AlgorithmId algID = AlgorithmId.get(sigAlg);
- info.set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(algID));
- info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname));
- info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
- info.set(X509CertInfo.VALIDITY, interval);
- info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
-
- cert = new X509CertImpl(info);
- cert.sign(privateKey, this.sigAlg);
-
- return (X509Certificate)cert;
-
- } catch (IOException e) {
- throw new CertificateEncodingException("getSelfCert: " +
- e.getMessage());
- }
- }
-
- // Keep the old method
- public X509Certificate getSelfCertificate (X500Name myname, long validity)
- throws CertificateException, InvalidKeyException, SignatureException,
- NoSuchAlgorithmException, NoSuchProviderException
- {
- return getSelfCertificate(myname, new Date(), validity);
- }
-
- /**
- * Returns a PKCS #10 certificate request. The caller uses either
- * <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code>
- * operations on the result, to get the request in an appropriate
- * transmission format.
- *
- * <P>PKCS #10 certificate requests are sent, along with some proof
- * of identity, to Certificate Authorities (CAs) which then issue
- * X.509 public key certificates.
- *
- * @param myname X.500 name of the subject
- * @exception InvalidKeyException on key handling errors.
- * @exception SignatureException on signature handling errors.
- */
- public PKCS10 getCertRequest (X500Name myname)
- throws InvalidKeyException, SignatureException
- {
- PKCS10 req = new PKCS10 (publicKey);
-
- try {
- Signature signature = Signature.getInstance(sigAlg);
- signature.initSign (privateKey);
- req.encodeAndSign(myname, signature);
-
- } catch (CertificateException e) {
- throw new SignatureException (sigAlg + " CertificateException");
-
- } catch (IOException e) {
- throw new SignatureException (sigAlg + " IOException");
-
- } catch (NoSuchAlgorithmException e) {
- // "can't happen"
- throw new SignatureException (sigAlg + " unavailable?");
- }
- return req;
- }
-
- private SecureRandom prng;
- private String sigAlg;
- private KeyPairGenerator keyGen;
- private PublicKey publicKey;
- private PrivateKey privateKey;
-}
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java Wed Jul 05 17:54:07 2017 +0200
@@ -103,6 +103,8 @@
"Eastern Daylight Time", "EDT"};
String EST_NSW[] = new String[] {"Eastern Standard Time (New South Wales)", "EST",
"Eastern Summer Time (New South Wales)", "EST"};
+ String FET[] = new String[] {"Further-eastern European Time", "FET",
+ "Further-eastern European Summer Time", "FEST"};
String GHMT[] = new String[] {"Ghana Mean Time", "GMT",
"Ghana Summer Time", "GHST"};
String GAMBIER[] = new String[] {"Gambier Time", "GAMT",
@@ -186,7 +188,7 @@
String SAMOA[] = new String[] {"Samoa Standard Time", "SST",
"Samoa Daylight Time", "SDT"};
String WST_SAMOA[] = new String[] {"West Samoa Time", "WST",
- "West Samoa Summer Time", "WSST"};
+ "West Samoa Daylight Time", "WSDT"};
String ChST[] = new String[] {"Chamorro Standard Time", "ChST",
"Chamorro Daylight Time", "ChDT"};
String VICTORIA[] = new String[] {"Eastern Standard Time (Victoria)", "EST",
@@ -511,6 +513,7 @@
"Tajikistan Summer Time", "TJST"}},
{"Asia/Gaza", EET},
{"Asia/Harbin", CTT},
+ {"Asia/Hebron", EET},
{"Asia/Ho_Chi_Minh", ICT},
{"Asia/Hong_Kong", HKT},
{"Asia/Hovd", new String[] {"Hovd Time", "HOVT",
@@ -674,9 +677,8 @@
{"Europe/Isle_of_Man", GMTBST},
{"Europe/Istanbul", EET},
{"Europe/Jersey", GMTBST},
- {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
- "Kaliningrad Summer Time", "KALST"}},
- {"Europe/Kiev", EET},
+ {"Europe/Kaliningrad", FET},
+ {"Europe/Kiev", FET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
@@ -684,7 +686,7 @@
{"Europe/Madrid", CET},
{"Europe/Malta", CET},
{"Europe/Mariehamn", EET},
- {"Europe/Minsk", EET},
+ {"Europe/Minsk", FET},
{"Europe/Monaco", CET},
{"Europe/Moscow", MSK},
{"Europe/Nicosia", EET},
@@ -697,14 +699,14 @@
"Samara Summer Time", "SAMST"}},
{"Europe/San_Marino", CET},
{"Europe/Sarajevo", CET},
- {"Europe/Simferopol", EET},
+ {"Europe/Simferopol", FET},
{"Europe/Skopje", CET},
{"Europe/Sofia", EET},
{"Europe/Stockholm", CET},
{"Europe/Tallinn", EET},
{"Europe/Tirane", CET},
{"Europe/Tiraspol", EET},
- {"Europe/Uzhgorod", EET},
+ {"Europe/Uzhgorod", FET},
{"Europe/Vaduz", CET},
{"Europe/Vatican", CET},
{"Europe/Vienna", CET},
@@ -713,7 +715,7 @@
"Volgograd Summer Time", "VOLST"}},
{"Europe/Warsaw", CET},
{"Europe/Zagreb", CET},
- {"Europe/Zaporozhye", EET},
+ {"Europe/Zaporozhye", FET},
{"Europe/Zurich", CET},
{"GB", GMTBST},
{"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_de.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_de.java Wed Jul 05 17:54:07 2017 +0200
@@ -103,6 +103,8 @@
"\u00d6stliche Sommerzeit", "EDT"};
String EST_NSW[] = new String[] {"\u00d6stliche Normalzeit (New South Wales)", "EST",
"\u00d6stliche Sommerzeit (New South Wales)", "EST"};
+ String FET[] = new String[] {"Further-eastern European Time", "FET",
+ "Further-eastern European Summer Time", "FEST"};
String GHMT[] = new String[] {"Ghanaische Normalzeit", "GMT",
"Ghanaische Sommerzeit", "GHST"};
String GAMBIER[] = new String[] {"Gambier Zeit", "GAMT",
@@ -186,7 +188,7 @@
String SAMOA[] = new String[] {"Samoa Normalzeit", "SST",
"Samoa Sommerzeit", "SDT"};
String WST_SAMOA[] = new String[] {"West Samoa Zeit", "WST",
- "West Samoa Sommerzeit", "WSST"};
+ "West Samoa Sommerzeit", "WSDT"};
String ChST[] = new String[] {"Chamorro Normalzeit", "ChST",
"Chamorro Sommerzeit", "ChDT"};
String VICTORIA[] = new String[] {"\u00d6stliche Normalzeit (Victoria)", "EST",
@@ -511,6 +513,7 @@
"Tadschikische Sommerzeit", "TJST"}},
{"Asia/Gaza", EET},
{"Asia/Harbin", CTT},
+ {"Asia/Hebron", EET},
{"Asia/Ho_Chi_Minh", ICT},
{"Asia/Hong_Kong", HKT},
{"Asia/Hovd", new String[] {"Hovd Zeit", "HOVT",
@@ -674,9 +677,8 @@
{"Europe/Isle_of_Man", GMTBST},
{"Europe/Istanbul", EET},
{"Europe/Jersey", GMTBST},
- {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
- "Kaliningrad Summer Time", "KALST"}},
- {"Europe/Kiev", EET},
+ {"Europe/Kaliningrad", FET},
+ {"Europe/Kiev", FET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
@@ -684,7 +686,7 @@
{"Europe/Madrid", CET},
{"Europe/Malta", CET},
{"Europe/Mariehamn", EET},
- {"Europe/Minsk", EET},
+ {"Europe/Minsk", FET},
{"Europe/Monaco", CET},
{"Europe/Moscow", MSK},
{"Europe/Nicosia", EET},
@@ -697,14 +699,14 @@
"Samarische Sommerzeit", "SAMST"}},
{"Europe/San_Marino", CET},
{"Europe/Sarajevo", CET},
- {"Europe/Simferopol", EET},
+ {"Europe/Simferopol", FET},
{"Europe/Skopje", CET},
{"Europe/Sofia", EET},
{"Europe/Stockholm", CET},
{"Europe/Tallinn", EET},
{"Europe/Tirane", CET},
{"Europe/Tiraspol", EET},
- {"Europe/Uzhgorod", EET},
+ {"Europe/Uzhgorod", FET},
{"Europe/Vaduz", CET},
{"Europe/Vatican", CET},
{"Europe/Vienna", CET},
@@ -713,7 +715,7 @@
"Wolgograder Sommerzeit", "VOLST"}},
{"Europe/Warsaw", CET},
{"Europe/Zagreb", CET},
- {"Europe/Zaporozhye", EET},
+ {"Europe/Zaporozhye", FET},
{"Europe/Zurich", CET},
{"GB", GMTBST},
{"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_es.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_es.java Wed Jul 05 17:54:07 2017 +0200
@@ -103,6 +103,8 @@
"Hora de verano Oriental", "EDT"};
String EST_NSW[] = new String[] {"Hora est\u00e1ndar Oriental (Nueva Gales del Sur)", "EST",
"Hora de verano Oriental (Nueva Gales del Sur)", "EST"};
+ String FET[] = new String[] {"Further-eastern European Time", "FET",
+ "Further-eastern European Summer Time", "FEST"};
String GHMT[] = new String[] {"Hora central de Ghana", "GMT",
"Hora de verano de Ghana", "GHST"};
String GAMBIER[] = new String[] {"Hora de Gambier", "GAMT",
@@ -186,7 +188,7 @@
String SAMOA[] = new String[] {"Hora est\u00e1ndar de Samoa", "SST",
"Hora de verano de Samoa", "SDT"};
String WST_SAMOA[] = new String[] {"Hora de Samoa Occidental", "WST",
- "Hora de verano de Samoa Occidental", "WSST"};
+ "Hora de verano de Samoa Occidental", "WSDT"};
String ChST[] = new String[] {"Hora est\u00e1ndar de Chamorro", "ChST",
"Hora de verano de Chamorro", "ChDT"};
String VICTORIA[] = new String[] {"Hora est\u00e1ndar del Este (Victoria)", "EST",
@@ -511,6 +513,7 @@
"Hora de verano de Tajikist\u00e1n", "TJST"}},
{"Asia/Gaza", EET},
{"Asia/Harbin", CTT},
+ {"Asia/Hebron", EET},
{"Asia/Ho_Chi_Minh", ICT},
{"Asia/Hong_Kong", HKT},
{"Asia/Hovd", new String[] {"Hora de Hovd", "HOVT",
@@ -674,9 +677,8 @@
{"Europe/Isle_of_Man", GMTBST},
{"Europe/Istanbul", EET},
{"Europe/Jersey", GMTBST},
- {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
- "Kaliningrad Summer Time", "KALST"}},
- {"Europe/Kiev", EET},
+ {"Europe/Kaliningrad", FET},
+ {"Europe/Kiev", FET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
@@ -684,7 +686,7 @@
{"Europe/Madrid", CET},
{"Europe/Malta", CET},
{"Europe/Mariehamn", EET},
- {"Europe/Minsk", EET},
+ {"Europe/Minsk", FET},
{"Europe/Monaco", CET},
{"Europe/Moscow", MSK},
{"Europe/Nicosia", EET},
@@ -697,14 +699,14 @@
"Hora de verano de Samara", "SAMST"}},
{"Europe/San_Marino", CET},
{"Europe/Sarajevo", CET},
- {"Europe/Simferopol", EET},
+ {"Europe/Simferopol", FET},
{"Europe/Skopje", CET},
{"Europe/Sofia", EET},
{"Europe/Stockholm", CET},
{"Europe/Tallinn", EET},
{"Europe/Tirane", CET},
{"Europe/Tiraspol", EET},
- {"Europe/Uzhgorod", EET},
+ {"Europe/Uzhgorod", FET},
{"Europe/Vaduz", CET},
{"Europe/Vatican", CET},
{"Europe/Vienna", CET},
@@ -713,7 +715,7 @@
"Hora de verano de Volgogrado", "VOLST"}},
{"Europe/Warsaw", CET},
{"Europe/Zagreb", CET},
- {"Europe/Zaporozhye", EET},
+ {"Europe/Zaporozhye", FET},
{"Europe/Zurich", CET},
{"GB", GMTBST},
{"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_fr.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_fr.java Wed Jul 05 17:54:07 2017 +0200
