--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java Sun Nov 29 15:24:32 2009 -0800
@@ -26,6 +26,7 @@
package com.sun.jmx.mbeanserver;
import java.lang.annotation.Annotation;
+import java.lang.ref.SoftReference;
import java.lang.reflect.AnnotatedElement;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
@@ -33,8 +34,13 @@
import java.lang.reflect.Proxy;
import java.lang.reflect.UndeclaredThrowableException;
import java.util.Arrays;
+import java.util.Collections;
import java.util.HashMap;
+import java.util.List;
+import java.util.LinkedList;
+import java.util.Locale;
import java.util.Map;
+import java.util.WeakHashMap;
import javax.management.Descriptor;
import javax.management.DescriptorKey;
@@ -506,11 +512,25 @@
} else {
// Java Beans introspection
//
- BeanInfo bi = java.beans.Introspector.getBeanInfo(complex.getClass());
- PropertyDescriptor[] pds = bi.getPropertyDescriptors();
- for (PropertyDescriptor pd : pds)
- if (pd.getName().equals(element))
- return pd.getReadMethod().invoke(complex);
+ Class<?> clazz = complex.getClass();
+ Method readMethod = null;
+ if (BeansHelper.isAvailable()) {
+ Object bi = BeansHelper.getBeanInfo(clazz);
+ Object[] pds = BeansHelper.getPropertyDescriptors(bi);
+ for (Object pd: pds) {
+ if (BeansHelper.getPropertyName(pd).equals(element)) {
+ readMethod = BeansHelper.getReadMethod(pd);
+ break;
+ }
+ }
+ } else {
+ // Java Beans not available so use simple introspection
+ // to locate method
+ readMethod = SimpleIntrospector.getReadMethod(clazz, element);
+ }
+ if (readMethod != null)
+ return readMethod.invoke(complex);
+
throw new AttributeNotFoundException(
"Could not find the getter method for the property " +
element + " using the Java Beans introspector");
@@ -524,4 +544,235 @@
new AttributeNotFoundException(e.getMessage()), e);
}
}
+
+ /**
+ * A simple introspector that uses reflection to analyze a class and
+ * identify its "getter" methods. This class is intended for use only when
+ * Java Beans is not present (which implies that there isn't explicit
+ * information about the bean available).
+ */
+ private static class SimpleIntrospector {
+ private SimpleIntrospector() { }
+
+ private static final String GET_METHOD_PREFIX = "get";
+ private static final String IS_METHOD_PREFIX = "is";
+
+ // cache to avoid repeated lookups
+ private static final Map<Class<?>,SoftReference<List<Method>>> cache =
+ Collections.synchronizedMap(
+ new WeakHashMap<Class<?>,SoftReference<List<Method>>> ());
+
+ /**
+ * Returns the list of methods cached for the given class, or {@code null}
+ * if not cached.
+ */
+ private static List<Method> getCachedMethods(Class<?> clazz) {
+ // return cached methods if possible
+ SoftReference<List<Method>> ref = cache.get(clazz);
+ if (ref != null) {
+ List<Method> cached = ref.get();
+ if (cached != null)
+ return cached;
+ }
+ return null;
+ }
+
+ /**
+ * Returns {@code true} if the given method is a "getter" method (where
+ * "getter" method is a public method of the form getXXX or "boolean
+ * isXXX")
+ */
+ static boolean isReadMethod(Method method) {
+ // ignore static methods
+ int modifiers = method.getModifiers();
+ if (Modifier.isStatic(modifiers))
+ return false;
+
+ String name = method.getName();
+ Class<?>[] paramTypes = method.getParameterTypes();
+ int paramCount = paramTypes.length;
+
+ if (paramCount == 0 && name.length() > 2) {
+ // boolean isXXX()
+ if (name.startsWith(IS_METHOD_PREFIX))
+ return (method.getReturnType() == boolean.class);
+ // getXXX()
+ if (name.length() > 3 && name.startsWith(GET_METHOD_PREFIX))
+ return (method.getReturnType() != void.class);
+ }
+ return false;
+ }
+
+ /**
+ * Returns the list of "getter" methods for the given class. The list
+ * is ordered so that isXXX methods appear before getXXX methods - this
+ * is for compatability with the JavaBeans Introspector.
+ */
+ static List<Method> getReadMethods(Class<?> clazz) {
+ // return cached result if available
+ List<Method> cachedResult = getCachedMethods(clazz);
+ if (cachedResult != null)
+ return cachedResult;
+
+ // get list of public methods, filtering out methods that have
+ // been overridden to return a more specific type.
+ List<Method> methods =
+ StandardMBeanIntrospector.getInstance().getMethods(clazz);
+ methods = MBeanAnalyzer.eliminateCovariantMethods(methods);
+
+ // filter out the non-getter methods
+ List<Method> result = new LinkedList<Method>();
+ for (Method m: methods) {
+ if (isReadMethod(m)) {
+ // favor isXXX over getXXX
+ if (m.getName().startsWith(IS_METHOD_PREFIX)) {
+ result.add(0, m);
+ } else {
+ result.add(m);
+ }
+ }
+ }
+
+ // add result to cache
+ cache.put(clazz, new SoftReference<List<Method>>(result));
+
+ return result;
+ }
+
+ /**
+ * Returns the "getter" to read the given property from the given class or
+ * {@code null} if no method is found.
+ */
+ static Method getReadMethod(Class<?> clazz, String property) {
+ // first character in uppercase (compatability with JavaBeans)
+ property = property.substring(0, 1).toUpperCase(Locale.ENGLISH) +
+ property.substring(1);
+ String getMethod = GET_METHOD_PREFIX + property;
+ String isMethod = IS_METHOD_PREFIX + property;
+ for (Method m: getReadMethods(clazz)) {
+ String name = m.getName();
+ if (name.equals(isMethod) || name.equals(getMethod)) {
+ return m;
+ }
+ }
+ return null;
+ }
+ }
+
+ /**
+ * A class that provides access to the JavaBeans Introspector and
+ * PropertyDescriptors without creating a static dependency on java.beans.
