--- a/jdk/make/GenerateModuleSummary.gmk Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/make/GenerateModuleSummary.gmk Thu Mar 30 17:23:52 2017 +0000
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,7 @@
include ModuleTools.gmk
GENGRAPHS_DIR := $(IMAGES_OUTPUTDIR)/gengraphs
-SPEC_DOTFILES_DIR := $(IMAGES_OUTPUTDIR)/spec-dotfiles
+SPEC_DOTFILES_DIR := $(GENGRAPHS_DIR)/spec-dotfiles
TOOLS_MODULE_SRCDIR := $(JDK_TOPDIR)/make/src/classes/build/tools/jigsaw
$(GENGRAPHS_DIR)/jdk.dot: $(BUILD_JIGSAW_TOOLS)
--- a/jdk/make/ModuleTools.gmk Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/make/ModuleTools.gmk Thu Mar 30 17:23:52 2017 +0000
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -23,8 +23,9 @@
# questions.
#
-include $(SPEC)
-include MakeBase.gmk
+ifndef _MODULE_TOOLS_GMK
+_MODULE_TOOLS_GMK := 1
+
include JavaCompilation.gmk
TOOLS_CLASSES_DIR := $(BUILDTOOLS_OUTPUTDIR)/tools_jigsaw_classes
@@ -32,7 +33,7 @@
# To avoid reevaluating the compilation setup for the tools each time this file
# is included, the actual compilation is handled by CompileModuleTools.gmk. The
# following trick is used to be able to declare a dependency on the built tools.
-BUILD_TOOLS_JDK := $(call SetupJavaCompilationCompileTarget, \
+BUILD_JIGSAW_TOOLS := $(call SetupJavaCompilationCompileTarget, \
BUILD_JIGSAW_TOOLS, $(TOOLS_CLASSES_DIR))
TOOL_GENGRAPHS := $(BUILD_JAVA) -esa -ea -cp $(TOOLS_CLASSES_DIR) \
@@ -47,3 +48,5 @@
-cp $(TOOLS_CLASSES_DIR) \
--add-exports java.base/jdk.internal.module=ALL-UNNAMED \
build.tools.jigsaw.AddPackagesAttribute
+
+endif # _MODULE_TOOLS_GMK
--- a/jdk/make/src/classes/build/tools/jigsaw/GenGraphs.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/make/src/classes/build/tools/jigsaw/GenGraphs.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,7 +26,6 @@
package build.tools.jigsaw;
import com.sun.tools.jdeps.ModuleDotGraph;
-import com.sun.tools.jdeps.ModuleDotGraph.DotGraphBuilder;
import java.io.IOException;
import java.lang.module.Configuration;
@@ -36,10 +35,15 @@
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
+import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.List;
import java.util.Map;
+import java.util.Properties;
import java.util.Set;
+import java.util.function.Function;
+import java.util.stream.Collectors;
/**
* Generate the DOT file for a module graph for each module in the JDK
@@ -50,13 +54,19 @@
public static void main(String[] args) throws Exception {
Path dir = null;
boolean spec = false;
+ Properties props = null;
for (int i=0; i < args.length; i++) {
String arg = args[i];
if (arg.equals("--spec")) {
spec = true;
+ } else if (arg.equals("--dot-attributes")) {
+ if (i++ == args.length) {
+ throw new IllegalArgumentException("Missing argument: --dot-attributes option");
+ }
+ props = new Properties();
+ props.load(Files.newInputStream(Paths.get(args[i])));
} else if (arg.equals("--output")) {
- i++;
- dir = i < args.length ? Paths.get(args[i]) : null;
+ dir = ++i < args.length ? Paths.get(args[i]) : null;
} else if (arg.startsWith("-")) {
throw new IllegalArgumentException("Invalid option: " + arg);
}
@@ -67,11 +77,14 @@
System.exit(1);
}
- // setup and configure the dot graph attributes
- initDotGraphAttributes();
Files.createDirectories(dir);
-
- GenGraphs genGraphs = new GenGraphs(dir, spec);
+ ModuleGraphAttributes attributes;
+ if (props != null) {
+ attributes = new ModuleGraphAttributes(props);
+ } else {
+ attributes = new ModuleGraphAttributes();
+ }
+ GenGraphs genGraphs = new GenGraphs(dir, spec, attributes);
// print dot file for each module
Map<String, Configuration> configurations = new HashMap<>();
@@ -99,49 +112,149 @@
genGraphs.genDotFiles(configurations);
}
- static void initDotGraphAttributes() {
- int h = 1000;
- DotGraphBuilder.weight("java.se", "java.sql.rowset", h * 10);
- DotGraphBuilder.weight("java.sql.rowset", "java.sql", h * 10);
- DotGraphBuilder.weight("java.sql", "java.xml", h * 10);
- DotGraphBuilder.weight("java.xml", "java.base", h * 10);
+ /**
+ * Custom dot file attributes.