@@ -103,6 +103,8 @@
"Heure avanc\u00e9e de l'Est", "EDT"} ;
String EST_NSW[] = new String[] {"Heure normale de l'Est (Nouvelle-Galles du Sud)", "EST",
"Heure d'\u00e9t\u00e9 de l'Est (Nouvelle-Galles du Sud)", "EST"} ;
+ String FET[] = new String[] {"Further-eastern European Time", "FET",
+ "Further-eastern European Summer Time", "FEST"};
String GHMT[] = new String[] {"Heure du Ghana", "GMT",
"Heure d'\u00e9t\u00e9 du Ghana", "GHST"};
String GAMBIER[] = new String[] {"Heure de Gambi", "GAMT",
@@ -186,7 +188,7 @@
String SAMOA[] = new String[] {"Heure standard de Samoa", "SST",
"Heure avanc\u00e9e de Samoa", "SDT"};
String WST_SAMOA[] = new String[] {"Heure des Samoas occidentales", "WST",
- "Heure d'\u00e9t\u00e9 des Samoas occidentales", "WSST"} ;
+ "Heure d'\u00e9t\u00e9 des Samoas occidentales", "WSDT"} ;
String ChST[] = new String[] {"Heure normale des \u00eeles Mariannes", "ChST",
"Heure d'\u00e9t\u00e9 des \u00eeles Mariannes", "ChDT"};
String VICTORIA[] = new String[] {"Heure standard d'Australie orientale (Victoria)", "EST",
@@ -511,6 +513,7 @@
"Heure d'\u00e9t\u00e9 du Tadjikistan", "TJST"}},
{"Asia/Gaza", EET},
{"Asia/Harbin", CTT},
+ {"Asia/Hebron", EET},
{"Asia/Ho_Chi_Minh", ICT},
{"Asia/Hong_Kong", HKT},
{"Asia/Hovd", new String[] {"Heure de Hovd", "HOVT",
@@ -674,9 +677,8 @@
{"Europe/Isle_of_Man", GMTBST},
{"Europe/Istanbul", EET},
{"Europe/Jersey", GMTBST},
- {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
- "Kaliningrad Summer Time", "KALST"}},
- {"Europe/Kiev", EET},
+ {"Europe/Kaliningrad", FET},
+ {"Europe/Kiev", FET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
@@ -684,7 +686,7 @@
{"Europe/Madrid", CET},
{"Europe/Malta", CET},
{"Europe/Mariehamn", EET},
- {"Europe/Minsk", EET},
+ {"Europe/Minsk", FET},
{"Europe/Monaco", CET},
{"Europe/Moscow", MSK},
{"Europe/Nicosia", EET},
@@ -697,14 +699,14 @@
"Heure d'\u00e9t\u00e9 de Samara", "SAMST"}},
{"Europe/San_Marino", CET},
{"Europe/Sarajevo", CET},
- {"Europe/Simferopol", EET},
+ {"Europe/Simferopol", FET},
{"Europe/Skopje", CET},
{"Europe/Sofia", EET},
{"Europe/Stockholm", CET},
{"Europe/Tallinn", EET},
{"Europe/Tirane", CET},
{"Europe/Tiraspol", EET},
- {"Europe/Uzhgorod", EET},
+ {"Europe/Uzhgorod", FET},
{"Europe/Vaduz", CET},
{"Europe/Vatican", CET},
{"Europe/Vienna", CET},
@@ -713,7 +715,7 @@
"Heure d'\u00e9t\u00e9 de Volgograd", "VOLST"}},
{"Europe/Warsaw", CET},
{"Europe/Zagreb", CET},
- {"Europe/Zaporozhye", EET},
+ {"Europe/Zaporozhye", FET},
{"Europe/Zurich", CET},
{"GB", GMTBST},
{"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_it.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_it.java Wed Jul 05 17:54:07 2017 +0200
@@ -103,6 +103,8 @@
"Ora legale USA orientale", "EDT"};
String EST_NSW[] = new String[] {"Ora solare dell'Australia orientale (Nuovo Galles del Sud)", "EST",
"Ora estiva dell'Australia orientale (Nuovo Galles del Sud)", "EST"};
+ String FET[] = new String[] {"Further-eastern European Time", "FET",
+ "Further-eastern European Summer Time", "FEST"};
String GHMT[] = new String[] {"Ora media del Ghana", "GMT",
"Ora legale del Ghana", "GHST"};
String GAMBIER[] = new String[] {"Ora di Gambier", "GAMT",
@@ -186,7 +188,7 @@
String SAMOA[] = new String[] {"Ora standard di Samoa", "SST",
"Ora legale di Samoa", "SDT"};
String WST_SAMOA[] = new String[] {"Ora di Samoa", "WST",
- "Ora estiva di Samoa", "WSST"};
+ "Ora estiva di Samoa", "WSDT"};
String ChST[] = new String[] {"Ora standard di Chamorro", "ChST",
"Ora legale di Chamorro", "ChDT"};
String VICTORIA[] = new String[] {"Ora orientale standard (Victoria)", "EST",
@@ -511,6 +513,7 @@
"Ora estiva del Tagikistan", "TJST"}},
{"Asia/Gaza", EET},
{"Asia/Harbin", CTT},
+ {"Asia/Hebron", EET},
{"Asia/Ho_Chi_Minh", ICT},
{"Asia/Hong_Kong", HKT},
{"Asia/Hovd", new String[] {"Ora di Hovd", "HOVT",
@@ -674,9 +677,8 @@
{"Europe/Isle_of_Man", GMTBST},
{"Europe/Istanbul", EET},
{"Europe/Jersey", GMTBST},
- {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
- "Kaliningrad Summer Time", "KALST"}},
- {"Europe/Kiev", EET},
+ {"Europe/Kaliningrad", FET},
+ {"Europe/Kiev", FET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
@@ -684,7 +686,7 @@
{"Europe/Madrid", CET},
{"Europe/Malta", CET},
{"Europe/Mariehamn", EET},
- {"Europe/Minsk", EET},
+ {"Europe/Minsk", FET},
{"Europe/Monaco", CET},
{"Europe/Moscow", MSK},
{"Europe/Nicosia", EET},
@@ -697,14 +699,14 @@
"Ora estiva di Samara", "SAMST"}},
{"Europe/San_Marino", CET},
{"Europe/Sarajevo", CET},
- {"Europe/Simferopol", EET},
+ {"Europe/Simferopol", FET},
{"Europe/Skopje", CET},
{"Europe/Sofia", EET},
{"Europe/Stockholm", CET},
{"Europe/Tallinn", EET},
{"Europe/Tirane", CET},
{"Europe/Tiraspol", EET},
- {"Europe/Uzhgorod", EET},
+ {"Europe/Uzhgorod", FET},
{"Europe/Vaduz", CET},
{"Europe/Vatican", CET},
{"Europe/Vienna", CET},
@@ -713,7 +715,7 @@
"Ora estiva di Volgograd", "VOLST"}},
{"Europe/Warsaw", CET},
{"Europe/Zagreb", CET},
- {"Europe/Zaporozhye", EET},
+ {"Europe/Zaporozhye", FET},
{"Europe/Zurich", CET},
{"GB", GMTBST},
{"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ja.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ja.java Wed Jul 05 17:54:07 2017 +0200
@@ -103,6 +103,8 @@
"\u6771\u90e8\u590f\u6642\u9593", "EDT"};
String EST_NSW[] = new String[] {"\u6771\u90e8\u6a19\u6e96\u6642 (\u30cb\u30e5\u30fc\u30b5\u30a6\u30b9\u30a6\u30a7\u30fc\u30eb\u30ba)", "EST",
"\u6771\u90e8\u590f\u6642\u9593 (\u30cb\u30e5\u30fc\u30b5\u30a6\u30b9\u30a6\u30a7\u30fc\u30eb\u30ba)", "EST"};
+ String FET[] = new String[] {"Further-eastern European Time", "FET",
+ "Further-eastern European Summer Time", "FEST"};
String GHMT[] = new String[] {"\u30ac\u30fc\u30ca\u6a19\u6e96\u6642", "GMT",
"\u30ac\u30fc\u30ca\u590f\u6642\u9593", "GHST"};
String GAMBIER[] = new String[] {"\u30ac\u30f3\u30d3\u30a2\u6642\u9593", "GAMT",
@@ -186,7 +188,7 @@
String SAMOA[] = new String[] {"\u30b5\u30e2\u30a2\u6a19\u6e96\u6642", "SST",
"\u30b5\u30e2\u30a2\u590f\u6642\u9593", "SDT"};
String WST_SAMOA[] = new String[] {"\u897f\u30b5\u30e2\u30a2\u6642\u9593", "WST",
- "\u897f\u30b5\u30e2\u30a2\u590f\u6642\u9593", "WSST"};
+ "\u897f\u30b5\u30e2\u30a2\u590f\u6642\u9593", "WSDT"};
String ChST[] = new String[] {"\u30b0\u30a2\u30e0\u6a19\u6e96\u6642", "ChST",
"\u30b0\u30a2\u30e0\u590f\u6642\u9593", "ChDT"};
String VICTORIA[] = new String[] {"\u6771\u90e8\u6a19\u6e96\u6642 (\u30d3\u30af\u30c8\u30ea\u30a2)", "EST",
@@ -511,6 +513,7 @@
"\u30bf\u30b8\u30ad\u30b9\u30bf\u30f3\u590f\u6642\u9593", "TJST"}},
{"Asia/Gaza", EET},
{"Asia/Harbin", CTT},
+ {"Asia/Hebron", EET},
{"Asia/Ho_Chi_Minh", ICT},
{"Asia/Hong_Kong", HKT},
{"Asia/Hovd", new String[] {"\u30db\u30d6\u30c9\u6642\u9593", "HOVT",
@@ -674,9 +677,8 @@
{"Europe/Isle_of_Man", GMTBST},
{"Europe/Istanbul", EET},
{"Europe/Jersey", GMTBST},
- {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
- "Kaliningrad Summer Time", "KALST"}},
- {"Europe/Kiev", EET},
+ {"Europe/Kaliningrad", FET},
+ {"Europe/Kiev", FET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
@@ -684,7 +686,7 @@
{"Europe/Madrid", CET},
{"Europe/Malta", CET},
{"Europe/Mariehamn", EET},
- {"Europe/Minsk", EET},
+ {"Europe/Minsk", FET},
{"Europe/Monaco", CET},
{"Europe/Moscow", MSK},
{"Europe/Nicosia", EET},
@@ -697,14 +699,14 @@
"\u30b5\u30de\u30e9\u590f\u6642\u9593", "SAMST"}},
{"Europe/San_Marino", CET},
{"Europe/Sarajevo", CET},
- {"Europe/Simferopol", EET},
+ {"Europe/Simferopol", FET},
{"Europe/Skopje", CET},
{"Europe/Sofia", EET},
{"Europe/Stockholm", CET},
{"Europe/Tallinn", EET},
{"Europe/Tirane", CET},
{"Europe/Tiraspol", EET},
- {"Europe/Uzhgorod", EET},
+ {"Europe/Uzhgorod", FET},
{"Europe/Vaduz", CET},
{"Europe/Vatican", CET},
{"Europe/Vienna", CET},
@@ -713,7 +715,7 @@
"\u30dc\u30eb\u30b4\u30b0\u30e9\u30fc\u30c9\u590f\u6642\u9593", "VOLST"}},
{"Europe/Warsaw", CET},
{"Europe/Zagreb", CET},
- {"Europe/Zaporozhye", EET},
+ {"Europe/Zaporozhye", FET},
{"Europe/Zurich", CET},
{"GB", GMTBST},
{"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ko.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ko.java Wed Jul 05 17:54:07 2017 +0200
@@ -103,6 +103,8 @@
"\ub3d9\ubd80 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "EDT"};
String EST_NSW[] = new String[] {"\ub3d9\ubd80 \ud45c\uc900\uc2dc(\ub274 \uc0ac\uc6b0\uc2a4 \uc6e8\uc77c\uc988)", "EST",
"\ub3d9\ubd80 \uc77c\uad11\uc808\uc57d\uc2dc\uac04(\ub274 \uc0ac\uc6b0\uc2a4 \uc6e8\uc77c\uc988)", "EST"};
+ String FET[] = new String[] {"Further-eastern European Time", "FET",
+ "Further-eastern European Summer Time", "FEST"};
String GHMT[] = new String[] {"\uac00\ub098 \ud45c\uc900\uc2dc", "GMT",
"\uac00\ub098 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "GHST"};
String GAMBIER[] = new String[] {"\uac10\ube44\uc544 \uc2dc\uac04", "GAMT",
@@ -186,7 +188,7 @@
String SAMOA[] = new String[] {"\uc0ac\ubaa8\uc544 \ud45c\uc900\uc2dc", "SST",
"\uc0ac\ubaa8\uc544 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "SDT"};
String WST_SAMOA[] = new String[] {"\uc11c\uc0ac\ubaa8\uc544 \uc2dc\uac04", "WST",
- "\uc11c\uc0ac\ubaa8\uc544 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "WSST"};
+ "\uc11c\uc0ac\ubaa8\uc544 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "WSDT"};
String ChST[] = new String[] {"\ucc28\ubaa8\ub85c \ud45c\uc900\uc2dc", "ChST",
"\ucc28\ubaa8\ub85c \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "ChDT"};
String VICTORIA[] = new String[] {"\ub3d9\ubd80 \ud45c\uc900\uc2dc(\ube45\ud1a0\ub9ac\uc544)", "EST",
@@ -511,6 +513,7 @@
"\ud0c0\uc9c0\ud0a4\uc2a4\ud0c4 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "TJST"}},
{"Asia/Gaza", EET},
{"Asia/Harbin", CTT},
+ {"Asia/Hebron", EET},
{"Asia/Ho_Chi_Minh", ICT},
{"Asia/Hong_Kong", HKT},
{"Asia/Hovd", new String[] {"Hovd \uc2dc\uac04", "HOVT",