+ */
+ private static class BeansHelper {
+ private static final Class<?> introspectorClass =
+ getClass("java.beans.Introspector");
+ private static final Class<?> beanInfoClass =
+ (introspectorClass == null) ? null : getClass("java.beans.BeanInfo");
+ private static final Class<?> getPropertyDescriptorClass =
+ (beanInfoClass == null) ? null : getClass("java.beans.PropertyDescriptor");
+
+ private static final Method getBeanInfo =
+ getMethod(introspectorClass, "getBeanInfo", Class.class);
+ private static final Method getPropertyDescriptors =
+ getMethod(beanInfoClass, "getPropertyDescriptors");
+ private static final Method getPropertyName =
+ getMethod(getPropertyDescriptorClass, "getName");
+ private static final Method getReadMethod =
+ getMethod(getPropertyDescriptorClass, "getReadMethod");
+
+ private static Class<?> getClass(String name) {
+ try {
+ return Class.forName(name, true, null);
+ } catch (ClassNotFoundException e) {
+ return null;
+ }
+ }
+ private static Method getMethod(Class<?> clazz,
+ String name,
+ Class<?>... paramTypes)
+ {
+ if (clazz != null) {
+ try {
+ return clazz.getMethod(name, paramTypes);
+ } catch (NoSuchMethodException e) {
+ throw new AssertionError(e);
+ }
+ } else {
+ return null;
+ }
+ }
+
+ private BeansHelper() { }
+
+ /**
+ * Returns {@code true} if java.beans is available.
+ */
+ static boolean isAvailable() {
+ return introspectorClass != null;
+ }
+
+ /**
+ * Invokes java.beans.Introspector.getBeanInfo(Class)
+ */
+ static Object getBeanInfo(Class<?> clazz) throws Exception {
+ try {
+ return getBeanInfo.invoke(null, clazz);
+ } catch (InvocationTargetException e) {
+ Throwable cause = e.getCause();
+ if (cause instanceof Exception)
+ throw (Exception)cause;
+ throw new AssertionError(e);
+ } catch (IllegalAccessException iae) {
+ throw new AssertionError(iae);
+ }
+ }
+
+ /**
+ * Invokes java.beans.BeanInfo.getPropertyDescriptors()
+ */
+ static Object[] getPropertyDescriptors(Object bi) {
+ try {
+ return (Object[])getPropertyDescriptors.invoke(bi);
+ } catch (InvocationTargetException e) {
+ Throwable cause = e.getCause();
+ if (cause instanceof RuntimeException)
+ throw (RuntimeException)cause;
+ throw new AssertionError(e);
+ } catch (IllegalAccessException iae) {
+ throw new AssertionError(iae);
+ }
+ }
+
+ /**
+ * Invokes java.beans.PropertyDescriptor.getName()
+ */
+ static String getPropertyName(Object pd) {
+ try {
+ return (String)getPropertyName.invoke(pd);
+ } catch (InvocationTargetException e) {
+ Throwable cause = e.getCause();
+ if (cause instanceof RuntimeException)
+ throw (RuntimeException)cause;
+ throw new AssertionError(e);
+ } catch (IllegalAccessException iae) {
+ throw new AssertionError(iae);
+ }
+ }
+
+ /**
+ * Invokes java.beans.PropertyDescriptor.getReadMethod()
+ */
+ static Method getReadMethod(Object pd) {
+ try {
+ return (Method)getReadMethod.invoke(pd);
+ } catch (InvocationTargetException e) {
+ Throwable cause = e.getCause();
+ if (cause instanceof RuntimeException)
+ throw (RuntimeException)cause;
+ throw new AssertionError(e);
+ } catch (IllegalAccessException iae) {
+ throw new AssertionError(iae);
+ }
+ }
+ }
}
--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanIntrospector.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanIntrospector.java Sun Nov 29 15:24:32 2009 -0800
@@ -175,7 +175,7 @@
/**
* Get the methods to be analyzed to build the MBean interface.
*/
- List<Method> getMethods(final Class<?> mbeanType) throws Exception {
+ List<Method> getMethods(final Class<?> mbeanType) {
return Arrays.asList(mbeanType.getMethods());
}
--- a/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java Sun Nov 29 15:24:32 2009 -0800
@@ -99,4 +99,58 @@
*/
public Object inquireSecContext(InquireType type)
throws GSSException;
+
+ /**
+ * Requests that the delegation policy be respected. When a true value is
+ * requested, the underlying context would use the delegation policy
+ * defined by the environment as a hint to determine whether credentials
+ * delegation should be performed. This request can only be made on the
+ * context initiator's side and it has to be done prior to the first
+ * call to <code>initSecContext</code>.
+ * <p>
+ * When this flag is false, delegation will only be tried when the
+ * {@link GSSContext#requestCredDeleg(boolean) credentials delegation flag}
+ * is true.
+ * <p>
+ * When this flag is true but the
+ * {@link GSSContext#requestCredDeleg(boolean) credentials delegation flag}
+ * is false, delegation will be only tried if the delegation policy permits
+ * delegation.
+ * <p>
+ * When both this flag and the
+ * {@link GSSContext#requestCredDeleg(boolean) credentials delegation flag}
+ * are true, delegation will be always tried. However, if the delegation
+ * policy does not permit delegation, the value of
+ * {@link #getDelegPolicyState} will be false, even
+ * if delegation is performed successfully.
+ * <p>
+ * In any case, if the delegation is not successful, the value returned
+ * by {@link GSSContext#getCredDelegState()} is false, and the value
+ * returned by {@link #getDelegPolicyState()} is also false.
+ * <p>
+ * Not all mechanisms support delegation policy. Therefore, the
+ * application should check to see if the request was honored with the
+ * {@link #getDelegPolicyState() getDelegPolicyState} method. When
+ * delegation policy is not supported, <code>requestDelegPolicy</code>
+ * should return silently without throwing an exception.
