--- a/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxFileSystemProvider.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxFileSystemProvider.java Thu Apr 21 10:30:43 2016 -0700
@@ -102,8 +102,8 @@
@Override
FileTypeDetector getFileTypeDetector() {
- Path userMimeTypes = Paths.get(AccessController.doPrivileged(
- new GetPropertyAction("user.home")), ".mime.types");
+ String userHome = GetPropertyAction.getProperty("user.home");
+ Path userMimeTypes = Paths.get(userHome, ".mime.types");
Path etcMimeTypes = Paths.get("/etc/mime.types");
return chain(new GioFileTypeDetector(),
--- a/jdk/src/java.base/macosx/classes/sun/nio/ch/KQueueArrayWrapper.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/macosx/classes/sun/nio/ch/KQueueArrayWrapper.java Thu Apr 21 10:30:43 2016 -0700
@@ -32,9 +32,9 @@
package sun.nio.ch;
import java.io.IOException;
-import java.io.FileDescriptor;
import java.util.Iterator;
import java.util.LinkedList;
+import sun.security.action.GetPropertyAction;
/*
* struct kevent { // 32-bit 64-bit
@@ -84,10 +84,8 @@
static {
IOUtil.load();
initStructSizes();
- String datamodel = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("sun.arch.data.model")
- );
- is64bit = datamodel.equals("64");
+ String datamodel = GetPropertyAction.getProperty("sun.arch.data.model");
+ is64bit = "64".equals(datamodel);
}
KQueueArrayWrapper() {
--- a/jdk/src/java.base/macosx/classes/sun/nio/fs/MacOSXFileSystemProvider.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/macosx/classes/sun/nio/fs/MacOSXFileSystemProvider.java Thu Apr 21 10:30:43 2016 -0700
@@ -28,7 +28,6 @@
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.spi.FileTypeDetector;
-import java.security.AccessController;
import sun.security.action.GetPropertyAction;
/**
@@ -47,8 +46,8 @@
@Override
FileTypeDetector getFileTypeDetector() {
- Path userMimeTypes = Paths.get(AccessController.doPrivileged(
- new GetPropertyAction("user.home")), ".mime.types");
+ Path userMimeTypes = Paths.get(
+ GetPropertyAction.getProperty("user.home"), ".mime.types");
return chain(new MimeTypesFileTypeDetector(userMimeTypes),
new UTIFileTypeDetector());
--- a/jdk/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java Thu Apr 21 10:30:43 2016 -0700
@@ -512,11 +512,17 @@
byte[] sOut = new byte[s.length];
GCTR gctrForSToTag = new GCTR(embeddedCipher, this.preCounterBlock);
gctrForSToTag.doFinal(s, 0, s.length, sOut, 0);
+
+ // check entire authentication tag for time-consistency
+ int mismatch = 0;
for (int i = 0; i < tagLenBytes; i++) {
- if (tag[i] != sOut[i]) {
- throw new AEADBadTagException("Tag mismatch!");
- }
+ mismatch |= tag[i] ^ sOut[i];
}
+
+ if (mismatch != 0) {
+ throw new AEADBadTagException("Tag mismatch!");
+ }
+
return len;
}
--- a/jdk/src/java.base/share/classes/java/io/DataInput.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/io/DataInput.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -182,10 +182,11 @@
* not all bytes of {@code b} have been
* updated with data from the input stream.
*
- * @param b the buffer into which the data is read.
- * @exception EOFException if this stream reaches the end before reading
- * all the bytes.
- * @exception IOException if an I/O error occurs.
+ * @param b the buffer into which the data is read.
+ * @throws NullPointerException if {@code b} is {@code null}.
+ * @throws EOFException if this stream reaches the end before reading
+ * all the bytes.
+ * @throws IOException if an I/O error occurs.
*/
void readFully(byte b[]) throws IOException;
@@ -226,12 +227,16 @@
* and so on. The number of bytes read is,
* at most, equal to {@code len}.
*
- * @param b the buffer into which the data is read.
- * @param off an int specifying the offset into the data.
- * @param len an int specifying the number of bytes to read.
- * @exception EOFException if this stream reaches the end before reading
- * all the bytes.
- * @exception IOException if an I/O error occurs.
+ * @param b the buffer into which the data is read.
+ * @param off an int specifying the offset in the data array {@code b}.
+ * @param len an int specifying the number of bytes to read.
+ * @throws NullPointerException if {@code b} is {@code null}.
+ * @throws IndexOutOfBoundsException if {@code off} is negative,
+ * {@code len} is negative, or {@code len} is greater than
+ * {@code b.length - off}.
+ * @throws EOFException if this stream reaches the end before reading
+ * all the bytes.
+ * @throws IOException if an I/O error occurs.
*/
void readFully(byte b[], int off, int len) throws IOException;
--- a/jdk/src/java.base/share/classes/java/io/DataInputStream.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/io/DataInputStream.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1994, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -150,38 +150,43 @@
}
/**
- * See the general contract of the <code>readFully</code>
- * method of <code>DataInput</code>.
+ * See the general contract of the {@code readFully}
+ * method of {@code DataInput}.
* <p>
* Bytes
* for this operation are read from the contained
* input stream.
*
- * @param b the buffer into which the data is read.
- * @exception EOFException if this input stream reaches the end before
- * reading all the bytes.
- * @exception IOException the stream has been closed and the contained
- * input stream does not support reading after close, or
- * another I/O error occurs.
- * @see java.io.FilterInputStream#in
+ * @param b the buffer into which the data is read.
+ * @throws NullPointerException if {@code b} is {@code null}.
+ * @throws EOFException if this input stream reaches the end before
+ * reading all the bytes.
+ * @throws IOException the stream has been closed and the contained
+ * input stream does not support reading after close, or
+ * another I/O error occurs.
+ * @see java.io.FilterInputStream#in
*/
public final void readFully(byte b[]) throws IOException {
readFully(b, 0, b.length);
}
/**
- * See the general contract of the <code>readFully</code>
- * method of <code>DataInput</code>.
+ * See the general contract of the {@code readFully}
+ * method of {@code DataInput}.
* <p>
* Bytes
* for this operation are read from the contained
* input stream.
*
* @param b the buffer into which the data is read.
- * @param off the start offset of the data.
+ * @param off the start offset in the data array {@code b}.
* @param len the number of bytes to read.
+ * @exception NullPointerException if {@code b} is {@code null}.
+ * @exception IndexOutOfBoundsException if {@code off} is negative,
+ * {@code len} is negative, or {@code len} is greater than
+ * {@code b.length - off}.
* @exception EOFException if this input stream reaches the end before
- * reading all the bytes.
+ * reading all the bytes.
* @exception IOException the stream has been closed and the contained
* input stream does not support reading after close, or
* another I/O error occurs.
--- a/jdk/src/java.base/share/classes/java/io/File.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/io/File.java Thu Apr 21 10:30:43 2016 -0700
@@ -31,7 +31,6 @@
import java.net.URISyntaxException;
import java.util.List;
import java.util.ArrayList;
-import java.security.AccessController;
import java.security.SecureRandom;
import java.nio.file.Path;
import java.nio.file.FileSystems;
@@ -1896,8 +1895,8 @@
private TempDirectory() { }
// temporary directory location
- private static final File tmpdir = new File(AccessController
- .doPrivileged(new GetPropertyAction("java.io.tmpdir")));
+ private static final File tmpdir = new File(
+ GetPropertyAction.getProperty("java.io.tmpdir"));
static File location() {
return tmpdir;
}
--- a/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java Thu Apr 21 10:30:43 2016 -0700
@@ -40,6 +40,9 @@
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import static java.io.ObjectStreamClass.processQueue;
+import jdk.internal.misc.JavaObjectInputStreamAccess;
+import jdk.internal.misc.ObjectStreamClassValidator;
+import jdk.internal.misc.SharedSecrets;
import jdk.internal.misc.Unsafe;
import sun.reflect.misc.ReflectUtil;
@@ -853,10 +856,14 @@
* exactly 'length' bytes.
*
* @param buf the buffer into which the data is read
- * @param off the start offset of the data
+ * @param off the start offset in the destination array {@code buf}
* @param len the maximum number of bytes read
* @return the actual number of bytes read, -1 is returned when the end of
* the stream is reached.
+ * @throws NullPointerException if {@code buf} is {@code null}.
+ * @throws IndexOutOfBoundsException if {@code off} is negative,
+ * {@code len} is negative, or {@code len} is greater than
+ * {@code buf.length - off}.
* @throws IOException If an I/O error has occurred.
* @see java.io.DataInputStream#readFully(byte[],int,int)
*/
@@ -1014,6 +1021,7 @@
* Reads bytes, blocking until all bytes are read.
*
* @param buf the buffer into which the data is read
+ * @throws NullPointerException If {@code buf} is {@code null}.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
@@ -1025,8 +1033,12 @@
* Reads bytes, blocking until all bytes are read.
*
* @param buf the buffer into which the data is read
- * @param off the start offset of the data
+ * @param off the start offset into the data array {@code buf}
* @param len the maximum number of bytes to read
+ * @throws NullPointerException If {@code buf} is {@code null}.
+ * @throws IndexOutOfBoundsException If {@code off} is negative,
+ * {@code len} is negative, or {@code len} is greater than
+ * {@code buf.length - off}.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
@@ -1509,23 +1521,28 @@
throws IOException
{
byte tc = bin.peekByte();
+ ObjectStreamClass descriptor;
switch (tc) {
case TC_NULL:
- return (ObjectStreamClass) readNull();
-
+ descriptor = (ObjectStreamClass) readNull();
+ break;
case TC_REFERENCE:
- return (ObjectStreamClass) readHandle(unshared);
-
+ descriptor = (ObjectStreamClass) readHandle(unshared);
+ break;
case TC_PROXYCLASSDESC:
- return readProxyDesc(unshared);
-
+ descriptor = readProxyDesc(unshared);
+ break;
case TC_CLASSDESC:
- return readNonProxyDesc(unshared);
-
+ descriptor = readNonProxyDesc(unshared);
+ break;
default:
throw new StreamCorruptedException(
String.format("invalid type code: %02X", tc));
}
+ if (descriptor != null) {
+ validateDescriptor(descriptor);
+ }
+ return descriptor;
}
private boolean isCustomSubclass() {
@@ -1915,6 +1932,8 @@
if (obj == null || handles.lookupException(passHandle) != null) {
defaultReadFields(null, slotDesc); // skip field values
} else if (slotDesc.hasReadObjectMethod()) {
+ ThreadDeath t = null;
+ boolean reset = false;
SerialCallbackContext oldContext = curContext;
if (oldContext != null)
oldContext.check();
@@ -1933,10 +1952,19 @@
*/
handles.markException(passHandle, ex);
} finally {
- curContext.setUsed();
- if (oldContext!= null)
- oldContext.check();
- curContext = oldContext;
+ do {
+ try {
+ curContext.setUsed();
+ if (oldContext!= null)
+ oldContext.check();
+ curContext = oldContext;
+ reset = true;
+ } catch (ThreadDeath x) {
+ t = x; // defer until reset is true
+ }
+ } while (!reset);
+ if (t != null)
+ throw t;
}
/*
@@ -3647,4 +3675,20 @@
}
}
+ private void validateDescriptor(ObjectStreamClass descriptor) {
+ ObjectStreamClassValidator validating = validator;
+ if (validating != null) {
+ validating.validateDescriptor(descriptor);
+ }
+ }
+
+ // controlled access to ObjectStreamClassValidator
+ private volatile ObjectStreamClassValidator validator;
+
+ private static void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) {
+ ois.validator = validator;
+ }
+ static {
+ SharedSecrets.setJavaObjectInputStreamAccess(ObjectInputStream::setValidator);
+ }
}
--- a/jdk/src/java.base/share/classes/java/io/RandomAccessFile.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/io/RandomAccessFile.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1994, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -418,10 +418,11 @@
* read. This method blocks until the requested number of bytes are
* read, the end of the stream is detected, or an exception is thrown.
*
- * @param b the buffer into which the data is read.
- * @exception EOFException if this file reaches the end before reading
- * all the bytes.
- * @exception IOException if an I/O error occurs.
+ * @param b the buffer into which the data is read.
+ * @throws NullPointerException if {@code b} is {@code null}.
+ * @throws EOFException if this file reaches the end before reading
+ * all the bytes.
+ * @throws IOException if an I/O error occurs.
*/
public final void readFully(byte b[]) throws IOException {
readFully(b, 0, b.length);
@@ -434,12 +435,16 @@
* read. This method blocks until the requested number of bytes are
* read, the end of the stream is detected, or an exception is thrown.
*
- * @param b the buffer into which the data is read.
- * @param off the start offset of the data.
- * @param len the number of bytes to read.
- * @exception EOFException if this file reaches the end before reading
- * all the bytes.
- * @exception IOException if an I/O error occurs.
+ * @param b the buffer into which the data is read.
+ * @param off the start offset into the data array {@code b}.
+ * @param len the number of bytes to read.
+ * @throws NullPointerException if {@code b} is {@code null}.
+ * @throws IndexOutOfBoundsException if {@code off} is negative,
+ * {@code len} is negative, or {@code len} is greater than
+ * {@code b.length - off}.
+ * @throws EOFException if this file reaches the end before reading
+ * all the bytes.
+ * @throws IOException if an I/O error occurs.
*/
public final void readFully(byte b[], int off, int len) throws IOException {
int n = 0;
--- a/jdk/src/java.base/share/classes/java/lang/ClassLoader.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/lang/ClassLoader.java Thu Apr 21 10:30:43 2016 -0700
@@ -817,6 +817,9 @@
if (!checkName(name))
throw new NoClassDefFoundError("IllegalName: " + name);
+ // Note: Checking logic in java.lang.invoke.MemberName.checkForTypeAlias
+ // relies on the fact that spoofing is impossible if a class has a name
+ // of the form "java.*"
if ((name != null) && name.startsWith("java.")
&& this != getBuiltinPlatformClassLoader()) {
throw new SecurityException
--- a/jdk/src/java.base/share/classes/java/lang/ProcessBuilder.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/lang/ProcessBuilder.java Thu Apr 21 10:30:43 2016 -0700
@@ -30,13 +30,12 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
-import java.nio.channels.Pipe;
import java.util.Arrays;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
+import sun.security.action.GetPropertyAction;
+
/**
* This class is used to create operating system processes.
*
@@ -468,11 +467,9 @@
* @since 1.7
*/
public abstract static class Redirect {
- private static final File NULL_FILE = AccessController.doPrivileged(
- (PrivilegedAction<File>) () -> {
- return new File((System.getProperty("os.name")
- .startsWith("Windows") ? "NUL" : "/dev/null"));
- }
+ private static final File NULL_FILE = new File(
+ (GetPropertyAction.getProperty("os.name")
+ .startsWith("Windows") ? "NUL" : "/dev/null")
);
/**
--- a/jdk/src/java.base/share/classes/java/lang/StackStreamFactory.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/lang/StackStreamFactory.java Thu Apr 21 10:30:43 2016 -0700
@@ -30,8 +30,6 @@
import java.lang.annotation.Native;
import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.NoSuchElementException;
import java.util.Objects;
@@ -41,6 +39,7 @@
import java.util.function.Function;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
+import sun.security.action.GetPropertyAction;
import static java.lang.StackStreamFactory.WalkerState.*;
@@ -990,14 +989,9 @@
}
private static boolean getProperty(String key, boolean value) {
- String s = AccessController.doPrivileged(new PrivilegedAction<>() {
- @Override
- public String run() {
- return System.getProperty(key);
- }
- });
+ String s = GetPropertyAction.getProperty(key);
if (s != null) {
- return Boolean.valueOf(s);
+ return Boolean.parseBoolean(s);
}
return value;
}
--- a/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java Thu Apr 21 10:30:43 2016 -0700
@@ -88,8 +88,7 @@
static {
final String key = "jdk.internal.lambda.dumpProxyClasses";
- String path = AccessController.doPrivileged(
- new GetPropertyAction(key));
+ String path = GetPropertyAction.getProperty(key);
dumper = (null == path) ? null : ProxyClassesDumper.getInstance(path);
}
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MemberName.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MemberName.java Thu Apr 21 10:30:43 2016 -0700
@@ -827,7 +827,7 @@
assert(isResolved() == isResolved);
}
- void checkForTypeAlias() {
+ void checkForTypeAlias(Class<?> refc) {
if (isInvocable()) {
MethodType type;
if (this.type instanceof MethodType)
@@ -835,16 +835,16 @@
else
this.type = type = getMethodType();
if (type.erase() == type) return;
- if (VerifyAccess.isTypeVisible(type, clazz)) return;
- throw new LinkageError("bad method type alias: "+type+" not visible from "+clazz);
+ if (VerifyAccess.isTypeVisible(type, refc)) return;
+ throw new LinkageError("bad method type alias: "+type+" not visible from "+refc);
} else {
Class<?> type;
if (this.type instanceof Class<?>)
type = (Class<?>) this.type;
else
this.type = type = getFieldType();
- if (VerifyAccess.isTypeVisible(type, clazz)) return;
- throw new LinkageError("bad field type alias: "+type+" not visible from "+clazz);
+ if (VerifyAccess.isTypeVisible(type, refc)) return;
+ throw new LinkageError("bad field type alias: "+type+" not visible from "+refc);
}
}
@@ -1016,10 +1016,25 @@
MemberName m = ref.clone(); // JVM will side-effect the ref
assert(refKind == m.getReferenceKind());
try {
+ // There are 4 entities in play here:
+ // * LC: lookupClass
+ // * REFC: symbolic reference class (MN.clazz before resolution);
+ // * DEFC: resolved method holder (MN.clazz after resolution);
+ // * PTYPES: parameter types (MN.type)
+ //
+ // What we care about when resolving a MemberName is consistency between DEFC and PTYPES.
+ // We do type alias (TA) checks on DEFC to ensure that. DEFC is not known until the JVM
+ // finishes the resolution, so do TA checks right after MHN.resolve() is over.
+ //
+ // All parameters passed by a caller are checked against MH type (PTYPES) on every invocation,
+ // so it is safe to call a MH from any context.
+ //
+ // REFC view on PTYPES doesn't matter, since it is used only as a starting point for resolution and doesn't
+ // participate in method selection.