@@ -674,9 +677,8 @@
{"Europe/Isle_of_Man", GMTBST},
{"Europe/Istanbul", EET},
{"Europe/Jersey", GMTBST},
- {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
- "Kaliningrad Summer Time", "KALST"}},
- {"Europe/Kiev", EET},
+ {"Europe/Kaliningrad", FET},
+ {"Europe/Kiev", FET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
@@ -684,7 +686,7 @@
{"Europe/Madrid", CET},
{"Europe/Malta", CET},
{"Europe/Mariehamn", EET},
- {"Europe/Minsk", EET},
+ {"Europe/Minsk", FET},
{"Europe/Monaco", CET},
{"Europe/Moscow", MSK},
{"Europe/Nicosia", EET},
@@ -697,14 +699,14 @@
"\uc0ac\ub9c8\ub77c \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "SAMST"}},
{"Europe/San_Marino", CET},
{"Europe/Sarajevo", CET},
- {"Europe/Simferopol", EET},
+ {"Europe/Simferopol", FET},
{"Europe/Skopje", CET},
{"Europe/Sofia", EET},
{"Europe/Stockholm", CET},
{"Europe/Tallinn", EET},
{"Europe/Tirane", CET},
{"Europe/Tiraspol", EET},
- {"Europe/Uzhgorod", EET},
+ {"Europe/Uzhgorod", FET},
{"Europe/Vaduz", CET},
{"Europe/Vatican", CET},
{"Europe/Vienna", CET},
@@ -713,7 +715,7 @@
"\ubcfc\uace0\uadf8\ub77c\ub4dc \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "VOLST"}},
{"Europe/Warsaw", CET},
{"Europe/Zagreb", CET},
- {"Europe/Zaporozhye", EET},
+ {"Europe/Zaporozhye", FET},
{"Europe/Zurich", CET},
{"GB", GMTBST},
{"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java Wed Jul 05 17:54:07 2017 +0200
@@ -101,6 +101,8 @@
"Hor\u00e1rio de luz natural oriental", "EDT"};
String EST_NSW[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o oriental (Nova Gales do Sul)", "EST",
"Fuso hor\u00e1rio de ver\u00e3o oriental (Nova Gales do Sul)", "EST"};
+ String FET[] = new String[] {"Further-eastern European Time", "FET",
+ "Further-eastern European Summer Time", "FEST"};
String GHMT[] = new String[] {"Fuso hor\u00e1rio do meridiano de Gana", "GMT",
"Fuso hor\u00e1rio de ver\u00e3o de Gana", "GHST"};
String GAMBIER[] = new String[] {"Fuso hor\u00e1rio de Gambier", "GAMT",
@@ -184,7 +186,7 @@
String SAMOA[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o de Samoa", "SST",
"Hor\u00e1rio de luz natural de Samoa", "SDT"};
String WST_SAMOA[] = new String[] {"Fuso hor\u00e1rio de Samoa Ocidental", "WST",
- "Fuso hor\u00e1rio de ver\u00e3o de Samoa Ocidental", "WSST"};
+ "Fuso hor\u00e1rio de ver\u00e3o de Samoa Ocidental", "WSDT"};
String ChST[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o de Chamorro", "ChST",
"Hor\u00e1rio de luz natural de Chamorro", "ChDT"};
String VICTORIA[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o oriental (Victoria)", "EST",
@@ -511,6 +513,7 @@
"Fuso hor\u00e1rio de ver\u00e3o do Tadjiquist\u00e3o", "TJST"}},
{"Asia/Gaza", EET},
{"Asia/Harbin", CTT},
+ {"Asia/Hebron", EET},
{"Asia/Ho_Chi_Minh", ICT},
{"Asia/Hong_Kong", HKT},
{"Asia/Hovd", new String[] {"Fuso hor\u00e1rio de Hovd", "HOVT",
@@ -674,9 +677,8 @@
{"Europe/Isle_of_Man", GMTBST},
{"Europe/Istanbul", EET},
{"Europe/Jersey", GMTBST},
- {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
- "Kaliningrad Summer Time", "KALST"}},
- {"Europe/Kiev", EET},
+ {"Europe/Kaliningrad", FET},
+ {"Europe/Kiev", FET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
@@ -684,7 +686,7 @@
{"Europe/Madrid", CET},
{"Europe/Malta", CET},
{"Europe/Mariehamn", EET},
- {"Europe/Minsk", EET},
+ {"Europe/Minsk", FET},
{"Europe/Monaco", CET},
{"Europe/Moscow", MSK},
{"Europe/Nicosia", EET},
@@ -697,14 +699,14 @@
"Fuso hor\u00e1rio de ver\u00e3o de Samara", "SAMST"}},
{"Europe/San_Marino", CET},
{"Europe/Sarajevo", CET},
- {"Europe/Simferopol", EET},
+ {"Europe/Simferopol", FET},
{"Europe/Skopje", CET},
{"Europe/Sofia", EET},
{"Europe/Stockholm", CET},
{"Europe/Tallinn", EET},
{"Europe/Tirane", CET},
{"Europe/Tiraspol", EET},
- {"Europe/Uzhgorod", EET},
+ {"Europe/Uzhgorod", FET},
{"Europe/Vaduz", CET},
{"Europe/Vatican", CET},
{"Europe/Vienna", CET},
@@ -713,7 +715,7 @@
"Fuso hor\u00e1rio de ver\u00e3o de Volgogrado", "VOLST"}},
{"Europe/Warsaw", CET},
{"Europe/Zagreb", CET},
- {"Europe/Zaporozhye", EET},
+ {"Europe/Zaporozhye", FET},
{"Europe/Zurich", CET},
{"GB", GMTBST},
{"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_sv.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_sv.java Wed Jul 05 17:54:07 2017 +0200
@@ -103,6 +103,8 @@
"Eastern, sommartid", "EDT"};
String EST_NSW[] = new String[] {"Eastern, normaltid (Nya Sydwales)", "EST",
"Eastern, sommartid (Nya Sydwales)", "EST"};
+ String FET[] = new String[] {"Further-eastern European Time", "FET",
+ "Further-eastern European Summer Time", "FEST"};
String GHMT[] = new String[] {"Ghana, normaltid", "GMT",
"Ghana, sommartid", "GHST"};
String GAMBIER[] = new String[] {"Gambier, normaltid", "GAMT",
@@ -186,7 +188,7 @@
String SAMOA[] = new String[] {"Samoa, normaltid", "SST",
"Samoa, sommartid", "SDT"};
String WST_SAMOA[] = new String[] {"V\u00e4stsamoansk tid", "WST",
- "V\u00e4stsamoansk sommartid", "WSST"};
+ "V\u00e4stsamoansk sommartid", "WSDT"};
String ChST[] = new String[] {"Chamorro, normaltid", "ChST",
"Chamorro, sommartid", "ChDT"};
String VICTORIA[] = new String[] {"\u00d6stlig normaltid (Victoria)", "EST",
@@ -511,6 +513,7 @@
"Tadzjikistan, sommartid", "TJST"}},
{"Asia/Gaza", EET},
{"Asia/Harbin", CTT},
+ {"Asia/Hebron", EET},
{"Asia/Ho_Chi_Minh", ICT},
{"Asia/Hong_Kong", HKT},
{"Asia/Hovd", new String[] {"Hovd, normaltid", "HOVT",
@@ -674,9 +677,8 @@
{"Europe/Isle_of_Man", GMTBST},
{"Europe/Istanbul", EET},
{"Europe/Jersey", GMTBST},
- {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
- "Kaliningrad Summer Time", "KALST"}},
- {"Europe/Kiev", EET},
+ {"Europe/Kaliningrad", FET},
+ {"Europe/Kiev", FET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
@@ -684,7 +686,7 @@
{"Europe/Madrid", CET},
{"Europe/Malta", CET},
{"Europe/Mariehamn", EET},
- {"Europe/Minsk", EET},
+ {"Europe/Minsk", FET},
{"Europe/Monaco", CET},
{"Europe/Moscow", MSK},
{"Europe/Nicosia", EET},
@@ -697,14 +699,14 @@
"Samara, sommartid", "SAMST"}},
{"Europe/San_Marino", CET},
{"Europe/Sarajevo", CET},
- {"Europe/Simferopol", EET},
+ {"Europe/Simferopol", FET},
{"Europe/Skopje", CET},
{"Europe/Sofia", EET},
{"Europe/Stockholm", CET},
{"Europe/Tallinn", EET},
{"Europe/Tirane", CET},
{"Europe/Tiraspol", EET},
- {"Europe/Uzhgorod", EET},
+ {"Europe/Uzhgorod", FET},
{"Europe/Vaduz", CET},
{"Europe/Vatican", CET},
{"Europe/Vienna", CET},
@@ -713,7 +715,7 @@
"Volgograd, sommartid", "VOLST"}},
{"Europe/Warsaw", CET},
{"Europe/Zagreb", CET},
- {"Europe/Zaporozhye", EET},
+ {"Europe/Zaporozhye", FET},
{"Europe/Zurich", CET},
{"GB", GMTBST},
{"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java Wed Jul 05 17:54:07 2017 +0200
@@ -103,6 +103,8 @@
"\u4e1c\u90e8\u590f\u4ee4\u65f6", "EDT"};
String EST_NSW[] = new String[] {"\u4e1c\u90e8\u6807\u51c6\u65f6\u95f4\uff08\u65b0\u5357\u5a01\u5c14\u65af\uff09", "EST",
"\u4e1c\u90e8\u590f\u4ee4\u65f6\uff08\u65b0\u5357\u5a01\u5c14\u65af\uff09", "EST"};
+ String FET[] = new String[] {"Further-eastern European Time", "FET",
+ "Further-eastern European Summer Time", "FEST"};
String GHMT[] = new String[] {"\u52a0\u7eb3\u65f6\u95f4", "GMT",
"\u52a0\u7eb3\u590f\u4ee4\u65f6", "GHST"};
String GAMBIER[] = new String[] {"\u5188\u6bd4\u4e9a\u65f6\u95f4", "GAMT",
@@ -186,7 +188,7 @@
String SAMOA[] = new String[] {"\u8428\u6469\u4e9a\u7fa4\u5c9b\u6807\u51c6\u65f6\u95f4", "SST",
"\u8428\u6469\u4e9a\u7fa4\u5c9b\u590f\u4ee4\u65f6", "SDT"};
String WST_SAMOA[] = new String[] {"\u897f\u8428\u6469\u4e9a\u65f6\u95f4", "WST",
- "\u897f\u8428\u6469\u4e9a\u590f\u4ee4\u65f6", "WSST"};
+ "\u897f\u8428\u6469\u4e9a\u590f\u4ee4\u65f6", "WSDT"};
String ChST[] = new String[] {"Chamorro \u6807\u51c6\u65f6\u95f4", "ChST",
"Chamorro \u590f\u4ee4\u65f6", "ChDT"};
String VICTORIA[] = new String[] {"\u4e1c\u90e8\u6807\u51c6\u65f6\u95f4\uff08\u7ef4\u591a\u5229\u4e9a\uff09", "EST",
@@ -511,6 +513,7 @@
"\u5854\u5409\u514b\u65af\u5766\u590f\u4ee4\u65f6", "TJST"}},
{"Asia/Gaza", EET},
{"Asia/Harbin", CTT},
+ {"Asia/Hebron", EET},
{"Asia/Ho_Chi_Minh", ICT},
{"Asia/Hong_Kong", HKT},
{"Asia/Hovd", new String[] {"\u79d1\u5e03\u591a\u65f6\u95f4", "HOVT",
@@ -674,9 +677,8 @@
{"Europe/Isle_of_Man", GMTBST},
{"Europe/Istanbul", EET},
{"Europe/Jersey", GMTBST},
- {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
- "Kaliningrad Summer Time", "KALST"}},
- {"Europe/Kiev", EET},
+ {"Europe/Kaliningrad", FET},
+ {"Europe/Kiev", FET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
@@ -684,7 +686,7 @@
{"Europe/Madrid", CET},
{"Europe/Malta", CET},
{"Europe/Mariehamn", EET},
- {"Europe/Minsk", EET},
+ {"Europe/Minsk", FET},
{"Europe/Monaco", CET},
{"Europe/Moscow", MSK},
{"Europe/Nicosia", EET},
@@ -697,14 +699,14 @@
"\u6c99\u9a6c\u62c9\u590f\u4ee4\u65f6", "SAMST"}},
{"Europe/San_Marino", CET},
{"Europe/Sarajevo", CET},
- {"Europe/Simferopol", EET},
+ {"Europe/Simferopol", FET},
{"Europe/Skopje", CET},
{"Europe/Sofia", EET},
{"Europe/Stockholm", CET},
{"Europe/Tallinn", EET},
{"Europe/Tirane", CET},
{"Europe/Tiraspol", EET},
- {"Europe/Uzhgorod", EET},
+ {"Europe/Uzhgorod", FET},
{"Europe/Vaduz", CET},
{"Europe/Vatican", CET},
{"Europe/Vienna", CET},
@@ -713,7 +715,7 @@
"\u4f0f\u5c14\u52a0\u683c\u52d2\u590f\u4ee4\u65f6", "VOLST"}},
{"Europe/Warsaw", CET},
{"Europe/Zagreb", CET},
- {"Europe/Zaporozhye", EET},
+ {"Europe/Zaporozhye", FET},
{"Europe/Zurich", CET},
{"GB", GMTBST},
{"GB-Eire", GMTBST},
--- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java Wed Jul 05 17:54:07 2017 +0200
@@ -103,6 +103,8 @@
"\u6771\u65b9\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "EDT"};
String EST_NSW[] = new String[] {"\u6771\u65b9\u6a19\u6e96\u6642\u9593 (\u65b0\u5357\u5a01\u723e\u65af)", "EST",
"\u6771\u65b9\u590f\u4ee4\u6642\u9593 (\u65b0\u5357\u5a01\u723e\u65af)", "EST"};