+ */
+ static class ModuleGraphAttributes implements ModuleDotGraph.Attributes {
+ static Map<String, String> DEFAULT_ATTRIBUTES = Map.of(
+ "ranksep", "0.6",
+ "fontsize", "12",
+ "fontcolor", BLACK,
+ "fontname", "DejaVuSans",
+ "arrowsize", "1",
+ "arrowwidth", "2",
+ "arrowcolor", DARK_GRAY,
+ // custom
+ "requiresMandatedColor", LIGHT_GRAY,
+ "javaSubgraphColor", ORANGE,
+ "jdkSubgraphColor", BLUE
+ );
+
+ final Map<String, Integer> weights = new HashMap<>();
+ final List<Set<String>> ranks = new ArrayList<>();
+ final Map<String, String> attrs;
+ ModuleGraphAttributes(Map<String, String> attrs) {
+ int h = 1000;
+ weight("java.se", "java.sql.rowset", h * 10);
+ weight("java.sql.rowset", "java.sql", h * 10);
+ weight("java.sql", "java.xml", h * 10);
+ weight("java.xml", "java.base", h * 10);
+
+ ranks.add(Set.of("java.logging", "java.scripting", "java.xml"));
+ ranks.add(Set.of("java.sql"));
+ ranks.add(Set.of("java.compiler", "java.instrument"));
+ ranks.add(Set.of("java.desktop", "java.management"));
+ ranks.add(Set.of("java.corba", "java.xml.ws"));
+ ranks.add(Set.of("java.xml.bind", "java.xml.ws.annotation"));
+
+ this.attrs = attrs;
+ }
+
+ ModuleGraphAttributes() {
+ this(DEFAULT_ATTRIBUTES);
+ }
+ ModuleGraphAttributes(Properties props) {
+ this(toAttributes(props));
+ }
+
+ @Override
+ public double rankSep() {
+ return Double.valueOf(attrs.get("ranksep"));
+ }
+
+ @Override
+ public int fontSize() {
+ return Integer.valueOf(attrs.get("fontsize"));
+ }
+
+ @Override
+ public String fontName() {
+ return attrs.get("fontname");
+ }
- DotGraphBuilder.sameRankNodes(Set.of("java.logging", "java.scripting", "java.xml"));
- DotGraphBuilder.sameRankNodes(Set.of("java.sql"));
- DotGraphBuilder.sameRankNodes(Set.of("java.compiler", "java.instrument"));
- DotGraphBuilder.sameRankNodes(Set.of("java.desktop", "java.management"));
- DotGraphBuilder.sameRankNodes(Set.of("java.corba", "java.xml.ws"));
- DotGraphBuilder.sameRankNodes(Set.of("java.xml.bind", "java.xml.ws.annotation"));
- DotGraphBuilder.setRankSep(0.7);
- DotGraphBuilder.setFontSize(12);
- DotGraphBuilder.setArrowSize(1);
- DotGraphBuilder.setArrowWidth(2);
+ @Override
+ public String fontColor() {
+ return attrs.get("fontcolor");
+ }
+
+ @Override
+ public int arrowSize() {
+ return Integer.valueOf(attrs.get("arrowsize"));
+ }
+
+ @Override
+ public int arrowWidth() {
+ return Integer.valueOf(attrs.get("arrowwidth"));
+ }
+
+ @Override
+ public String arrowColor() {
+ return attrs.get("arrowcolor");
+ }
+
+ @Override
+ public List<Set<String>> ranks() {
+ return ranks;
+ }
+
+ @Override
+ public String requiresMandatedColor() {
+ return attrs.get("requiresMandatedColor");
+ }
+
+ @Override
+ public String javaSubgraphColor() {
+ return attrs.get("javaSubgraphColor");
+ }
+
+ @Override
+ public String jdkSubgraphColor() {
+ return attrs.get("jdkSubgraphColor");
+ }
+
+ @Override
+ public int weightOf(String s, String t) {
+ int w = weights.getOrDefault(s + ":" + t, 1);
+ if (w != 1)
+ return w;
+ if (s.startsWith("java.") && t.startsWith("java."))