+ * <p>
+ * Note: for the Kerberos 5 mechanism, the delegation policy is expressed
+ * through the OK-AS-DELEGATE flag in the service ticket. When it's true,
+ * the KDC permits delegation to the target server. In a cross-realm
+ * environment, in order for delegation be permitted, all cross-realm TGTs
+ * on the authentication path must also have the OK-AS-DELAGATE flags set.
+ * @param state true if the policy should be respected
+ * @throws GSSException containing the following
+ * major error codes:
+ * {@link GSSException#FAILURE GSSException.FAILURE}
+ */
+ public void requestDelegPolicy(boolean state) throws GSSException;
+
+ /**
+ * Returns the delegation policy response. Called after a security context
+ * is established. This method can be only called on the initiator's side.
+ * See {@link ExtendedGSSContext#requestDelegPolicy}.
+ * @return the delegation policy response
+ */
+ public boolean getDelegPolicyState();
}
--- a/jdk/src/share/classes/com/sun/tools/hat/internal/model/JavaStatic.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/com/sun/tools/hat/internal/model/JavaStatic.java Sun Nov 29 15:24:32 2009 -0800
@@ -57,7 +57,10 @@
id = ((JavaObjectRef)value).getId();
}
value = value.dereference(snapshot, field);
- if (value.isHeapAllocated()) {
+ if (value.isHeapAllocated() &&
+ clazz.getLoader() == snapshot.getNullThing()) {
+ // static fields are only roots if they are in classes
+ // loaded by the root classloader.
JavaHeapObject ho = (JavaHeapObject) value;
String s = "Static reference from " + clazz.getName()
+ "." + field.getName();
--- a/jdk/src/share/classes/com/sun/tracing/ProviderFactory.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/com/sun/tracing/ProviderFactory.java Sun Nov 29 15:24:32 2009 -0800
@@ -4,7 +4,10 @@
import java.util.HashSet;
import java.io.PrintStream;
import java.lang.reflect.Field;
-import java.util.logging.Logger;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import sun.security.action.GetPropertyAction;
import sun.tracing.NullProviderFactory;
import sun.tracing.PrintStreamProviderFactory;
@@ -52,23 +55,17 @@
HashSet<ProviderFactory> factories = new HashSet<ProviderFactory>();
// Try to instantiate a DTraceProviderFactory
- String prop = null;
- try { prop = System.getProperty("com.sun.tracing.dtrace"); }
- catch (java.security.AccessControlException e) {
- Logger.getAnonymousLogger().fine(
- "Cannot access property com.sun.tracing.dtrace");
- }
+ String prop = AccessController.doPrivileged(
+ new GetPropertyAction("com.sun.tracing.dtrace"));
+
if ( (prop == null || !prop.equals("disable")) &&
DTraceProviderFactory.isSupported() ) {
factories.add(new DTraceProviderFactory());
}
// Try to instantiate an output stream factory
- try { prop = System.getProperty("sun.tracing.stream"); }
- catch (java.security.AccessControlException e) {
- Logger.getAnonymousLogger().fine(
- "Cannot access property sun.tracing.stream");
- }
+ prop = AccessController.doPrivileged(
+ new GetPropertyAction("sun.tracing.stream"));
if (prop != null) {
for (String spec : prop.split(",")) {
PrintStream ps = getPrintStreamFromSpec(spec);
@@ -89,22 +86,29 @@
}
}
- private static PrintStream getPrintStreamFromSpec(String spec) {
+ private static PrintStream getPrintStreamFromSpec(final String spec) {
try {
// spec is in the form of <class>.<field>, where <class> is
// a fully specified class name, and <field> is a static member
// in that class. The <field> must be a 'PrintStream' or subtype
// in order to be used.
- int fieldpos = spec.lastIndexOf('.');
- Class<?> cls = Class.forName(spec.substring(0, fieldpos));
- Field f = cls.getField(spec.substring(fieldpos + 1));
- Class<?> fieldType = f.getType();
+ final int fieldpos = spec.lastIndexOf('.');
+ final Class<?> cls = Class.forName(spec.substring(0, fieldpos));
+
+ Field f = AccessController.doPrivileged(new PrivilegedExceptionAction<Field>() {
+ public Field run() throws NoSuchFieldException {
+ return cls.getField(spec.substring(fieldpos + 1));
+ }
+ });
+
return (PrintStream)f.get(null);
- } catch (Exception e) {
- Logger.getAnonymousLogger().warning(
- "Could not parse sun.tracing.stream property: " + e);
+ } catch (ClassNotFoundException e) {
+ throw new AssertionError(e);
+ } catch (IllegalAccessException e) {
+ throw new AssertionError(e);
+ } catch (PrivilegedActionException e) {
+ throw new AssertionError(e);
}
- return null;
}
}
--- a/jdk/src/share/classes/java/net/CookieManager.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/java/net/CookieManager.java Sun Nov 29 15:24:32 2009 -0800
@@ -30,6 +30,7 @@
import java.util.Collections;
import java.util.Comparator;
import java.io.IOException;
+import sun.util.logging.PlatformLogger;
/**
* CookieManager provides a concrete implementation of {@link CookieHandler},
@@ -263,6 +264,7 @@
if (cookieJar == null)
return;
+ PlatformLogger logger = PlatformLogger.getLogger("java.net.CookieManager");
for (String headerKey : responseHeaders.keySet()) {
// RFC 2965 3.2.2, key must be 'Set-Cookie2'
// we also accept 'Set-Cookie' here for backward compatibility
@@ -277,7 +279,16 @@
for (String headerValue : responseHeaders.get(headerKey)) {
try {
- List<HttpCookie> cookies = HttpCookie.parse(headerValue);
+ List<HttpCookie> cookies;
+ try {
+ cookies = HttpCookie.parse(headerValue);
+ } catch (IllegalArgumentException e) {
+ // Bogus header, make an empty list and log the error
+ cookies = java.util.Collections.EMPTY_LIST;
+ if (logger.isLoggable(PlatformLogger.SEVERE)) {
+ logger.severe("Invalid cookie for " + uri + ": " + headerValue);
+ }
+ }
for (HttpCookie cookie : cookies) {
if (cookie.getPath() == null) {
// If no path is specified, then by default
--- a/jdk/src/share/classes/java/net/HttpCookie.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/java/net/HttpCookie.java Sun Nov 29 15:24:32 2009 -0800