+ String FET[] = new String[] {"Further-eastern European Time", "FET",
+ "Further-eastern European Summer Time", "FEST"};
String GHMT[] = new String[] {"\u8fe6\u7d0d\u5e73\u5747\u6642\u9593", "GMT",
"\u8fe6\u7d0d\u590f\u4ee4\u6642\u9593", "GHST"};
String GAMBIER[] = new String[] {"\u7518\u6bd4\u723e\u6642\u9593", "GAMT",
@@ -186,7 +188,7 @@
String SAMOA[] = new String[] {"\u85a9\u6469\u4e9e\u6a19\u6e96\u6642\u9593", "SST",
"\u85a9\u6469\u4e9e\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "SDT"};
String WST_SAMOA[] = new String[] {"\u897f\u85a9\u6469\u4e9e\u6642\u9593", "WST",
- "\u897f\u85a9\u6469\u4e9e\u590f\u4ee4\u6642\u9593", "WSST"};
+ "\u897f\u85a9\u6469\u4e9e\u590f\u4ee4\u6642\u9593", "WSDT"};
String ChST[] = new String[] {"\u67e5\u83ab\u6d1b\u6a19\u6e96\u6642\u9593", "ChST",
"\u67e5\u83ab\u6d1b\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "ChDT"};
String VICTORIA[] = new String[] {"\u6771\u90e8\u6a19\u6e96\u6642\u9593 (\u7dad\u591a\u5229\u4e9e\u90a6)", "EST",
@@ -511,6 +513,7 @@
"\u5854\u5409\u514b\u590f\u4ee4\u6642\u9593", "TJST"}},
{"Asia/Gaza", EET},
{"Asia/Harbin", CTT},
+ {"Asia/Hebron", EET},
{"Asia/Ho_Chi_Minh", ICT},
{"Asia/Hong_Kong", HKT},
{"Asia/Hovd", new String[] {"\u4faf\u5fb7 (Hovd) \u6642\u9593", "HOVT",
@@ -675,9 +678,8 @@
{"Europe/Isle_of_Man", GMTBST},
{"Europe/Istanbul", EET},
{"Europe/Jersey", GMTBST},
- {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
- "Kaliningrad Summer Time", "KALST"}},
- {"Europe/Kiev", EET},
+ {"Europe/Kaliningrad", FET},
+ {"Europe/Kiev", FET},
{"Europe/Lisbon", WET},
{"Europe/Ljubljana", CET},
{"Europe/London", GMTBST},
@@ -685,7 +687,7 @@
{"Europe/Madrid", CET},
{"Europe/Malta", CET},
{"Europe/Mariehamn", EET},
- {"Europe/Minsk", EET},
+ {"Europe/Minsk", FET},
{"Europe/Monaco", CET},
{"Europe/Moscow", MSK},
{"Europe/Nicosia", EET},
@@ -698,14 +700,14 @@
"\u6c99\u99ac\u62c9\u590f\u4ee4\u6642\u9593", "SAMST"}},
{"Europe/San_Marino", CET},
{"Europe/Sarajevo", CET},
- {"Europe/Simferopol", EET},
+ {"Europe/Simferopol", FET},
{"Europe/Skopje", CET},
{"Europe/Sofia", EET},
{"Europe/Stockholm", CET},
{"Europe/Tallinn", EET},
{"Europe/Tirane", CET},
{"Europe/Tiraspol", EET},
- {"Europe/Uzhgorod", EET},
+ {"Europe/Uzhgorod", FET},
{"Europe/Vaduz", CET},
{"Europe/Vatican", CET},
{"Europe/Vienna", CET},
@@ -714,7 +716,7 @@
"\u4f0f\u723e\u52a0\u683c\u52d2\u590f\u4ee4\u6642\u9593", "VOLST"}},
{"Europe/Warsaw", CET},
{"Europe/Zagreb", CET},
- {"Europe/Zaporozhye", EET},
+ {"Europe/Zaporozhye", FET},
{"Europe/Zurich", CET},
{"GB", GMTBST},
{"GB-Eire", GMTBST},
--- a/jdk/src/share/lib/security/sunpkcs11-solaris.cfg Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/lib/security/sunpkcs11-solaris.cfg Wed Jul 05 17:54:07 2017 +0200
@@ -11,6 +11,9 @@
handleStartupErrors = ignoreAll
+# Use the X9.63 encoding for EC points (do not wrap in an ASN.1 OctetString).
+useEcX963Encoding = true
+
attributes = compatibility
disabledMechanisms = {
--- a/jdk/src/share/native/java/io/ObjectInputStream.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/native/java/io/ObjectInputStream.c Wed Jul 05 17:54:07 2017 +0200
@@ -173,16 +173,3 @@
(*env)->ReleasePrimitiveArrayCritical(env, dst, doubles, 0);
}
-/*
- * Class: java_io_ObjectInputStream
- * Method: latestUserDefinedLoader
- * Signature: ()Ljava/lang/ClassLoader;
- *
- * Returns the first non-null class loader up the execution stack, or null
- * if only code from the null class loader is on the stack.
- */
-JNIEXPORT jobject JNICALL
-Java_java_io_ObjectInputStream_latestUserDefinedLoader(JNIEnv *env, jclass cls)
-{
- return JVM_LatestUserDefinedLoader(env);
-}
--- a/jdk/src/share/native/sun/misc/VM.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/native/sun/misc/VM.c Wed Jul 05 17:54:07 2017 +0200
@@ -111,6 +111,11 @@
get_thread_state_info(env, JAVA_THREAD_STATE_TERMINATED, values, names);
}
+JNIEXPORT jobject JNICALL
+Java_sun_misc_VM_latestUserDefinedLoader(JNIEnv *env, jclass cls) {
+ return JVM_LatestUserDefinedLoader(env);
+}
+
typedef void (JNICALL *GetJvmVersionInfo_fp)(JNIEnv*, jvm_version_info*, size_t);
JNIEXPORT void JNICALL
--- a/jdk/src/share/native/sun/rmi/server/MarshalInputStream.c Wed Jul 05 17:54:00 2017 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 2000, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-#include "jni.h"
-#include "jvm.h"
-#include "jni_util.h"
-
-#include "sun_rmi_server_MarshalInputStream.h"
-
-/*
- * Class: sun_rmi_server_MarshalInputStream
- * Method: latestUserDefinedLoader
- * Signature: ()Ljava/lang/ClassLoader;
- *
- * Returns the first non-null class loader up the execution stack, or null
- * if only code from the null class loader is on the stack.
- */
-JNIEXPORT jobject JNICALL
-Java_sun_rmi_server_MarshalInputStream_latestUserDefinedLoader(JNIEnv *env, jclass cls)
-{
- return JVM_LatestUserDefinedLoader(env);
-}
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c Wed Jul 05 17:54:07 2017 +0200
@@ -273,7 +273,7 @@
/* allocate memory for CK_VERSION pointer */
ckpVersion = (CK_VERSION_PTR) malloc(sizeof(CK_VERSION));
if (ckpVersion == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
ckpVersion->major = jByteToCKByte(jMajor);
@@ -326,7 +326,7 @@
/* allocate memory for CK_DATE pointer */
ckpDate = (CK_DATE *) malloc(sizeof(CK_DATE));
if (ckpDate == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
@@ -340,7 +340,7 @@
jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar));
if (jTempChars == NULL) {
free(ckpDate);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
(*env)->GetCharArrayRegion(env, jYear, 0, ckLength, jTempChars);
@@ -364,7 +364,7 @@
jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar));
if (jTempChars == NULL) {
free(ckpDate);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
(*env)->GetCharArrayRegion(env, jMonth, 0, ckLength, jTempChars);
@@ -388,7 +388,7 @@
jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar));
if (jTempChars == NULL) {
free(ckpDate);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
(*env)->GetCharArrayRegion(env, jDay, 0, ckLength, jTempChars);
@@ -558,7 +558,7 @@
if (ckParam.pulOutputLen == NULL) {
free(ckParam.pSeed);
free(ckParam.pLabel);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return ckParam;
}
jByteArrayToCKByteArray(env, jOutput, &(ckParam.pOutput), ckParam.pulOutputLen);
@@ -665,7 +665,7 @@
if (ckParam.pReturnedKeyMaterial == NULL) {
free(ckParam.RandomInfo.pClientRandom);
free(ckParam.RandomInfo.pServerRandom);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return ckParam;
}
@@ -1013,7 +1013,7 @@
ckpParam = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR) malloc(sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS));
if (ckpParam == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
@@ -1040,7 +1040,7 @@
ckpParam = (CK_SSL3_KEY_MAT_PARAMS_PTR) malloc(sizeof(CK_SSL3_KEY_MAT_PARAMS));
if (ckpParam == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
@@ -1067,7 +1067,7 @@
ckpParam = (CK_TLS_PRF_PARAMS_PTR) malloc(sizeof(CK_TLS_PRF_PARAMS));
if (ckpParam == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
@@ -1094,7 +1094,7 @@
ckpParam = (CK_AES_CTR_PARAMS_PTR) malloc(sizeof(CK_AES_CTR_PARAMS));
if (ckpParam == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
@@ -1121,7 +1121,7 @@
ckpParam = (CK_RSA_PKCS_OAEP_PARAMS_PTR) malloc(sizeof(CK_RSA_PKCS_OAEP_PARAMS));
if (ckpParam == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
@@ -1148,7 +1148,7 @@
ckpParam = (CK_PBE_PARAMS_PTR) malloc(sizeof(CK_PBE_PARAMS));
if (ckpParam == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
@@ -1175,7 +1175,7 @@
ckpParam = (CK_PKCS5_PBKD2_PARAMS_PTR) malloc(sizeof(CK_PKCS5_PBKD2_PARAMS));
if (ckpParam == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
@@ -1202,7 +1202,7 @@
ckpParam = (CK_RSA_PKCS_PSS_PARAMS_PTR) malloc(sizeof(CK_RSA_PKCS_PSS_PARAMS));
if (ckpParam == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
@@ -1229,7 +1229,7 @@
ckpParam = (CK_ECDH1_DERIVE_PARAMS_PTR) malloc(sizeof(CK_ECDH1_DERIVE_PARAMS));
if (ckpParam == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
@@ -1256,7 +1256,7 @@
ckpParam = (CK_ECDH2_DERIVE_PARAMS_PTR) malloc(sizeof(CK_ECDH2_DERIVE_PARAMS));
if (ckpParam == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
@@ -1283,7 +1283,7 @@
ckpParam = (CK_X9_42_DH1_DERIVE_PARAMS_PTR) malloc(sizeof(CK_X9_42_DH1_DERIVE_PARAMS));
if (ckpParam == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
@@ -1310,7 +1310,7 @@
ckpParam = (CK_X9_42_DH2_DERIVE_PARAMS_PTR) malloc(sizeof(CK_X9_42_DH2_DERIVE_PARAMS));
if (ckpParam == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c Wed Jul 05 17:54:07 2017 +0200
@@ -131,7 +131,7 @@
/* always use single part op, even for large data */
bufP = (CK_BYTE_PTR) malloc((size_t)jInLen);
if (bufP == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return 0;
}
}
@@ -190,7 +190,7 @@
bufLen = min(MAX_HEAP_BUFFER_LEN, jInLen);
bufP = (CK_BYTE_PTR) malloc((size_t)bufLen);
if (bufP == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
}
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_dual.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_dual.c Wed Jul 05 17:54:07 2017 +0200
@@ -92,7 +92,7 @@
ckpEncryptedPart = (CK_BYTE_PTR) malloc(ckEncryptedPartLength * sizeof(CK_BYTE));
if (ckpEncryptedPart == NULL) {
free(ckpPart);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
@@ -144,7 +144,7 @@
ckpPart = (CK_BYTE_PTR) malloc(ckPartLength * sizeof(CK_BYTE));
if (ckpPart == NULL) {
free(ckpEncryptedPart);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
@@ -196,7 +196,7 @@
ckpEncryptedPart = (CK_BYTE_PTR) malloc(ckEncryptedPartLength * sizeof(CK_BYTE));
if (ckpEncryptedPart == NULL) {
free(ckpPart);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