+ return 10;
+ return 1;
+ }
+
+ public void weight(String s, String t, int w) {
+ weights.put(s + ":" + t, w);
+ }
+
+ static Map<String, String> toAttributes(Properties props) {
+ return DEFAULT_ATTRIBUTES.keySet().stream()
+ .collect(Collectors.toMap(Function.identity(),
+ k -> props.getProperty(k, DEFAULT_ATTRIBUTES.get(k))));
+ }
}
private final Path dir;
private final boolean spec;
- GenGraphs(Path dir, boolean spec) {
+ private final ModuleGraphAttributes attributes;
+ GenGraphs(Path dir, boolean spec, ModuleGraphAttributes attributes) {
this.dir = dir;
this.spec = spec;
+ this.attributes = attributes;
}
void genDotFiles(Map<String, Configuration> configurations) throws IOException {
ModuleDotGraph dotGraph = new ModuleDotGraph(configurations, spec);
- dotGraph.genDotFiles(dir);
+ dotGraph.genDotFiles(dir, attributes);
}
+ /**
+ * Returns true for any name if generating graph for non-spec;
+ * otherwise, returns true except "jdk" and name with "jdk.internal." prefix
+ */
boolean accept(String name, ModuleDescriptor descriptor) {
- if (!spec) return true;
-
- if (name.equals("jdk"))
- return false;
-
- if (name.equals("java.se") || name.equals("java.se.ee"))
+ if (!spec)
return true;
- // only the module that has exported API
- return descriptor.exports().stream()
- .filter(e -> !e.isQualified())
- .findAny().isPresent();
+ return !name.equals("jdk") && !name.startsWith("jdk.internal.");
}
-}
\ No newline at end of file
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/make/src/classes/build/tools/jigsaw/javadoc-graphs.properties Thu Mar 30 17:23:52 2017 +0000
@@ -0,0 +1,2 @@
+arrowcolor=#999999
+requiresMandatedColor=#999999
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/make/src/classes/build/tools/taglet/ModuleGraph.java Thu Mar 30 17:23:52 2017 +0000
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package build.tools.taglet;
+
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Set;
+import javax.lang.model.element.Element;
+import com.sun.source.doctree.DocTree;
+import jdk.javadoc.doclet.Taglet;
+import static jdk.javadoc.doclet.Taglet.Location.*;
+
+/**
+ * A block tag to optionally insert a reference to a module graph.
+ */
+public class ModuleGraph implements Taglet {
+ private static final boolean enableModuleGraph =
+ Boolean.getBoolean("enableModuleGraph");
+
+ /** Returns the set of locations in which a taglet may be used. */
+ @Override
+ public Set<Location> getAllowedLocations() {
+ return EnumSet.of(MODULE);
+ }
+
+ @Override
+ public boolean isInlineTag() {
+ return false;
+ }
+
+ @Override
+ public String getName() {
+ return "moduleGraph";
+ }
+
+ @Override
+ public String toString(List<? extends DocTree> tags, Element element) {
+ if (!enableModuleGraph) {
+ return "";
+ }
+
+ String moduleName = element.getSimpleName().toString();
+ String imageFile = moduleName + "-graph.png";
+ int thumbnailHeight = -1;
+ String hoverImage = "";
+ if (!moduleName.equals("java.base")) {
+ thumbnailHeight = 100; // also appears in the stylesheet
+ hoverImage = "<span>"
+ + getImage(moduleName, imageFile, -1, true)
+ + "</span>";
+ }
+ return "<dt>"
+ + "<span class=\"simpleTagLabel\">Module Graph:</span>\n"
+ + "</dt>"
+ + "<dd>"
+ + "<a class=moduleGraph href=\"" + imageFile + "\">"
+ + getImage(moduleName, imageFile, thumbnailHeight, false)
+ + hoverImage
+ + "</a>"
+ + "</dd>";
+ }
+
+ private static final String VERTICAL_ALIGN = "vertical-align:top";
+ private static final String BORDER = "border: solid lightgray 1px;";
+
+ private String getImage(String moduleName, String file, int height, boolean useBorder) {
+ return String.format("<img style=\"%s\" alt=\"Module graph for %s\" src=\"%s\"%s>",
+ useBorder ? BORDER + " " + VERTICAL_ALIGN : VERTICAL_ALIGN,
+ moduleName,
+ file,
+ (height <= 0 ? "" : " height=\"" + height + "\""));
+ }
+}
--- a/jdk/src/java.base/share/classes/java/lang/System.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.base/share/classes/java/lang/System.java Thu Mar 30 17:23:52 2017 +0000
@@ -1568,6 +1568,14 @@
* obtained by calling {@link LoggerFinder#getLogger(java.lang.String,
* java.lang.reflect.Module) LoggerFinder.getLogger(name, module)}, where
* {@code module} is the caller's module.
+ * In cases where {@code System.getLogger} is called from a context where
+ * there is no caller frame on the stack (e.g when called directly
+ * from a JNI attached thread), {@code IllegalCallerException} is thrown.
+ * To obtain a logger in such a context, use an auxiliary class that will
+ * implicitly be identified as the caller, or use the system {@link
+ * LoggerFinder#getLoggerFinder() LoggerFinder} to obtain a logger instead.
+ * Note that doing the latter may eagerly initialize the underlying
+ * logging system.
*
* @apiNote
* This method may defer calling the {@link
@@ -1580,6 +1588,8 @@
* @return an instance of {@link Logger} that can be used by the calling
* class.
* @throws NullPointerException if {@code name} is {@code null}.
+ * @throws IllegalCallerException if there is no Java caller frame on the
+ * stack.
*
* @since 9
*/
@@ -1587,6 +1597,9 @@
public static Logger getLogger(String name) {
Objects.requireNonNull(name);
final Class<?> caller = Reflection.getCallerClass();
+ if (caller == null) {
+ throw new IllegalCallerException("no caller frame");
+ }
return LazyLoggers.getLogger(name, caller.getModule());
}
@@ -1600,8 +1613,16 @@
* The returned logger will perform message localization as specified
* by {@link LoggerFinder#getLocalizedLogger(java.lang.String,
* java.util.ResourceBundle, java.lang.reflect.Module)
- * LoggerFinder.getLocalizedLogger(name, bundle, module}, where
+ * LoggerFinder.getLocalizedLogger(name, bundle, module)}, where
* {@code module} is the caller's module.