@@ -1036,7 +1036,7 @@
int version = Integer.parseInt(attrValue);
cookie.setVersion(version);
} catch (NumberFormatException ignored) {
- throw new IllegalArgumentException("Illegal cookie version attribute");
+ // Just ignore bogus version, it will default to 0 or 1
}
}
});
@@ -1147,12 +1147,15 @@
}
private static String stripOffSurroundingQuote(String str) {
- if (str != null && str.length() > 0 &&
+ if (str != null && str.length() > 2 &&
str.charAt(0) == '"' && str.charAt(str.length() - 1) == '"') {
return str.substring(1, str.length() - 1);
- } else {
- return str;
}
+ if (str != null && str.length() > 2 &&
+ str.charAt(0) == '\'' && str.charAt(str.length() - 1) == '\'') {
+ return str.substring(1, str.length() - 1);
+ }
+ return str;
}
private static boolean equalsIgnoreCase(String s, String t) {
--- a/jdk/src/share/classes/javax/security/auth/Subject.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/javax/security/auth/Subject.java Sun Nov 29 15:24:32 2009 -0800
@@ -40,7 +40,6 @@
import java.security.PrivilegedActionException;
import java.security.ProtectionDomain;
import sun.security.util.ResourcesMgr;
-import sun.security.util.SecurityConstants;
/**
* <p> A <code>Subject</code> represents a grouping of related information
@@ -239,7 +238,7 @@
public void setReadOnly() {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- sm.checkPermission(new AuthPermission("setReadOnly"));
+ sm.checkPermission(AuthPermissionHolder.SET_READ_ONLY_PERMISSION);
}
this.readOnly = true;
@@ -285,7 +284,7 @@
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- sm.checkPermission(new AuthPermission("getSubject"));
+ sm.checkPermission(AuthPermissionHolder.GET_SUBJECT_PERMISSION);
}
if (acc == null) {
@@ -343,7 +342,7 @@
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- sm.checkPermission(SecurityConstants.DO_AS_PERMISSION);
+ sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
}
if (action == null)
throw new NullPointerException
@@ -402,7 +401,7 @@
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- sm.checkPermission(SecurityConstants.DO_AS_PERMISSION);
+ sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
}
if (action == null)
@@ -456,7 +455,7 @@
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- sm.checkPermission(SecurityConstants.DO_AS_PRIVILEGED_PERMISSION);
+ sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION);
}
if (action == null)
@@ -520,7 +519,7 @@
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- sm.checkPermission(SecurityConstants.DO_AS_PRIVILEGED_PERMISSION);
+ sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION);
}
if (action == null)
@@ -1044,16 +1043,13 @@
if (sm != null) {
switch (which) {
case Subject.PRINCIPAL_SET:
- sm.checkPermission(new AuthPermission
- ("modifyPrincipals"));
+ sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION);
break;
case Subject.PUB_CREDENTIAL_SET:
- sm.checkPermission(new AuthPermission
- ("modifyPublicCredentials"));
+ sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION);
break;
default:
- sm.checkPermission(new AuthPermission
- ("modifyPrivateCredentials"));
+ sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION);
break;
}
}
@@ -1073,16 +1069,13 @@
if (sm != null) {
switch (which) {
case Subject.PRINCIPAL_SET:
- sm.checkPermission
- (new AuthPermission("modifyPrincipals"));
+ sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION);
break;
case Subject.PUB_CREDENTIAL_SET:
- sm.checkPermission
- (new AuthPermission("modifyPublicCredentials"));
+ sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION);
break;
default:
- sm.checkPermission
- (new AuthPermission("modifyPrivateCredentials"));
+ sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION);
break;
}
}
@@ -1405,4 +1398,27 @@
return set.add(o);
}
}
+
+ static class AuthPermissionHolder {
+ static final AuthPermission DO_AS_PERMISSION =
+ new AuthPermission("doAs");
+
+ static final AuthPermission DO_AS_PRIVILEGED_PERMISSION =
+ new AuthPermission("doAsPrivileged");
+
+ static final AuthPermission SET_READ_ONLY_PERMISSION =
+ new AuthPermission("setReadOnly");
+
+ static final AuthPermission GET_SUBJECT_PERMISSION =
+ new AuthPermission("getSubject");
+
+ static final AuthPermission MODIFY_PRINCIPALS_PERMISSION =
+ new AuthPermission("modifyPrincipals");
+
+ static final AuthPermission MODIFY_PUBLIC_CREDENTIALS_PERMISSION =
+ new AuthPermission("modifyPublicCredentials");
+
+ static final AuthPermission MODIFY_PRIVATE_CREDENTIALS_PERMISSION =
+ new AuthPermission("modifyPrivateCredentials");
+ }
}
--- a/jdk/src/share/classes/org/ietf/jgss/GSSContext.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/org/ietf/jgss/GSSContext.java Sun Nov 29 15:24:32 2009 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2001 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -678,7 +678,7 @@
* are not definitive then the method will attempt to treat all
* available bytes as part of the token.<p>
*
- * Other than the possible blocking behaviour described above, this
+ * Other than the possible blocking behavior described above, this
* method is equivalent to the byte array based {@link #unwrap(byte[],
* int, int, MessageProp) unwrap} method.<p>
*
@@ -826,7 +826,7 @@
* are not definitive then the method will attempt to treat all
* available bytes as part of the token.<p>
*
- * Other than the possible blocking behaviour described above, this
+ * Other than the possible blocking behavior described above, this
* method is equivalent to the byte array based {@link #verifyMIC(byte[],
* int, int, byte[], int, int, MessageProp) verifyMIC} method.<p>
*
@@ -917,7 +917,7 @@
* getMutualAuthState} method.<p>
*
* @param state a boolean value indicating whether mutual
- * authentication shouls be used or not.