@@ -248,7 +248,7 @@
ckpPart = (CK_BYTE_PTR) malloc(ckPartLength * sizeof(CK_BYTE));
if (ckpPart == NULL) {
free(ckpEncryptedPart);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c Wed Jul 05 17:54:07 2017 +0200
@@ -71,7 +71,10 @@
jclass jByteArrayClass;
jclass jLongClass;
+JavaVM* jvm = NULL;
+
JNIEXPORT jint JNICALL JNI_OnLoad(JavaVM *vm, void *reserved) {
+ jvm = vm;
return JNI_VERSION_1_4;
}
@@ -351,7 +354,7 @@
ckpSlotList = (CK_SLOT_ID_PTR) malloc(ckTokenNumber * sizeof(CK_SLOT_ID));
if (ckpSlotList == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
@@ -652,7 +655,7 @@
ckpMechanismList = (CK_MECHANISM_TYPE_PTR)
malloc(ckMechanismNumber * sizeof(CK_MECHANISM_TYPE));
if (ckpMechanismList == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c Wed Jul 05 17:54:07 2017 +0200
@@ -165,7 +165,7 @@
if (ckMechanism.pParameter != NULL_PTR) {
free(ckMechanism.pParameter);
}
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
ckpPublicKeyHandle = ckpKeyHandles; /* first element of array is Public Key */
@@ -253,7 +253,7 @@
if (ckMechanism.pParameter != NULL_PTR) {
free(ckMechanism.pParameter);
}
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c Wed Jul 05 17:54:07 2017 +0200
@@ -92,7 +92,7 @@
/* convert the Java InitArgs object to a pointer to a CK_C_INITIALIZE_ARGS structure */
ckpInitArgs = (CK_C_INITIALIZE_ARGS_PTR) malloc(sizeof(CK_C_INITIALIZE_ARGS));
if (ckpInitArgs == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL_PTR;
}
@@ -141,7 +141,7 @@
ckpGlobalInitArgs = (CK_C_INITIALIZE_ARGS_PTR) malloc(sizeof(CK_C_INITIALIZE_ARGS));
if (ckpGlobalInitArgs == NULL) {
free(ckpInitArgs);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL_PTR;
}
@@ -178,9 +178,8 @@
*/
CK_RV callJCreateMutex(CK_VOID_PTR_PTR ppMutex)
{
- JavaVM *jvm;
+ extern JavaVM *jvm;
JNIEnv *env;
- jsize actualNumberVMs;
jint returnValue;
jthrowable pkcs11Exception;
jclass pkcs11ExceptionClass;
@@ -196,8 +195,7 @@
/* Get the currently running Java VM */
- returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs);
- if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ;} /* there is no VM running */
+ if (jvm == NULL) { return rv ;} /* there is no VM running */
/* Determine, if current thread is already attached */
returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2);
@@ -273,9 +271,8 @@
*/
CK_RV callJDestroyMutex(CK_VOID_PTR pMutex)
{
- JavaVM *jvm;
+ extern JavaVM *jvm;
JNIEnv *env;
- jsize actualNumberVMs;
jint returnValue;
jthrowable pkcs11Exception;
jclass pkcs11ExceptionClass;
@@ -291,8 +288,7 @@
/* Get the currently running Java VM */
- returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs);
- if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ; } /* there is no VM running */
+ if (jvm == NULL) { return rv ; } /* there is no VM running */
/* Determine, if current thread is already attached */
returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2);
@@ -367,9 +363,8 @@
*/
CK_RV callJLockMutex(CK_VOID_PTR pMutex)
{
- JavaVM *jvm;
+ extern JavaVM *jvm;
JNIEnv *env;
- jsize actualNumberVMs;
jint returnValue;
jthrowable pkcs11Exception;
jclass pkcs11ExceptionClass;
@@ -385,8 +380,7 @@
/* Get the currently running Java VM */
- returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs);
- if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ; } /* there is no VM running */
+ if (jvm == NULL) { return rv ; } /* there is no VM running */
/* Determine, if current thread is already attached */
returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2);
@@ -457,9 +451,8 @@
*/
CK_RV callJUnlockMutex(CK_VOID_PTR pMutex)
{
- JavaVM *jvm;
+ extern JavaVM *jvm;
JNIEnv *env;
- jsize actualNumberVMs;
jint returnValue;
jthrowable pkcs11Exception;
jclass pkcs11ExceptionClass;
@@ -475,8 +468,7 @@
/* Get the currently running Java VM */
- returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs);
- if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ; } /* there is no VM running */
+ if (jvm == NULL) { return rv ; } /* there is no VM running */
/* Determine, if current thread is already attached */
returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2);
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_objmgmt.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_objmgmt.c Wed Jul 05 17:54:07 2017 +0200
@@ -258,7 +258,7 @@
ckpAttributes[i].pValue = (void *) malloc(ckBufferLength);
if (ckpAttributes[i].pValue == NULL) {
freeCKAttributeArray(ckpAttributes, i);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
ckpAttributes[i].ulValueLen = ckBufferLength;
@@ -390,7 +390,7 @@
ckMaxObjectLength = jLongToCKULong(jMaxObjectCount);
ckpObjectHandleArray = (CK_OBJECT_HANDLE_PTR) malloc(sizeof(CK_OBJECT_HANDLE) * ckMaxObjectLength);
if (ckpObjectHandleArray == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c Wed Jul 05 17:54:07 2017 +0200
@@ -98,7 +98,7 @@
if (jNotify != NULL) {
notifyEncapsulation = (NotifyEncapsulation *) malloc(sizeof(NotifyEncapsulation));
if (notifyEncapsulation == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return 0L;
}
notifyEncapsulation->jApplicationData = (jApplication != NULL)
@@ -301,7 +301,7 @@
ckpState = (CK_BYTE_PTR) malloc(ckStateLength);
if (ckpState == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
@@ -435,7 +435,7 @@
newNode = (NotifyListNode *) malloc(sizeof(NotifyListNode));
if (newNode == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
newNode->hSession = hSession;
@@ -558,9 +558,8 @@
)
{
NotifyEncapsulation *notifyEncapsulation;
- JavaVM *jvm;
+ extern JavaVM *jvm;
JNIEnv *env;
- jsize actualNumberVMs;
jint returnValue;
jlong jSessionHandle;
jlong jEvent;
@@ -577,8 +576,7 @@
notifyEncapsulation = (NotifyEncapsulation *) pApplication;
/* Get the currently running Java VM */
- returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs);
- if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ; } /* there is no VM running */
+ if (jvm == NULL) { return rv ; } /* there is no VM running */
/* Determine, if current thread is already attached */
returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2);
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c Wed Jul 05 17:54:07 2017 +0200
@@ -132,7 +132,7 @@
ckpSignature = (CK_BYTE_PTR) malloc(ckSignatureLength * sizeof(CK_BYTE));
if (ckpSignature == NULL) {
free(ckpData);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
@@ -146,7 +146,7 @@
ckpSignature = (CK_BYTE_PTR) malloc(256 * sizeof(CK_BYTE));
if (ckpSignature == NULL) {
free(ckpData);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength);
@@ -156,7 +156,7 @@
ckpSignature = (CK_BYTE_PTR) malloc(ckSignatureLength * sizeof(CK_BYTE));
if (ckpSignature == NULL) {
free(ckpData);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength);
@@ -210,7 +210,7 @@
bufLen = min(MAX_HEAP_BUFFER_LEN, jInLen);
bufP = (CK_BYTE_PTR) malloc((size_t)bufLen);
if (bufP == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
}
@@ -270,7 +270,7 @@
if (rv == CKR_BUFFER_TOO_SMALL) {
bufP = (CK_BYTE_PTR) malloc(ckSignatureLength);
if (bufP == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
rv = (*ckpFunctions->C_SignFinal)(ckSessionHandle, bufP, &ckSignatureLength);
@@ -355,7 +355,7 @@
} else {
inBufP = (CK_BYTE_PTR) malloc((size_t)jInLen);
if (inBufP == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return 0;
}
}
@@ -373,7 +373,7 @@
if (inBufP != INBUF) {
free(inBufP);
}
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return 0;
}
rv = (*ckpFunctions->C_SignRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckSignatureLength);
@@ -508,7 +508,7 @@
bufLen = min(MAX_HEAP_BUFFER_LEN, jInLen);
bufP = (CK_BYTE_PTR) malloc((size_t)bufLen);
if (bufP == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
}
@@ -638,7 +638,7 @@
} else {
inBufP = (CK_BYTE_PTR) malloc((size_t)jInLen);
if (inBufP == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return 0;
}
}
@@ -656,7 +656,7 @@
outBufP = (CK_BYTE_PTR) malloc(ckDataLength);
if (outBufP == NULL) {
if (inBufP != INBUF) { free(inBufP); }
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return 0;
}
rv = (*ckpFunctions->C_VerifyRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckDataLength);
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_util.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_util.c Wed Jul 05 17:54:07 2017 +0200
@@ -213,28 +213,52 @@
return jErrorCode ;
}
+
/*
- * This function simply throws an IOException
- *
- * @param env Used to call JNI funktions and to get the Exception class.
- * @param message The message string of the Exception object.
+ * Throws a Java Exception by name
+ */
+void throwByName(JNIEnv *env, const char *name, const char *msg)
+{
+ jclass cls = (*env)->FindClass(env, name);
+
+ if (cls != 0) /* Otherwise an exception has already been thrown */
+ (*env)->ThrowNew(env, cls, msg);
+}
+
+/*
+ * Throws java.lang.OutOfMemoryError
*/
-void throwIOException(JNIEnv *env, const char *message)
+void throwOutOfMemoryError(JNIEnv *env, const char *msg)
+{
+ throwByName(env, "java/lang/OutOfMemoryError", msg);
+}
+
+/*
+ * Throws java.lang.NullPointerException
+ */
+void throwNullPointerException(JNIEnv *env, const char *msg)
{
- JNU_ThrowByName(env, CLASS_IO_EXCEPTION, message);
+ throwByName(env, "java/lang/NullPointerException", msg);
+}
+
+/*
+ * Throws java.io.IOException
+ */
+void throwIOException(JNIEnv *env, const char *msg)
+{
+ throwByName(env, "java/io/IOException", msg);
}
/*
* This function simply throws a PKCS#11RuntimeException with the given
- * string as its message. If the message is NULL, the exception is created
- * using the default constructor.
+ * string as its message.
*
* @param env Used to call JNI funktions and to get the Exception class.
* @param jmessage The message string of the Exception object.