+ * In cases where {@code System.getLogger} is called from a context where
+ * there is no caller frame on the stack (e.g when called directly
+ * from a JNI attached thread), {@code IllegalCallerException} is thrown.
+ * To obtain a logger in such a context, use an auxiliary class that
+ * will implicitly be identified as the caller, or use the system {@link
+ * LoggerFinder#getLoggerFinder() LoggerFinder} to obtain a logger instead.
+ * Note that doing the latter may eagerly initialize the underlying
+ * logging system.
*
* @apiNote
* This method is intended to be used after the system is fully initialized.
@@ -1620,6 +1641,8 @@
* resource bundle for message localization.
* @throws NullPointerException if {@code name} is {@code null} or
* {@code bundle} is {@code null}.
+ * @throws IllegalCallerException if there is no Java caller frame on the
+ * stack.
*
* @since 9
*/
@@ -1628,6 +1651,9 @@
final ResourceBundle rb = Objects.requireNonNull(bundle);
Objects.requireNonNull(name);
final Class<?> caller = Reflection.getCallerClass();
+ if (caller == null) {
+ throw new IllegalCallerException("no caller frame");
+ }
final SecurityManager sm = System.getSecurityManager();
// We don't use LazyLoggers if a resource bundle is specified.
// Bootstrap sensitive classes in the JDK do not use resource bundles
--- a/jdk/src/java.base/share/classes/java/util/jar/Pack200.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.base/share/classes/java/util/jar/Pack200.java Thu Mar 30 17:23:52 2017 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -452,13 +452,13 @@
String CODE_ATTRIBUTE_PFX = "pack.code.attribute.";
/**
- * The unpacker's progress as a percentage, as periodically
- * updated by the unpacker.
+ * The packer's progress as a percentage, as periodically
+ * updated by the packer.
* Values of 0 - 100 are normal, and -1 indicates a stall.
* Progress can be monitored by polling the value of this
* property.
* <p>
- * At a minimum, the unpacker must set progress to 0
+ * At a minimum, the packer must set progress to 0
* at the beginning of a packing operation, and to 100
* at the end.
*/
@@ -623,7 +623,7 @@
* property.
* <p>
* At a minimum, the unpacker must set progress to 0
- * at the beginning of a packing operation, and to 100
+ * at the beginning of an unpacking operation, and to 100
* at the end.
*/
String PROGRESS = "unpack.progress";
@@ -631,7 +631,7 @@
/**
* Get the set of this engine's properties. This set is
* a "live view", so that changing its
- * contents immediately affects the Packer engine, and
+ * contents immediately affects the Unpacker engine, and
* changes from the engine (such as progress indications)
* are immediately visible in the map.
*
--- a/jdk/src/java.base/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.base/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* Defines the foundational APIs of the Java SE Platform.
*
+ * @moduleGraph
* @since 9
*/
module java.base {
--- a/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java Thu Mar 30 17:23:52 2017 +0000
@@ -1025,6 +1025,13 @@
cf = CertificateFactory.getInstance("X509");
}
+ // -trustcacerts can only be specified on -importcert.
+ // Reset it so that warnings on CA cert will remain for
+ // -printcert, etc.
+ if (command != IMPORTCERT) {
+ trustcacerts = false;
+ }
+
if (trustcacerts) {
caks = KeyStoreUtil.getCacertsKeyStore();
}
@@ -1758,9 +1765,8 @@
if (keyPass == null) {
keyPass = promptForKeyPass(alias, null, storePass);
}
+ checkWeak(rb.getString("the.generated.certificate"), chain[0]);
keyStore.setKeyEntry(alias, privKey, keyPass, chain);
-
- checkWeak(rb.getString("the.generated.certificate"), chain[0]);
}
/**
@@ -2118,6 +2124,10 @@
}
try {
+ Certificate c = srckeystore.getCertificate(alias);
+ if (c != null) {
+ checkWeak("<" + newAlias + ">", c);
+ }
keyStore.setEntry(newAlias, entry, pp);
// Place the check so that only successful imports are blocked.
// For example, we don't block a failed SecretEntry import.