+ * authentication should be used or not.
* @see #getMutualAuthState()
*
* @throws GSSException containing the following
@@ -928,7 +928,7 @@
/**
* Requests that replay detection be enabled for the
- * per-message security services after context establishemnt. This
+ * per-message security services after context establishment. This
* request can only be made on the context initiator's side and it has
* to be done prior to the first call to
* <code>initSecContext</code>. During context establishment replay
@@ -958,7 +958,7 @@
/**
* Requests that sequence checking be enabled for the
- * per-message security services after context establishemnt. This
+ * per-message security services after context establishment. This
* request can only be made on the context initiator's side and it has
* to be done prior to the first call to
* <code>initSecContext</code>. During context establishment sequence
--- a/jdk/src/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java Sun Nov 29 15:24:32 2009 -0800
@@ -25,6 +25,7 @@
package sun.net.www.protocol.http.spnego;
+import com.sun.security.jgss.ExtendedGSSContext;
import java.io.IOException;
import org.ietf.jgss.GSSContext;
@@ -100,15 +101,10 @@
null,
GSSContext.DEFAULT_LIFETIME);
- // In order to support credential delegation in HTTP/SPNEGO,
- // we always request it before initSecContext. The current
- // implementation will check the OK-AS-DELEGATE flag inside
- // the service ticket of the web server, and only enable
- // delegation when this flag is set. This check is only
- // performed when the GSS caller is CALLER_HTTP_NEGOTIATE,
- // so all other normal GSS-API calls are not affected.
-
- context.requestCredDeleg(true);
+ // Always respect delegation policy in HTTP/SPNEGO.
+ if (context instanceof ExtendedGSSContext) {
+ ((ExtendedGSSContext)context).requestDelegPolicy(true);
+ }
oneToken = context.initSecContext(new byte[0], 0, 0);
}
--- a/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java Sun Nov 29 15:24:32 2009 -0800
@@ -89,7 +89,8 @@
*/
class GSSContextImpl implements ExtendedGSSContext {
- private GSSManagerImpl gssManager = null;
+ private final GSSManagerImpl gssManager;
+ private final boolean initiator;
// private flags for the context state
private static final int PRE_INIT = 1;
@@ -99,14 +100,12 @@
// instance variables
private int currentState = PRE_INIT;
- private boolean initiator;
private GSSContextSpi mechCtxt = null;
private Oid mechOid = null;
private ObjectIdentifier objId = null;
private GSSCredentialImpl myCred = null;
- private GSSCredentialImpl delegCred = null;
private GSSNameImpl srcName = null;
private GSSNameImpl targName = null;
@@ -121,6 +120,7 @@
private boolean reqSequenceDetState = true;
private boolean reqCredDelegState = false;
private boolean reqAnonState = false;
+ private boolean reqDelegPolicyState = false;
/**
* Creates a GSSContextImp on the context initiator's side.
@@ -221,6 +221,7 @@
mechCtxt.requestSequenceDet(reqSequenceDetState);
mechCtxt.requestAnonymity(reqAnonState);
mechCtxt.setChannelBinding(channelBindings);
+ mechCtxt.requestDelegPolicy(reqDelegPolicyState);
objId = new ObjectIdentifier(mechOid.toString());
@@ -465,42 +466,42 @@
}
public void requestMutualAuth(boolean state) throws GSSException {
- if (mechCtxt == null)
+ if (mechCtxt == null && initiator)
reqMutualAuthState = state;
}
public void requestReplayDet(boolean state) throws GSSException {
- if (mechCtxt == null)
+ if (mechCtxt == null && initiator)
reqReplayDetState = state;
}
public void requestSequenceDet(boolean state) throws GSSException {
- if (mechCtxt == null)
+ if (mechCtxt == null && initiator)
reqSequenceDetState = state;
}
public void requestCredDeleg(boolean state) throws GSSException {
- if (mechCtxt == null)
+ if (mechCtxt == null && initiator)
reqCredDelegState = state;
}
public void requestAnonymity(boolean state) throws GSSException {
- if (mechCtxt == null)
+ if (mechCtxt == null && initiator)
reqAnonState = state;
}
public void requestConf(boolean state) throws GSSException {
- if (mechCtxt == null)
+ if (mechCtxt == null && initiator)
reqConfState = state;
}
public void requestInteg(boolean state) throws GSSException {
- if (mechCtxt == null)
+ if (mechCtxt == null && initiator)
reqIntegState = state;
}
public void requestLifetime(int lifetime) throws GSSException {
- if (mechCtxt == null)
+ if (mechCtxt == null && initiator)
reqLifetime = lifetime;
}
@@ -630,6 +631,8 @@
targName = null;
}
+ // ExtendedGSSContext methods:
+
@Override
public Object inquireSecContext(InquireType type) throws GSSException {
SecurityManager security = System.getSecurityManager();
@@ -641,4 +644,18 @@
}
return mechCtxt.inquireSecContext(type);
}
+
+ @Override
+ public void requestDelegPolicy(boolean state) throws GSSException {
+ if (mechCtxt == null && initiator)
+ reqDelegPolicyState = state;
+ }
+
+ @Override
+ public boolean getDelegPolicyState() {
+ if (mechCtxt != null)
+ return mechCtxt.getDelegPolicyState();
+ else
+ return reqDelegPolicyState;
+ }
}
--- a/jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/krb5/InitialToken.java Sun Nov 29 15:24:32 2009 -0800
@@ -85,34 +85,41 @@
int size = CHECKSUM_LENGTH_SIZE + CHECKSUM_BINDINGS_SIZE +
CHECKSUM_FLAGS_SIZE;
- if (context.getCredDelegState()) {
- if (context.getCaller() instanceof HttpCaller &&
- !serviceTicket.getFlags()[Krb5.TKT_OPTS_DELEGATE]) {
- // When the caller is HTTP/SPNEGO and OK-AS-DELEGATE
- // is not present in the service ticket, delegation
- // is disabled.