m = MethodHandleNatives.resolve(m, lookupClass);
- m.checkForTypeAlias();
+ m.checkForTypeAlias(m.getDeclaringClass());
m.resolution = null;
- } catch (LinkageError ex) {
+ } catch (ClassNotFoundException | LinkageError ex) {
// JVM reports that the "bytecode behavior" would get an error
assert(!m.isResolved());
m.resolution = ex;
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java Thu Apr 21 10:30:43 2016 -0700
@@ -49,7 +49,7 @@
static native void init(MemberName self, Object ref);
static native void expand(MemberName self);
- static native MemberName resolve(MemberName self, Class<?> caller) throws LinkageError;
+ static native MemberName resolve(MemberName self, Class<?> caller) throws LinkageError, ClassNotFoundException;
static native int getMembers(Class<?> defc, String matchName, String matchSig,
int matchFlags, Class<?> caller, int skip, MemberName[] results);
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java Thu Apr 21 10:30:43 2016 -0700
@@ -25,9 +25,9 @@
package java.lang.invoke;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
+import java.util.Properties;
import jdk.internal.misc.Unsafe;
+import sun.security.action.GetPropertyAction;
/**
* This class consists exclusively of static names internal to the
@@ -53,32 +53,27 @@
static final boolean VAR_HANDLE_GUARDS;
static {
- final Object[] values = new Object[10];
- AccessController.doPrivileged(new PrivilegedAction<>() {
- public Void run() {
- values[0] = Boolean.getBoolean("java.lang.invoke.MethodHandle.DEBUG_NAMES");
- values[1] = Boolean.getBoolean("java.lang.invoke.MethodHandle.DUMP_CLASS_FILES");
- values[2] = Boolean.getBoolean("java.lang.invoke.MethodHandle.TRACE_INTERPRETER");
- values[3] = Boolean.getBoolean("java.lang.invoke.MethodHandle.TRACE_METHOD_LINKAGE");
- values[4] = Integer.getInteger("java.lang.invoke.MethodHandle.COMPILE_THRESHOLD", 0);
- values[5] = Integer.getInteger("java.lang.invoke.MethodHandle.DONT_INLINE_THRESHOLD", 30);
- values[6] = Integer.getInteger("java.lang.invoke.MethodHandle.PROFILE_LEVEL", 0);
- values[7] = Boolean.parseBoolean(System.getProperty("java.lang.invoke.MethodHandle.PROFILE_GWT", "true"));
- values[8] = Integer.getInteger("java.lang.invoke.MethodHandle.CUSTOMIZE_THRESHOLD", 127);
- values[9] = Boolean.parseBoolean(System.getProperty("java.lang.invoke.VarHandle.VAR_HANDLE_GUARDS", "true"));
- return null;
- }
- });
- DEBUG_METHOD_HANDLE_NAMES = (Boolean) values[0];
- DUMP_CLASS_FILES = (Boolean) values[1];
- TRACE_INTERPRETER = (Boolean) values[2];
- TRACE_METHOD_LINKAGE = (Boolean) values[3];
- COMPILE_THRESHOLD = (Integer) values[4];
- DONT_INLINE_THRESHOLD = (Integer) values[5];
- PROFILE_LEVEL = (Integer) values[6];
- PROFILE_GWT = (Boolean) values[7];
- CUSTOMIZE_THRESHOLD = (Integer) values[8];
- VAR_HANDLE_GUARDS = (Boolean) values[9];
+ Properties props = GetPropertyAction.getProperties();
+ DEBUG_METHOD_HANDLE_NAMES = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.MethodHandle.DEBUG_NAMES"));
+ DUMP_CLASS_FILES = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.MethodHandle.DUMP_CLASS_FILES"));
+ TRACE_INTERPRETER = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.MethodHandle.TRACE_INTERPRETER"));
+ TRACE_METHOD_LINKAGE = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.MethodHandle.TRACE_METHOD_LINKAGE"));
+ COMPILE_THRESHOLD = Integer.parseInt(
+ props.getProperty("java.lang.invoke.MethodHandle.COMPILE_THRESHOLD", "0"));
+ DONT_INLINE_THRESHOLD = Integer.parseInt(
+ props.getProperty("java.lang.invoke.MethodHandle.DONT_INLINE_THRESHOLD", "30"));
+ PROFILE_LEVEL = Integer.parseInt(
+ props.getProperty("java.lang.invoke.MethodHandle.PROFILE_LEVEL", "0"));
+ PROFILE_GWT = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.MethodHandle.PROFILE_GWT", "true"));
+ CUSTOMIZE_THRESHOLD = Integer.parseInt(
+ props.getProperty("java.lang.invoke.MethodHandle.CUSTOMIZE_THRESHOLD", "127"));
+ VAR_HANDLE_GUARDS = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.VarHandle.VAR_HANDLE_GUARDS", "true"));
if (CUSTOMIZE_THRESHOLD < -1 || CUSTOMIZE_THRESHOLD > 127) {
throw newInternalError("CUSTOMIZE_THRESHOLD should be in [-1...127] range");
--- a/jdk/src/java.base/share/classes/java/lang/invoke/StringConcatFactory.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/StringConcatFactory.java Thu Apr 21 10:30:43 2016 -0700
@@ -33,7 +33,6 @@
import jdk.internal.misc.Unsafe;
import java.lang.invoke.MethodHandles.Lookup;
-import java.security.AccessController;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
@@ -188,14 +187,15 @@
private static final ProxyClassesDumper DUMPER;
static {
- final String strategy = AccessController.doPrivileged(
- new GetPropertyAction("java.lang.invoke.stringConcat"));
- CACHE_ENABLE = Boolean.parseBoolean(AccessController.doPrivileged(
- new GetPropertyAction("java.lang.invoke.stringConcat.cache")));
- DEBUG = Boolean.parseBoolean(AccessController.doPrivileged(
- new GetPropertyAction("java.lang.invoke.stringConcat.debug")));
- final String dumpPath = AccessController.doPrivileged(
- new GetPropertyAction("java.lang.invoke.stringConcat.dumpClasses"));
+ Properties props = GetPropertyAction.getProperties();
+ final String strategy =
+ props.getProperty("java.lang.invoke.stringConcat");
+ CACHE_ENABLE = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.stringConcat.cache"));
+ DEBUG = Boolean.parseBoolean(
+ props.getProperty("java.lang.invoke.stringConcat.debug"));
+ final String dumpPath =
+ props.getProperty("java.lang.invoke.stringConcat.dumpClasses");
STRATEGY = (strategy == null) ? DEFAULT_STRATEGY : Strategy.valueOf(strategy);
CACHE = CACHE_ENABLE ? new ConcurrentHashMap<>() : null;
--- a/jdk/src/java.base/share/classes/java/lang/module/ModuleFinder.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/lang/module/ModuleFinder.java Thu Apr 21 10:30:43 2016 -0700
@@ -39,6 +39,7 @@
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
+import sun.security.action.GetPropertyAction;
/**
* A finder of modules. A {@code ModuleFinder} is used to find modules during
@@ -152,7 +153,7 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- PrivilegedAction<String> pa = () -> System.getProperty("java.home");
+ PrivilegedAction<String> pa = new GetPropertyAction("java.home");
home = AccessController.doPrivileged(pa);
Permission p = new FilePermission(home + File.separator + "-", "read");
sm.checkPermission(p);
--- a/jdk/src/java.base/share/classes/java/lang/reflect/Proxy.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/lang/reflect/Proxy.java Thu Apr 21 10:30:43 2016 -0700
@@ -50,6 +50,7 @@
import jdk.internal.reflect.CallerSensitive;
import jdk.internal.reflect.Reflection;
import sun.reflect.misc.ReflectUtil;
+import sun.security.action.GetPropertyAction;
import sun.security.util.SecurityConstants;
/**
@@ -581,11 +582,7 @@
}
private static final String DEBUG =
- AccessController.doPrivileged(new PrivilegedAction<>() {
- public String run() {
- return System.getProperty("jdk.proxy.debug", "");
- }
- });
+ GetPropertyAction.getProperty("jdk.proxy.debug", "");
private static boolean isDebug() {
return !DEBUG.isEmpty();
--- a/jdk/src/java.base/share/classes/java/net/AbstractPlainDatagramSocketImpl.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/net/AbstractPlainDatagramSocketImpl.java Thu Apr 21 10:30:43 2016 -0700
@@ -31,6 +31,7 @@
import java.util.Set;
import java.util.HashSet;
import java.util.Collections;
+import sun.security.action.GetPropertyAction;
/**
* Abstract datagram and multicast socket implementation base class.
@@ -51,9 +52,7 @@
protected InetAddress connectedAddress = null;
private int connectedPort = -1;
- private static final String os = AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("os.name")
- );
+ private static final String os = GetPropertyAction.getProperty("os.name");
/**
* flag set if the native connect() call not to be used
--- a/jdk/src/java.base/share/classes/java/net/InetAddress.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/net/InetAddress.java Thu Apr 21 10:30:43 2016 -0700
@@ -1123,8 +1123,8 @@
*/
private static NameService createNameService() {
- String hostsFileName = AccessController
- .doPrivileged(new GetPropertyAction("jdk.net.hosts.file"));
+ String hostsFileName =
+ GetPropertyAction.getProperty("jdk.net.hosts.file");
NameService theNameService;
if (hostsFileName != null) {
theNameService = new HostsFileNameService(hostsFileName);
@@ -1643,8 +1643,7 @@
* property can vary across implementations of the java.
* classes. The default is an empty String "".
*/
- String prefix = AccessController.doPrivileged(
- new GetPropertyAction("impl.prefix", ""));
+ String prefix = GetPropertyAction.getProperty("impl.prefix", "");
try {
impl = Class.forName("java.net." + prefix + implName).newInstance();
} catch (ClassNotFoundException e) {
--- a/jdk/src/java.base/share/classes/java/net/SocksSocketImpl.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/net/SocksSocketImpl.java Thu Apr 21 10:30:43 2016 -0700
@@ -33,6 +33,7 @@
import sun.net.SocksProxy;
import sun.net.spi.DefaultProxySelector;
import sun.net.www.ParseUtil;
+import sun.security.action.GetPropertyAction;
/* import org.ietf.jgss.*; */
/**
@@ -177,8 +178,7 @@
userName = pw.getUserName();
password = new String(pw.getPassword());
} else {
- userName = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("user.name"));
+ userName = GetPropertyAction.getProperty("user.name");
}
if (userName == null)
return false;
@@ -1088,8 +1088,7 @@
userName = System.getProperty("user.name");
} catch (SecurityException se) { /* swallow Exception */ }
} else {
- userName = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("user.name"));
+ userName = GetPropertyAction.getProperty("user.name");
}
return userName;
}
--- a/jdk/src/java.base/share/classes/java/net/URL.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/net/URL.java Thu Apr 21 10:30:43 2016 -0700
@@ -42,6 +42,7 @@
import java.util.ServiceLoader;
import sun.security.util.SecurityConstants;
+import sun.security.action.GetPropertyAction;
/**
* Class {@code URL} represents a Uniform Resource
@@ -1210,12 +1211,8 @@
}
private static URLStreamHandler lookupViaProperty(String protocol) {
- String packagePrefixList = java.security.AccessController.doPrivileged(
- new PrivilegedAction<>() {
- public String run() {
- return System.getProperty(protocolPathProp, null);
- }
- });
+ String packagePrefixList =
+ GetPropertyAction.getProperty(protocolPathProp);
if (packagePrefixList == null) {
// not set
return null;
--- a/jdk/src/java.base/share/classes/java/net/URLConnection.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/net/URLConnection.java Thu Apr 21 10:30:43 2016 -0700
@@ -43,6 +43,7 @@
import java.security.AccessController;
import sun.security.util.SecurityConstants;
import sun.net.www.MessageHeader;
+import sun.security.action.GetPropertyAction;
/**
* The abstract class {@code URLConnection} is the superclass
@@ -1395,8 +1396,8 @@
* is always the last one on the returned package list.
*/
private String getContentHandlerPkgPrefixes() {
- String packagePrefixList = AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction(contentPathProp, ""));
+ String packagePrefixList =
+ GetPropertyAction.getProperty(contentPathProp, "");
if (packagePrefixList != "") {
packagePrefixList += "|";
--- a/jdk/src/java.base/share/classes/java/net/URLEncoder.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/net/URLEncoder.java Thu Apr 21 10:30:43 2016 -0700
@@ -25,19 +25,12 @@
package java.net;
-import java.io.ByteArrayOutputStream;
-import java.io.BufferedWriter;
-import java.io.OutputStreamWriter;
-import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.io.CharArrayWriter;
import java.nio.charset.Charset;
import java.nio.charset.IllegalCharsetNameException;
import java.nio.charset.UnsupportedCharsetException ;
import java.util.BitSet;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import sun.security.action.GetBooleanAction;
import sun.security.action.GetPropertyAction;
/**
@@ -140,9 +133,7 @@
dontNeedEncoding.set('.');
dontNeedEncoding.set('*');
- dfltEncName = AccessController.doPrivileged(
- new GetPropertyAction("file.encoding")
- );
+ dfltEncName = GetPropertyAction.getProperty("file.encoding");
}
/**
--- a/jdk/src/java.base/share/classes/java/net/URLPermission.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/net/URLPermission.java Thu Apr 21 10:30:43 2016 -0700
@@ -170,7 +170,8 @@
parseURI(getName());
int colon = actions.indexOf(':');
if (actions.lastIndexOf(':') != colon) {
- throw new IllegalArgumentException("invalid actions string");
+ throw new IllegalArgumentException(
+ "Invalid actions string: \"" + actions + "\"");
}
String methods, headers;
@@ -371,7 +372,8 @@
l.add(s);
b = new StringBuilder();
} else if (c == ' ' || c == '\t') {
- throw new IllegalArgumentException("white space not allowed");
+ throw new IllegalArgumentException(
+ "White space not allowed in methods: \"" + methods + "\"");
} else {
if (c >= 'a' && c <= 'z') {
c += 'A' - 'a';
@@ -398,7 +400,8 @@
}
b.append(c);
} else if (c == ' ' || c == '\t') {
- throw new IllegalArgumentException("white space not allowed");
+ throw new IllegalArgumentException(
+ "White space not allowed in headers: \"" + headers + "\"");
} else if (c == '-') {
capitalizeNext = true;
b.append(c);
@@ -423,14 +426,16 @@
int len = url.length();
int delim = url.indexOf(':');
if (delim == -1 || delim + 1 == len) {
- throw new IllegalArgumentException("invalid URL string");
+ throw new IllegalArgumentException(
+ "Invalid URL string: \"" + url + "\"");
}
scheme = url.substring(0, delim).toLowerCase();
this.ssp = url.substring(delim + 1);
if (!ssp.startsWith("//")) {
if (!ssp.equals("*")) {
- throw new IllegalArgumentException("invalid URL string");
+ throw new IllegalArgumentException(
+ "Invalid URL string: \"" + url + "\"");
}
this.authority = new Authority(scheme, "*");
return;
--- a/jdk/src/java.base/share/classes/java/nio/charset/Charset.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/nio/charset/Charset.java Thu Apr 21 10:30:43 2016 -0700
@@ -283,8 +283,8 @@
if (level == null) {
if (!VM.isBooted())
return false;
- bugLevel = level = AccessController.doPrivileged(
- new GetPropertyAction("sun.nio.cs.bugLevel", ""));
+ bugLevel = level =
+ GetPropertyAction.getProperty("sun.nio.cs.bugLevel", "");
}
return level.equals(bl);
}
@@ -609,8 +609,7 @@
public static Charset defaultCharset() {
if (defaultCharset == null) {
synchronized (Charset.class) {
- String csn = AccessController.doPrivileged(
- new GetPropertyAction("file.encoding"));
+ String csn = GetPropertyAction.getProperty("file.encoding");
Charset cs = lookup(csn);
if (cs != null)
defaultCharset = cs;
--- a/jdk/src/java.base/share/classes/java/nio/file/TempFileHelper.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/nio/file/TempFileHelper.java Thu Apr 21 10:30:43 2016 -0700
@@ -28,7 +28,6 @@
import java.util.Set;
import java.util.EnumSet;
import java.security.SecureRandom;
-import static java.security.AccessController.*;
import java.io.IOException;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
@@ -47,7 +46,7 @@
// temporary directory location
private static final Path tmpdir =
- Paths.get(doPrivileged(new GetPropertyAction("java.io.tmpdir")));
+ Paths.get(GetPropertyAction.getProperty("java.io.tmpdir"));
private static final boolean isPosix =
FileSystems.getDefault().supportedFileAttributeViews().contains("posix");
--- a/jdk/src/java.base/share/classes/java/util/Locale.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/util/Locale.java Thu Apr 21 10:30:43 2016 -0700
@@ -45,7 +45,6 @@
import java.io.ObjectOutputStream;
import java.io.ObjectStreamField;
import java.io.Serializable;
-import java.security.AccessController;
import java.text.MessageFormat;
import java.util.spi.LocaleNameProvider;
@@ -859,11 +858,10 @@
private static Locale initDefault() {
String language, region, script, country, variant;
- language = AccessController.doPrivileged(
- new GetPropertyAction("user.language", "en"));
+ Properties props = GetPropertyAction.getProperties();
+ language = props.getProperty("user.language", "en");
// for compatibility, check for old user.region property
- region = AccessController.doPrivileged(
- new GetPropertyAction("user.region"));
+ region = props.getProperty("user.region");
if (region != null) {
// region can be of form country, country_variant, or _variant
int i = region.indexOf('_');
@@ -876,27 +874,25 @@
}
script = "";
} else {
- script = AccessController.doPrivileged(
- new GetPropertyAction("user.script", ""));
- country = AccessController.doPrivileged(
- new GetPropertyAction("user.country", ""));
- variant = AccessController.doPrivileged(
- new GetPropertyAction("user.variant", ""));
+ script = props.getProperty("user.script", "");
+ country = props.getProperty("user.country", "");
+ variant = props.getProperty("user.variant", "");
}
return getInstance(language, script, country, variant, null);
}
private static Locale initDefault(Locale.Category category) {
+ Properties props = GetPropertyAction.getProperties();
return getInstance(
- AccessController.doPrivileged(
- new GetPropertyAction(category.languageKey, defaultLocale.getLanguage())),
- AccessController.doPrivileged(
- new GetPropertyAction(category.scriptKey, defaultLocale.getScript())),
- AccessController.doPrivileged(
- new GetPropertyAction(category.countryKey, defaultLocale.getCountry())),
- AccessController.doPrivileged(
- new GetPropertyAction(category.variantKey, defaultLocale.getVariant())),
+ props.getProperty(category.languageKey,
+ defaultLocale.getLanguage()),
+ props.getProperty(category.scriptKey,
+ defaultLocale.getScript()),
+ props.getProperty(category.countryKey,
+ defaultLocale.getCountry()),
+ props.getProperty(category.variantKey,
+ defaultLocale.getVariant()),
null);
}
--- a/jdk/src/java.base/share/classes/java/util/PropertyResourceBundle.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/util/PropertyResourceBundle.java Thu Apr 21 10:30:43 2016 -0700
@@ -43,7 +43,6 @@
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.IOException;
-import java.nio.charset.Charset;
import java.nio.charset.MalformedInputException;
import java.nio.charset.StandardCharsets;
import java.nio.charset.UnmappableCharacterException;
@@ -142,8 +141,8 @@
// Check whether the strict encoding is specified.
// The possible encoding is either "ISO-8859-1" or "UTF-8".
private static final String encoding =
- AccessController.doPrivileged(
- new GetPropertyAction("java.util.PropertyResourceBundle.encoding", ""))
+ GetPropertyAction
+ .getProperty("java.util.PropertyResourceBundle.encoding", "")
.toUpperCase(Locale.ROOT);
/**
--- a/jdk/src/java.base/share/classes/java/util/TimeZone.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/util/TimeZone.java Thu Apr 21 10:30:43 2016 -0700
@@ -660,14 +660,12 @@
private static synchronized TimeZone setDefaultZone() {
TimeZone tz;
// get the time zone ID from the system properties
- String zoneID = AccessController.doPrivileged(
- new GetPropertyAction("user.timezone"));
+ String zoneID = GetPropertyAction.getProperty("user.timezone");
// if the time zone ID is not set (yet), perform the
// platform to Java time zone ID mapping.
if (zoneID == null || zoneID.isEmpty()) {
- String javaHome = AccessController.doPrivileged(
- new GetPropertyAction("java.home"));
+ String javaHome = GetPropertyAction.getProperty("java.home");
try {
zoneID = getSystemTimeZoneID(javaHome);
if (zoneID == null) {
--- a/jdk/src/java.base/share/classes/java/util/jar/JarFile.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/util/jar/JarFile.java Thu Apr 21 10:30:43 2016 -0700
@@ -34,7 +34,6 @@
import java.util.zip.*;
import java.security.CodeSigner;
import java.security.cert.Certificate;
-import java.security.AccessController;
import java.security.CodeSource;
import jdk.internal.misc.SharedSecrets;
import sun.security.action.GetPropertyAction;
@@ -155,16 +154,16 @@
BASE_VERSION = 8; // one less than lowest version for versioned entries
int runtimeVersion = jdk.Version.current().major();
- String jarVersion = AccessController.doPrivileged(
- new GetPropertyAction("jdk.util.jar.version"));
+ String jarVersion =
+ GetPropertyAction.getProperty("jdk.util.jar.version");
if (jarVersion != null) {
int jarVer = Integer.parseInt(jarVersion);
runtimeVersion = (jarVer > runtimeVersion)
? runtimeVersion : Math.max(jarVer, 0);
}
RUNTIME_VERSION = runtimeVersion;
- String enableMultiRelease = AccessController.doPrivileged(
- new GetPropertyAction("jdk.util.jar.enableMultiRelease", "true"));
+ String enableMultiRelease = GetPropertyAction
+ .getProperty("jdk.util.jar.enableMultiRelease", "true");
switch (enableMultiRelease) {
case "true":
default:
--- a/jdk/src/java.base/share/classes/java/util/jar/Pack200.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/util/jar/Pack200.java Thu Apr 21 10:30:43 2016 -0700
@@ -29,6 +29,7 @@
import java.io.OutputStream;
import java.io.File;
import java.io.IOException;
+import sun.security.action.GetPropertyAction;
/**
@@ -694,8 +695,7 @@
Class<?> impl = (PACK_PROVIDER.equals(prop))? packerImpl: unpackerImpl;
if (impl == null) {
// The first time, we must decide which class to use.