@@ -2127,10 +2137,6 @@
"The.destination.pkcs12.keystore.has.different.storepass.and.keypass.Please.retry.with.destkeypass.specified."));
}
}
- Certificate c = srckeystore.getCertificate(alias);
- if (c != null) {
- checkWeak("<" + newAlias + ">", c);
- }
return 1;
} catch (KeyStoreException kse) {
Object[] source2 = {alias, kse.toString()};
@@ -2814,8 +2820,8 @@
}
if (noprompt) {
+ checkWeak(rb.getString("the.input"), cert);
keyStore.setCertificateEntry(alias, cert);
- checkWeak(rb.getString("the.input"), cert);
return true;
}
@@ -3049,6 +3055,11 @@
MessageFormat form = new MessageFormat
(rb.getString(".PATTERN.printX509Cert.with.weak"));
PublicKey pkey = cert.getPublicKey();
+ String sigName = cert.getSigAlgName();
+ // No need to warn about sigalg of a trust anchor
+ if (!isTrustedCert(cert)) {
+ sigName = withWeak(sigName);
+ }
Object[] source = {cert.getSubjectDN().toString(),
cert.getIssuerDN().toString(),
cert.getSerialNumber().toString(16),
@@ -3056,7 +3067,7 @@
cert.getNotAfter().toString(),
getCertFingerPrint("SHA-1", cert),
getCertFingerPrint("SHA-256", cert),
- withWeak(cert.getSigAlgName()),
+ sigName,
withWeak(pkey),
cert.getVersion()
};
@@ -3111,7 +3122,7 @@
* or null otherwise. A label is added.
*/
private static Pair<String,Certificate>
- getTrustedSigner(Certificate cert, KeyStore ks) throws Exception {
+ getSigner(Certificate cert, KeyStore ks) throws Exception {
if (ks.getCertificateAlias(cert) != null) {
return new Pair<>("", cert);
}
@@ -3467,9 +3478,9 @@
// do we trust the cert at the top?
Certificate topCert = replyCerts[replyCerts.length-1];
boolean fromKeyStore = true;
- Pair<String,Certificate> root = getTrustedSigner(topCert, keyStore);
+ Pair<String,Certificate> root = getSigner(topCert, keyStore);
if (root == null && trustcacerts && caks != null) {
- root = getTrustedSigner(topCert, caks);
+ root = getSigner(topCert, caks);
fromKeyStore = false;
}
if (root == null) {
@@ -4301,9 +4312,19 @@
return result;
}
+ private boolean isTrustedCert(Certificate cert) throws KeyStoreException {
+ if (caks != null && caks.getCertificateAlias(cert) != null) {
+ return true;
+ } else {
+ String inKS = keyStore.getCertificateAlias(cert);
+ return inKS != null && keyStore.isCertificateEntry(inKS);
+ }
+ }
+
private void checkWeak(String label, String sigAlg, Key key) {
- if (!DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, sigAlg, null)) {
+ if (sigAlg != null && !DISABLED_CHECK.permits(
+ SIG_PRIMITIVE_SET, sigAlg, null)) {
weakWarnings.add(String.format(
rb.getString("whose.sigalg.risk"), label, sigAlg));
}
@@ -4316,7 +4337,8 @@
}
}
- private void checkWeak(String label, Certificate[] certs) {
+ private void checkWeak(String label, Certificate[] certs)
+ throws KeyStoreException {
for (int i = 0; i < certs.length; i++) {
Certificate cert = certs[i];
if (cert instanceof X509Certificate) {
@@ -4325,15 +4347,18 @@
if (certs.length > 1) {
fullLabel = oneInMany(label, i, certs.length);
}
- checkWeak(fullLabel, xc.getSigAlgName(), xc.getPublicKey());
+ checkWeak(fullLabel, xc);
}
}
}
- private void checkWeak(String label, Certificate cert) {
+ private void checkWeak(String label, Certificate cert)
+ throws KeyStoreException {
if (cert instanceof X509Certificate) {
X509Certificate xc = (X509Certificate)cert;
- checkWeak(label, xc.getSigAlgName(), xc.getPublicKey());
+ // No need to check the sigalg of a trust anchor
+ String sigAlg = isTrustedCert(cert) ? null : xc.getSigAlgName();
+ checkWeak(label, sigAlg, xc.getPublicKey());
}
}
--- a/jdk/src/java.datatransfer/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.datatransfer/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -24,8 +24,9 @@
*/
/**
- * Defines an API for transferring data between and within applications.
+ * Defines the API for transferring data between and within applications.
*
+ * @moduleGraph
* @since 9
*/
module java.datatransfer {
--- a/jdk/src/java.desktop/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.desktop/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -27,6 +27,7 @@
* Defines the AWT and Swing user interface toolkits, plus APIs for
* accessibility, audio, imaging, printing, and JavaBeans.
*
+ * @moduleGraph
* @since 9
*/
module java.desktop {
--- a/jdk/src/java.instrument/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.instrument/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -27,6 +27,7 @@
* Defines services that allow agents to
* instrument programs running on the JVM.
*
+ * @moduleGraph
* @since 9
*/
module java.instrument {
--- a/jdk/src/java.logging/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.logging/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* Defines the Java Logging API.
*
+ * @moduleGraph
* @since 9
*/
module java.logging {
--- a/jdk/src/java.management.rmi/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.management.rmi/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -46,6 +46,7 @@
* and load the appropriate {@code JMXConnectorServerProvider} service
* implementation for the given protocol.
*
+ * @moduleGraph
* @since 9
*/
module java.management.rmi {
--- a/jdk/src/java.management/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.management/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -29,6 +29,7 @@
* The JMX API consists of interfaces for monitoring and management of the
* JVM and other components in the Java runtime.