- context.setCredDelegState(false);
- } else if (!tgt.isForwardable()) {
- // XXX log this resetting of delegation state
- context.setCredDelegState(false);
+ if (!tgt.isForwardable()) {
+ context.setCredDelegState(false);
+ context.setDelegPolicyState(false);
+ } else if (context.getCredDelegState()) {
+ if (context.getDelegPolicyState()) {
+ if (!serviceTicket.checkDelegate()) {
+ // delegation not permitted by server policy, mark it
+ context.setDelegPolicyState(false);
+ }
+ }
+ } else if (context.getDelegPolicyState()) {
+ if (serviceTicket.checkDelegate()) {
+ context.setCredDelegState(true);
} else {
- KrbCred krbCred = null;
- CipherHelper cipherHelper =
- context.getCipherHelper(serviceTicket.getSessionKey());
- if (useNullKey(cipherHelper)) {
- krbCred = new KrbCred(tgt, serviceTicket,
- EncryptionKey.NULL_KEY);
- } else {
- krbCred = new KrbCred(tgt, serviceTicket,
- serviceTicket.getSessionKey());
- }
- krbCredMessage = krbCred.getMessage();
- size += CHECKSUM_DELEG_OPT_SIZE +
- CHECKSUM_DELEG_LGTH_SIZE +
- krbCredMessage.length;
+ context.setDelegPolicyState(false);
}
}
+ if (context.getCredDelegState()) {
+ KrbCred krbCred = null;
+ CipherHelper cipherHelper =
+ context.getCipherHelper(serviceTicket.getSessionKey());
+ if (useNullKey(cipherHelper)) {
+ krbCred = new KrbCred(tgt, serviceTicket,
+ EncryptionKey.NULL_KEY);
+ } else {
+ krbCred = new KrbCred(tgt, serviceTicket,
+ serviceTicket.getSessionKey());
+ }
+ krbCredMessage = krbCred.getMessage();
+ size += CHECKSUM_DELEG_OPT_SIZE +
+ CHECKSUM_DELEG_LGTH_SIZE +
+ krbCredMessage.length;
+ }
+
checksumBytes = new byte[size];
checksumBytes[pos++] = CHECKSUM_FIRST_BYTES[0];
@@ -296,6 +303,7 @@
return delegCreds;
}
+ // Only called by acceptor
public void setContextFlags(Krb5Context context) {
// default for cred delegation is false
if ((flags & CHECKSUM_DELEG_FLAG) > 0)
--- a/jdk/src/share/classes/sun/security/jgss/krb5/Krb5Context.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/krb5/Krb5Context.java Sun Nov 29 15:24:32 2009 -0800
@@ -78,6 +78,7 @@
private boolean sequenceDetState = true;
private boolean confState = true;
private boolean integState = true;
+ private boolean delegPolicyState = false;
private int mySeqNumber;
private int peerSeqNumber;
@@ -299,6 +300,21 @@
return sequenceDetState || replayDetState;
}
+ /**
+ * Requests that the deleg policy be respected.
+ */
+ public final void requestDelegPolicy(boolean value) {
+ if (state == STATE_NEW && isInitiator())
+ delegPolicyState = value;
+ }
+
+ /**
+ * Is deleg policy respected?
+ */
+ public final boolean getDelegPolicyState() {
+ return delegPolicyState;
+ }
+
/*
* Anonymity is a little different in that after an application
* requests anonymity it will want to know whether the mechanism
@@ -422,6 +438,10 @@
integState = state;
}
+ final void setDelegPolicyState(boolean state) {
+ delegPolicyState = state;
+ }
+
/**
* Sets the channel bindings to be used during context
* establishment.
--- a/jdk/src/share/classes/sun/security/jgss/spi/GSSContextSpi.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/spi/GSSContextSpi.java Sun Nov 29 15:24:32 2009 -0800
@@ -124,6 +124,8 @@
public void requestInteg(boolean state) throws GSSException;
+ public void requestDelegPolicy(boolean state) throws GSSException;
+
public void setChannelBinding(ChannelBinding cb) throws GSSException;
public boolean getCredDelegState();
@@ -136,6 +138,8 @@
public boolean getAnonymityState();
+ public boolean getDelegPolicyState();
+
public boolean isTransferable() throws GSSException;
public boolean isProtReady();
--- a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Sun Nov 29 15:24:32 2009 -0800
@@ -63,6 +63,7 @@
private boolean sequenceDetState = true;
private boolean confState = true;
private boolean integState = true;
+ private boolean delegPolicyState = false;
private GSSNameSpi peerName = null;
private GSSNameSpi myName = null;
@@ -154,6 +155,14 @@
}
/**
+ * Requests that deleg policy be respected.
+ */
+ public final void requestDelegPolicy(boolean value) throws GSSException {
+ if (state == STATE_NEW && isInitiator())
+ delegPolicyState = value;
+ }
+
+ /**
* Is integrity available?
*/
public final boolean getIntegState() {
@@ -161,6 +170,19 @@
}
/**
+ * Is deleg policy respected?
+ */
+ public final boolean getDelegPolicyState() {
+ if (isInitiator() && mechContext != null &&
+ mechContext instanceof ExtendedGSSContext &&
+ (state == STATE_IN_PROCESS || state == STATE_DONE)) {
+ return ((ExtendedGSSContext)mechContext).getDelegPolicyState();
+ } else {
+ return delegPolicyState;
+ }
+ }
+
+ /**
* Requests that credential delegation be done during context
* establishment.
*/
@@ -173,7 +195,7 @@
* Is credential delegation enabled?
*/
public final boolean getCredDelegState() {
- if (mechContext != null &&
+ if (isInitiator() && mechContext != null &&
(state == STATE_IN_PROCESS || state == STATE_DONE)) {
return mechContext.getCredDelegState();
} else {
@@ -201,30 +223,6 @@
return mutualAuthState;
}
- final void setCredDelegState(boolean state) {
- credDelegState = state;
- }
-
- final void setMutualAuthState(boolean state) {
- mutualAuthState = state;
- }
-
- final void setReplayDetState(boolean state) {
- replayDetState = state;
- }
-
- final void setSequenceDetState(boolean state) {
- sequenceDetState = state;
- }
-
- final void setConfState(boolean state) {
- confState = state;
- }
-
- final void setIntegState(boolean state) {
- integState = state;
- }
-
/**
* Returns the mechanism oid.