- implName = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction(prop,""));
+ implName = GetPropertyAction.getProperty(prop,"");
if (implName != null && !implName.equals(""))
impl = Class.forName(implName);
else if (PACK_PROVIDER.equals(prop))
--- a/jdk/src/java.base/share/classes/java/util/regex/PatternSyntaxException.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/util/regex/PatternSyntaxException.java Thu Apr 21 10:30:43 2016 -0700
@@ -94,8 +94,7 @@
}
private static final String nl =
- java.security.AccessController
- .doPrivileged(new GetPropertyAction("line.separator"));
+ GetPropertyAction.getProperty("line.separator");
/**
* Returns a multi-line string containing the description of the syntax
--- a/jdk/src/java.base/share/classes/java/util/zip/ZipOutputStream.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/java/util/zip/ZipOutputStream.java Thu Apr 21 10:30:43 2016 -0700
@@ -33,6 +33,7 @@
import java.util.HashSet;
import static java.util.zip.ZipConstants64.*;
import static java.util.zip.ZipUtils.*;
+import sun.security.action.GetPropertyAction;
/**
* This class implements an output stream filter for writing files in the
@@ -54,9 +55,7 @@
*/
private static final boolean inhibitZip64 =
Boolean.parseBoolean(
- java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction(
- "jdk.util.zip.inhibitZip64", "false")));
+ GetPropertyAction.getProperty("jdk.util.zip.inhibitZip64"));
private static class XEntry {
final ZipEntry entry;
--- a/jdk/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java Thu Apr 21 10:30:43 2016 -0700
@@ -51,9 +51,9 @@
static final boolean DEBUG;
static {
- String s = java.security.AccessController.doPrivileged(
- new GetPropertyAction("javax.net.debug", "")).toLowerCase(
- Locale.ENGLISH);
+ String s = GetPropertyAction.getProperty("javax.net.debug", "")
+ .toLowerCase(Locale.ENGLISH);
+
DEBUG = s.contains("all") || s.contains("ssl");
}
--- a/jdk/src/java.base/share/classes/jdk/Version.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/jdk/Version.java Thu Apr 21 10:30:43 2016 -0700
@@ -26,8 +26,6 @@
package jdk;
import java.math.BigInteger;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -35,6 +33,7 @@
import java.util.Collections;
import java.util.List;
import java.util.Optional;
+import sun.security.action.GetPropertyAction;
/**
* A representation of the JDK version-string which contains a version
@@ -274,12 +273,7 @@
*/
public static Version current() {
if (current == null) {
- current = parse(AccessController.doPrivileged(
- new PrivilegedAction<>() {
- public String run() {
- return System.getProperty("java.version");
- }
- }));
+ current = parse(GetPropertyAction.getProperty("java.version"));
}
return current;
}
--- a/jdk/src/java.base/share/classes/jdk/internal/loader/URLClassPath.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/jdk/internal/loader/URLClassPath.java Thu Apr 21 10:30:43 2016 -0700
@@ -52,6 +52,7 @@
import java.util.LinkedList;
import java.util.List;
import java.util.NoSuchElementException;
+import java.util.Properties;
import java.util.Set;
import java.util.Stack;
import java.util.StringTokenizer;
@@ -69,6 +70,7 @@
import jdk.internal.util.jar.JarIndex;
import sun.net.util.URLUtil;
import sun.net.www.ParseUtil;
+import sun.security.action.GetPropertyAction;
/**
* This class is used to maintain a search path of URLs for loading classes
@@ -78,20 +80,15 @@
*/
public class URLClassPath {
private static final String USER_AGENT_JAVA_VERSION = "UA-Java-Version";
- private static final String JAVA_HOME;
private static final String JAVA_VERSION;
private static final boolean DEBUG;
private static final boolean DISABLE_JAR_CHECKING;
static {
- JAVA_HOME = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("java.home"));
- JAVA_VERSION = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("java.version"));
- DEBUG = (java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("sun.misc.URLClassPath.debug")) != null);
- String p = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("sun.misc.URLClassPath.disableJarChecking"));
+ Properties props = GetPropertyAction.getProperties();
+ JAVA_VERSION = props.getProperty("java.version");
+ DEBUG = (props.getProperty("sun.misc.URLClassPath.debug") != null);
+ String p = props.getProperty("sun.misc.URLClassPath.disableJarChecking");
DISABLE_JAR_CHECKING = p != null ? p.equals("true") || p.equals("") : false;
}
--- a/jdk/src/java.base/share/classes/jdk/internal/logger/LoggerFinderLoader.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/jdk/internal/logger/LoggerFinderLoader.java Thu Apr 21 10:30:43 2016 -0700
@@ -33,6 +33,7 @@
import java.util.ServiceConfigurationError;
import java.util.ServiceLoader;
import sun.security.util.SecurityConstants;
+import sun.security.action.GetPropertyAction;
/**
* Helper class used to load the {@link java.lang.System.LoggerFinder}.
@@ -79,9 +80,8 @@
// Get configuration error policy
private static ErrorPolicy configurationErrorPolicy() {
- final PrivilegedAction<String> getConfigurationErrorPolicy =
- () -> System.getProperty("jdk.logger.finder.error");
- String errorPolicy = AccessController.doPrivileged(getConfigurationErrorPolicy);
+ String errorPolicy =
+ GetPropertyAction.getProperty("jdk.logger.finder.error");
if (errorPolicy == null || errorPolicy.isEmpty()) {
return ErrorPolicy.WARNING;
}
@@ -95,9 +95,8 @@
// Whether multiple provider should be considered as an error.
// This is further submitted to the configuration error policy.
private static boolean ensureSingletonProvider() {
- final PrivilegedAction<Boolean> ensureSingletonProvider =
- () -> Boolean.getBoolean("jdk.logger.finder.singleton");
- return AccessController.doPrivileged(ensureSingletonProvider);
+ return Boolean.parseBoolean(
+ GetPropertyAction.getProperty("jdk.logger.finder.singleton"));
}
private static Iterator<System.LoggerFinder> findLoggerFinderProviders() {
--- a/jdk/src/java.base/share/classes/jdk/internal/logger/SimpleConsoleLogger.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/jdk/internal/logger/SimpleConsoleLogger.java Thu Apr 21 10:30:43 2016 -0700
@@ -55,8 +55,8 @@
PlatformLogger.toPlatformLevel(DEFAULT_LEVEL);
static Level getDefaultLevel() {
- String levelName = AccessController.doPrivileged(
- new GetPropertyAction("jdk.system.logger.level", "INFO"));
+ String levelName = GetPropertyAction
+ .getProperty("jdk.system.logger.level", "INFO");
try {
return Level.valueOf(levelName);
} catch (IllegalArgumentException iae) {
@@ -425,8 +425,8 @@
// Make it easier to wrap Logger...
static private final String[] skips;
static {
- String additionalPkgs = AccessController.doPrivileged(
- new GetPropertyAction("jdk.logger.packages"));
+ String additionalPkgs =
+ GetPropertyAction.getProperty("jdk.logger.packages");
skips = additionalPkgs == null ? new String[0] : additionalPkgs.split(",");
}
@@ -485,7 +485,7 @@
// jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java
// to fail - because that test has a testcase which somehow references
// PlatformLogger and counts the number of generated lambda classes.
- String format = AccessController.doPrivileged(new GetPropertyAction(key));
+ String format = GetPropertyAction.getProperty(key);
if (format == null && defaultPropertyGetter != null) {
format = defaultPropertyGetter.apply(key);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/jdk/internal/misc/JavaObjectInputStreamAccess.java Thu Apr 21 10:30:43 2016 -0700
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.internal.misc;
+
+import java.io.ObjectInputStream;
+
+/**
+ * The interface to specify methods for accessing {@code ObjectInputStream}
+ * @author sjiang
+ */
+public interface JavaObjectInputStreamAccess {
+ /**
+ * Sets a descriptor validating.
+ * @param ois stream to have the descriptors validated
+ * @param validator validator used to validate a descriptor.
+ */
+ public void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator);
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/jdk/internal/misc/ObjectStreamClassValidator.java Thu Apr 21 10:30:43 2016 -0700
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package jdk.internal.misc;
+
+import java.io.ObjectStreamClass;
+
+/**
+ * A callback used by {@code ObjectInputStream} to do descriptor validation.
+ *
+ * @author sjiang
+ */
+public interface ObjectStreamClassValidator {
+ /**
+ * This method will be called by ObjectInputStream to
+ * check a descriptor just before creating an object described by this descriptor.
+ * The object will not be created if this method throws a {@code RuntimeException}.
+ * @param descriptor descriptor to be checked.
+ */
+ public void validateDescriptor(ObjectStreamClass descriptor);
+}
--- a/jdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,9 +29,9 @@
import java.util.jar.JarFile;
import java.io.Console;
import java.io.FileDescriptor;
+import java.io.ObjectInputStream;
import java.security.ProtectionDomain;
import java.security.AccessController;
-import jdk.internal.misc.Unsafe;
/** A repository of "shared secrets", which are a mechanism for
calling implementation-private methods in another package without
@@ -63,6 +63,7 @@
private static JavaAWTAccess javaAWTAccess;
private static JavaAWTFontAccess javaAWTFontAccess;
private static JavaBeansAccess javaBeansAccess;
+ private static JavaObjectInputStreamAccess javaObjectInputStreamAccess;
public static JavaUtilJarAccess javaUtilJarAccess() {
if (javaUtilJarAccess == null) {
@@ -262,4 +263,15 @@
public static void setJavaUtilResourceBundleAccess(JavaUtilResourceBundleAccess access) {
javaUtilResourceBundleAccess = access;
}
+
+ public static JavaObjectInputStreamAccess getJavaObjectInputStreamAccess() {
+ if (javaObjectInputStreamAccess == null) {
+ unsafe.ensureClassInitialized(ObjectInputStream.class);
+ }
+ return javaObjectInputStreamAccess;
+ }
+
+ public static void setJavaObjectInputStreamAccess(JavaObjectInputStreamAccess access) {
+ javaObjectInputStreamAccess = access;
+ }
}
--- a/jdk/src/java.base/share/classes/jdk/internal/reflect/Reflection.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/jdk/internal/reflect/Reflection.java Thu Apr 21 10:30:43 2016 -0700
@@ -27,13 +27,12 @@
import java.lang.reflect.*;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import jdk.internal.HotSpotIntrinsicCandidate;
import jdk.internal.misc.VM;
+import sun.security.action.GetPropertyAction;
/** Common utility routines used by both java.lang and
java.lang.reflect */
@@ -344,15 +343,10 @@
private static void printStackTraceIfNeeded(Throwable e) {
if (!printStackWhenAccessFailsSet && VM.initLevel() >= 1) {
- // can't use method reference here, might be too early in startup
- PrivilegedAction<Boolean> pa = new PrivilegedAction<Boolean>() {
- public Boolean run() {
- String s;
- s = System.getProperty("sun.reflect.debugModuleAccessChecks");
- return (s != null && !s.equalsIgnoreCase("false"));
- }
- };
- printStackWhenAccessFails = AccessController.doPrivileged(pa);
+ String s = GetPropertyAction
+ .getProperty("sun.reflect.debugModuleAccessChecks");
+ printStackWhenAccessFails =
+ (s != null && !s.equalsIgnoreCase("false"));
printStackWhenAccessFailsSet = true;
}
if (printStackWhenAccessFails) {
--- a/jdk/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java Thu Apr 21 10:30:43 2016 -0700
@@ -30,10 +30,11 @@
import java.lang.reflect.Method;
import java.lang.reflect.Constructor;
import java.lang.reflect.Modifier;
-import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
+import java.util.Properties;
import sun.reflect.misc.ReflectUtil;
+import sun.security.action.GetPropertyAction;
/** <P> The master factory for all reflective objects, both those in
java.lang.reflect (Fields, Methods, Constructors) as well as their
@@ -382,41 +383,37 @@
run, before the system properties are set up. */
private static void checkInitted() {
if (initted) return;
- AccessController.doPrivileged(
- new PrivilegedAction<>() {
- public Void run() {
- // Tests to ensure the system properties table is fully
- // initialized. This is needed because reflection code is
- // called very early in the initialization process (before
- // command-line arguments have been parsed and therefore
- // these user-settable properties installed.) We assume that
- // if System.out is non-null then the System class has been
- // fully initialized and that the bulk of the startup code
- // has been run.
- if (System.out == null) {
- // java.lang.System not yet fully initialized
- return null;
- }
+ // Tests to ensure the system properties table is fully
+ // initialized. This is needed because reflection code is
+ // called very early in the initialization process (before
+ // command-line arguments have been parsed and therefore
+ // these user-settable properties installed.) We assume that
+ // if System.out is non-null then the System class has been
+ // fully initialized and that the bulk of the startup code
+ // has been run.
+
+ if (System.out == null) {
+ // java.lang.System not yet fully initialized
+ return;
+ }
- String val = System.getProperty("sun.reflect.noInflation");
- if (val != null && val.equals("true")) {
- noInflation = true;
- }
+ Properties props = GetPropertyAction.getProperties();
+ String val = props.getProperty("sun.reflect.noInflation");
+ if (val != null && val.equals("true")) {
+ noInflation = true;
+ }
- val = System.getProperty("sun.reflect.inflationThreshold");
- if (val != null) {
- try {
- inflationThreshold = Integer.parseInt(val);
- } catch (NumberFormatException e) {
- throw new RuntimeException("Unable to parse property sun.reflect.inflationThreshold", e);
- }
- }
+ val = props.getProperty("sun.reflect.inflationThreshold");
+ if (val != null) {
+ try {
+ inflationThreshold = Integer.parseInt(val);
+ } catch (NumberFormatException e) {
+ throw new RuntimeException("Unable to parse property sun.reflect.inflationThreshold", e);
+ }
+ }
- initted = true;
- return null;
- }
- });
+ initted = true;
}
private static LangReflectAccess langReflectAccess() {
--- a/jdk/src/java.base/share/classes/module-info.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/module-info.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -300,9 +300,5 @@
provides java.nio.file.spi.FileSystemProvider with
jdk.internal.jrtfs.JrtFileSystemProvider;
- provides java.security.Provider with sun.security.provider.Sun;
- provides java.security.Provider with sun.security.rsa.SunRsaSign;
- provides java.security.Provider with com.sun.crypto.provider.SunJCE;
- provides java.security.Provider with com.sun.net.ssl.internal.ssl.Provider;
}
--- a/jdk/src/java.base/share/classes/sun/invoke/util/VerifyAccess.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/invoke/util/VerifyAccess.java Thu Apr 21 10:30:43 2016 -0700
@@ -231,22 +231,66 @@
* @param refc the class attempting to make the reference
*/
public static boolean isTypeVisible(Class<?> type, Class<?> refc) {
- if (type == refc) return true; // easy check
+ if (type == refc) {
+ return true; // easy check
+ }
while (type.isArray()) type = type.getComponentType();
- if (type.isPrimitive() || type == Object.class) return true;
- ClassLoader parent = type.getClassLoader();
- if (parent == null) return true;
- ClassLoader child = refc.getClassLoader();
- if (child == null) return false;
- if (parent == child || loadersAreRelated(parent, child, true))
+ if (type.isPrimitive() || type == Object.class) {
return true;
- // Do it the hard way: Look up the type name from the refc loader.
- try {
- Class<?> res = child.loadClass(type.getName());
- return (type == res);
- } catch (ClassNotFoundException ex) {
+ }
+ ClassLoader typeLoader = type.getClassLoader();
+ ClassLoader refcLoader = refc.getClassLoader();
+ if (typeLoader == refcLoader) {
+ return true;
+ }
+ if (refcLoader == null && typeLoader != null) {
return false;
}
+ if (typeLoader == null && type.getName().startsWith("java.")) {
+ // Note: The API for actually loading classes, ClassLoader.defineClass,
+ // guarantees that classes with names beginning "java." cannot be aliased,
+ // because class loaders cannot load them directly.
+ return true;
+ }
+
+ // Do it the hard way: Look up the type name from the refc loader.
+ //
+ // Force the refc loader to report and commit to a particular binding for this type name (type.getName()).
+ //
+ // In principle, this query might force the loader to load some unrelated class,
+ // which would cause this query to fail (and the original caller to give up).
+ // This would be wasted effort, but it is expected to be very rare, occurring
+ // only when an attacker is attempting to create a type alias.
+ // In the normal case, one class loader will simply delegate to the other,
+ // and the same type will be visible through both, with no extra loading.
+ //
+ // It is important to go through Class.forName instead of ClassLoader.loadClass
+ // because Class.forName goes through the JVM system dictionary, which records
+ // the class lookup once for all. This means that even if a not-well-behaved class loader
+ // would "change its mind" about the meaning of the name, the Class.forName request
+ // will use the result cached in the JVM system dictionary. Note that the JVM system dictionary
+ // will record the first successful result. Unsuccessful results are not stored.
+ //
+ // We use doPrivileged in order to allow an unprivileged caller to ask an arbitrary
+ // class loader about the binding of the proposed name (type.getName()).
+ // The looked up type ("res") is compared for equality against the proposed
+ // type ("type") and then is discarded. Thus, the worst that can happen to
+ // the "child" class loader is that it is bothered to load and report a class
+ // that differs from "type"; this happens once due to JVM system dictionary
+ // memoization. And the caller never gets to look at the alternate type binding
+ // ("res"), whether it exists or not.
+ final String name = type.getName();
+ Class<?> res = java.security.AccessController.doPrivileged(
+ new java.security.PrivilegedAction<>() {
+ public Class<?> run() {
+ try {
+ return Class.forName(name, false, refcLoader);
+ } catch (ClassNotFoundException | LinkageError e) {
+ return null; // Assume the class is not found
+ }
+ }
+ });
+ return (type == res);
}
/**
--- a/jdk/src/java.base/share/classes/sun/net/ResourceManager.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/net/ResourceManager.java Thu Apr 21 10:30:43 2016 -0700
@@ -53,9 +53,8 @@
private static final AtomicInteger numSockets;
static {
- String prop = java.security.AccessController.doPrivileged(
- new GetPropertyAction("sun.net.maxDatagramSockets")
- );
+ String prop =
+ GetPropertyAction.getProperty("sun.net.maxDatagramSockets");
int defmax = DEFAULT_MAX_SOCKETS;
try {
if (prop != null) {
--- a/jdk/src/java.base/share/classes/sun/net/sdp/SdpSupport.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/net/sdp/SdpSupport.java Thu Apr 21 10:30:43 2016 -0700
@@ -31,6 +31,7 @@
import jdk.internal.misc.SharedSecrets;
import jdk.internal.misc.JavaIOFileDescriptorAccess;
+import sun.security.action.GetPropertyAction;
/**
@@ -39,8 +40,7 @@
*/
public final class SdpSupport {
- private static final String os = AccessController
- .doPrivileged(new sun.security.action.GetPropertyAction("os.name"));
+ private static final String os = GetPropertyAction.getProperty("os.name");
private static final boolean isSupported = (os.equals("SunOS") || (os.equals("Linux")));
private static final JavaIOFileDescriptorAccess fdAccess =
SharedSecrets.getJavaIOFileDescriptorAccess();
--- a/jdk/src/java.base/share/classes/sun/net/smtp/SmtpClient.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/net/smtp/SmtpClient.java Thu Apr 21 10:30:43 2016 -0700
@@ -25,10 +25,10 @@
package sun.net.smtp;
-import java.util.StringTokenizer;
import java.io.*;
import java.net.*;
import sun.net.TransferProtocolClient;
+import sun.security.action.GetPropertyAction;
/**
* This class implements the SMTP client.
@@ -157,8 +157,7 @@
}
try {
String s;
- mailhost = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("mail.host"));
+ mailhost = GetPropertyAction.getProperty("mail.host");
if (mailhost != null) {
openServer(mailhost);
return;
@@ -184,8 +183,7 @@
setConnectTimeout(to);
try {
String s;
- mailhost = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("mail.host"));
+ mailhost = GetPropertyAction.getProperty("mail.host");
if (mailhost != null) {
openServer(mailhost);
return;
--- a/jdk/src/java.base/share/classes/sun/net/www/MimeLauncher.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/net/www/MimeLauncher.java Thu Apr 21 10:30:43 2016 -0700
@@ -27,6 +27,7 @@
import java.net.URL;
import java.io.*;
import java.util.StringTokenizer;
+import sun.security.action.GetPropertyAction;
class MimeLauncher extends Thread {
java.net.URLConnection uc;
@@ -182,8 +183,7 @@
}
String execPathList;
- execPathList = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("exec.path"));
+ execPathList = GetPropertyAction.getProperty("exec.path");
if (execPathList == null) {
// exec.path property not set
return false;
--- a/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java Thu Apr 21 10:30:43 2016 -0700
@@ -28,6 +28,7 @@
import java.io.*;
import java.net.*;
import java.util.Locale;
+import java.util.Properties;
import sun.net.NetworkClient;
import sun.net.ProgressSource;
import sun.net.www.MessageHeader;
@@ -37,6 +38,7 @@
import sun.net.www.protocol.http.HttpURLConnection;
import sun.util.logging.PlatformLogger;
import static sun.net.www.protocol.http.HttpURLConnection.TunnelState.*;
+import sun.security.action.GetPropertyAction;
/**
* @author Herb Jellinek
@@ -143,20 +145,18 @@
}
static {
- String keepAlive = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("http.keepAlive"));
-
- String retryPost = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("sun.net.http.retryPost"));
+ Properties props = GetPropertyAction.getProperties();
+ String keepAlive = props.getProperty("http.keepAlive");
+ String retryPost = props.getProperty("sun.net.http.retryPost");
if (keepAlive != null) {
- keepAliveProp = Boolean.valueOf(keepAlive).booleanValue();
+ keepAliveProp = Boolean.parseBoolean(keepAlive);
} else {
keepAliveProp = true;
}
if (retryPost != null) {
- retryPostProp = Boolean.valueOf(retryPost).booleanValue();
+ retryPostProp = Boolean.parseBoolean(retryPost);
} else
retryPostProp = true;
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/ftp/FtpURLConnection.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/ftp/FtpURLConnection.java Thu Apr 21 10:30:43 2016 -0700
@@ -46,6 +46,7 @@
import java.util.StringTokenizer;
import java.util.Iterator;
import java.security.Permission;
+import java.util.Properties;
import sun.net.NetworkClient;
import sun.net.www.MessageHeader;
import sun.net.www.MeteredStream;
@@ -277,11 +278,10 @@
if (user == null) {
user = "anonymous";
- String vers = java.security.AccessController.doPrivileged(
- new GetPropertyAction("java.version"));
- password = java.security.AccessController.doPrivileged(
- new GetPropertyAction("ftp.protocol.user",
- "Java" + vers + "@"));
+ Properties props = GetPropertyAction.getProperties();
+ String vers = props.getProperty("java.version");
+ password = props.getProperty("ftp.protocol.user",
+ "Java" + vers + "@");
}
try {
ftp = FtpClient.create();
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java Thu Apr 21 10:30:43 2016 -0700
@@ -25,9 +25,10 @@
package sun.net.www.protocol.http;
-import sun.net.www.*;
import java.util.Iterator;
import java.util.HashMap;
+import sun.net.www.*;
+import sun.security.action.GetPropertyAction;
/**
* This class is used to parse the information in WWW-Authenticate: and Proxy-Authenticate:
@@ -93,8 +94,7 @@
}
static {
- authPref = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("http.auth.preference"));
+ authPref = GetPropertyAction.getProperty("http.auth.preference");
// http.auth.preference can be set to SPNEGO or Kerberos.