*
+ * @moduleGraph
* @since 9
*/
module java.management {
--- a/jdk/src/java.naming/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.naming/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* Defines the Java Naming and Directory Interface (JNDI) API.
*
+ * @moduleGraph
* @since 9
*/
module java.naming {
--- a/jdk/src/java.prefs/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.prefs/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* Defines the Preferences API.
*
+ * @moduleGraph
* @since 9
*/
module java.prefs {
--- a/jdk/src/java.rmi/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.rmi/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* Defines the Remote Method Invocation (RMI) API.
*
+ * @moduleGraph
* @since 9
*/
module java.rmi {
--- a/jdk/src/java.scripting/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.scripting/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* Defines the Scripting API.
*
+ * @moduleGraph
* @since 9
*/
module java.scripting {
--- a/jdk/src/java.se.ee/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.se.ee/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -29,6 +29,7 @@
* This module requires {@code java.se} and supplements it with modules
* that define CORBA and Java EE APIs. These modules are upgradeable.
*
+ * @moduleGraph
* @since 9
*/
@SuppressWarnings("deprecation")
--- a/jdk/src/java.se/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.se/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -29,6 +29,7 @@
* The modules defining CORBA and Java EE APIs are not required by
* this module, but they are required by {@code java.se.ee}.
*
+ * @moduleGraph
* @since 9
*/
module java.se {
--- a/jdk/src/java.security.jgss/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.security.jgss/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -28,6 +28,7 @@
* <P>
* This module also contains GSS-API mechanisms including Kerberos v5 and SPNEGO.
*
+ * @moduleGraph
* @since 9
*/
module java.security.jgss {
--- a/jdk/src/java.security.sasl/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.security.sasl/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -30,6 +30,7 @@
* This module also contains SASL mechanisms including DIGEST-MD5,
* CRAM-MD5, and NTLM.
*
+ * @moduleGraph
* @since 9
*/
module java.security.sasl {
--- a/jdk/src/java.smartcardio/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.smartcardio/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* Defines the Java Smart Card I/O API.
*
+ * @moduleGraph
* @since 9
*/
module java.smartcardio {
--- a/jdk/src/java.sql.rowset/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.sql.rowset/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* Defines the JDBC RowSet API.
*
+ * @moduleGraph
* @since 9
*/
module java.sql.rowset {
--- a/jdk/src/java.sql/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.sql/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* Defines the JDBC API.
*
+ * @moduleGraph
* @since 9
*/
module java.sql {
--- a/jdk/src/java.transaction/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.transaction/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -29,6 +29,7 @@
* The subset consists of RMI exception types which are mapped to CORBA system
* exceptions by the 'Java Language to IDL Mapping Specification'.
*
+ * @moduleGraph
* @since 9
*/
@Deprecated(since="9", forRemoval=true)
--- a/jdk/src/java.xml.crypto/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/java.xml.crypto/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -24,8 +24,9 @@
*/
/**
- * Defines an API for XML cryptography.
+ * Defines the API for XML cryptography.
*
+ * @moduleGraph
* @since 9
*/
module java.xml.crypto {
--- a/jdk/src/jdk.attach/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.attach/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* Defines the attach API.
*
+ * @moduleGraph
* @since 9
*/
module jdk.attach {
--- a/jdk/src/jdk.charsets/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.charsets/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,13 @@
* questions.
*/
+/**
+ * {@link java.nio.charset.Charset Charset} provider for the charsets that
+ * are not in {@code java.base} (mostly double byte and IBM charsets).
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.charsets {
provides java.nio.charset.spi.CharsetProvider
with sun.nio.cs.ext.ExtendedCharsets;
--- a/jdk/src/jdk.crypto.cryptoki/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.crypto.cryptoki/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* The SunPKCS11 security provider.
*
+ * @moduleGraph
* @since 9
*/
module jdk.crypto.cryptoki {
--- a/jdk/src/jdk.crypto.ec/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.crypto.ec/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* The SunEC security provider.
*
+ * @moduleGraph
* @since 9
*/
module jdk.crypto.ec {
--- a/jdk/src/jdk.crypto.mscapi/windows/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.crypto.mscapi/windows/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* The SunMSCAPI security provider.
*
+ * @moduleGraph
* @since 9
*/
module jdk.crypto.mscapi {
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* The OracleUCrypto security provider.
*
+ * @moduleGraph
* @since 9
*/
module jdk.crypto.ucrypto {
--- a/jdk/src/jdk.httpserver/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.httpserver/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
* questions.
*/
+/**
+ * Defines the JDK-specific API for HTTP server.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.httpserver {
exports com.sun.net.httpserver;
--- a/jdk/src/jdk.jartool/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jartool/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,13 @@
* questions.
*/
+/**
+ * Defines tools for manipulating Java Archive (JAR) files,
+ * including the jar and jarsigner tools.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.jartool {
exports com.sun.jarsigner;
exports jdk.security.jarsigner;
--- a/jdk/src/jdk.jcmd/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jcmd/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,13 @@
* questions.