*
@@ -319,14 +317,9 @@
mechToken = GSS_initSecContext(null);
errorCode = GSSException.DEFECTIVE_TOKEN;
- byte[] micToken = null;
- if (!GSSUtil.useMSInterop()) {
- // calculate MIC only in normal mode
- micToken = generateMechListMIC(DER_mechTypes);
- }
// generate SPNEGO token
initToken = new NegTokenInit(DER_mechTypes, getContextFlags(),
- mechToken, micToken);
+ mechToken, null);
if (DEBUG) {
System.out.println("SpNegoContext.initSecContext: " +
"sending token of type = " +
@@ -585,15 +578,9 @@
"negotiated result = " + negoResult);
}
- // calculate MIC only in normal mode
- byte[] micToken = null;
- if (!GSSUtil.useMSInterop() && valid) {
- micToken = generateMechListMIC(DER_mechTypes);
- }
-
// generate SPNEGO token
NegTokenTarg targToken = new NegTokenTarg(negoResult.ordinal(),
- mech_wanted, accept_token, micToken);
+ mech_wanted, accept_token, null);
if (DEBUG) {
System.out.println("SpNegoContext.acceptSecContext: " +
"sending token of type = " +
@@ -653,6 +640,10 @@
throw gssException;
}
+ if (state == STATE_DONE) {
+ // now set the context flags for acceptor
+ setContextFlags();
+ }
return retVal;
}
@@ -703,36 +694,39 @@
return out;
}
+ // Only called on acceptor side. On the initiator side, most flags
+ // are already set at request. For those that might get chanegd,
+ // state from mech below is used.
private void setContextFlags() {
if (mechContext != null) {
// default for cred delegation is false
if (mechContext.getCredDelegState()) {
- setCredDelegState(true);
+ credDelegState = true;
}
// default for the following are true
if (!mechContext.getMutualAuthState()) {
- setMutualAuthState(false);
+ mutualAuthState = false;
}
if (!mechContext.getReplayDetState()) {
- setReplayDetState(false);
+ replayDetState = false;
}
if (!mechContext.getSequenceDetState()) {
- setSequenceDetState(false);
+ sequenceDetState = false;
}
if (!mechContext.getIntegState()) {
- setIntegState(false);
+ integState = false;
}
if (!mechContext.getConfState()) {
- setConfState(false);
+ confState = false;
}
}
}
/**
- * generate MIC on mechList
+ * generate MIC on mechList. Not used at the moment.
*/
- private byte[] generateMechListMIC(byte[] mechTypes)
+ /*private byte[] generateMechListMIC(byte[] mechTypes)
throws GSSException {
// sanity check the required input
@@ -769,7 +763,7 @@
}
}
return mic;
- }
+ }*/
/**
* verify MIC on MechList
@@ -837,6 +831,10 @@
mechContext.requestMutualAuth(mutualAuthState);
mechContext.requestReplayDet(replayDetState);
mechContext.requestSequenceDet(sequenceDetState);
+ if (mechContext instanceof ExtendedGSSContext) {
+ ((ExtendedGSSContext)mechContext).requestDelegPolicy(
+ delegPolicyState);
+ }
}
// pass token
@@ -1202,5 +1200,5 @@
"inquireSecContext not supported by underlying mech.");
}
}
+}
-}
--- a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoMechFactory.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoMechFactory.java Sun Nov 29 15:24:32 2009 -0800
@@ -57,6 +57,12 @@
GSSName.NT_HOSTBASED_SERVICE,
GSSName.NT_EXPORT_NAME};
+ // The default underlying mech of SPNEGO, must not be SPNEGO itself.
+ private static final Oid DEFAULT_SPNEGO_MECH_OID =
+ ProviderList.DEFAULT_MECH_OID.equals(GSS_SPNEGO_MECH_OID)?
+ GSSUtil.GSS_KRB5_MECH_OID:
+ ProviderList.DEFAULT_MECH_OID;
+
// Use an instance of a GSSManager whose provider list
// does not include native provider
final GSSManagerImpl manager;
@@ -100,18 +106,27 @@
availableMechs[j++] = mechs[i];
}
}
+ // Move the preferred mech to first place
+ for (int i=0; i<availableMechs.length; i++) {
+ if (availableMechs[i].equals(DEFAULT_SPNEGO_MECH_OID)) {
+ if (i != 0) {
+ availableMechs[i] = availableMechs[0];
+ availableMechs[0] = DEFAULT_SPNEGO_MECH_OID;
+ }
+ break;
+ }
+ }
}
public GSSNameSpi getNameElement(String nameStr, Oid nameType)
- throws GSSException {
- // get NameElement for the default Mechanism
- return manager.getNameElement(nameStr, nameType, null);
+ throws GSSException {
+ return manager.getNameElement(
+ nameStr, nameType, DEFAULT_SPNEGO_MECH_OID);
}
public GSSNameSpi getNameElement(byte[] name, Oid nameType)
- throws GSSException {
- // get NameElement for the default Mechanism
- return manager.getNameElement(name, nameType, null);
+ throws GSSException {
+ return manager.getNameElement(name, nameType, DEFAULT_SPNEGO_MECH_OID);
}
public GSSCredentialSpi getCredentialElement(GSSNameSpi name,
--- a/jdk/src/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java Sun Nov 29 15:24:32 2009 -0800
@@ -549,6 +549,9 @@
public void requestInteg(boolean state) throws GSSException {
changeFlags(GSS_C_INTEG_FLAG, state);
}
+ public void requestDelegPolicy(boolean state) throws GSSException {
+ // Not supported, ignore
+ }
public void requestLifetime(int lifetime) throws GSSException {
if (isInitiator && pContext == 0) {
this.lifetime = lifetime;
@@ -590,6 +593,9 @@
public boolean getIntegState() {
return checkFlags(GSS_C_INTEG_FLAG);
}
+ public boolean getDelegPolicyState() {
+ return false;
+ }
public int getLifetime() {
return cStub.getContextTime(pContext);
}
--- a/jdk/src/share/classes/sun/security/krb5/Credentials.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/Credentials.java Sun Nov 29 15:24:32 2009 -0800
@@ -234,7 +234,19 @@
* @return true if OK-AS_DELEGATE flag is set, otherwise, return false.