// In fact they means "Negotiate with SPNEGO" and "Negotiate with
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Thu Apr 21 10:30:43 2016 -0700
@@ -52,7 +52,6 @@
import java.security.PrivilegedExceptionAction;
import java.security.PrivilegedActionException;
import java.io.*;
-import java.net.*;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
@@ -78,12 +77,15 @@
import java.util.TimeZone;
import java.net.MalformedURLException;
import java.nio.ByteBuffer;
+import java.util.Properties;
import static sun.net.www.protocol.http.AuthScheme.BASIC;
import static sun.net.www.protocol.http.AuthScheme.DIGEST;
import static sun.net.www.protocol.http.AuthScheme.NTLM;
import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
import static sun.net.www.protocol.http.AuthScheme.UNKNOWN;
+import sun.security.action.GetIntegerAction;
+import sun.security.action.GetPropertyAction;
/**
* A class to represent an HTTP connection to a remote object.
@@ -205,46 +207,38 @@
};
static {
- maxRedirects = java.security.AccessController.doPrivileged(
- new sun.security.action.GetIntegerAction(
- "http.maxRedirects", defaultmaxRedirects)).intValue();
- version = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("java.version"));
- String agent = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("http.agent"));
+ Properties props = GetPropertyAction.getProperties();
+ maxRedirects = GetIntegerAction.getProperty("http.maxRedirects",
+ defaultmaxRedirects);
+ version = props.getProperty("java.version");
+ String agent = props.getProperty("http.agent");
if (agent == null) {
agent = "Java/"+version;
} else {
agent = agent + " Java/"+version;
}
userAgent = agent;
- validateProxy = java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction(
- "http.auth.digest.validateProxy")).booleanValue();
- validateServer = java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction(
- "http.auth.digest.validateServer")).booleanValue();
-
- enableESBuffer = java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction(
- "sun.net.http.errorstream.enableBuffering")).booleanValue();
- timeout4ESBuffer = java.security.AccessController.doPrivileged(
- new sun.security.action.GetIntegerAction(
- "sun.net.http.errorstream.timeout", 300)).intValue();
+ validateProxy = Boolean.parseBoolean(
+ props.getProperty("http.auth.digest.validateProxy"));
+ validateServer = Boolean.parseBoolean(
+ props.getProperty("http.auth.digest.validateServer"));
+
+ enableESBuffer = Boolean.parseBoolean(
+ props.getProperty("sun.net.http.errorstream.enableBuffering"));
+ timeout4ESBuffer = GetIntegerAction
+ .getProperty("sun.net.http.errorstream.timeout", 300);
if (timeout4ESBuffer <= 0) {
timeout4ESBuffer = 300; // use the default
}
- bufSize4ES = java.security.AccessController.doPrivileged(
- new sun.security.action.GetIntegerAction(
- "sun.net.http.errorstream.bufferSize", 4096)).intValue();
+ bufSize4ES = GetIntegerAction
+ .getProperty("sun.net.http.errorstream.bufferSize", 4096);
if (bufSize4ES <= 0) {
bufSize4ES = 4096; // use the default
}
- allowRestrictedHeaders = java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction(
- "sun.net.http.allowRestrictedHeaders")).booleanValue();
+ allowRestrictedHeaders = Boolean.parseBoolean(
+ props.getProperty("sun.net.http.allowRestrictedHeaders"));
if (!allowRestrictedHeaders) {
restrictedHeaderSet = new HashSet<>(restrictedHeaders.length);
for (int i=0; i < restrictedHeaders.length; i++) {
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java Thu Apr 21 10:30:43 2016 -0700
@@ -41,7 +41,6 @@
import java.security.cert.*;
import java.util.StringTokenizer;
import java.util.Vector;
-import java.security.AccessController;
import javax.security.auth.x500.X500Principal;
@@ -139,8 +138,8 @@
// If ciphers are assigned, sort them into an array.
//
String ciphers [];
- String cipherString = AccessController.doPrivileged(
- new GetPropertyAction("https.cipherSuites"));
+ String cipherString =
+ GetPropertyAction.getProperty("https.cipherSuites");
if (cipherString == null || "".equals(cipherString)) {
ciphers = null;
@@ -163,8 +162,8 @@
// If protocols are assigned, sort them into an array.
//
String protocols [];
- String protocolString = AccessController.doPrivileged(
- new GetPropertyAction("https.protocols"));
+ String protocolString =
+ GetPropertyAction.getProperty("https.protocols");
if (protocolString == null || "".equals(protocolString)) {
protocols = null;
@@ -184,8 +183,7 @@
}
private String getUserAgent() {
- String userAgent = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("https.agent"));
+ String userAgent = GetPropertyAction.getProperty("https.agent");
if (userAgent == null || userAgent.length() == 0) {
userAgent = "JSSE";
}
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/jrt/JavaRuntimeURLConnection.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/jrt/JavaRuntimeURLConnection.java Thu Apr 21 10:30:43 2016 -0700
@@ -32,10 +32,7 @@
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
-import java.security.AccessController;
import java.security.Permission;
-import java.security.PrivilegedAction;
-import java.util.List;
import jdk.internal.jimage.ImageLocation;
import jdk.internal.jimage.ImageReader;
@@ -45,6 +42,7 @@
import jdk.internal.loader.Resource;
import sun.net.www.ParseUtil;
import sun.net.www.URLConnection;
+import sun.security.action.GetPropertyAction;
/**
* URLConnection implementation that can be used to connect to resources
@@ -163,11 +161,7 @@
public Permission getPermission() throws IOException {
Permission p = permission;
if (p == null) {
- // using lambda expression here leads to recursive initialization
- PrivilegedAction<String> pa = new PrivilegedAction<String>() {
- public String run() { return System.getProperty("java.home"); }
- };
- String home = AccessController.doPrivileged(pa);
+ String home = GetPropertyAction.getProperty("java.home");
p = new FilePermission(home + File.separator + "-", "read");
permission = p;
}
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/netdoc/Handler.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/netdoc/Handler.java Thu Apr 21 10:30:43 2016 -0700
@@ -40,6 +40,7 @@
import java.net.URLStreamHandler;
import java.io.InputStream;
import java.io.IOException;
+import sun.security.action.GetPropertyAction;
public class Handler extends URLStreamHandler {
static URL base;
@@ -54,12 +55,10 @@
URLConnection uc = null;
URL ru;
- Boolean tmp = java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction("newdoc.localonly"));
- boolean localonly = tmp.booleanValue();
+ boolean localonly = Boolean.parseBoolean(
+ GetPropertyAction.getProperty("newdoc.localonly"));
- String docurl = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("doc.url"));
+ String docurl = GetPropertyAction.getProperty("doc.url");
String file = u.getFile();
if (!localonly) {
--- a/jdk/src/java.base/share/classes/sun/nio/ch/FileChannelImpl.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/FileChannelImpl.java Thu Apr 21 10:30:43 2016 -0700
@@ -1019,9 +1019,8 @@
if (!propertyChecked) {
synchronized (FileChannelImpl.class) {
if (!propertyChecked) {
- String value = AccessController.doPrivileged(
- new GetPropertyAction(
- "sun.nio.ch.disableSystemWideOverlappingFileLockCheck"));
+ String value = GetPropertyAction.getProperty(
+ "sun.nio.ch.disableSystemWideOverlappingFileLockCheck");
isSharedFileLockTable = ((value == null) || value.equals("false"));
propertyChecked = true;
}
--- a/jdk/src/java.base/share/classes/sun/nio/ch/Net.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/Net.java Thu Apr 21 10:30:43 2016 -0700
@@ -33,6 +33,7 @@
import java.security.AccessController;
import java.security.PrivilegedAction;
import sun.net.ExtendedOptionsImpl;
+import sun.security.action.GetPropertyAction;
public class Net {
@@ -382,13 +383,8 @@
}
public static boolean isFastTcpLoopbackRequested() {
- String loopbackProp = java.security.AccessController.doPrivileged(
- new PrivilegedAction<String>() {
- @Override
- public String run() {
- return System.getProperty("jdk.net.useFastTcpLoopback");
- }
- });
+ String loopbackProp =
+ GetPropertyAction.getProperty("jdk.net.useFastTcpLoopback");
boolean enable;
if ("".equals(loopbackProp)) {
enable = true;
@@ -647,16 +643,9 @@
int availLevel = isExclusiveBindAvailable();
if (availLevel >= 0) {
String exclBindProp =
- java.security.AccessController.doPrivileged(
- new PrivilegedAction<String>() {
- @Override
- public String run() {
- return System.getProperty(
- "sun.net.useExclusiveBind");
- }
- });
+ GetPropertyAction.getProperty("sun.net.useExclusiveBind");
if (exclBindProp != null) {
- exclusiveBind = exclBindProp.length() == 0 ?
+ exclusiveBind = exclBindProp.isEmpty() ?
true : Boolean.parseBoolean(exclBindProp);
} else if (availLevel == 1) {
exclusiveBind = true;
--- a/jdk/src/java.base/share/classes/sun/nio/ch/Util.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/Util.java Thu Apr 21 10:30:43 2016 -0700
@@ -64,13 +64,7 @@
* for potential future-proofing.
*/
private static long getMaxCachedBufferSize() {
- String s = java.security.AccessController.doPrivileged(
- new PrivilegedAction<String>() {
- @Override
- public String run() {
- return System.getProperty("jdk.nio.maxCachedBufferSize");
- }
- });
+ String s = GetPropertyAction.getProperty("jdk.nio.maxCachedBufferSize");
if (s != null) {
try {
long m = Long.parseLong(s);
@@ -471,8 +465,7 @@
if (bugLevel == null) {
if (!jdk.internal.misc.VM.isBooted())
return false;
- String value = AccessController.doPrivileged(
- new GetPropertyAction("sun.nio.ch.bugLevel"));
+ String value = GetPropertyAction.getProperty("sun.nio.ch.bugLevel");
bugLevel = (value != null) ? value : "";
}
return bugLevel.equals(bl);
--- a/jdk/src/java.base/share/classes/sun/nio/cs/StandardCharsets.java.template Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/nio/cs/StandardCharsets.java.template Thu Apr 21 10:30:43 2016 -0700
@@ -34,8 +34,7 @@
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
+import sun.security.action.GetPropertyAction;
public class StandardCharsets extends CharsetProvider {
@@ -201,15 +200,7 @@
}
private static String getProperty(String key) {
- // this method may be called during initialization of
- // system class loader and thus not using lambda
- return AccessController.doPrivileged(
- new PrivilegedAction<String>() {
- @Override
- public String run() {
- return System.getProperty(key);
- }
- });
+ return GetPropertyAction.getProperty(key);
}
--- a/jdk/src/java.base/share/classes/sun/nio/fs/Util.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/nio/fs/Util.java Thu Apr 21 10:30:43 2016 -0700
@@ -28,8 +28,7 @@
import java.util.*;
import java.nio.file.*;
import java.nio.charset.Charset;
-import java.security.*;
-import sun.security.action.*;
+import sun.security.action.GetPropertyAction;
/**
* Utility methods
@@ -39,7 +38,7 @@
private Util() { }
private static final Charset jnuEncoding = Charset.forName(
- AccessController.doPrivileged(new GetPropertyAction("sun.jnu.encoding")));
+ GetPropertyAction.getProperty("sun.jnu.encoding"));
/**
* Returns {@code Charset} corresponding to the sun.jnu.encoding property
--- a/jdk/src/java.base/share/classes/sun/security/action/GetIntegerAction.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/action/GetIntegerAction.java Thu Apr 21 10:30:43 2016 -0700
@@ -25,6 +25,8 @@
package sun.security.action;
+import java.security.AccessController;
+
/**
* A convenience class for retrieving the integer value of a system property
* as a privileged action.
@@ -67,7 +69,7 @@
implements java.security.PrivilegedAction<Integer> {
private String theProp;
private int defaultVal;
- private boolean defaultSet = false;
+ private boolean defaultSet;
/**
* Constructor that takes the name of the system property whose integer
@@ -110,4 +112,39 @@
return defaultVal;
return value;
}
+
+ /**
+ * Convenience method to get a property without going through doPrivileged
+ * if no security manager is present. This is unsafe for inclusion in a
+ * public API but allowable here since this class is now encapsulated.
+ *
+ * @param theProp the name of the system property.
+ */
+ public static Integer getProperty(String theProp) {
+ if (System.getSecurityManager() == null) {
+ return Integer.getInteger(theProp);
+ } else {
+ return AccessController.doPrivileged(
+ new GetIntegerAction(theProp));
+ }
+ }
+
+ /**
+ * Convenience method to get a property without going through doPrivileged
+ * if no security manager is present. This is unsafe for inclusion in a
+ * public API but allowable here since this class is now encapsulated.
+ *
+ * @param theProp the name of the system property.
+ * @param defaultVal the default value.
+ */
+ public static Integer getProperty(String theProp, int defaultVal) {
+ Integer value;
+ if (System.getSecurityManager() == null) {
+ value = Integer.getInteger(theProp);
+ } else {
+ value = AccessController.doPrivileged(
+ new GetIntegerAction(theProp));
+ }
+ return (value != null) ? value : defaultVal;
+ }
}
--- a/jdk/src/java.base/share/classes/sun/security/action/GetPropertyAction.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/action/GetPropertyAction.java Thu Apr 21 10:30:43 2016 -0700
@@ -25,6 +25,10 @@
package sun.security.action;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.Properties;
+
/**
* A convenience class for retrieving the string value of a system
* property as a privileged action.
@@ -46,8 +50,7 @@
* @since 1.2
*/
-public class GetPropertyAction
- implements java.security.PrivilegedAction<String> {
+public class GetPropertyAction implements PrivilegedAction<String> {
private String theProp;
private String defaultVal;
@@ -84,4 +87,57 @@
String value = System.getProperty(theProp);
return (value == null) ? defaultVal : value;
}
+
+ /**
+ * Convenience method to get a property without going through doPrivileged
+ * if no security manager is present. This is unsafe for inclusion in a
+ * public API but allowable here since this class is now encapsulated.
+ *
+ * @param theProp the name of the system property.
+ */
+ public static String getProperty(String theProp) {
+ if (System.getSecurityManager() == null) {
+ return System.getProperty(theProp);
+ } else {
+ return AccessController.doPrivileged(
+ new GetPropertyAction(theProp));
+ }
+ }
+
+ /**
+ * Convenience method to get a property without going through doPrivileged
+ * if no security manager is present. This is unsafe for inclusion in a
+ * public API but allowable here since this class is now encapsulated.
+ *
+ * @param theProp the name of the system property.
+ * @param defaultVal the default value.
+ */
+ public static String getProperty(String theProp, String defaultVal) {
+ if (System.getSecurityManager() == null) {
+ return System.getProperty(theProp, defaultVal);
+ } else {
+ return AccessController.doPrivileged(
+ new GetPropertyAction(theProp, defaultVal));
+ }
+ }
+
+ /**
+ * Convenience method to call <code>System.getProperties</code> without
+ * having to go through doPrivileged if no security manager is present.
+ * This is unsafe for inclusion in a public API but allowable here since
+ * this class is now encapsulated.
+ */
+ public static Properties getProperties() {
+ if (System.getSecurityManager() == null) {
+ return System.getProperties();
+ } else {
+ return AccessController.doPrivileged(
+ new PrivilegedAction<Properties>() {
+ public Properties run() {
+ return System.getProperties();
+ }
+ }
+ );
+ }
+ }
}
--- a/jdk/src/java.base/share/classes/sun/security/jca/ProviderConfig.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/jca/ProviderConfig.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -236,9 +236,8 @@
if (debug != null) {
debug.println("Loading provider " + ProviderConfig.this);
}
- ProviderLoader pl = new ProviderLoader();
try {
- Provider p = pl.load(provName);
+ Provider p = ProviderLoader.INSTANCE.load(provName);
if (p != null) {
if (hasArgument()) {
p = p.configure(argument);
@@ -303,9 +302,11 @@
// Inner class for loading security providers listed in java.security file
private static final class ProviderLoader {
+ static final ProviderLoader INSTANCE = new ProviderLoader();
+
private final ServiceLoader<Provider> services;
- ProviderLoader() {
+ private ProviderLoader() {
// VM should already been booted at this point, if not
// - Only providers in java.base should be loaded, don't use
// ServiceLoader
--- a/jdk/src/java.base/share/classes/sun/security/provider/DSA.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/provider/DSA.java Thu Apr 21 10:30:43 2016 -0700
@@ -106,6 +106,18 @@
this.p1363Format = p1363Format;
}
+ private static void checkKey(DSAParams params, int digestLen, String mdAlgo)
+ throws InvalidKeyException {
+ // FIPS186-3 states in sec4.2 that a hash function which provides
+ // a lower security strength than the (L, N) pair ordinarily should
+ // not be used.
+ int valueN = params.getQ().bitLength();
+ if (valueN > digestLen) {
+ throw new InvalidKeyException("The security strength of " +
+ mdAlgo + " digest algorithm is not sufficient for this key size");
+ }
+ }
+
/**
* Initialize the DSA object with a DSA private key.
*
@@ -130,6 +142,12 @@
throw new InvalidKeyException("DSA private key lacks parameters");
}
+ // check key size against hash output size for signing
+ // skip this check for verification to minimize impact on existing apps
+ if (md.getAlgorithm() != "NullDigest20") {
+ checkKey(params, md.getDigestLength()*8, md.getAlgorithm());
+ }
+
this.params = params;
this.presetX = priv.getX();
this.presetY = null;
@@ -160,7 +178,6 @@
if (params == null) {
throw new InvalidKeyException("DSA public key lacks parameters");
}
-
this.params = params;
this.presetY = pub.getY();
this.presetX = null;
@@ -406,20 +423,13 @@
return t5.mod(q);
}
- // NOTE: This following impl is defined in FIPS 186-3 AppendixB.2.2.
- // Original DSS algos such as SHA1withDSA and RawDSA uses a different
- // algorithm defined in FIPS 186-1 Sec3.2, and thus need to override this.
+ // NOTE: This following impl is defined in FIPS 186-4 AppendixB.2.1.
protected BigInteger generateK(BigInteger q) {
SecureRandom random = getSigningRandom();
- byte[] kValue = new byte[q.bitLength()/8];
+ byte[] kValue = new byte[(q.bitLength() + 7)/8 + 8];
- while (true) {
- random.nextBytes(kValue);
- BigInteger k = new BigInteger(1, kValue).mod(q);
- if (k.signum() > 0 && k.compareTo(q) < 0) {
- return k;
- }
- }
+ random.nextBytes(kValue);
+ return new BigInteger(1, kValue).mod(q.subtract(BigInteger.ONE)).add(BigInteger.ONE);
}
// Use the application-specified SecureRandom Object if provided.
@@ -504,222 +514,10 @@
}
}
- static class LegacyDSA extends DSA {
- /* The random seed used to generate k */
- private int[] kSeed;
- /* The random seed used to generate k (specified by application) */
- private byte[] kSeedAsByteArray;
- /*
- * The random seed used to generate k
- * (prevent the same Kseed from being used twice in a row
- */
- private int[] kSeedLast;
-
- public LegacyDSA(MessageDigest md) throws NoSuchAlgorithmException {
- this(md, false);
- }
-
- private LegacyDSA(MessageDigest md, boolean p1363Format)
- throws NoSuchAlgorithmException {
- super(md, p1363Format);
- }
-
- @Deprecated
- protected void engineSetParameter(String key, Object param) {
- if (key.equals("KSEED")) {
- if (param instanceof byte[]) {
- kSeed = byteArray2IntArray((byte[])param);
- kSeedAsByteArray = (byte[])param;
- } else {
- debug("unrecognized param: " + key);
- throw new InvalidParameterException("kSeed not a byte array");
- }
- } else {
- throw new InvalidParameterException("Unsupported parameter");
- }
- }
-
- @Deprecated
- protected Object engineGetParameter(String key) {
- if (key.equals("KSEED")) {
- return kSeedAsByteArray;
- } else {
- return null;
- }
- }
-
- /*
- * Please read bug report 4044247 for an alternative, faster,
- * NON-FIPS approved method to generate K
- */
- @Override
- protected BigInteger generateK(BigInteger q) {
- BigInteger k = null;
-
- // The application specified a kSeed for us to use.
- // Note: we dis-allow usage of the same Kseed twice in a row
- if (kSeed != null && !Arrays.equals(kSeed, kSeedLast)) {
- k = generateKUsingKSeed(kSeed, q);
- if (k.signum() > 0 && k.compareTo(q) < 0) {
- kSeedLast = kSeed.clone();
- return k;
- }
- }
-
- // The application did not specify a Kseed for us to use.
- // We'll generate a new Kseed by getting random bytes from
- // a SecureRandom object.
- SecureRandom random = getSigningRandom();
-
- while (true) {
- int[] seed = new int[5];
-
- for (int i = 0; i < 5; i++) seed[i] = random.nextInt();
-
- k = generateKUsingKSeed(seed, q);
- if (k.signum() > 0 && k.compareTo(q) < 0) {
- kSeedLast = seed;
- return k;
- }
- }
- }
-
- /**
- * Compute k for the DSA signature as defined in the original DSS,
- * i.e. FIPS186.