*/
void throwPKCS11RuntimeException(JNIEnv *env, const char *message)
{
- JNU_ThrowByName(env, CLASS_PKCS11RUNTIMEEXCEPTION, message);
+ throwByName(env, CLASS_PKCS11RUNTIMEEXCEPTION, message);
}
/*
@@ -318,7 +342,7 @@
*ckpLength = (*env)->GetArrayLength(env, jArray);
jpTemp = (jboolean*) malloc((*ckpLength) * sizeof(jboolean));
if (jpTemp == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
(*env)->GetBooleanArrayRegion(env, jArray, 0, *ckpLength, jpTemp);
@@ -330,7 +354,7 @@
*ckpArray = (CK_BBOOL*) malloc ((*ckpLength) * sizeof(CK_BBOOL));
if (*ckpArray == NULL) {
free(jpTemp);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
for (i=0; i<(*ckpLength); i++) {
@@ -360,7 +384,7 @@
*ckpLength = (*env)->GetArrayLength(env, jArray);
jpTemp = (jbyte*) malloc((*ckpLength) * sizeof(jbyte));
if (jpTemp == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
(*env)->GetByteArrayRegion(env, jArray, 0, *ckpLength, jpTemp);
@@ -376,7 +400,7 @@
*ckpArray = (CK_BYTE_PTR) malloc ((*ckpLength) * sizeof(CK_BYTE));
if (*ckpArray == NULL) {
free(jpTemp);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
for (i=0; i<(*ckpLength); i++) {
@@ -407,7 +431,7 @@
*ckpLength = (*env)->GetArrayLength(env, jArray);
jTemp = (jlong*) malloc((*ckpLength) * sizeof(jlong));
if (jTemp == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
(*env)->GetLongArrayRegion(env, jArray, 0, *ckpLength, jTemp);
@@ -419,7 +443,7 @@
*ckpArray = (CK_ULONG_PTR) malloc (*ckpLength * sizeof(CK_ULONG));
if (*ckpArray == NULL) {
free(jTemp);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
for (i=0; i<(*ckpLength); i++) {
@@ -449,7 +473,7 @@
*ckpLength = (*env)->GetArrayLength(env, jArray);
jpTemp = (jchar*) malloc((*ckpLength) * sizeof(jchar));
if (jpTemp == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
(*env)->GetCharArrayRegion(env, jArray, 0, *ckpLength, jpTemp);
@@ -461,7 +485,7 @@
*ckpArray = (CK_CHAR_PTR) malloc (*ckpLength * sizeof(CK_CHAR));
if (*ckpArray == NULL) {
free(jpTemp);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
for (i=0; i<(*ckpLength); i++) {
@@ -491,7 +515,7 @@
*ckpLength = (*env)->GetArrayLength(env, jArray);
jTemp = (jchar*) malloc((*ckpLength) * sizeof(jchar));
if (jTemp == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
(*env)->GetCharArrayRegion(env, jArray, 0, *ckpLength, jTemp);
@@ -503,7 +527,7 @@
*ckpArray = (CK_UTF8CHAR_PTR) malloc (*ckpLength * sizeof(CK_UTF8CHAR));
if (*ckpArray == NULL) {
free(jTemp);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
for (i=0; i<(*ckpLength); i++) {
@@ -538,7 +562,7 @@
*ckpArray = (CK_UTF8CHAR_PTR) malloc((*ckpLength + 1) * sizeof(CK_UTF8CHAR));
if (*ckpArray == NULL) {
(*env)->ReleaseStringUTFChars(env, (jstring) jArray, pCharArray);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
strcpy((char*)*ckpArray, pCharArray);
@@ -571,7 +595,7 @@
*ckpLength = jLongToCKULong(jLength);
*ckpArray = (CK_ATTRIBUTE_PTR) malloc(*ckpLength * sizeof(CK_ATTRIBUTE));
if (*ckpArray == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
TRACE1(", converting %d attibutes", jLength);
@@ -613,7 +637,7 @@
} else {
jpTemp = (jbyte*) malloc((ckLength) * sizeof(jbyte));
if (jpTemp == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
for (i=0; i<ckLength; i++) {
@@ -647,7 +671,7 @@
jpTemp = (jlong*) malloc((ckLength) * sizeof(jlong));
if (jpTemp == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
for (i=0; i<ckLength; i++) {
@@ -678,7 +702,7 @@
jpTemp = (jchar*) malloc(ckLength * sizeof(jchar));
if (jpTemp == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
for (i=0; i<ckLength; i++) {
@@ -709,7 +733,7 @@
jpTemp = (jchar*) malloc(ckLength * sizeof(jchar));
if (jpTemp == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
for (i=0; i<ckLength; i++) {
@@ -812,7 +836,7 @@
jValue = (*env)->CallBooleanMethod(env, jObject, jValueMethod);
ckpValue = (CK_BBOOL *) malloc(sizeof(CK_BBOOL));
if (ckpValue == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
*ckpValue = jBooleanToCKBBool(jValue);
@@ -842,7 +866,7 @@
jValue = (*env)->CallByteMethod(env, jObject, jValueMethod);
ckpValue = (CK_BYTE_PTR) malloc(sizeof(CK_BYTE));
if (ckpValue == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
*ckpValue = jByteToCKByte(jValue);
@@ -871,7 +895,7 @@
jValue = (*env)->CallIntMethod(env, jObject, jValueMethod);
ckpValue = (CK_ULONG *) malloc(sizeof(CK_ULONG));
if (ckpValue == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
*ckpValue = jLongToCKLong(jValue);
@@ -900,7 +924,7 @@
jValue = (*env)->CallLongMethod(env, jObject, jValueMethod);
ckpValue = (CK_ULONG *) malloc(sizeof(CK_ULONG));
if (ckpValue == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
*ckpValue = jLongToCKULong(jValue);
@@ -930,7 +954,7 @@
jValue = (*env)->CallCharMethod(env, jObject, jValueMethod);
ckpValue = (CK_CHAR_PTR) malloc(sizeof(CK_CHAR));
if (ckpValue == NULL) {
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return NULL;
}
*ckpValue = jCharToCKChar(jValue);
@@ -1087,7 +1111,7 @@
malloc((strlen(exceptionMsgPrefix) + strlen(classNameString) + 1));
if (exceptionMsg == NULL) {
(*env)->ReleaseStringUTFChars(env, jClassNameString, classNameString);
- JNU_ThrowOutOfMemoryError(env, 0);
+ throwOutOfMemoryError(env, 0);
return;
}
strcpy(exceptionMsg, exceptionMsgPrefix);
--- a/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h Wed Jul 05 17:54:07 2017 +0200
@@ -228,7 +228,6 @@
#define CLASS_PKCS11EXCEPTION "sun/security/pkcs11/wrapper/PKCS11Exception"
#define CLASS_PKCS11RUNTIMEEXCEPTION "sun/security/pkcs11/wrapper/PKCS11RuntimeException"
#define CLASS_FILE_NOT_FOUND_EXCEPTION "java/io/FileNotFoundException"
-#define CLASS_IO_EXCEPTION "java/io/IOException"
#define CLASS_C_INITIALIZE_ARGS "sun/security/pkcs11/wrapper/CK_C_INITIALIZE_ARGS"
#define CLASS_CREATEMUTEX "sun/security/pkcs11/wrapper/CK_CREATEMUTEX"
#define CLASS_DESTROYMUTEX "sun/security/pkcs11/wrapper/CK_DESTROYMUTEX"
@@ -280,6 +279,8 @@
*/
jlong ckAssertReturnValueOK(JNIEnv *env, CK_RV returnValue);
+void throwOutOfMemoryError(JNIEnv *env, const char *message);
+void throwNullPointerException(JNIEnv *env, const char *message);
void throwIOException(JNIEnv *env, const char *message);
void throwPKCS11RuntimeException(JNIEnv *env, const char *message);
void throwDisconnectedRuntimeException(JNIEnv *env);
--- a/jdk/src/solaris/classes/sun/print/UnixPrintServiceLookup.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/solaris/classes/sun/print/UnixPrintServiceLookup.java Wed Jul 05 17:54:07 2017 +0200
@@ -189,7 +189,7 @@
if (printServices == null) {
return new PrintService[0];
} else {
- return printServices;
+ return (PrintService[])printServices.clone();
}
}
--- a/jdk/src/solaris/native/sun/nio/fs/genSolarisConstants.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/solaris/native/sun/nio/fs/genSolarisConstants.c Wed Jul 05 17:54:07 2017 +0200
@@ -27,7 +27,7 @@
#include <errno.h>
#include <unistd.h>
#include <sys/acl.h>
-#include <sys/fcntl.h>
+#include <fcntl.h>
#include <sys/stat.h>
/**
--- a/jdk/src/solaris/native/sun/nio/fs/genUnixConstants.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/solaris/native/sun/nio/fs/genUnixConstants.c Wed Jul 05 17:54:07 2017 +0200
@@ -26,7 +26,7 @@
#include <stdio.h>
#include <errno.h>
#include <unistd.h>
-#include <sys/fcntl.h>
+#include <fcntl.h>
#include <sys/stat.h>
/**
--- a/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.c Wed Jul 05 17:54:07 2017 +0200
@@ -40,7 +40,7 @@
if (fAddress == NULL) {
char errorMessage[256];
snprintf(errorMessage, sizeof(errorMessage), "Symbol not found: %s", functionName);
- JNU_ThrowNullPointerException(env, errorMessage);
+ throwNullPointerException(env, errorMessage);
return NULL;
}
return fAddress;
@@ -69,7 +69,7 @@
dprintf2("-handle: %u (0X%X)\n", hModule, hModule);
if (hModule == NULL) {
- JNU_ThrowIOException(env, dlerror());
+ throwIOException(env, dlerror());
return 0;
}
--- a/jdk/src/solaris/native/sun/security/smartcardio/pcsc_md.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/solaris/native/sun/security/smartcardio/pcsc_md.c Wed Jul 05 17:54:07 2017 +0200
@@ -51,12 +51,40 @@
FPTR_SCardEndTransaction scardEndTransaction;
FPTR_SCardControl scardControl;
+/*
+ * Throws a Java Exception by name
+ */
+void throwByName(JNIEnv *env, const char *name, const char *msg)
+{
+ jclass cls = (*env)->FindClass(env, name);
+
+ if (cls != 0) /* Otherwise an exception has already been thrown */
+ (*env)->ThrowNew(env, cls, msg);
+}
+
+/*
+ * Throws java.lang.NullPointerException
+ */
+void throwNullPointerException(JNIEnv *env, const char *msg)
+{
+ throwByName(env, "java/lang/NullPointerException", msg);
+}
+
+/*
+ * Throws java.io.IOException
+ */
+void throwIOException(JNIEnv *env, const char *msg)
+{
+ throwByName(env, "java/io/IOException", msg);
+}
+
+
void *findFunction(JNIEnv *env, void *hModule, char *functionName) {
void *fAddress = dlsym(hModule, functionName);
if (fAddress == NULL) {
char errorMessage[256];
snprintf(errorMessage, sizeof(errorMessage), "Symbol not found: %s", functionName);
- JNU_ThrowNullPointerException(env, errorMessage);
+ throwNullPointerException(env, errorMessage);
return NULL;
}
return fAddress;
@@ -69,7 +97,7 @@
(*env)->ReleaseStringUTFChars(env, jLibName, libName);
if (hModule == NULL) {
- JNU_ThrowIOException(env, dlerror());
+ throwIOException(env, dlerror());
return;
}
scardEstablishContext = (FPTR_SCardEstablishContext)findFunction(env, hModule, "SCardEstablishContext");
--- a/jdk/src/windows/classes/sun/java2d/d3d/D3DSurfaceData.java Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/windows/classes/sun/java2d/d3d/D3DSurfaceData.java Wed Jul 05 17:54:07 2017 +0200
@@ -486,7 +486,7 @@
int dataType = 0;
int scanStride = width;
- if (dcm.getPixelSize() == 24 || dcm.getPixelSize() == 32) {
+ if (dcm.getPixelSize() > 16) {
dataType = DataBuffer.TYPE_INT;
} else {
// 15, 16
--- a/jdk/src/windows/native/sun/security/pkcs11/j2secmod_md.c Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/src/windows/native/sun/security/pkcs11/j2secmod_md.c Wed Jul 05 17:54:07 2017 +0200
@@ -37,7 +37,7 @@
if (fAddress == NULL) {
char errorMessage[256];
_snprintf(errorMessage, sizeof(errorMessage), "Symbol not found: %s", functionName);
- JNU_ThrowNullPointerException(env, errorMessage);
+ throwNullPointerException(env, errorMessage);
return NULL;
}
return fAddress;
@@ -78,7 +78,7 @@
NULL
);
dprintf1("-error: %s\n", lpMsgBuf);
- JNU_ThrowIOException(env, (char*)lpMsgBuf);
+ throwIOException(env, (char*)lpMsgBuf);
LocalFree(lpMsgBuf);
return 0;
}
--- a/jdk/test/ProblemList.txt Wed Jul 05 17:54:00 2017 +0200
+++ b/jdk/test/ProblemList.txt Wed Jul 05 17:54:07 2017 +0200
@@ -377,6 +377,12 @@
# 7081476
java/net/InetSocketAddress/B6469803.java generic-all
+# 7102670
+java/net/InetAddress/CheckJNI.java linux-all
+
+# failing on vista 32/64 on nightly
+# 7102702
+java/net/PortUnreachableException/OneExceptionOnly.java windows-all
############################################################################
# jdk_io
@@ -517,9 +523,6 @@
# 7079203 sun/security/tools/keytool/printssl.sh fails on solaris with timeout
sun/security/tools/keytool/printssl.sh solaris-all
-# 7054637
-sun/security/tools/jarsigner/ec.sh solaris-all
-
# 7081817
sun/security/provider/certpath/X509CertPath/IllegalCertiticates.java generic-all
--- a/jdk/test/java/net/DatagramSocket/ChangingAddress.java Wed Jul 05 17:54:00 2017 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/* @test
- * @bug 7084030
- * @summary Tests that DatagramSocket.getLocalAddress returns the right local
- * address after connect/disconnect.