*/
+/**
+ * Defines tools for diagnostics and troubleshooting a JVM,
+ * including the jcmd, jps, jstat and other diagnostics tools.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.jcmd {
requires jdk.attach;
requires jdk.internal.jvmstat;
--- a/jdk/src/jdk.jconsole/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jconsole/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,13 @@
* questions.
*/
+/**
+ * Defines the JMX graphical tool, jconsole, for monitoring and managing
+ * a running application.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.jconsole {
requires transitive java.desktop;
requires transitive java.management;
--- a/jdk/src/jdk.jdi/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jdi/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* Defines the Java Debugger Interface.
*
+ * @moduleGraph
* @since 9
*/
module jdk.jdi {
--- a/jdk/src/jdk.jdwp.agent/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jdwp.agent/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -26,6 +26,7 @@
/**
* Java Debug Wire Protocol.
*
+ * @moduleGraph
* @since 9
*/
module jdk.jdwp.agent {
--- a/jdk/src/jdk.jlink/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jlink/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
* questions.
*/
+/**
+ * Defines the Java linker tool, jlink.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.jlink {
requires jdk.internal.opt;
requires jdk.jdeps;
--- a/jdk/src/jdk.jsobject/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jsobject/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
* questions.
*/
+/**
+ * Defines the API for the JavaScript Object.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.jsobject {
requires java.desktop;
exports netscape.javascript;
--- a/jdk/src/jdk.jstatd/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.jstatd/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,13 @@
* questions.
*/
+/**
+ * Defines the tool for starting a daemon for the jstat tool to monitor
+ * JVM statistics remotely.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.jstatd {
requires java.rmi;
requires jdk.internal.jvmstat;
@@ -32,4 +39,3 @@
provides sun.jvmstat.monitor.MonitoredHostService with sun.jvmstat.perfdata.monitor.protocol.rmi.MonitoredHostRmiService;
}
-
--- a/jdk/src/jdk.localedata/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.localedata/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
* questions.
*/
+/**
+ * Locale data provider for locales other than {@linkplain java.util.Locale#US US locale}.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.localedata {
provides sun.util.locale.provider.LocaleDataMetaInfo with
sun.util.resources.cldr.provider.CLDRLocaleDataMetaInfo,
--- a/jdk/src/jdk.management.agent/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.management.agent/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
* questions.
*/
+/**
+ * Define the JMX management agent.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.management.agent {
requires java.management;
requires java.management.rmi;
--- a/jdk/src/jdk.management/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.management/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
* questions.
*/
+/**
+ * Defines the JDK-specific Management Interfaces for JVM.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.management {
requires transitive java.management;
--- a/jdk/src/jdk.naming.dns/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.naming.dns/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
* questions.
*/
+/**
+ * DNS Java Naming provider.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.naming.dns {
requires java.naming;
--- a/jdk/src/jdk.naming.rmi/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.naming.rmi/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
* questions.
*/
+/**
+ * RMI Java Naming provider.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.naming.rmi {
requires java.naming;
requires java.rmi;
--- a/jdk/src/jdk.net/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.net/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
* questions.
*/
+/**
+ * Defines the JDK-specific Networking API.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.net {
exports jdk.net;
}
--- a/jdk/src/jdk.sctp/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.sctp/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
* questions.
*/
+/**
+ * Defines the JDK-specific API for SCTP.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.sctp {
exports com.sun.nio.sctp;
}
--- a/jdk/src/jdk.security.auth/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.security.auth/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -27,6 +27,7 @@
* Contains the implementation of the javax.security.auth.* interfaces and
* various authentication modules.
*
+ * @moduleGraph
* @since 9
*/
module jdk.security.auth {
--- a/jdk/src/jdk.security.jgss/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.security.jgss/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -27,6 +27,7 @@
* Defines Java extensions to the GSS-API and an implementation of the SASL
* GSSAPI mechanism.
*
+ * @moduleGraph
* @since 9
*/
module jdk.security.jgss {
--- a/jdk/src/jdk.zipfs/share/classes/module-info.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/src/jdk.zipfs/share/classes/module-info.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,6 +23,12 @@
* questions.
*/
+/**
+ * Zip file system provider.