- *
- * @param seed the seed for generating k. This seed should be
- * secure. This is what is referred to as the KSEED in the DSA
- * specification.
- *
- * @param g the g parameter from the DSA key pair.
- */
- private BigInteger generateKUsingKSeed(int[] seed, BigInteger q) {
-
- // check out t in the spec.
- int[] t = { 0xEFCDAB89, 0x98BADCFE, 0x10325476,
- 0xC3D2E1F0, 0x67452301 };
- //
- int[] tmp = SHA_7(seed, t);
- byte[] tmpBytes = new byte[tmp.length * 4];
- for (int i = 0; i < tmp.length; i++) {
- int k = tmp[i];
- for (int j = 0; j < 4; j++) {
- tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8)));
- }
- }
- BigInteger k = new BigInteger(1, tmpBytes).mod(q);
- return k;
- }
-
- // Constants for each round
- private static final int round1_kt = 0x5a827999;
- private static final int round2_kt = 0x6ed9eba1;
- private static final int round3_kt = 0x8f1bbcdc;
- private static final int round4_kt = 0xca62c1d6;
-
- /**
- * Computes set 1 thru 7 of SHA-1 on m1. */
- static int[] SHA_7(int[] m1, int[] h) {
-
- int[] W = new int[80];
- System.arraycopy(m1,0,W,0,m1.length);
- int temp = 0;
-
- for (int t = 16; t <= 79; t++){
- temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
- W[t] = ((temp << 1) | (temp >>>(32 - 1)));
- }
-
- int a = h[0],b = h[1],c = h[2], d = h[3], e = h[4];
- for (int i = 0; i < 20; i++) {
- temp = ((a<<5) | (a>>>(32-5))) +
- ((b&c)|((~b)&d))+ e + W[i] + round1_kt;
- e = d;
- d = c;
- c = ((b<<30) | (b>>>(32-30)));
- b = a;
- a = temp;
- }
-
- // Round 2
- for (int i = 20; i < 40; i++) {
- temp = ((a<<5) | (a>>>(32-5))) +
- (b ^ c ^ d) + e + W[i] + round2_kt;
- e = d;
- d = c;
- c = ((b<<30) | (b>>>(32-30)));
- b = a;
- a = temp;
- }
-
- // Round 3
- for (int i = 40; i < 60; i++) {
- temp = ((a<<5) | (a>>>(32-5))) +
- ((b&c)|(b&d)|(c&d)) + e + W[i] + round3_kt;
- e = d;
- d = c;
- c = ((b<<30) | (b>>>(32-30)));
- b = a;
- a = temp;
- }
-
- // Round 4
- for (int i = 60; i < 80; i++) {
- temp = ((a<<5) | (a>>>(32-5))) +
- (b ^ c ^ d) + e + W[i] + round4_kt;
- e = d;
- d = c;
- c = ((b<<30) | (b>>>(32-30)));
- b = a;
- a = temp;
- }
- int[] md = new int[5];
- md[0] = h[0] + a;
- md[1] = h[1] + b;
- md[2] = h[2] + c;
- md[3] = h[3] + d;
- md[4] = h[4] + e;
- return md;
- }
-
- /*
- * Utility routine for converting a byte array into an int array
- */
- private int[] byteArray2IntArray(byte[] byteArray) {
-
- int j = 0;
- byte[] newBA;
- int mod = byteArray.length % 4;
-
- // guarantee that the incoming byteArray is a multiple of 4
- // (pad with 0's)
- switch (mod) {
- case 3: newBA = new byte[byteArray.length + 1]; break;
- case 2: newBA = new byte[byteArray.length + 2]; break;
- case 1: newBA = new byte[byteArray.length + 3]; break;
- default: newBA = new byte[byteArray.length + 0]; break;
- }
- System.arraycopy(byteArray, 0, newBA, 0, byteArray.length);
-
- // copy each set of 4 bytes in the byte array into an integer
- int[] newSeed = new int[newBA.length / 4];
- for (int i = 0; i < newBA.length; i += 4) {
- newSeed[j] = newBA[i + 3] & 0xFF;
- newSeed[j] |= (newBA[i + 2] << 8) & 0xFF00;
- newSeed[j] |= (newBA[i + 1] << 16) & 0xFF0000;
- newSeed[j] |= (newBA[i + 0] << 24) & 0xFF000000;
- j++;
- }
-
- return newSeed;
- }
- }
-
/**
* Standard SHA1withDSA implementation.
*/
- public static final class SHA1withDSA extends LegacyDSA {
+ public static final class SHA1withDSA extends DSA {
public SHA1withDSA() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA-1"));
}
@@ -728,7 +526,7 @@
/**
* SHA1withDSA implementation that uses the IEEE P1363 format.
*/
- public static final class SHA1withDSAinP1363Format extends LegacyDSA {
+ public static final class SHA1withDSAinP1363Format extends DSA {
public SHA1withDSAinP1363Format() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA-1"), true);
}
@@ -741,7 +539,7 @@
* not, a SignatureException is thrown when sign()/verify() is called
* per JCA spec.
*/
- static class Raw extends LegacyDSA {
+ static class Raw extends DSA {
// Internal special-purpose MessageDigest impl for RawDSA
// Only override whatever methods used
// NOTE: no clone support
--- a/jdk/src/java.base/share/classes/sun/security/provider/DSAKeyFactory.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/provider/DSAKeyFactory.java Thu Apr 21 10:30:43 2016 -0700
@@ -70,8 +70,7 @@
* By default this is false.
* This incompatibility was introduced by 4532506.
*/
- String prop = AccessController.doPrivileged
- (new GetPropertyAction(SERIAL_PROP, null));
+ String prop = GetPropertyAction.getProperty(SERIAL_PROP);
SERIAL_INTEROP = "true".equalsIgnoreCase(prop);
}
--- a/jdk/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java Thu Apr 21 10:30:43 2016 -0700
@@ -84,9 +84,8 @@
public static final int MAX_RESTRICTED_EXPLEN = 64;
private static final boolean restrictExpLen =
- "true".equalsIgnoreCase(AccessController.doPrivileged(
- new GetPropertyAction(
- "sun.security.rsa.restrictRSAExponent", "true")));
+ "true".equalsIgnoreCase(GetPropertyAction.getProperty(
+ "sun.security.rsa.restrictRSAExponent", "true"));
// instance used for static translateKey();
private static final RSAKeyFactory INSTANCE = new RSAKeyFactory();
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ClientKeyExchangeService.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ClientKeyExchangeService.java Thu Apr 21 10:30:43 2016 -0700
@@ -50,10 +50,7 @@
providers = new HashMap<>();
static {
- final String key = "java.home";
- String path = AccessController.doPrivileged(
- new GetPropertyAction(key), null,
- new PropertyPermission(key, "read"));
+ String path = GetPropertyAction.getProperty("java.home");
ServiceLoader<ClientKeyExchangeService> sc =
AccessController.doPrivileged(
(PrivilegedAction<ServiceLoader<ClientKeyExchangeService>>)
--- a/jdk/src/java.base/share/classes/sun/security/ssl/Debug.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/Debug.java Thu Apr 21 10:30:43 2016 -0700
@@ -26,7 +26,6 @@
package sun.security.ssl;
import java.io.PrintStream;
-import java.security.AccessController;
import java.util.Locale;
import sun.security.util.HexDumpEncoder;
@@ -46,8 +45,7 @@
private static String args;
static {
- args = java.security.AccessController.doPrivileged(
- new GetPropertyAction("javax.net.debug", ""));
+ args = GetPropertyAction.getProperty("javax.net.debug", "");
args = args.toLowerCase(Locale.ENGLISH);
if (args.equals("help")) {
Help();
@@ -184,8 +182,7 @@
*/
static boolean getBooleanProperty(String propName, boolean defaultValue) {
// if set, require value of either true or false
- String b = AccessController.doPrivileged(
- new GetPropertyAction(propName));
+ String b = GetPropertyAction.getProperty(propName);
if (b == null) {
return defaultValue;
} else if (b.equalsIgnoreCase("false")) {
--- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Thu Apr 21 10:30:43 2016 -0700
@@ -656,8 +656,7 @@
// the provider service. Instead, please handle the initialization
// exception in the caller's constructor.
static {
- String property = AccessController.doPrivileged(
- new GetPropertyAction(PROPERTY_NAME));
+ String property = GetPropertyAction.getProperty(PROPERTY_NAME);
if (property != null && property.length() != 0) {
// remove double quote marks from beginning/end of the property
if (property.length() > 1 && property.charAt(0) == '"' &&
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java Thu Apr 21 10:30:43 2016 -0700
@@ -119,8 +119,8 @@
private long statusRespTimeout;
static {
- String property = AccessController.doPrivileged(
- new GetPropertyAction("jdk.tls.ephemeralDHKeySize"));
+ String property =
+ GetPropertyAction.getProperty("jdk.tls.ephemeralDHKeySize");
if (property == null || property.length() == 0) {
useLegacyEphemeralDHKeys = false;
useSmartEphemeralDHKeys = false;
--- a/jdk/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java Thu Apr 21 10:30:43 2016 -0700
@@ -73,8 +73,8 @@
DEFAULT_CACHE_LIFETIME));
cacheLifetime = life > 0 ? life : 0;
- String uriStr = AccessController.doPrivileged(
- new GetPropertyAction("jdk.tls.stapling.responderURI"));
+ String uriStr =
+ GetPropertyAction.getProperty("jdk.tls.stapling.responderURI");
URI tmpURI;
try {
tmpURI = ((uriStr != null && !uriStr.isEmpty()) ?
--- a/jdk/src/java.base/share/classes/sun/security/util/Debug.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/security/util/Debug.java Thu Apr 21 10:30:43 2016 -0700
@@ -29,6 +29,7 @@
import java.util.regex.Pattern;
import java.util.regex.Matcher;
import java.util.Locale;
+import sun.security.action.GetPropertyAction;
/**
* A utility class for debuging.
@@ -42,13 +43,10 @@
private static String args;
static {
- args = java.security.AccessController.doPrivileged
- (new sun.security.action.GetPropertyAction
- ("java.security.debug"));
+ args = GetPropertyAction.getProperty("java.security.debug");
- String args2 = java.security.AccessController.doPrivileged
- (new sun.security.action.GetPropertyAction
- ("java.security.auth.debug"));
+ String args2 =
+ GetPropertyAction.getProperty("java.security.auth.debug");
if (args == null) {
args = args2;
--- a/jdk/src/java.base/share/classes/sun/util/calendar/LocalGregorianCalendar.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/util/calendar/LocalGregorianCalendar.java Thu Apr 21 10:30:43 2016 -0700
@@ -27,6 +27,7 @@
import java.security.AccessController;
import java.util.TimeZone;
+import sun.security.action.GetPropertyAction;
/**
*
@@ -142,8 +143,8 @@
}
// Append an era to the predefined eras if it's given by the property.
- String prop = AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("jdk.calendar.japanese.supplemental.era"));
+ String prop = GetPropertyAction
+ .getProperty("jdk.calendar.japanese.supplemental.era");
if (prop != null) {
Era era = parseEraEntry(prop);
if (era != null) {
--- a/jdk/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java Thu Apr 21 10:30:43 2016 -0700
@@ -245,11 +245,12 @@
};
static {
- String oldmapping = AccessController.doPrivileged(
- new GetPropertyAction("sun.timezone.ids.oldmapping", "false")).toLowerCase(Locale.ROOT);
+ String oldmapping = GetPropertyAction
+ .getProperty("sun.timezone.ids.oldmapping", "false")
+ .toLowerCase(Locale.ROOT);
USE_OLDMAPPING = (oldmapping.equals("yes") || oldmapping.equals("true"));
- AccessController.doPrivileged(new PrivilegedAction<Object>() {
- public Object run() {
+ AccessController.doPrivileged(new PrivilegedAction<Void>() {
+ public Void run() {
try {
String libDir = System.getProperty("java.home") + File.separator + "lib";
try (DataInputStream dis = new DataInputStream(
--- a/jdk/src/java.base/share/classes/sun/util/locale/provider/LocaleProviderAdapter.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/share/classes/sun/util/locale/provider/LocaleProviderAdapter.java Thu Apr 21 10:30:43 2016 -0700
@@ -25,7 +25,6 @@
package sun.util.locale.provider;
-import java.security.AccessController;
import java.text.spi.BreakIteratorProvider;
import java.text.spi.CollatorProvider;
import java.text.spi.DateFormatProvider;
@@ -47,6 +46,7 @@
import java.util.spi.LocaleNameProvider;
import java.util.spi.LocaleServiceProvider;
import java.util.spi.TimeZoneNameProvider;
+import sun.security.action.GetPropertyAction;
import sun.util.spi.CalendarProvider;
/**
@@ -116,8 +116,7 @@
adapterCache = new ConcurrentHashMap<>();
static {
- String order = AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("java.locale.providers"));
+ String order = GetPropertyAction.getProperty("java.locale.providers");
List<Type> typeList = new ArrayList<>();
// Check user specified adapter preference
--- a/jdk/src/java.base/solaris/classes/sun/nio/fs/SolarisFileSystem.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/solaris/classes/sun/nio/fs/SolarisFileSystem.java Thu Apr 21 10:30:43 2016 -0700
@@ -28,7 +28,6 @@
import java.nio.file.*;
import java.io.IOException;
import java.util.*;
-import java.security.AccessController;
import sun.security.action.GetPropertyAction;
import static sun.nio.fs.SolarisNativeDispatcher.*;
@@ -43,8 +42,7 @@
super(provider, dir);
// check os.version
- String osversion = AccessController
- .doPrivileged(new GetPropertyAction("os.version"));
+ String osversion = GetPropertyAction.getProperty("os.version");
String[] vers = Util.split(osversion, '.');
assert vers.length >= 2;
int majorVersion = Integer.parseInt(vers[0]);
--- a/jdk/src/java.base/solaris/classes/sun/nio/fs/SolarisFileSystemProvider.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/solaris/classes/sun/nio/fs/SolarisFileSystemProvider.java Thu Apr 21 10:30:43 2016 -0700
@@ -29,7 +29,6 @@
import java.nio.file.attribute.*;
import java.nio.file.spi.FileTypeDetector;
import java.io.IOException;
-import java.security.AccessController;
import sun.security.action.GetPropertyAction;
/**
@@ -85,8 +84,8 @@
@Override
FileTypeDetector getFileTypeDetector() {
- Path userMimeTypes = Paths.get(AccessController.doPrivileged(
- new GetPropertyAction("user.home")), ".mime.types");
+ Path userMimeTypes = Paths.get(
+ GetPropertyAction.getProperty("user.home"), ".mime.types");
Path etcMimeTypes = Paths.get("/etc/mime.types");
return chain(new GioFileTypeDetector(),
--- a/jdk/src/java.base/unix/classes/java/io/UnixFileSystem.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/unix/classes/java/io/UnixFileSystem.java Thu Apr 21 10:30:43 2016 -0700
@@ -25,7 +25,7 @@
package java.io;
-import java.security.AccessController;
+import java.util.Properties;
import sun.security.action.GetPropertyAction;
@@ -36,12 +36,10 @@
private final String javaHome;
public UnixFileSystem() {
- slash = AccessController.doPrivileged(
- new GetPropertyAction("file.separator")).charAt(0);
- colon = AccessController.doPrivileged(
- new GetPropertyAction("path.separator")).charAt(0);
- javaHome = AccessController.doPrivileged(
- new GetPropertyAction("java.home"));
+ Properties props = GetPropertyAction.getProperties();
+ slash = props.getProperty("file.separator").charAt(0);
+ colon = props.getProperty("path.separator").charAt(0);
+ javaHome = props.getProperty("java.home");
}
--- a/jdk/src/java.base/unix/classes/java/lang/ProcessImpl.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/unix/classes/java/lang/ProcessImpl.java Thu Apr 21 10:30:43 2016 -0700
@@ -46,8 +46,10 @@
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import java.util.Properties;
import jdk.internal.misc.JavaIOFileDescriptorAccess;
import jdk.internal.misc.SharedSecrets;
+import sun.security.action.GetPropertyAction;
/**
* java.lang.Process subclass in the UNIX environment.
@@ -123,11 +125,9 @@
}
String helperPath() {
- return AccessController.doPrivileged(
- (PrivilegedAction<String>) () ->
- helperPath(System.getProperty("java.home"),
- System.getProperty("os.arch"))
- );
+ Properties props = GetPropertyAction.getProperties();
+ return helperPath(props.getProperty("java.home"),
+ props.getProperty("os.arch"));
}
LaunchMechanism launchMechanism() {
@@ -159,9 +159,7 @@
}
static Platform get() {
- String osName = AccessController.doPrivileged(
- (PrivilegedAction<String>) () -> System.getProperty("os.name")
- );
+ String osName = GetPropertyAction.getProperty("os.name");
if (osName.equals("Linux")) { return LINUX; }
if (osName.contains("OS X")) { return BSD; }
--- a/jdk/src/java.base/unix/classes/java/net/DefaultDatagramSocketImplFactory.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/unix/classes/java/net/DefaultDatagramSocketImplFactory.java Thu Apr 21 10:30:43 2016 -0700
@@ -24,7 +24,7 @@
*/
package java.net;
-import java.security.AccessController;
+import sun.security.action.GetPropertyAction;
/**
* This class defines a factory for creating DatagramSocketImpls. It defaults
@@ -40,8 +40,7 @@
static {
String prefix = null;
try {
- prefix = AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("impl.prefix", null));
+ prefix = GetPropertyAction.getProperty("impl.prefix", null);
if (prefix != null)
prefixImplClass = Class.forName("java.net."+prefix+"DatagramSocketImpl");
} catch (Exception e) {
--- a/jdk/src/java.base/unix/classes/sun/net/sdp/SdpProvider.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/unix/classes/sun/net/sdp/SdpProvider.java Thu Apr 21 10:30:43 2016 -0700
@@ -34,7 +34,6 @@
import java.io.FileDescriptor;
import java.io.IOException;
import java.io.PrintStream;
-import java.security.AccessController;
import sun.net.sdp.SdpSupport;
import sun.security.action.GetPropertyAction;
@@ -57,8 +56,7 @@
public SdpProvider() {
// if this property is not defined then there is nothing to do.
- String file = AccessController.doPrivileged(
- new GetPropertyAction("com.sun.sdp.conf"));
+ String file = GetPropertyAction.getProperty("com.sun.sdp.conf");
if (file == null) {
this.enabled = false;
this.rules = null;
@@ -77,8 +75,7 @@
// check if debugging is enabled
PrintStream out = null;
- String logfile = AccessController.doPrivileged(
- new GetPropertyAction("com.sun.sdp.debug"));
+ String logfile = GetPropertyAction.getProperty("com.sun.sdp.debug");
if (logfile != null) {
out = System.out;
if (logfile.length() > 0) {
--- a/jdk/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Thu Apr 21 10:30:43 2016 -0700
@@ -39,6 +39,7 @@
import sun.net.www.protocol.http.AuthenticationInfo;
import sun.net.www.protocol.http.AuthScheme;
import sun.net.www.protocol.http.HttpURLConnection;
+import sun.security.action.GetPropertyAction;
/**
* NTLMAuthentication:
@@ -73,12 +74,9 @@
NTLMAuthenticationCallback.getNTLMAuthenticationCallback();
private String hostname;
- private static String defaultDomain; /* Domain to use if not specified by user */
-
- static {
- defaultDomain = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("http.auth.ntlm.domain", ""));
- };
+ /* Domain to use if not specified by user */
+ private static String defaultDomain =
+ GetPropertyAction.getProperty("http.auth.ntlm.domain", "");
public static boolean supportsTransparentAuth () {
return false;
@@ -143,8 +141,7 @@
password = pw.getPassword();
init0();
try {
- String version = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("ntlm.version"));
+ String version = GetPropertyAction.getProperty("ntlm.version");
client = new Client(version, hostname, username, ntdomain, password);
} catch (NTLMException ne) {
try {
--- a/jdk/src/java.base/unix/classes/sun/nio/ch/DefaultAsynchronousChannelProvider.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/unix/classes/sun/nio/ch/DefaultAsynchronousChannelProvider.java Thu Apr 21 10:30:43 2016 -0700
@@ -26,7 +26,6 @@
package sun.nio.ch;
import java.nio.channels.spi.AsynchronousChannelProvider;
-import java.security.AccessController;
import sun.security.action.GetPropertyAction;
/**
@@ -60,8 +59,7 @@
* Returns the default AsynchronousChannelProvider.