- */
-import java.net.*;
-
-public class ChangingAddress {
-
- static void check(DatagramSocket ds, InetAddress expected) {
- InetAddress actual = ds.getLocalAddress();
- if (!expected.equals(actual)) {
- throw new RuntimeException("Expected:"+expected+" Actual"+
- actual);
- }
- }
-
- public static void main(String[] args) throws Exception {
- InetAddress lh = InetAddress.getLocalHost();
- SocketAddress remote = new InetSocketAddress(lh, 1234);
- InetAddress wildcard = InetAddress.getByAddress
- ("localhost", new byte[]{0,0,0,0});
- try (DatagramSocket ds = new DatagramSocket()) {
- check(ds, wildcard);
-
- ds.connect(remote);
- check(ds, lh);
-
- ds.disconnect();
- check(ds, wildcard);
- }
- }
-}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/util/Collections/CheckedQueue.java Wed Jul 05 17:54:07 2017 +0200
@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 5020931
+ * @summary Unit test for Collections.checkedQueue
+ */
+
+import java.lang.reflect.Method;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.Queue;
+import java.util.concurrent.ArrayBlockingQueue;
+
+public class CheckedQueue {
+ static int status = 0;
+
+ public static void main(String[] args) throws Exception {
+ new CheckedQueue();
+ }
+
+ public CheckedQueue() throws Exception {
+ run();
+ }
+
+ private void run() throws Exception {
+ Method[] methods = this.getClass().getDeclaredMethods();
+
+ for (int i = 0; i < methods.length; i++) {
+ Method method = methods[i];
+ String methodName = method.getName();
+
+ if (methodName.startsWith("test")) {
+ try {
+ Object obj = method.invoke(this, new Object[0]);
+ } catch(Exception e) {
+ throw new Exception(this.getClass().getName() + "." +
+ methodName + " test failed, test exception "
+ + "follows\n" + e.getCause());
+ }
+ }
+ }
+ }
+
+ /**
+ * This test adds items to a queue.
+ */
+ private void test00() {
+ int arrayLength = 10;
+ ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(arrayLength);
+
+ for (int i = 0; i < arrayLength; i++) {
+ abq.add(new String(Integer.toString(i)));
+ }
+ }
+
+ /**
+ * This test tests the CheckedQueue.add method. It creates a queue of
+ * {@code String}s gets the checked queue, and attempt to add an Integer to
+ * the checked queue.
+ */
+ private void test01() throws Exception {
+ int arrayLength = 10;
+ ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(arrayLength + 1);
+
+ for (int i = 0; i < arrayLength; i++) {
+ abq.add(new String(Integer.toString(i)));
+ }
+
+ Queue q = Collections.checkedQueue(abq, String.class);
+
+ try {
+ q.add(new Integer(0));
+ throw new Exception(this.getClass().getName() + "." + "test01 test"
+ + " failed, should throw ClassCastException.");
+ } catch(ClassCastException cce) {
+ // Do nothing.
+ }
+ }
+
+ /**
+ * This test tests the CheckedQueue.add method. It creates a queue of one
+ * {@code String}, gets the checked queue, and attempt to add an Integer to
+ * the checked queue.
+ */
+ private void test02() throws Exception {
+ ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(1);
+ Queue q = Collections.checkedQueue(abq, String.class);
+
+ try {
+ q.add(new Integer(0));
+ throw new Exception(this.getClass().getName() + "." + "test02 test"
+ + " failed, should throw ClassCastException.");
+ } catch(ClassCastException e) {
+ // Do nothing.
+ }
+ }
+
+ /**
+ * This test tests the Collections.checkedQueue method call for nulls in
+ * each and both of the parameters.
+ */
+ private void test03() throws Exception {
+ ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(1);
+ Queue q;
+
+ try {
+ q = Collections.checkedQueue(null, String.class);
+ throw new Exception(this.getClass().getName() + "." + "test03 test"
+ + " failed, should throw NullPointerException.");
+ } catch(NullPointerException npe) {
+ // Do nothing
+ }
+
+ try {
+ q = Collections.checkedQueue(abq, null);
+ throw new Exception(this.getClass().getName() + "." + "test03 test"
+ + " failed, should throw NullPointerException.");
+ } catch(Exception e) {
+ // Do nothing
+ }
+
+ try {
+ q = Collections.checkedQueue(null, null);
+ throw new Exception(this.getClass().getName() + "." + "test03 test"
+ + " failed, should throw NullPointerException.");
+ } catch(Exception e) {
+ // Do nothing
+ }
+ }
+
+ /**
+ * This test tests the CheckedQueue.offer method.
+ */
+ private void test04() throws Exception {
+ ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(1);
+ Queue q = Collections.checkedQueue(abq, String.class);
+
+ try {
+ q.offer(null);
+ throw new Exception(this.getClass().getName() + "." + "test04 test"
+ + " failed, should throw NullPointerException.");
+ } catch (NullPointerException npe) {
+ // Do nothing
+ }
+
+ try {
+ q.offer(new Integer(0));
+ throw new Exception(this.getClass().getName() + "." + "test04 test"
+ + " failed, should throw ClassCastException.");
+ } catch (ClassCastException cce) {
+ // Do nothing
+ }
+
+ q.offer(new String("0"));
+
+ try {
+ q.offer(new String("1"));
+ throw new Exception(this.getClass().getName() + "." + "test04 test"
+ + " failed, should throw IllegalStateException.");
+ } catch(IllegalStateException ise) {
+ // Do nothing
+ }
+ }
+
+ private void test05() {
+
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/java2d/DirectX/DrawBitmaskToSurfaceTest.java Wed Jul 05 17:54:07 2017 +0200
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6997116
+ * @summary Test verifies that rendering of images with bitmap transparency
+ * to a D3D surface does not cause an ClassCastException.
+ *
+ * @run main/othervm -Dsun.java2d.d3d=True DrawBitmaskToSurfaceTest
+ */
+
+import java.awt.Graphics;
+import java.awt.Image;
+import java.awt.image.BufferedImage;
+import java.awt.image.IndexColorModel;
+import java.util.concurrent.CountDownLatch;
+import javax.swing.JFrame;
+
+public class DrawBitmaskToSurfaceTest extends JFrame {
+
+ private final Image src;
+ private static java.util.concurrent.CountDownLatch latch = null;
+ private static Throwable theError = null;
+
+ public DrawBitmaskToSurfaceTest() {
+ src = createTestImage();
+ }
+
+ private static Image createTestImage() {
+ byte[] r = new byte[]{(byte)0x00, (byte)0x80, (byte)0xff, (byte)0xff};
+ byte[] g = new byte[]{(byte)0x00, (byte)0x80, (byte)0xff, (byte)0x00};
+ byte[] b = new byte[]{(byte)0x00, (byte)0x80, (byte)0xff, (byte)0x00};
+
+ IndexColorModel icm = new IndexColorModel(2, 4, r, g, b, 3);
+
+ BufferedImage img = new BufferedImage(100, 100,
+ BufferedImage.TYPE_BYTE_INDEXED,
+ icm);
+ return img;
+ }
+
+ @Override
+ public void paint(final Graphics g) {
+ try {
+ System.err.println("paint frame....");
+ g.drawImage(src, 30, 30, this);
+ } catch (Throwable e) {
+ theError = e;
+ } finally {
+ if (latch != null) {
+ latch.countDown();
+ }
+ }
+ }
+
+ public static void main(final String[] args) throws Exception {
+ final JFrame frame = new DrawBitmaskToSurfaceTest();
+ frame.setBounds(10, 350, 200, 200);
+ frame.setVisible(true);
+
+ Thread.sleep(2000);
+
+ System.err.println("Change frame bounds...");
+ latch = new CountDownLatch(1);
+ frame.setBounds(10, 350, 90, 90);
+ frame.repaint();
+
+ try {
+ if (latch.getCount() > 0) {
+ latch.await();
+ }
+ } catch (InterruptedException e) {
+ }
+
+ frame.dispose();
+
+ if (theError != null) {
+ throw new RuntimeException("Test failed.", theError);
+ }
+
+ System.err.println("Test passed");
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/provider/X509Factory/BigCRL.java Wed Jul 05 17:54:07 2017 +0200
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7099399
+ * @summary cannot deal with CRL file larger than 16MB
+ * @run main/othervm -Xmx1024m BigCRL
+ */
+
+import java.io.FileInputStream;
+import java.math.BigInteger;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
+import java.security.PrivateKey;
+import java.security.cert.X509CRLEntry;
+import java.util.Arrays;
+import java.util.Date;
+import sun.security.x509.*;
+import java.security.cert.CertificateFactory;
+import java.io.ByteArrayInputStream;
+
+public class BigCRL {
+
+ public static void main(String[] args) throws Exception {
+ int n = 500000;
+ String ks = System.getProperty("test.src", ".")
+ + "/../../ssl/etc/keystore";
+ String pass = "passphrase";
+ String alias = "dummy";
+
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+ keyStore.load(new FileInputStream(ks), pass.toCharArray());
+ Certificate signerCert = keyStore.getCertificate(alias);
+ byte[] encoded = signerCert.getEncoded();
+ X509CertImpl signerCertImpl = new X509CertImpl(encoded);
+ X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
+ X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
+ + CertificateSubjectName.DN_NAME);
+
+ Date date = new Date();
+ PrivateKey privateKey = (PrivateKey)
+ keyStore.getKey(alias, pass.toCharArray());
+ String sigAlgName = signerCertImpl.getSigAlgOID();
+
+ X509CRLEntry[] badCerts = new X509CRLEntry[n];
+ CRLExtensions ext = new CRLExtensions();
+ ext.set("Reason", new CRLReasonCodeExtension(1));
+ for (int i = 0; i < n; i++) {
+ badCerts[i] = new X509CRLEntryImpl(
+ BigInteger.valueOf(i), date, ext);
+ }
+ X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts);
+ crl.sign(privateKey, sigAlgName);
+ byte[] data = crl.getEncodedInternal();
+
+ // Make sure the CRL is big enough
+ if ((data[1]&0xff) != 0x84) {
+ throw new Exception("The file should be big enough?");
+ }
+
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ cf.generateCRL(new ByteArrayInputStream(data));
+ }
+}
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java Wed Jul 05 17:54:07 2017 +0200
@@ -0,0 +1,479 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7031830
+ * @summary bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine
+ * @run main/othervm SSLEngineBadBufferArrayAccess
+ *
+ * SunJSSE does not support dynamic system properties, no way to re-use
+ * system properties in samevm/agentvm mode.
+ */
+
+/**
+ * A SSLSocket/SSLEngine interop test case. This is not the way to
+ * code SSLEngine-based servers, but works for what we need to do here,
+ * which is to make sure that SSLEngine/SSLSockets can talk to each other.
+ * SSLEngines can use direct or indirect buffers, and different code
+ * is used to get at the buffer contents internally, so we test that here.
+ *
+ * The test creates one SSLSocket (client) and one SSLEngine (server).
+ * The SSLSocket talks to a raw ServerSocket, and the server code
+ * does the translation between byte [] and ByteBuffers that the SSLEngine
+ * can use. The "transport" layer consists of a Socket Input/OutputStream
+ * and two byte buffers for the SSLEngines: think of them
+ * as directly connected pipes.
+ *
+ * Again, this is a *very* simple example: real code will be much more
+ * involved. For example, different threading and I/O models could be
+ * used, transport mechanisms could close unexpectedly, and so on.
+ *
+ * When this application runs, notice that several messages
+ * (wrap/unwrap) pass before any application data is consumed or
+ * produced. (For more information, please see the SSL/TLS
+ * specifications.) There may several steps for a successful handshake,
+ * so it's typical to see the following series of operations:
+ *
+ * client server message
+ * ====== ====== =======
+ * write() ... ClientHello
+ * ... unwrap() ClientHello
+ * ... wrap() ServerHello/Certificate
+ * read() ... ServerHello/Certificate
+ * write() ... ClientKeyExchange
+ * write() ... ChangeCipherSpec
+ * write() ... Finished
+ * ... unwrap() ClientKeyExchange
+ * ... unwrap() ChangeCipherSpec
+ * ... unwrap() Finished
+ * ... wrap() ChangeCipherSpec
+ * ... wrap() Finished
+ * read() ... ChangeCipherSpec
+ * read() ... Finished
+ *
+ * This particular bug had a problem where byte buffers backed by an
+ * array didn't offset correctly, and we got bad MAC errors.