+ *
+ * @moduleGraph
+ * @since 9
+ */
module jdk.zipfs {
provides java.nio.file.spi.FileSystemProvider with jdk.nio.zipfs.ZipFileSystemProvider;
}
--- a/jdk/test/ProblemList.txt Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/test/ProblemList.txt Thu Mar 30 17:23:52 2017 +0000
@@ -180,8 +180,6 @@
java/nio/channels/DatagramChannel/ChangingAddress.java 7141822 macosx-all
-java/nio/channels/Selector/OutOfBand.java 7132677 macosx-all
-
java/nio/file/WatchService/Basic.java 7158947 solaris-all Solaris 11
java/nio/file/WatchService/MayFlies.java 7158947 solaris-all Solaris 11
java/nio/file/WatchService/LotsOfEvents.java 7158947 solaris-all Solaris 11
--- a/jdk/test/TEST.groups Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/test/TEST.groups Thu Mar 30 17:23:52 2017 +0000
@@ -73,6 +73,7 @@
jdk/internal/misc \
jdk/internal/ref \
jdk/internal/jimage \
+ jdk/internal/math \
jdk/modules \
vm
@@ -141,8 +142,7 @@
java/util/stream
jdk_math = \
- java/math \
- jdk/internal/math
+ java/math
jdk_io = \
java/io
--- a/jdk/test/java/nio/channels/Selector/OutOfBand.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/test/java/nio/channels/Selector/OutOfBand.java Thu Mar 30 17:23:52 2017 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,6 +23,9 @@
/* @test
* @bug 6213702
+ * @requires (os.family != "mac") | (os.version == "10.10.5")
+ * | (os.simpleVersion != "10.8" & os.simpleVersion != "10.9"
+ * & os.simpleVersion != "10.10")
* @summary OOB data causes a SocketChannel, with OOBINLINE disabled, to be
* selected
*/
--- a/jdk/test/sun/security/tools/keytool/WeakAlg.java Wed Mar 29 23:33:06 2017 +0000
+++ b/jdk/test/sun/security/tools/keytool/WeakAlg.java Thu Mar 30 17:23:52 2017 +0000
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 8171319
+ * @bug 8171319 8177569
* @summary keytool should print out warnings when reading or generating
* cert/cert req using weak algorithms
* @library /test/lib
@@ -78,7 +78,8 @@
.shouldMatch("<b>.*512-bit RSA key.*risk")
.shouldContain("512-bit RSA key (weak)");
- // Multiple warnings for multiple cert in -printcert or -list or -exportcert
+ // Multiple warnings for multiple cert in -printcert
+ // or -list or -exportcert
// -certreq, -printcertreq, -gencert
checkCertReq("a", "", null);
@@ -184,7 +185,7 @@
.shouldMatch("The input.*MD5withRSA.*risk")
.shouldNotContain("[no]");
- // cert is self-signed cacerts
+ // JDK-8177569: no warning for sigalg of trusted cert
String weakSigAlgCA = null;
KeyStore ks = KeyStoreUtil.getCacertsKeyStore();
if (ks != null) {
@@ -208,12 +209,40 @@
}
}
if (weakSigAlgCA != null) {
+ // The following 2 commands still have a warning on why not using
+ // the -cacerts option directly.
+ kt("-list -keystore " + KeyStoreUtil.getCacerts())
+ .shouldNotContain("risk");
+ kt("-list -v -keystore " + KeyStoreUtil.getCacerts())
+ .shouldNotContain("risk");
+
+ // -printcert will always show warnings
+ kt("-printcert -file ca.cert")
+ .shouldContain("name: " + weakSigAlgCA + " (weak)")
+ .shouldContain("Warning")
+ .shouldMatch("The certificate.*" + weakSigAlgCA + ".*risk");
+ kt("-printcert -file ca.cert -trustcacerts") // -trustcacerts useless
+ .shouldContain("name: " + weakSigAlgCA + " (weak)")
+ .shouldContain("Warning")
+ .shouldMatch("The certificate.*" + weakSigAlgCA + ".*risk");
+
+ // Importing with -trustcacerts ignore CA cert's sig alg
kt("-delete -alias d");
kt("-importcert -alias d -trustcacerts -file ca.cert", "no")
.shouldContain("Certificate already exists in system-wide CA")
+ .shouldNotContain("risk")
+ .shouldContain("Do you still want to add it to your own keystore?");
+ kt("-importcert -alias d -trustcacerts -file ca.cert -noprompt")
+ .shouldNotContain("risk")
+ .shouldNotContain("[no]");
+
+ // but not without -trustcacerts
+ kt("-delete -alias d");
+ kt("-importcert -alias d -file ca.cert", "no")
+ .shouldContain("name: " + weakSigAlgCA + " (weak)")
.shouldContain("Warning")
.shouldMatch("The input.*" + weakSigAlgCA + ".*risk")
- .shouldContain("Do you still want to add it to your own keystore?");
+ .shouldContain("Trust this certificate?");
kt("-importcert -alias d -file ca.cert -noprompt")
.shouldContain("Warning")
.shouldMatch("The input.*" + weakSigAlgCA + ".*risk")
@@ -266,6 +295,26 @@
// install reply
reStore();
+ certreq("c", "");
+ gencert("a-c", "");
+ kt("-importcert -alias c -file a-c.cert")
+ .shouldContain("Warning")
+ .shouldMatch("Issuer <a>.*MD5withRSA.*risk");
+
+ // JDK-8177569: no warning for sigalg of trusted cert
+ reStore();
+ // Change a into a TrustedCertEntry
+ kt("-exportcert -alias a -file a.cert");
+ kt("-delete -alias a");
+ kt("-importcert -alias a -file a.cert -noprompt");
+ kt("-list -alias a -v")
+ .shouldNotContain("weak")
+ .shouldNotContain("Warning");
+ // This time a is trusted and no warning on its weak sig alg
+ kt("-importcert -alias c -file a-c.cert")
+ .shouldNotContain("Warning");
+
+ reStore();
gencert("a-b", "");
gencert("b-c", "");