*/
public static AsynchronousChannelProvider create() {
- String osname = AccessController
- .doPrivileged(new GetPropertyAction("os.name"));
+ String osname = GetPropertyAction.getProperty("os.name");
if (osname.equals("SunOS"))
return createProvider("sun.nio.ch.SolarisAsynchronousChannelProvider");
if (osname.equals("Linux"))
--- a/jdk/src/java.base/unix/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/unix/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java Thu Apr 21 10:30:43 2016 -0700
@@ -31,7 +31,6 @@
import java.util.concurrent.*;
import java.io.IOException;
import java.io.FileDescriptor;
-import java.security.AccessController;
import sun.net.NetHooks;
import sun.security.action.GetPropertyAction;
@@ -47,8 +46,8 @@
private static final boolean disableSynchronousRead;
static {
- String propValue = AccessController.doPrivileged(
- new GetPropertyAction("sun.nio.ch.disableSynchronousRead", "false"));
+ String propValue = GetPropertyAction
+ .getProperty("sun.nio.ch.disableSynchronousRead", "false");
disableSynchronousRead = (propValue.length() == 0) ?
true : Boolean.valueOf(propValue);
}
--- a/jdk/src/java.base/unix/classes/sun/nio/fs/DefaultFileSystemProvider.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/unix/classes/sun/nio/fs/DefaultFileSystemProvider.java Thu Apr 21 10:30:43 2016 -0700
@@ -26,7 +26,6 @@
package sun.nio.fs;
import java.nio.file.spi.FileSystemProvider;
-import java.security.AccessController;
import sun.security.action.GetPropertyAction;
/**
@@ -55,8 +54,7 @@
* Returns the default FileSystemProvider.
*/
public static FileSystemProvider create() {
- String osname = AccessController
- .doPrivileged(new GetPropertyAction("os.name"));
+ String osname = GetPropertyAction.getProperty("os.name");
if (osname.equals("SunOS"))
return createProvider("sun.nio.fs.SolarisFileSystemProvider");
if (osname.equals("Linux"))
--- a/jdk/src/java.base/unix/classes/sun/nio/fs/UnixFileSystem.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/unix/classes/sun/nio/fs/UnixFileSystem.java Thu Apr 21 10:30:43 2016 -0700
@@ -31,7 +31,6 @@
import java.io.IOException;
import java.util.*;
import java.util.regex.Pattern;
-import java.security.AccessController;
import sun.security.action.GetPropertyAction;
/**
@@ -57,8 +56,8 @@
// if process-wide chdir is allowed or default directory is not the
// process working directory then paths must be resolved against the
// default directory.
- String propValue = AccessController.doPrivileged(
- new GetPropertyAction("sun.nio.fs.chdirAllowed", "false"));
+ String propValue = GetPropertyAction
+ .getProperty("sun.nio.fs.chdirAllowed", "false");
boolean chdirAllowed = (propValue.length() == 0) ?
true : Boolean.valueOf(propValue);
if (chdirAllowed) {
--- a/jdk/src/java.base/windows/classes/java/io/WinNTFileSystem.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/windows/classes/java/io/WinNTFileSystem.java Thu Apr 21 10:30:43 2016 -0700
@@ -25,8 +25,8 @@
package java.io;
-import java.security.AccessController;
import java.util.Locale;
+import java.util.Properties;
import sun.security.action.GetPropertyAction;
/**
@@ -42,10 +42,9 @@
private final char semicolon;
public WinNTFileSystem() {
- slash = AccessController.doPrivileged(
- new GetPropertyAction("file.separator")).charAt(0);
- semicolon = AccessController.doPrivileged(
- new GetPropertyAction("path.separator")).charAt(0);
+ Properties props = GetPropertyAction.getProperties();
+ slash = props.getProperty("file.separator").charAt(0);
+ semicolon = props.getProperty("path.separator").charAt(0);
altSlash = (this.slash == '\\') ? '/' : '\\';
}
--- a/jdk/src/java.base/windows/classes/java/net/DefaultDatagramSocketImplFactory.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/windows/classes/java/net/DefaultDatagramSocketImplFactory.java Thu Apr 21 10:30:43 2016 -0700
@@ -24,8 +24,7 @@
*/
package java.net;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
+import java.util.Properties;
import sun.security.action.GetPropertyAction;
/**
@@ -57,12 +56,11 @@
static {
Class<?> prefixImplClassLocal = null;
+ Properties props = GetPropertyAction.getProperties();
preferIPv4Stack = Boolean.parseBoolean(
- AccessController.doPrivileged(
- new GetPropertyAction("java.net.preferIPv4Stack")));
+ props.getProperty("java.net.preferIPv4Stack"));
- String exclBindProp = AccessController.doPrivileged(
- new GetPropertyAction("sun.net.useExclusiveBind", ""));
+ String exclBindProp = props.getProperty("sun.net.useExclusiveBind", "");
exclusiveBind = (exclBindProp.isEmpty())
? true
: Boolean.parseBoolean(exclBindProp);
@@ -70,8 +68,7 @@
// impl.prefix
String prefix = null;
try {
- prefix = AccessController.doPrivileged(
- new GetPropertyAction("impl.prefix", null));
+ prefix = props.getProperty("impl.prefix");
if (prefix != null)
prefixImplClassLocal = Class.forName("java.net."+prefix+"DatagramSocketImpl");
} catch (Exception e) {
--- a/jdk/src/java.base/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java Thu Apr 21 10:30:43 2016 -0700
@@ -34,6 +34,7 @@
import sun.net.www.protocol.http.AuthenticationInfo;
import sun.net.www.protocol.http.AuthScheme;
import sun.net.www.protocol.http.HttpURLConnection;
+import sun.security.action.GetPropertyAction;
/**
* NTLMAuthentication:
@@ -52,9 +53,8 @@
private static String defaultDomain; /* Domain to use if not specified by user */
static {
- defaultDomain = java.security.AccessController.doPrivileged(
- new sun.security.action.GetPropertyAction("http.auth.ntlm.domain",
- "domain"));
+ defaultDomain = GetPropertyAction.getProperty("http.auth.ntlm.domain",
+ "domain");
};
private void init0() {
--- a/jdk/src/java.base/windows/classes/sun/nio/ch/FileDispatcherImpl.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/windows/classes/sun/nio/ch/FileDispatcherImpl.java Thu Apr 21 10:30:43 2016 -0700
@@ -27,9 +27,9 @@
import java.io.FileDescriptor;
import java.io.IOException;
-import java.security.PrivilegedAction;
import jdk.internal.misc.SharedSecrets;
import jdk.internal.misc.JavaIOFileDescriptorAccess;
+import sun.security.action.GetPropertyAction;
class FileDispatcherImpl extends FileDispatcher {
@@ -119,13 +119,8 @@
}
static boolean isFastFileTransferRequested() {
- String fileTransferProp = java.security.AccessController.doPrivileged(
- new PrivilegedAction<String>() {
- @Override
- public String run() {
- return System.getProperty("jdk.nio.enableFastFileTransfer");
- }
- });
+ String fileTransferProp = GetPropertyAction
+ .getProperty("jdk.nio.enableFastFileTransfer");
boolean enable;
if ("".equals(fileTransferProp)) {
enable = true;
--- a/jdk/src/java.base/windows/classes/sun/nio/fs/WindowsFileAttributes.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.base/windows/classes/sun/nio/fs/WindowsFileAttributes.java Thu Apr 21 10:30:43 2016 -0700
@@ -27,7 +27,6 @@
import java.nio.file.attribute.*;
import java.util.concurrent.TimeUnit;
-import java.security.AccessController;
import jdk.internal.misc.Unsafe;
import sun.security.action.GetPropertyAction;
@@ -115,8 +114,8 @@
// indicates if accurate metadata is required (interesting on NTFS only)
private static final boolean ensureAccurateMetadata;
static {
- String propValue = AccessController.doPrivileged(
- new GetPropertyAction("sun.nio.fs.ensureAccurateMetadata", "false"));
+ String propValue = GetPropertyAction
+ .getProperty("sun.nio.fs.ensureAccurateMetadata", "false");
ensureAccurateMetadata = (propValue.length() == 0) ?
true : Boolean.valueOf(propValue);
}
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/DeviceTables.cpp Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/DeviceTables.cpp Thu Apr 21 10:30:43 2016 -0700
@@ -45,9 +45,12 @@
le_int16 DeviceTable::getAdjustment(const LEReferenceTo<DeviceTable>&base, le_uint16 ppem, LEErrorCode &success) const
{
+ le_int16 result = 0;
+ if (LE_FAILURE(success)) {
+ return result;
+ }
le_uint16 start = SWAPW(startSize);
le_uint16 format = SWAPW(deltaFormat) - 1;
- le_int16 result = 0;
if (ppem >= start && ppem <= SWAPW(endSize) && format < FORMAT_COUNT) {
le_uint16 sizeIndex = ppem - start;
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/LigatureSubstProc.cpp Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/LigatureSubstProc.cpp Thu Apr 21 10:30:43 2016 -0700
@@ -71,6 +71,10 @@
{
LEErrorCode success = LE_NO_ERROR;
const LigatureSubstitutionStateEntry *entry = entryTable.getAlias(index, success);
+ if (LE_FAILURE(success)) {
+ currGlyph++;
+ return 0;
+ }
ByteOffset newState = SWAPW(entry->newStateOffset);
le_uint16 flags = SWAPW(entry->flags);
@@ -91,6 +95,10 @@
if (actionOffset != 0) {
LEReferenceTo<LigatureActionEntry> ap(stHeader, success, actionOffset);
+ if (LE_FAILURE(success)) {
+ currGlyph++;
+ return newState;
+ }
LigatureActionEntry action;
le_int32 offset, i = 0, j = 0;
le_int32 stack[nComponents];
@@ -101,6 +109,10 @@
if (j++ > 0) {
ap.addObject(success);
+ if (LE_FAILURE(success)) {
+ currGlyph++;
+ return newState;
+ }
}
action = SWAPL(*ap.getAlias());
@@ -124,9 +136,17 @@
return newState; // get out! bad font
}
i += SWAPW(offsetTable.getObject(LE_GET_GLYPH(glyphStorage[componentGlyph]), success));
+ if (LE_FAILURE(success)) {
+ currGlyph++;
+ return newState;
+ }
if (action & (lafLast | lafStore)) {
LEReferenceTo<TTGlyphID> ligatureOffset(stHeader, success, i);
+ if (LE_FAILURE(success)) {
+ currGlyph++;
+ return newState;
+ }
TTGlyphID ligatureGlyph = SWAPW(*ligatureOffset.getAlias());
glyphStorage[componentGlyph] = LE_SET_GLYPH(glyphStorage[componentGlyph], ligatureGlyph);
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/LigatureSubstProc2.cpp Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/LigatureSubstProc2.cpp Thu Apr 21 10:30:43 2016 -0700
@@ -95,6 +95,10 @@
if (actionOffset != 0) {
LEReferenceTo<LigatureActionEntry> ap(stHeader, success, ligActionOffset); // byte offset
+ if (LE_FAILURE(success)) {
+ currGlyph+= dir;
+ return nextStateIndex;
+ }
ap.addObject(ligActionIndex, success);
LEReferenceToArrayOf<TTGlyphID> ligatureTable(stHeader, success, ligatureOffset, LE_UNBOUNDED_ARRAY);
LigatureActionEntry action;
@@ -104,8 +108,8 @@
LEReferenceToArrayOf<le_uint16> componentTable(stHeader, success, componentOffset, LE_UNBOUNDED_ARRAY);
if(LE_FAILURE(success)) {
- currGlyph+= dir;
- return nextStateIndex; // get out! bad font
+ currGlyph+= dir;
+ return nextStateIndex; // get out! bad font
}
do {
@@ -114,6 +118,10 @@
if (j++ > 0) {
ap.addObject(success);
}
+ if (LE_FAILURE(success)) {
+ currGlyph+= dir;
+ return nextStateIndex;
+ }
action = SWAPL(*ap.getAlias());
@@ -129,9 +137,17 @@
return nextStateIndex; // get out! bad font
}
i += SWAPW(componentTable(LE_GET_GLYPH(glyphStorage[componentGlyph]) + (SignExtend(offset, lafComponentOffsetMask)),success));
+ if (LE_FAILURE(success)) {
+ currGlyph+= dir;
+ return nextStateIndex;
+ }
if (action & (lafLast | lafStore)) {
TTGlyphID ligatureGlyph = SWAPW(ligatureTable(i,success));
+ if (LE_FAILURE(success)) {
+ currGlyph+= dir;
+ return nextStateIndex;
+ }
glyphStorage[componentGlyph] = LE_SET_GLYPH(glyphStorage[componentGlyph], ligatureGlyph);
if(mm==nComponents) {
LE_DEBUG_BAD_FONT("exceeded nComponents");
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTableProcessor2.cpp Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTableProcessor2.cpp Thu Apr 21 10:30:43 2016 -0700
@@ -60,6 +60,7 @@
entryTableOffset = SWAPL(stHeader->entryTableOffset);
classTable = LEReferenceTo<LookupTable>(stHeader, success, classTableOffset);
+ if (LE_FAILURE(success)) return;
format = SWAPW(classTable->format);
stateArray = LEReferenceToArrayOf<EntryTableIndex2>(stHeader, success, stateArrayOffset, LE_UNBOUNDED_ARRAY);
--- a/jdk/src/java.management/share/classes/javax/management/remote/rmi/RMIConnectorServer.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.management/share/classes/javax/management/remote/rmi/RMIConnectorServer.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,7 @@
import javax.management.InstanceNotFoundException;
import javax.management.MBeanServer;
+import javax.management.remote.JMXAuthenticator;
import javax.management.remote.JMXConnectionNotification;
import javax.management.remote.JMXConnector;
@@ -100,6 +101,21 @@
"jmx.remote.rmi.server.socket.factory";
/**
+ * Name of the attribute that specifies a list of class names acceptable
+ * as parameters to the {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
+ * remote method call.
+ * <p>
+ * This list of classes should correspond to the transitive closure of the
+ * credentials class (or classes) used by the installed {@linkplain JMXAuthenticator}
+ * associated with the {@linkplain RMIServer} implementation.
+ * <p>
+ * If the attribute is not set, or is null, then any class is
+ * deemed acceptable.
+ */
+ public static final String CREDENTIAL_TYPES =
+ "jmx.remote.rmi.server.credential.types";
+
+ /**
* <p>Makes an <code>RMIConnectorServer</code>.
* This is equivalent to calling {@link #RMIConnectorServer(
* JMXServiceURL,Map,RMIServerImpl,MBeanServer)
--- a/jdk/src/java.management/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.management/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,13 @@
import com.sun.jmx.remote.internal.RMIExporter;
import com.sun.jmx.remote.util.EnvHelp;
+import java.io.ObjectStreamClass;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import sun.reflect.misc.ReflectUtil;
+import sun.rmi.server.DeserializationChecker;
import sun.rmi.server.UnicastServerRef;
import sun.rmi.server.UnicastServerRef2;
@@ -52,6 +59,9 @@
* @since 1.5
*/
public class RMIJRMPServerImpl extends RMIServerImpl {
+
+ private final ExportedWrapper exportedWrapper;
+
/**
* <p>Creates a new {@link RMIServer} object that will be exported
* on the given port using the given socket factories.</p>
@@ -89,10 +99,31 @@
this.csf = csf;
this.ssf = ssf;
this.env = (env == null) ? Collections.<String, Object>emptyMap() : env;
+
+ String[] credentialsTypes
+ = (String[]) this.env.get(RMIConnectorServer.CREDENTIAL_TYPES);
+ List<String> types = null;
+ if (credentialsTypes != null) {
+ types = new ArrayList<>();
+ for (String type : credentialsTypes) {
+ if (type == null) {
+ throw new IllegalArgumentException("A credential type is null.");
+ }
+ ReflectUtil.checkPackageAccess(type);
+ types.add(type);
+ }
+ }
+ exportedWrapper = types != null ?
+ new ExportedWrapper(this, types) :
+ null;
}
protected void export() throws IOException {
- export(this);
+ if (exportedWrapper != null) {
+ export(exportedWrapper);
+ } else {
+ export(this);
+ }
}
private void export(Remote obj) throws RemoteException {
@@ -142,7 +173,11 @@
* RMIJRMPServerImpl has not been exported yet.
*/
public Remote toStub() throws IOException {
- return RemoteObject.toStub(this);
+ if (exportedWrapper != null) {
+ return RemoteObject.toStub(exportedWrapper);
+ } else {
+ return RemoteObject.toStub(this);
+ }
}
/**
@@ -189,11 +224,56 @@
* server failed.
*/
protected void closeServer() throws IOException {
- unexport(this, true);
+ if (exportedWrapper != null) {
+ unexport(exportedWrapper, true);
+ } else {
+ unexport(this, true);
+ }
}
private final int port;
private final RMIClientSocketFactory csf;
private final RMIServerSocketFactory ssf;
private final Map<String, ?> env;
+
+ private static class ExportedWrapper implements RMIServer, DeserializationChecker {
+ private final RMIServer impl;
+ private final List<String> allowedTypes;
+
+ private ExportedWrapper(RMIServer impl, List<String> credentialsTypes) {
+ this.impl = impl;
+ allowedTypes = credentialsTypes;
+ }
+
+ @Override
+ public String getVersion() throws RemoteException {
+ return impl.getVersion();
+ }
+
+ @Override
+ public RMIConnection newClient(Object credentials) throws IOException {
+ return impl.newClient(credentials);
+ }
+
+ @Override
+ public void check(Method method, ObjectStreamClass descriptor,
+ int paramIndex, int callID) {
+ String type = descriptor.getName();
+ if (!allowedTypes.contains(type)) {
+ throw new ClassCastException("Unsupported type: " + type);
+ }
+ }
+
+ @Override
+ public void checkProxyClass(Method method, String[] ifaces,
+ int paramIndex, int callID) {
+ if (ifaces != null && ifaces.length > 0) {
+ for (String iface : ifaces) {
+ if (!allowedTypes.contains(iface)) {
+ throw new ClassCastException("Unsupported type: " + iface);
+ }
+ }
+ }
+ }
+ }
}
--- a/jdk/src/java.management/share/classes/sun/management/jmxremote/ConnectorBootstrap.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.management/share/classes/sun/management/jmxremote/ConnectorBootstrap.java Thu Apr 21 10:30:43 2016 -0700
@@ -510,6 +510,9 @@
// This RMI server should not keep the VM alive
Map<String, Object> env = new HashMap<>();
env.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter());
+ env.put(RMIConnectorServer.CREDENTIAL_TYPES, new String[]{
+ String[].class.getName(), String.class.getName()
+ });
// The local connector server need only be available via the
// loopback connection.
@@ -740,6 +743,9 @@
PermanentExporter exporter = new PermanentExporter();
env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter);
+ env.put(RMIConnectorServer.CREDENTIAL_TYPES, new String[]{
+ String[].class.getName(), String.class.getName()
+ });
boolean useSocketFactory = bindAddress != null && !useSsl;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.rmi/share/classes/sun/rmi/server/DeserializationChecker.java Thu Apr 21 10:30:43 2016 -0700
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.rmi.server;
+
+import java.io.ObjectStreamClass;
+import java.lang.reflect.Method;
+
+/**
+ * Implementing this interface to have a deserialization control when RMI
+ * dispatches a remote request. If an exported object implements this interface,
+ * RMI dispatching mechanism will call the method {@code check} every time
+ * deserialising a remote object for invoking a method of the exported object.
+ *
+ * @author sjiang
+ */
+public interface DeserializationChecker {
+ /**
+ * Will be called to check a descriptor.
+ * This method may be called 2 times, the first time is when a descriptor is read
+ * from the stream, the second is just before creating an object described
+ * by this descriptor.
+ *
+ * @param method the method invoked from a remote request.
+ * @param descriptor The descriptor of the class of any object deserialised
+ * while deserialising the parameter. The first descriptor will be that of
+ * the top level object (the concrete class of the parameter itself);
+ * Subsequent calls with the same {@code method}, {@code paramIndex} and
+ * {@code callID} will correspond to objects contained in the parameter.
+ * @param paramIndex an index indicates the position of a parameter in the
+ * method. This index will be reused for deserialising all
+ * objects contained in the parameter object. For example, the parameter
+ * being deserialised is a {@code List}, all deserialisation calls for its
+ * elements will have same index.
+ * @param callID a unique ID identifying one
+ * time method invocation, the same ID is used for deserialization call of
+ * all parameters within the method.
+ */
+ public void check(Method method,
+ ObjectStreamClass descriptor,
+ int paramIndex,
+ int callID);
+
+ /**
+ * Will be called to validate a Proxy interfaces from a remote user before loading it.
+ * @param method the method invoked from a remote request.
+ * @param ifaces a string table of all interfaces implemented by the proxy to be checked.
+ * @param paramIndex an index indicates the position of a parameter in the
+ * method. This index will be reused for deserialising all
+ * objects contained in the parameter object. For example, the parameter
+ * being deserialised is a {@code List}, all deserialisation calls for its
+ * elements will have same index.
+ * @param callID a unique ID identifying one
+ * time method invocation, the same ID is used for deserialization call of
+ * all parameters within the method.
+ */
+ public void checkProxyClass(Method method,
+ String[] ifaces,
+ int paramIndex,
+ int callID);
+
+ /**
+ * Inform of the completion of parameter deserialisation for a method invocation.
+ * This is useful if the last parameter is a complex object, like a {@code List}
+ * which elements are complex object too.
+ *
+ * The default implementation does nothing.
+ * @param callID the ID identifying a method invocation.