+ */
+import javax.net.ssl.*;
+import javax.net.ssl.SSLEngineResult.*;
+import java.io.*;
+import java.net.*;
+import java.security.*;
+import java.nio.*;
+
+public class SSLEngineBadBufferArrayAccess {
+
+ /*
+ * Enables logging of the SSL/TLS operations.
+ */
+ private static boolean logging = true;
+
+ /*
+ * Enables the JSSE system debugging system property:
+ *
+ * -Djavax.net.debug=all
+ *
+ * This gives a lot of low-level information about operations underway,
+ * including specific handshake messages, and might be best examined
+ * after gaining some familiarity with this application.
+ */
+ private static boolean debug = false;
+ private SSLContext sslc;
+ private SSLEngine serverEngine; // server-side SSLEngine
+ private SSLSocket sslSocket; // client-side socket
+ private ServerSocket serverSocket; // server-side Socket, generates the...
+ private Socket socket; // server-side socket that will read
+
+ private final byte[] serverMsg = "Hi there Client, I'm a Server".getBytes();
+ private final byte[] clientMsg = "Hello Server, I'm a Client".getBytes();
+
+ private ByteBuffer serverOut; // write side of serverEngine
+ private ByteBuffer serverIn; // read side of serverEngine
+
+ private volatile Exception clientException;
+ private volatile Exception serverException;
+
+ /*
+ * For data transport, this example uses local ByteBuffers.
+ */
+ private ByteBuffer cTOs; // "reliable" transport client->server
+ private ByteBuffer sTOc; // "reliable" transport server->client
+
+ /*
+ * The following is to set up the keystores/trust material.
+ */
+ private static final String pathToStores = "../../../../../../../etc/";
+ private static final String keyStoreFile = "keystore";
+ private static final String trustStoreFile = "truststore";
+ private static final String passwd = "passphrase";
+ private static String keyFilename =
+ System.getProperty("test.src", ".") + "/" + pathToStores
+ + "/" + keyStoreFile;
+ private static String trustFilename =
+ System.getProperty("test.src", ".") + "/" + pathToStores
+ + "/" + trustStoreFile;
+
+ /*
+ * Main entry point for this test.
+ */
+ public static void main(String args[]) throws Exception {
+ if (debug) {
+ System.setProperty("javax.net.debug", "all");
+ }
+
+ String [] protocols = new String [] {
+ "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" };
+
+ for (String protocol : protocols) {
+ log("Testing " + protocol);
+ /*
+ * Run the tests with direct and indirect buffers.
+ */
+ SSLEngineBadBufferArrayAccess test =
+ new SSLEngineBadBufferArrayAccess(protocol);
+ test.runTest(true);
+ test.runTest(false);
+ }
+
+ System.out.println("Test Passed.");
+ }
+
+ /*
+ * Create an initialized SSLContext to use for these tests.
+ */
+ public SSLEngineBadBufferArrayAccess(String protocol) throws Exception {
+
+ KeyStore ks = KeyStore.getInstance("JKS");
+ KeyStore ts = KeyStore.getInstance("JKS");
+
+ char[] passphrase = "passphrase".toCharArray();
+
+ ks.load(new FileInputStream(keyFilename), passphrase);
+ ts.load(new FileInputStream(trustFilename), passphrase);
+
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+ kmf.init(ks, passphrase);
+
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+ tmf.init(ts);
+
+ SSLContext sslCtx = SSLContext.getInstance(protocol);
+
+ sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+
+ sslc = sslCtx;
+ }
+
+ /*
+ * Run the test.
+ *
+ * Sit in a tight loop, with the server engine calling wrap/unwrap
+ * regardless of whether data is available or not. We do this until
+ * we get the application data. Then we shutdown and go to the next one.
+ *
+ * The main loop handles all of the I/O phases of the SSLEngine's
+ * lifetime:
+ *
+ * initial handshaking
+ * application data transfer
+ * engine closing
+ *
+ * One could easily separate these phases into separate
+ * sections of code.
+ */
+ private void runTest(boolean direct) throws Exception {
+ boolean serverClose = direct;
+
+ serverSocket = new ServerSocket(0);
+ int port = serverSocket.getLocalPort();
+ Thread thread = createClientThread(port, serverClose);
+
+ socket = serverSocket.accept();
+ socket.setSoTimeout(500);
+ serverSocket.close();
+
+ createSSLEngine();
+ createBuffers(direct);
+
+ try {
+ boolean closed = false;
+
+ InputStream is = socket.getInputStream();
+ OutputStream os = socket.getOutputStream();
+
+ SSLEngineResult serverResult; // results from last operation
+
+ /*
+ * Examining the SSLEngineResults could be much more involved,
+ * and may alter the overall flow of the application.
+ *
+ * For example, if we received a BUFFER_OVERFLOW when trying
+ * to write to the output pipe, we could reallocate a larger
+ * pipe, but instead we wait for the peer to drain it.
+ */
+ byte[] inbound = new byte[8192];
+ byte[] outbound = new byte[8192];
+
+ while (!isEngineClosed(serverEngine)) {
+ int len = 0;
+
+ // Inbound data
+ log("================");
+
+ // Read from the Client side.
+ try {
+ len = is.read(inbound);
+ if (len == -1) {
+ throw new Exception("Unexpected EOF");
+ }
+ cTOs.put(inbound, 0, len);
+ } catch (SocketTimeoutException ste) {
+ // swallow. Nothing yet, probably waiting on us.
+ }
+
+ cTOs.flip();
+
+ serverResult = serverEngine.unwrap(cTOs, serverIn);
+ log("server unwrap: ", serverResult);
+ runDelegatedTasks(serverResult, serverEngine);
+ cTOs.compact();
+
+ // Outbound data
+ log("----");
+
+ serverResult = serverEngine.wrap(serverOut, sTOc);
+ log("server wrap: ", serverResult);
+ runDelegatedTasks(serverResult, serverEngine);
+
+ sTOc.flip();
+
+ if ((len = sTOc.remaining()) != 0) {
+ sTOc.get(outbound, 0, len);
+ os.write(outbound, 0, len);
+ // Give the other side a chance to process
+ }
+
+ sTOc.compact();
+
+ if (!closed && (serverOut.remaining() == 0)) {
+ closed = true;
+
+ /*
+ * We'll alternate initiatating the shutdown.
+ * When the server initiates, it will take one more
+ * loop, but tests the orderly shutdown.
+ */
+ if (serverClose) {
+ serverEngine.closeOutbound();
+ }
+ serverIn.flip();
+
+ /*
+ * A sanity check to ensure we got what was sent.
+ */
+ if (serverIn.remaining() != clientMsg.length) {
+ throw new Exception("Client: Data length error");
+ }
+
+ for (int i = 0; i < clientMsg.length; i++) {
+ if (clientMsg[i] != serverIn.get()) {
+ throw new Exception("Client: Data content error");
+ }
+ }
+ serverIn.compact();
+ }
+ }
+ return;
+ } catch (Exception e) {
+ serverException = e;
+ } finally {
+ socket.close();
+
+ // Wait for the client to join up with us.
+ thread.join();
+ if (serverException != null) {
+ throw serverException;
+ }
+ if (clientException != null) {
+ throw clientException;
+ }
+ }
+ }
+
+ /*
+ * Create a client thread which does simple SSLSocket operations.
+ * We'll write and read one data packet.
+ */
+ private Thread createClientThread(final int port,
+ final boolean serverClose) throws Exception {
+
+ Thread t = new Thread("ClientThread") {
+
+ @Override
+ public void run() {
+ try {
+ Thread.sleep(1000); // Give server time to finish setup.
+
+ sslSocket = (SSLSocket) sslc.getSocketFactory().
+ createSocket("localhost", port);
+ OutputStream os = sslSocket.getOutputStream();
+ InputStream is = sslSocket.getInputStream();
+
+ // write(byte[]) goes in one shot.
+ os.write(clientMsg);
+
+ byte[] inbound = new byte[2048];
+ int pos = 0;
+
+ int len;
+done:
+ while ((len = is.read(inbound, pos, 2048 - pos)) != -1) {
+ pos += len;
+ // Let the client do the closing.
+ if ((pos == serverMsg.length) && !serverClose) {
+ sslSocket.close();
+ break done;
+ }
+ }
+
+ if (pos != serverMsg.length) {
+ throw new Exception("Client: Data length error");
+ }
+
+ for (int i = 0; i < serverMsg.length; i++) {
+ if (inbound[i] != serverMsg[i]) {
+ throw new Exception("Client: Data content error");
+ }
+ }
+ } catch (Exception e) {
+ clientException = e;
+ }
+ }
+ };
+ t.start();
+ return t;
+ }
+
+ /*
+ * Using the SSLContext created during object creation,
+ * create/configure the SSLEngines we'll use for this test.
+ */
+ private void createSSLEngine() throws Exception {
+ /*
+ * Configure the serverEngine to act as a server in the SSL/TLS
+ * handshake.
+ */
+ serverEngine = sslc.createSSLEngine();
+ serverEngine.setUseClientMode(false);
+ serverEngine.getNeedClientAuth();
+ }
+
+ /*
+ * Create and size the buffers appropriately.
+ */
+ private void createBuffers(boolean direct) {
+
+ SSLSession session = serverEngine.getSession();
+ int appBufferMax = session.getApplicationBufferSize();
+ int netBufferMax = session.getPacketBufferSize();
+
+ /*
+ * We'll make the input buffers a bit bigger than the max needed
+ * size, so that unwrap()s following a successful data transfer
+ * won't generate BUFFER_OVERFLOWS.
+ *
+ * We'll use a mix of direct and indirect ByteBuffers for
+ * tutorial purposes only. In reality, only use direct
+ * ByteBuffers when they give a clear performance enhancement.
+ */
+ if (direct) {
+ serverIn = ByteBuffer.allocateDirect(appBufferMax + 50);
+ cTOs = ByteBuffer.allocateDirect(netBufferMax);
+ sTOc = ByteBuffer.allocateDirect(netBufferMax);
+ } else {
+ serverIn = ByteBuffer.allocate(appBufferMax + 50);
+ cTOs = ByteBuffer.allocate(netBufferMax);
+ sTOc = ByteBuffer.allocate(netBufferMax);
+ }
+
+ serverOut = ByteBuffer.wrap(serverMsg);
+ }
+
+ /*
+ * If the result indicates that we have outstanding tasks to do,
+ * go ahead and run them in this thread.
+ */
+ private static void runDelegatedTasks(SSLEngineResult result,
+ SSLEngine engine) throws Exception {
+
+ if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
+ Runnable runnable;
+ while ((runnable = engine.getDelegatedTask()) != null) {
+ log("\trunning delegated task...");
+ runnable.run();
+ }
+ HandshakeStatus hsStatus = engine.getHandshakeStatus();
+ if (hsStatus == HandshakeStatus.NEED_TASK) {
+ throw new Exception(
+ "handshake shouldn't need additional tasks");
+ }
+ log("\tnew HandshakeStatus: " + hsStatus);
+ }
+ }
+
+ private static boolean isEngineClosed(SSLEngine engine) {
+ return (engine.isOutboundDone() && engine.isInboundDone());
+ }
+
+ /*
+ * Logging code
+ */
+ private static boolean resultOnce = true;
+
+ private static void log(String str, SSLEngineResult result) {
+ if (!logging) {
+ return;
+ }
+ if (resultOnce) {
+ resultOnce = false;
+ System.out.println("The format of the SSLEngineResult is: \n"
+ + "\t\"getStatus() / getHandshakeStatus()\" +\n"
+ + "\t\"bytesConsumed() / bytesProduced()\"\n");
+ }
+ HandshakeStatus hsStatus = result.getHandshakeStatus();
+ log(str
+ + result.getStatus() + "/" + hsStatus + ", "
+ + result.bytesConsumed() + "/" + result.bytesProduced()
+ + " bytes");
+ if (hsStatus == HandshakeStatus.FINISHED) {
+ log("\t...ready for application data");
+ }
+ }
+
+ private static void log(String str) {
+ if (logging) {
+ System.out.println(str);
+ }
+ }
+}
--- a/jdk/test/sun/security/util/BigInt/BigIntEqualsHashCode.java Wed Jul 05 17:54:00 2017 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @author Gary Ellison
- * @bug 4170635
- * @summary Verify equals()/hashCode() contract honored
- */
-
-import java.io.*;
-import sun.security.util.*;
-
-
-public class BigIntEqualsHashCode {
- public static void main(String[] args) throws Exception {
- BigInt bi1 = new BigInt(12345678);
- BigInt bi2 = new BigInt(12345678);
-
- if ( (bi1.equals(bi2)) == (bi1.hashCode()==bi2.hashCode()) )
- System.out.println("PASSED");
- else
- throw new Exception ("FAILED equals()/hashCode() contract");
-
- }
-}