+ */
+ public default void end(int callID) {}
+}
--- a/jdk/src/java.rmi/share/classes/sun/rmi/server/MarshalInputStream.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.rmi/share/classes/sun/rmi/server/MarshalInputStream.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,13 +30,13 @@
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.io.StreamCorruptedException;
-import java.net.URL;
import java.util.*;
import java.security.AccessControlException;
import java.security.Permission;
-
import java.rmi.server.RMIClassLoader;
import java.security.PrivilegedAction;
+import jdk.internal.misc.ObjectStreamClassValidator;
+import jdk.internal.misc.SharedSecrets;
/**
* MarshalInputStream is an extension of ObjectInputStream. When resolving
@@ -54,6 +54,11 @@
* @author Peter Jones
*/
public class MarshalInputStream extends ObjectInputStream {
+ interface StreamChecker extends ObjectStreamClassValidator {
+ void checkProxyInterfaceNames(String[] ifaces);
+ }
+
+ private volatile StreamChecker streamChecker = null;
/**
* Value of "java.rmi.server.useCodebaseOnly" property,
@@ -123,7 +128,7 @@
throws IOException, StreamCorruptedException
{
super(in);
- }
+ }
/**
* Returns a callback previously registered via the setDoneCallback
@@ -240,6 +245,11 @@
protected Class<?> resolveProxyClass(String[] interfaces)
throws IOException, ClassNotFoundException
{
+ StreamChecker checker = streamChecker;
+ if (checker != null) {
+ checker.checkProxyInterfaceNames(interfaces);
+ }
+
/*
* Always read annotation written by MarshalOutputStream.
*/
@@ -319,4 +329,28 @@
void useCodebaseOnly() {
useCodebaseOnly = true;
}
+
+ synchronized void setStreamChecker(StreamChecker checker) {
+ streamChecker = checker;
+ SharedSecrets.getJavaObjectInputStreamAccess().setValidator(this, checker);
+ }
+ @Override
+ protected ObjectStreamClass readClassDescriptor() throws IOException,
+ ClassNotFoundException {
+ ObjectStreamClass descriptor = super.readClassDescriptor();
+
+ validateDesc(descriptor);
+
+ return descriptor;
+ }
+
+ private void validateDesc(ObjectStreamClass descriptor) {
+ StreamChecker checker;
+ synchronized (this) {
+ checker = streamChecker;
+ }
+ if (checker != null) {
+ checker.validateDescriptor(descriptor);
+ }
+ }
}
--- a/jdk/src/java.rmi/share/classes/sun/rmi/server/UnicastServerRef.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.rmi/share/classes/sun/rmi/server/UnicastServerRef.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@
import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectOutput;
-import java.io.PrintStream;
+import java.io.ObjectStreamClass;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.rmi.MarshalException;
@@ -52,6 +52,7 @@
import java.util.HashMap;
import java.util.Map;
import java.util.WeakHashMap;
+import java.util.concurrent.atomic.AtomicInteger;
import sun.rmi.runtime.Log;
import sun.rmi.transport.LiveRef;
import sun.rmi.transport.Target;
@@ -116,6 +117,8 @@
private static final Map<Class<?>,?> withoutSkeletons =
Collections.synchronizedMap(new WeakHashMap<Class<?>,Void>());
+ private final AtomicInteger methodCallIDCount = new AtomicInteger(0);
+
/**
* Create a new (empty) Unicast server remote reference.
*/
@@ -297,14 +300,11 @@
logCall(obj, method);
// unmarshal parameters
- Class<?>[] types = method.getParameterTypes();
- Object[] params = new Object[types.length];
+ Object[] params = null;
try {
unmarshalCustomCallData(in);
- for (int i = 0; i < types.length; i++) {
- params[i] = unmarshalValue(types[i], in);
- }
+ params = unmarshalParameters(obj, method, marshalStream);
} catch (java.io.IOException e) {
throw new UnmarshalException(
"error unmarshalling arguments", e);
@@ -565,4 +565,85 @@
return map;
}
}
+
+ /**
+ * Unmarshal parameters for the given method of the given instance over
+ * the given marshalinputstream. Perform any necessary checks.
+ */
+ private Object[] unmarshalParameters(Object obj, Method method, MarshalInputStream in)
+ throws IOException, ClassNotFoundException {
+ return (obj instanceof DeserializationChecker) ?
+ unmarshalParametersChecked((DeserializationChecker)obj, method, in) :
+ unmarshalParametersUnchecked(method, in);
+ }
+
+ /**
+ * Unmarshal parameters for the given method of the given instance over
+ * the given marshalinputstream. Do not perform any additional checks.
+ */
+ private Object[] unmarshalParametersUnchecked(Method method, ObjectInput in)
+ throws IOException, ClassNotFoundException {
+ Class<?>[] types = method.getParameterTypes();
+ Object[] params = new Object[types.length];
+ for (int i = 0; i < types.length; i++) {
+ params[i] = unmarshalValue(types[i], in);
+ }
+ return params;
+ }
+
+ /**
+ * Unmarshal parameters for the given method of the given instance over
+ * the given marshalinputstream. Do perform all additional checks.
+ */
+ private Object[] unmarshalParametersChecked(
+ DeserializationChecker checker,
+ Method method, MarshalInputStream in)
+ throws IOException, ClassNotFoundException {
+ int callID = methodCallIDCount.getAndIncrement();
+ MyChecker myChecker = new MyChecker(checker, method, callID);
+ in.setStreamChecker(myChecker);
+ try {
+ Class<?>[] types = method.getParameterTypes();
+ Object[] values = new Object[types.length];
+ for (int i = 0; i < types.length; i++) {
+ myChecker.setIndex(i);
+ values[i] = unmarshalValue(types[i], in);
+ }
+ myChecker.end(callID);
+ return values;
+ } finally {
+ in.setStreamChecker(null);
+ }
+ }
+
+ private static class MyChecker implements MarshalInputStream.StreamChecker {
+ private final DeserializationChecker descriptorCheck;
+ private final Method method;
+ private final int callID;
+ private int parameterIndex;
+
+ MyChecker(DeserializationChecker descriptorCheck, Method method, int callID) {
+ this.descriptorCheck = descriptorCheck;
+ this.method = method;
+ this.callID = callID;
+ }
+
+ @Override
+ public void validateDescriptor(ObjectStreamClass descriptor) {
+ descriptorCheck.check(method, descriptor, parameterIndex, callID);
+ }
+
+ @Override
+ public void checkProxyInterfaceNames(String[] ifaces) {
+ descriptorCheck.checkProxyClass(method, ifaces, parameterIndex, callID);
+ }
+
+ void setIndex(int parameterIndex) {
+ this.parameterIndex = parameterIndex;
+ }
+
+ void end(int callId) {
+ descriptorCheck.end(callId);
+ }
+ }
}
--- a/jdk/src/java.security.jgss/share/classes/sun/security/jgss/SunProvider.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.security.jgss/share/classes/sun/security/jgss/SunProvider.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -97,8 +97,6 @@
}
}
- public static final SunProvider INSTANCE = new SunProvider();
-
public SunProvider() {
/* We are the Sun JGSS provider */
super("SunJGSS", 9.0d, INFO);
--- a/jdk/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/GSSNameElement.java Thu Apr 21 10:30:43 2016 -0700
@@ -159,7 +159,9 @@
int atPos = krbName.lastIndexOf('@');
if (atPos != -1) {
String atRealm = krbName.substring(atPos);
- if (nameType.equals(GSSUtil.NT_GSS_KRB5_PRINCIPAL)
+ // getNativeNameType() can modify NT_GSS_KRB5_PRINCIPAL to null
+ if ((nameType == null
+ || nameType.equals(GSSUtil.NT_GSS_KRB5_PRINCIPAL))
&& new String(nameBytes).endsWith(atRealm)) {
// Created from Kerberos name with realm, no need to check
} else {
--- a/jdk/src/jdk.crypto.pkcs11/share/classes/module-info.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/jdk.crypto.pkcs11/share/classes/module-info.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,6 @@
module jdk.crypto.pkcs11 {
// Depends on SunEC provider for EC related functionality
requires jdk.crypto.ec;
- // 8153371
- requires jdk.unsupported;
provides java.security.Provider with sun.security.pkcs11.SunPKCS11;
}
--- a/jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/SunPKCS11.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/SunPKCS11.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,7 +42,6 @@
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
-import sun.misc.ManagedLocalsThread;
import sun.security.util.Debug;
import sun.security.util.ResourcesMgr;
@@ -816,7 +815,7 @@
return;
}
final TokenPoller poller = new TokenPoller(this);
- Thread t = new ManagedLocalsThread(poller, "Poller " + getName());
+ Thread t = new Thread(null, poller, "Poller " + getName(), 0, false);
t.setDaemon(true);
t.setPriority(Thread.MIN_PRIORITY);
t.start();
--- a/jdk/test/java/lang/Class/GetPackageTest.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/java/lang/Class/GetPackageTest.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/**
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -52,7 +52,7 @@
assertEquals(fooClass.getClassLoader(), loader);
}
- @DataProvider(name = "testclasses")
+ @DataProvider(name = "testClasses")
public Object[][] testClasses() {
return new Object[][] {
// primitive type, void, array types
--- a/jdk/test/java/net/NetworkInterface/NetworkInterfaceStreamTest.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/java/net/NetworkInterface/NetworkInterfaceStreamTest.java Thu Apr 21 10:30:43 2016 -0700
@@ -51,7 +51,8 @@
public void testNetworkInterfaces() throws SocketException {
Supplier<Stream<NetworkInterface>> ss = () -> {
try {
- return allNetworkInterfaces();
+ return NetworkInterface.networkInterfaces()
+ .filter(ni -> isIncluded(ni));
}
catch (SocketException e) {
throw new RuntimeException(e);
--- a/jdk/test/java/security/Signature/TestInitSignWithMyOwnRandom.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/java/security/Signature/TestInitSignWithMyOwnRandom.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -55,9 +55,9 @@
int count = 0;
- public int nextInt() {
+ @Override
+ public void nextBytes(byte[] rs) {
count++;
- return 0;
}
public boolean isUsed() {
--- a/jdk/test/java/util/ServiceLoader/modules/BasicTest.java Thu Apr 21 20:08:18 2016 +0300
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,68 +0,0 @@
-/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-import java.lang.reflect.Layer;
-import java.security.Provider;
-import java.util.ServiceLoader;
-
-import org.testng.annotations.Test;
-import static org.testng.Assert.*;
-
-/*
- * @test
- * @run testng BasicTest
- * @summary Basic test of ServiceLoader with modules
- */
-
-public class BasicTest {
-
- @Test
- public void testEmptyLayer() {
- ServiceLoader<Provider> sl
- = ServiceLoader.load(Layer.empty(), Provider.class);
- assertFalse(sl.iterator().hasNext());
- }
-
- @Test
- public void testBootLayer() {
- ServiceLoader<Provider> sl
- = ServiceLoader.load(Layer.boot(), Provider.class);
- boolean found = false;
- for (Provider provider : sl) {
- if (provider.getName().equals("SunJCE"))
- found = true;
- }
- assertTrue(found);
- }
-
- @Test(expectedExceptions = { NullPointerException.class })
- public void testNullLayer() {
- ServiceLoader.load(null, Provider.class);
- }
-
- @Test(expectedExceptions = { NullPointerException.class })
- public void testNullService() {
- ServiceLoader.load(Layer.empty(), null);
- }
-
-}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/util/ServiceLoader/modules/MiscTests.java Thu Apr 21 10:30:43 2016 -0700
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.lang.reflect.Layer;
+import java.security.Provider;
+import java.util.ServiceLoader;
+
+import org.testng.annotations.Test;
+import static org.testng.Assert.*;
+
+/*
+ * @test
+ * @run testng MiscTests
+ * @summary Basic test of ServiceLoader with modules
+ */
+
+public class MiscTests {
+
+ @Test
+ public void testEmptyLayer() {
+ ServiceLoader<Provider> sl
+ = ServiceLoader.load(Layer.empty(), Provider.class);
+ assertFalse(sl.iterator().hasNext());
+ }
+
+ @Test(expectedExceptions = { NullPointerException.class })
+ public void testNullLayer() {
+ ServiceLoader.load(null, Provider.class);
+ }
+
+ @Test(expectedExceptions = { NullPointerException.class })
+ public void testNullService() {
+ ServiceLoader.load(Layer.empty(), null);
+ }
+
+}
--- a/jdk/test/sanity/client/lib/SwingSet3/README Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sanity/client/lib/SwingSet3/README Thu Apr 21 10:30:43 2016 -0700
@@ -1,4 +1,4 @@
This content of this src folder was originally taken from SwingSet3 demo project: https://java.net/projects/swingset3/.
Then it was modified to increase testability and remove extra content and extra dependencies.
-Do NOT modify files in it.
\ No newline at end of file
+This is NOT the official location of the SwingSet3 demo.
\ No newline at end of file
--- a/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/button/ButtonDemo.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/button/ButtonDemo.java Thu Apr 21 10:30:43 2016 -0700
@@ -215,7 +215,6 @@
javax.swing.SwingUtilities.invokeLater(() -> {
JFrame frame = new JFrame(DEMO_TITLE);
- frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.add(buttonDemo);
frame.pack();
frame.setVisible(true);
--- a/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/combobox/ComboBoxDemo.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/combobox/ComboBoxDemo.java Thu Apr 21 10:30:43 2016 -0700
@@ -120,7 +120,6 @@
public static void main(String[] args) {
JFrame frame = new JFrame(DEMO_TITLE);
- frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.getContentPane().add(new ComboBoxDemo());
frame.setPreferredSize(new Dimension(800, 600));
frame.pack();
--- a/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/list/ListDemo.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/list/ListDemo.java Thu Apr 21 10:30:43 2016 -0700
@@ -90,7 +90,6 @@
public static void main(String[] args) {
JFrame frame = new JFrame(DEMO_TITLE);
- frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.getContentPane().add(new ListDemo());
frame.setPreferredSize(new Dimension(800, 600));
frame.pack();
--- a/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/optionpane/OptionPaneDemo.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/optionpane/OptionPaneDemo.java Thu Apr 21 10:30:43 2016 -0700
@@ -93,7 +93,6 @@
public static void main(String[] args) {
JFrame frame = new JFrame(DEMO_TITLE);
- frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.getContentPane().add(new OptionPaneDemo());
frame.setPreferredSize(new Dimension(800, 600));
frame.pack();
--- a/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/progressbar/ProgressBarDemo.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/progressbar/ProgressBarDemo.java Thu Apr 21 10:30:43 2016 -0700
@@ -64,7 +64,6 @@
public static void main(String[] args) {
JFrame frame = new JFrame(DEMO_TITLE);
- frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.getContentPane().add(new ProgressBarDemo());
frame.setPreferredSize(new Dimension(800, 600));
frame.pack();
--- a/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/scrollpane/ScrollPaneDemo.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/scrollpane/ScrollPaneDemo.java Thu Apr 21 10:30:43 2016 -0700
@@ -64,7 +64,6 @@
public static void main(String[] args) {
JFrame frame = new JFrame(DEMO_TITLE);
- frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.getContentPane().add(new ScrollPaneDemo());
frame.setPreferredSize(new Dimension(800, 600));
frame.pack();
--- a/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/spinner/SpinnerDemo.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/spinner/SpinnerDemo.java Thu Apr 21 10:30:43 2016 -0700
@@ -58,7 +58,6 @@
public static void main(String[] args) {
JFrame frame = new JFrame(DEMO_TITLE);
- frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.getContentPane().add(new SpinnerDemo());
frame.setPreferredSize(new Dimension(800, 600));
frame.pack();
--- a/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/splitpane/SplitPaneDemo.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/splitpane/SplitPaneDemo.java Thu Apr 21 10:30:43 2016 -0700
@@ -86,7 +86,6 @@
public static void main(String[] args) {
JFrame frame = new JFrame(DEMO_TITLE);
- frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.getContentPane().add(new SplitPaneDemo());
frame.setPreferredSize(new Dimension(800, 600));
frame.pack();
--- a/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/textfield/TextFieldDemo.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/textfield/TextFieldDemo.java Thu Apr 21 10:30:43 2016 -0700
@@ -115,7 +115,6 @@
public static void main(String[] args) {
JFrame frame = new JFrame(DEMO_TITLE);
- frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.getContentPane().add(new TextFieldDemo());
frame.setPreferredSize(new Dimension(800, 600));
frame.pack();
--- a/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/togglebutton/ToggleButtonDemo.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/togglebutton/ToggleButtonDemo.java Thu Apr 21 10:30:43 2016 -0700
@@ -151,7 +151,6 @@
public static void main(String[] args) {
JFrame frame = new JFrame(ToggleButtonDemo.class.getAnnotation(DemoProperties.class).value());
- frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.getContentPane().add(new ToggleButtonDemo());
frame.setPreferredSize(new Dimension(800, 600));
frame.pack();
--- a/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/tree/TreeDemo.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/tree/TreeDemo.java Thu Apr 21 10:30:43 2016 -0700
@@ -65,7 +65,6 @@
public static void main(String[] args) {
JFrame frame = new JFrame(DEMO_TITLE);
- frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.getContentPane().add(new TreeDemo());
frame.setPreferredSize(new Dimension(800, 600));
frame.pack();
--- a/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/window/WindowDemo.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sanity/client/lib/SwingSet3/src/com/sun/swingset3/demos/window/WindowDemo.java Thu Apr 21 10:30:43 2016 -0700
@@ -150,7 +150,6 @@
JFrame frame = new JFrame();
WindowDemo demo = new WindowDemo();
frame.add(demo);
- frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.pack();
frame.setVisible(true);
demo.start();
--- a/jdk/test/sun/security/provider/DSA/TestDSA2.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sun/security/provider/DSA/TestDSA2.java Thu Apr 21 10:30:43 2016 -0700
@@ -60,8 +60,8 @@
boolean[] expectedToPass = { true, true, true, true,
true, true, true, true };
test(1024, expectedToPass);
- boolean[] expectedToPass2 = { true, true, true, true,
- true, true, true, true };
+ boolean[] expectedToPass2 = { true, false, true, true,
+ true, false, true, true };
test(2048, expectedToPass2);
}
--- a/jdk/test/sun/security/rsa/SpecTest.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sun/security/rsa/SpecTest.java Thu Apr 21 10:30:43 2016 -0700
@@ -20,32 +20,32 @@
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
+
+/**
+ * @test
+ * @bug 8044199 8137231
+ * @key intermittent
+ * @summary Check same KeyPair's private key and public key have same modulus.
+ * also check public key's public exponent equals to given spec's public
+ * exponent. Only key size 1024 is tested with RSAKeyGenParameterSpec.F0 (3).
+ * @run main SpecTest 512
+ * @run main SpecTest 768
+ * @run main SpecTest 1024
+ * @run main SpecTest 1024 3
+ * @run main SpecTest 2048
+ * @run main/timeout=240 SpecTest 4096
+ * @run main/timeout=240 SpecTest 5120
+ */
import java.math.BigInteger;
-import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAKeyGenParameterSpec;
-/**
- * @test
- * @bug 8044199
- * @key intermittent
- * @summary Check same KeyPair's private key and public key have same modulus.
- * also check public key's public exponent equals to given spec's public
- * exponent.
- * @run main SpecTest 512
- * @run main SpecTest 768
- * @run main SpecTest 1024
- * @run main SpecTest 2048
- * @run main/timeout=240 SpecTest 4096
- * @run main/timeout=240 SpecTest 5120
- */
public class SpecTest {
+
/**
* ALGORITHM name, fixed as RSA.
*/
@@ -70,14 +70,14 @@
// test the getModulus method
if ((priv instanceof RSAKey) && (pub instanceof RSAKey)) {
if (!priv.getModulus().equals(pub.getModulus())) {
- System.err.println("priv.getModulus() = " + priv.getModulus());
- System.err.println("pub.getModulus() = " + pub.getModulus());
+ System.out.println("priv.getModulus() = " + priv.getModulus());
+ System.out.println("pub.getModulus() = " + pub.getModulus());
passed = false;
}
if (!pubExponent.equals(pub.getPublicExponent())) {
- System.err.println("pubExponent = " + pubExponent);
- System.err.println("pub.getPublicExponent() = "
+ System.out.println("pubExponent = " + pubExponent);
+ System.out.println("pub.getPublicExponent() = "
+ pub.getPublicExponent());
passed = false;
}
@@ -85,36 +85,26 @@
return passed;
}
- public static void main(String[] args) {
- int failCount = 0;
+ public static void main(String[] args) throws Exception {
- // Test key size.
- int size = Integer.parseInt(args[0]);
+ int size = 0;
- try {
- KeyPairGenerator kpg1 = KeyPairGenerator.getInstance(KEYALG, PROVIDER);
- kpg1.initialize(new RSAKeyGenParameterSpec(size,
- RSAKeyGenParameterSpec.F4));
- if (!specTest(kpg1.generateKeyPair(),
- RSAKeyGenParameterSpec.F4)) {
- failCount++;
- }
-
- KeyPairGenerator kpg2 = KeyPairGenerator.getInstance(KEYALG, PROVIDER);
- kpg2.initialize(new RSAKeyGenParameterSpec(size,
- RSAKeyGenParameterSpec.F0));
- if (!specTest(kpg2.generateKeyPair(), RSAKeyGenParameterSpec.F0)) {
- failCount++;
- }
- } catch (NoSuchAlgorithmException | NoSuchProviderException
- | InvalidAlgorithmParameterException ex) {
- ex.printStackTrace(System.err);
- failCount++;
+ if (args.length >= 1) {
+ size = Integer.parseInt(args[0]);
+ } else {
+ throw new RuntimeException("Missing keysize to test with");
}
- if (failCount != 0) {
- throw new RuntimeException("There are " + failCount
- + " tests failed.");
+ BigInteger publicExponent
+ = (args.length >= 2) ? new BigInteger(args[1]) : RSAKeyGenParameterSpec.F4;
+
+ System.out.println("Running test with key size: " + size
+ + " and public exponent: " + publicExponent);
+
+ KeyPairGenerator kpg1 = KeyPairGenerator.getInstance(KEYALG, PROVIDER);
+ kpg1.initialize(new RSAKeyGenParameterSpec(size, publicExponent));
+ if (!specTest(kpg1.generateKeyPair(), publicExponent)) {
+ throw new RuntimeException("Test failed.");
}
}
}
--- a/jdk/test/sun/security/ssl/SSLContextImpl/MD2InTrustAnchor.java Thu Apr 21 20:08:18 2016 +0300
+++ b/jdk/test/sun/security/ssl/SSLContextImpl/MD2InTrustAnchor.java Thu Apr 21 10:30:43 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -37,106 +37,88 @@
* @run main/othervm MD2InTrustAnchor PKIX TLSv1.2
* @run main/othervm MD2InTrustAnchor SunX509 TLSv1.2
*/
-
-import java.net.*;
-import java.util.*;
-import java.io.*;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.io.OutputStream;
import javax.net.ssl.*;
import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
-import java.security.spec.*;
-import java.security.interfaces.*;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
+import java.util.concurrent.CountDownLatch;
public class MD2InTrustAnchor {
/*
- * =============================================================
- * Set the various variables needed for the tests, then
- * specify what tests to run on each side.
- */
-
- /*
- * Should we run the client or server in a separate thread?
- * Both sides can throw exceptions, but do you have a preference
- * as to which side should be the main thread.
- */
- static boolean separateServerThread = false;
-
- /*
* Certificates and key used in the test.
*/
-
// It's a trust anchor signed with MD2 hash function.
- static String trustedCertStr =
- "-----BEGIN CERTIFICATE-----\n" +
- "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJVUzEN\n" +
- "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
- "MTExMTE4MTExNDA0WhcNMzIxMDI4MTExNDA0WjA7MQswCQYDVQQGEwJVUzENMAsG\n" +
- "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" +
- "KoZIhvcNAQEBBQADgY0AMIGJAoGBAPGyB9tugUGgxtdeqe0qJEwf9x1Gy4BOi1yR\n" +
- "wzDZY4H5LquvIfQ2V3J9X1MQENVsFvkvp65ZcFcy+ObOucXUUPFcd/iw2DVb5QXA\n" +
- "ffyeVqWD56GPi8Qe37wrJO3L6fBhN9oxp/BbdRLgjU81zx8qLEyPODhPMxV4OkcA\n" +
- "SDwZTSxxAgMBAAGjgaUwgaIwHQYDVR0OBBYEFLOAtr/YrYj9H04EDLA0fd14jisF\n" +
- "MGMGA1UdIwRcMFqAFLOAtr/YrYj9H04EDLA0fd14jisFoT+kPTA7MQswCQYDVQQG\n" +
- "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" +
- "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC\n" +
- "BQADgYEAr8ExpXu/FTIRiMzPm0ubqwME4lniilwQUiEOD/4DbksNjEIcUyS2hIk1\n" +
- "qsmjJz3SHBnwhxl9dhJVwk2tZLkPGW86Zn0TPVRsttK4inTgCC9GFGeqQBdrU/uf\n" +
- "lipBzXWljrfbg4N/kK8m2LabtKUMMnGysM8rN0Fx2PYm5xxGvtM=\n" +
- "-----END CERTIFICATE-----";
+ private static final String TRUSTED_CERT_STR = "-----BEGIN CERTIFICATE-----\n"
+ + "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJVUzEN\n"
+ + "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n"
+ + "MTExMTE4MTExNDA0WhcNMzIxMDI4MTExNDA0WjA7MQswCQYDVQQGEwJVUzENMAsG\n"
+ + "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n"
+ + "KoZIhvcNAQEBBQADgY0AMIGJAoGBAPGyB9tugUGgxtdeqe0qJEwf9x1Gy4BOi1yR\n"
+ + "wzDZY4H5LquvIfQ2V3J9X1MQENVsFvkvp65ZcFcy+ObOucXUUPFcd/iw2DVb5QXA\n"
+ + "ffyeVqWD56GPi8Qe37wrJO3L6fBhN9oxp/BbdRLgjU81zx8qLEyPODhPMxV4OkcA\n"
+ + "SDwZTSxxAgMBAAGjgaUwgaIwHQYDVR0OBBYEFLOAtr/YrYj9H04EDLA0fd14jisF\n"
+ + "MGMGA1UdIwRcMFqAFLOAtr/YrYj9H04EDLA0fd14jisFoT+kPTA7MQswCQYDVQQG\n"
+ + "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n"
+ + "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC\n"
+ + "BQADgYEAr8ExpXu/FTIRiMzPm0ubqwME4lniilwQUiEOD/4DbksNjEIcUyS2hIk1\n"
+ + "qsmjJz3SHBnwhxl9dhJVwk2tZLkPGW86Zn0TPVRsttK4inTgCC9GFGeqQBdrU/uf\n"
+ + "lipBzXWljrfbg4N/kK8m2LabtKUMMnGysM8rN0Fx2PYm5xxGvtM=\n"
+ + "-----END CERTIFICATE-----";
// The certificate issued by above trust anchor, signed with MD5
- static String targetCertStr =
- "-----BEGIN CERTIFICATE-----\n" +
- "MIICeDCCAeGgAwIBAgIBAjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
- "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
- "MTExMTE4MTExNDA2WhcNMzEwODA1MTExNDA2WjBPMQswCQYDVQQGEwJVUzENMAsG\n" +
- "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEjAQBgNV\n" +
- "BAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwDnm96mw\n" +
- "fXCH4bgXk1US0VcJsQVxUtGMyncAveMuzBzNzOmKZPeqyYX1Fuh4q+cuza03WTJd\n" +
- "G9nOkNr364e3Rn1aaHjCMcBmFflObnGnhhufNmIGYogJ9dJPmhUVPEVAXrMG+Ces\n" +
- "NKy2E8woGnLMrqu6yiuTClbLBPK8fWzTXrECAwEAAaN4MHYwCwYDVR0PBAQDAgPo\n" +
- "MB0GA1UdDgQWBBSdRrpocLPJXyGfDmMWJrcEf29WGDAfBgNVHSMEGDAWgBSzgLa/\n" +
- "2K2I/R9OBAywNH3deI4rBTAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIG\n" +
- "CCsGAQUFBwMDMA0GCSqGSIb3DQEBBAUAA4GBAKJ71ZiCUykkJrCLYUxlFlhvUcr9\n" +
- "sTcOc67QdroW5f412NI15SXWDiley/JOasIiuIFPjaJBjOKoHOvTjG/snVu9wEgq\n" +
- "YNR8dPsO+NM8r79C6jO+Jx5fYAC7os2XxS75h3NX0ElJcbwIXGBJ6xRrsFh/BGYH\n" +
- "yvudOlX4BkVR0l1K\n" +
- "-----END CERTIFICATE-----";
+ private static final String TARGET_CERT_STR = "-----BEGIN CERTIFICATE-----\n"
+ + "MIICeDCCAeGgAwIBAgIBAjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n"
+ + "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n"
+ + "MTExMTE4MTExNDA2WhcNMzEwODA1MTExNDA2WjBPMQswCQYDVQQGEwJVUzENMAsG\n"
+ + "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEjAQBgNV\n"
+ + "BAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwDnm96mw\n"
+ + "fXCH4bgXk1US0VcJsQVxUtGMyncAveMuzBzNzOmKZPeqyYX1Fuh4q+cuza03WTJd\n"
+ + "G9nOkNr364e3Rn1aaHjCMcBmFflObnGnhhufNmIGYogJ9dJPmhUVPEVAXrMG+Ces\n"
+ + "NKy2E8woGnLMrqu6yiuTClbLBPK8fWzTXrECAwEAAaN4MHYwCwYDVR0PBAQDAgPo\n"
+ + "MB0GA1UdDgQWBBSdRrpocLPJXyGfDmMWJrcEf29WGDAfBgNVHSMEGDAWgBSzgLa/\n"
+ + "2K2I/R9OBAywNH3deI4rBTAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIG\n"
+ + "CCsGAQUFBwMDMA0GCSqGSIb3DQEBBAUAA4GBAKJ71ZiCUykkJrCLYUxlFlhvUcr9\n"
+ + "sTcOc67QdroW5f412NI15SXWDiley/JOasIiuIFPjaJBjOKoHOvTjG/snVu9wEgq\n"
+ + "YNR8dPsO+NM8r79C6jO+Jx5fYAC7os2XxS75h3NX0ElJcbwIXGBJ6xRrsFh/BGYH\n"
+ + "yvudOlX4BkVR0l1K\n"
+ + "-----END CERTIFICATE-----";
// Private key in the format of PKCS#8.
- static String targetPrivateKey =
- "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMA55vepsH1wh+G4\n" +
- "F5NVEtFXCbEFcVLRjMp3AL3jLswczczpimT3qsmF9RboeKvnLs2tN1kyXRvZzpDa\n" +
- "9+uHt0Z9Wmh4wjHAZhX5Tm5xp4YbnzZiBmKICfXST5oVFTxFQF6zBvgnrDSsthPM\n" +
- "KBpyzK6rusorkwpWywTyvH1s016xAgMBAAECgYEAn9bF3oRkdDoBU0i/mcww5I+K\n" +
- "SH9tFt+WQbiojjz9ac49trkvUfu7MO1Jui2+QbrvaSkyj+HYGFOJd1wMsPXeB7ck\n" +
- "5mOIYV4uZK8jfNMSQ8v0tFEeIPp5lKdw1XnrQfSe+abo2eL5Lwso437Y4s3w37+H\n" +
- "aY3d76hR5qly+Ys+Ww0CQQDjeOoX89d/xhRqGXKjCx8ImE/dPmsI8O27cwtKrDYJ\n" +
- "6t0v/xryVIdvOYcRBvKnqEogOH7T1kI+LnWKUTJ2ehJ7AkEA2FVloPVqCehXcc7e\n" +
- "z3TDpU9w1B0JXklcV5HddYsRqp9RukN/VK4szKE7F1yoarIUtfE9Lr9082Jwyp3M\n" +
- "L11xwwJBAKsZ+Hur3x0tUY29No2Nf/pnFyvEF57SGwA0uPmiL8Ol9lpz+UDudDEl\n" +
- "hIM6Rqv12kwCMuQE9i7vo1o3WU3k5KECQEqhg1L49yD935TqiiFFpe0Ur9btQXse\n" +
- "kdXAA4d2d5zGI7q/aGD9SYU6phkUJSHR16VA2RuUfzMrpb+wmm1IrmMCQFtLoKRT\n" +
- "A5kokFb+E3Gplu29tJvCUpfwgBFRS+wmkvtiaU/tiyDcVgDO+An5DwedxxdVzqiE\n" +
- "njWHoKY3axDQ8OU=\n";
+ private static final String TARGET_PRIV_KEY_STR = "MIICdwIBADANBgkqhkiG9w0B\n"
+ + "AQEFAASCAmEwggJdAgEAAoGBAMA55vepsH1wh+G4F5NVEtFXCbEFcVLRjMp3AL3j\n"
+ + "LswczczpimT3qsmF9RboeKvnLs2tN1kyXRvZzpDa9+uHt0Z9Wmh4wjHAZhX5Tm5x\n"
+ + "p4YbnzZiBmKICfXST5oVFTxFQF6zBvgnrDSsthPMKBpyzK6rusorkwpWywTyvH1s\n"
+ + "016xAgMBAAECgYEAn9bF3oRkdDoBU0i/mcww5I+KSH9tFt+WQbiojjz9ac49trkv\n"
+ + "Ufu7MO1Jui2+QbrvaSkyj+HYGFOJd1wMsPXeB7ck5mOIYV4uZK8jfNMSQ8v0tFEe\n"
+ + "IPp5lKdw1XnrQfSe+abo2eL5Lwso437Y4s3w37+HaY3d76hR5qly+Ys+Ww0CQQDj\n"
+ + "eOoX89d/xhRqGXKjCx8ImE/dPmsI8O27cwtKrDYJ6t0v/xryVIdvOYcRBvKnqEog\n"
+ + "OH7T1kI+LnWKUTJ2ehJ7AkEA2FVloPVqCehXcc7ez3TDpU9w1B0JXklcV5HddYsR\n"
+ + "qp9RukN/VK4szKE7F1yoarIUtfE9Lr9082Jwyp3ML11xwwJBAKsZ+Hur3x0tUY29\n"
+ + "No2Nf/pnFyvEF57SGwA0uPmiL8Ol9lpz+UDudDElhIM6Rqv12kwCMuQE9i7vo1o3\n"
+ + "WU3k5KECQEqhg1L49yD935TqiiFFpe0Ur9btQXsekdXAA4d2d5zGI7q/aGD9SYU6\n"
+ + "phkUJSHR16VA2RuUfzMrpb+wmm1IrmMCQFtLoKRTA5kokFb+E3Gplu29tJvCUpfw\n"
+ + "gBFRS+wmkvtiaU/tiyDcVgDO+An5DwedxxdVzqiEnjWHoKY3axDQ8OU=";
-
- static char passphrase[] = "passphrase".toCharArray();
+ private static final char PASSPHRASE[] = "passphrase".toCharArray();
/*
* Is the server ready to serve?
*/
- volatile static boolean serverReady = false;
+ private static volatile CountDownLatch sync = new CountDownLatch(1);
/*
* Turn on SSL debugging?
*/
- static boolean debug = false;
+ private static final boolean DEBUG = false;
/*
* Define the server side of the test.
@@ -144,29 +126,30 @@
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
- void doServerSide() throws Exception {
- SSLContext context = generateSSLContext(trustedCertStr, targetCertStr,
- targetPrivateKey);
+ private void doServerSide() throws Exception {
+ SSLContext context = generateSSLContext(TRUSTED_CERT_STR, TARGET_CERT_STR,
+ TARGET_PRIV_KEY_STR);
SSLServerSocketFactory sslssf = context.getServerSocketFactory();
- SSLServerSocket sslServerSocket =
- (SSLServerSocket)sslssf.createServerSocket(serverPort);
- sslServerSocket.setNeedClientAuth(true);
- serverPort = sslServerSocket.getLocalPort();
+ try (SSLServerSocket sslServerSocket
+ = (SSLServerSocket) sslssf.createServerSocket(serverPort)) {
+ sslServerSocket.setNeedClientAuth(true);
+ serverPort = sslServerSocket.getLocalPort();
+ /*
+ * Signal Client, we're ready for his connect.
+ */
+ System.out.println("Signal server ready");
+ sync.countDown();
- /*
- * Signal Client, we're ready for his connect.
- */
- serverReady = true;
+ System.out.println("Waiting for client connection");
+ try (SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept()) {
+ InputStream sslIS = sslSocket.getInputStream();
+ OutputStream sslOS = sslSocket.getOutputStream();
- SSLSocket sslSocket = (SSLSocket)sslServerSocket.accept();
- InputStream sslIS = sslSocket.getInputStream();
- OutputStream sslOS = sslSocket.getOutputStream();
-
- sslIS.read();
- sslOS.write('A');
- sslOS.flush();
-
- sslSocket.close();
+ sslIS.read();
+ sslOS.write('A');
+ sslOS.flush();
+ }
+ }
}
/*
@@ -175,33 +158,31 @@
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
- void doClientSide() throws Exception {
+ private void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
- while (!serverReady) {
- Thread.sleep(50);
- }
+ System.out.println("Waiting for server ready");
+ sync.await();
- SSLContext context = generateSSLContext(trustedCertStr, targetCertStr,
- targetPrivateKey);
+ SSLContext context = generateSSLContext(TRUSTED_CERT_STR, TARGET_CERT_STR,
+ TARGET_PRIV_KEY_STR);
SSLSocketFactory sslsf = context.getSocketFactory();
- SSLSocket sslSocket =
- (SSLSocket)sslsf.createSocket("localhost", serverPort);
-
- // enable the specified TLS protocol
- sslSocket.setEnabledProtocols(new String[] {tlsProtocol});
+ System.out.println("Connect to server on port: " + serverPort);
+ try (SSLSocket sslSocket
+ = (SSLSocket) sslsf.createSocket("localhost", serverPort)) {
+ // enable the specified TLS protocol
+ sslSocket.setEnabledProtocols(new String[]{tlsProtocol});
- InputStream sslIS = sslSocket.getInputStream();
- OutputStream sslOS = sslSocket.getOutputStream();
+ InputStream sslIS = sslSocket.getInputStream();
+ OutputStream sslOS = sslSocket.getOutputStream();
- sslOS.write('B');
- sslOS.flush();
- sslIS.read();
-
- sslSocket.close();
+ sslOS.write('B');
+ sslOS.flush();
+ sslIS.read();
+ }
}
/*
@@ -240,10 +221,10 @@
if (keyCertStr != null) {
// generate the private key.
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
- Base64.getMimeDecoder().decode(keySpecStr));
+ Base64.getMimeDecoder().decode(keySpecStr));
KeyFactory kf = KeyFactory.getInstance("RSA");
- RSAPrivateKey priKey =
- (RSAPrivateKey)kf.generatePrivate(priKeySpec);
+ RSAPrivateKey priKey
+ = (RSAPrivateKey) kf.generatePrivate(priKeySpec);
// generate certificate chain
is = new ByteArrayInputStream(keyCertStr.getBytes());
@@ -257,7 +238,7 @@
chain[0] = keyCert;
// import the key entry.
- ks.setKeyEntry("Whatever", priKey, passphrase, chain);
+ ks.setKeyEntry("Whatever", priKey, PASSPHRASE, chain);
}
// create SSL context
@@ -267,7 +248,7 @@
SSLContext ctx = SSLContext.getInstance(tlsProtocol);
if (keyCertStr != null && !keyCertStr.isEmpty()) {
KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
- kmf.init(ks, passphrase);
+ kmf.init(ks, PASSPHRASE);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
ks = null;
@@ -278,12 +259,10 @@
return ctx;
}
+ // use any free port by default
+ private volatile int serverPort = 0;
- // use any free port by default
- volatile int serverPort = 0;
-
- volatile Exception serverException = null;
- volatile Exception clientException = null;
+ private volatile Exception serverException = null;
public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
@@ -292,140 +271,61 @@
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
- if (debug)
+ if (DEBUG) {
System.setProperty("javax.net.debug", "all");
+ }
/*
* Get the customized arguments.
*/
parseArguments(args);
-
/*
* Start the tests.
*/
- new MD2InTrustAnchor();
+ new MD2InTrustAnchor().runTest();
}
- Thread clientThread = null;
- Thread serverThread = null;
+ private Thread serverThread = null;
/*
- * Primary constructor, used to drive remainder of the test.
+ * Used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
- MD2InTrustAnchor() throws Exception {
- try {
- if (separateServerThread) {
- startServer(true);
- startClient(false);
- } else {
- startClient(true);
- startServer(false);
- }
- } catch (Exception e) {
- // swallow for now. Show later
- }
+ public void runTest() throws Exception {
+ startServerThread();
+ doClientSide();
/*
* Wait for other side to close down.
*/
- if (separateServerThread) {
- serverThread.join();
- } else {
- clientThread.join();
- }
-
- /*
- * When we get here, the test is pretty much over.
- * Which side threw the error?
- */
- Exception local;
- Exception remote;
- String whichRemote;
+ serverThread.join();
- if (separateServerThread) {
- remote = serverException;
- local = clientException;
- whichRemote = "server";
- } else {
- remote = clientException;
- local = serverException;
- whichRemote = "client";
- }
-
- /*
- * If both failed, return the curthread's exception, but also
- * print the remote side Exception
- */
- if ((local != null) && (remote != null)) {
- System.out.println(whichRemote + " also threw:");
- remote.printStackTrace();
- System.out.println();
- throw local;
- }
-
- if (remote != null) {
- throw remote;
- }
-
- if (local != null) {
- throw local;
+ if (serverException != null) {
+ throw serverException;
}
}
- void startServer(boolean newThread) throws Exception {
- if (newThread) {
- serverThread = new Thread() {
- public void run() {
- try {
- doServerSide();
- } catch (Exception e) {
- /*
- * Our server thread just died.
- *
- * Release the client, if not active already...
- */
- System.err.println("Server died...");
- serverReady = true;
- serverException = e;
- }
+ private void startServerThread() {
+ serverThread = new Thread() {
+ @Override
+ public void run() {
+ try {
+ doServerSide();
+ } catch (Exception e) {
+ /*
+ * Our server thread just died.
+ *
+ * Release the client, if not active already...
+ */
+ System.err.println("Server died...");
+ e.printStackTrace(System.out);
+ serverException = e;
+ sync.countDown();
}
- };
- serverThread.start();
- } else {
- try {
- doServerSide();
- } catch (Exception e) {
- serverException = e;
- } finally {
- serverReady = true;
}
- }
- }
+ };
- void startClient(boolean newThread) throws Exception {
- if (newThread) {
- clientThread = new Thread() {
- public void run() {
- try {
- doClientSide();
- } catch (Exception e) {
- /*
- * Our client thread just died.
- */
- System.err.println("Client died...");
- clientException = e;
- }
- }
- };
- clientThread.start();
- } else {
- try {
- doClientSide();
- } catch (Exception e) {
- clientException = e;
- }
- }
+ serverThread.start();
}
}