*/
public boolean checkDelegate() {
- return (flags.get(Krb5.TKT_OPTS_DELEGATE));
+ return flags.get(Krb5.TKT_OPTS_DELEGATE);
+ }
+
+ /**
+ * Reset TKT_OPTS_DELEGATE to false, called at credentials acquirement
+ * when one of the cross-realm TGTs does not have the OK-AS-DELEGATE
+ * flag set. This info must be preservable and restorable through
+ * the Krb5Util.credsToTicket/ticketToCreds() methods so that even if
+ * the service ticket is cached it still remembers the cross-realm
+ * authentication result.
+ */
+ public void resetDelegate() {
+ flags.set(Krb5.TKT_OPTS_DELEGATE, false);
}
public Credentials renew() throws KrbException, IOException {
--- a/jdk/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java Sun Nov 29 15:24:32 2009 -0800
@@ -1,5 +1,5 @@
/*
- * Portions Copyright 2001-2004 Sun Microsystems, Inc. All Rights Reserved.
+ * Portions Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -117,6 +117,7 @@
// Get a list of realms to traverse
String[] realms = Realm.getRealmsList(localRealm, serviceRealm);
+ boolean okAsDelegate = true;
if (realms == null || realms.length == 0)
{
@@ -194,6 +195,15 @@
*/
newTgtRealm = newTgt.getServer().getInstanceComponent();
+ if (okAsDelegate && !newTgt.checkDelegate()) {
+ if (DEBUG)
+ {
+ System.out.println(">>> Credentials acquireServiceCreds: " +
+ "global OK-AS-DELEGATE turned off at " +
+ newTgt.getServer());
+ }
+ okAsDelegate = false;
+ }
if (DEBUG)
{
@@ -283,6 +293,9 @@
System.out.println(">>> Credentials acquireServiceCreds: returning creds:");
Credentials.printDebug(theCreds);
}
+ if (!okAsDelegate) {
+ theCreds.resetDelegate();
+ }
return theCreds;
}
throw new KrbApErrException(Krb5.KRB_AP_ERR_GEN_CRED,
--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Sun Nov 29 15:24:32 2009 -0800
@@ -335,10 +335,13 @@
response = OCSP.check(Collections.singletonList(certId), uri,
responderCert, pkixParams.getDate());
} catch (Exception e) {
- // Wrap all exceptions in CertPathValidatorException so that
- // we can fallback to CRLs, if enabled.
- throw new CertPathValidatorException
- ("Unable to send OCSP request", e);
+ if (e instanceof CertPathValidatorException) {
+ throw (CertPathValidatorException) e;
+ } else {
+ // Wrap exceptions in CertPathValidatorException so that
+ // we can fallback to CRLs, if enabled.
+ throw new CertPathValidatorException(e);
+ }
}
RevocationStatus rs = (RevocationStatus) response.getSingleResponse(certId);
--- a/jdk/src/share/classes/sun/security/util/SecurityConstants.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/security/util/SecurityConstants.java Sun Nov 29 15:24:32 2009 -0800
@@ -33,7 +33,6 @@
import java.security.BasicPermission;
import java.security.SecurityPermission;
import java.security.AllPermission;
-import javax.security.auth.AuthPermission;
/**
* Permission constants and string constants used to create permissions
@@ -259,12 +258,4 @@
// java.lang.SecurityManager
public static final SocketPermission LOCAL_LISTEN_PERMISSION =
new SocketPermission("localhost:1024-", SOCKET_LISTEN_ACTION);
-
- // javax.security.auth.Subject
- public static final AuthPermission DO_AS_PERMISSION =
- new AuthPermission("doAs");
-
- // javax.security.auth.Subject
- public static final AuthPermission DO_AS_PRIVILEGED_PERMISSION =
- new AuthPermission("doAsPrivileged");
}
--- a/jdk/src/share/classes/sun/security/validator/PKIXValidator.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/security/validator/PKIXValidator.java Sun Nov 29 15:24:32 2009 -0800
@@ -150,9 +150,17 @@
("null or zero-length certificate chain");
}
if (TRY_VALIDATOR) {
- // check if chain contains trust anchor
+ // check that chain is in correct order and check if chain contains
+ // trust anchor
+ X500Principal prevIssuer = null;
for (int i = 0; i < chain.length; i++) {
- if (trustedCerts.contains(chain[i])) {
+ X509Certificate cert = chain[i];
+ if (i != 0 &&
+ !cert.getSubjectX500Principal().equals(prevIssuer)) {
+ // chain is not ordered correctly, call builder instead
+ return doBuild(chain, otherCerts);
+ }
+ if (trustedCerts.contains(cert)) {
if (i == 0) {
return new X509Certificate[] {chain[0]};
}
@@ -161,6 +169,7 @@
System.arraycopy(chain, 0, newChain, 0, i);
return doValidate(newChain);
}
+ prevIssuer = cert.getIssuerX500Principal();
}
// apparently issued by trust anchor?
@@ -303,5 +312,4 @@
("PKIX path building failed: " + e.toString(), e);
}
}
-
}
--- a/jdk/src/share/classes/sun/tracing/MultiplexProviderFactory.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/tracing/MultiplexProviderFactory.java Sun Nov 29 15:24:32 2009 -0800
@@ -30,7 +30,6 @@
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
-import java.util.logging.Logger;
import com.sun.tracing.ProviderFactory;
import com.sun.tracing.Provider;
@@ -65,13 +64,7 @@
providers.add(factory.createProvider(cls));
}
MultiplexProvider provider = new MultiplexProvider(cls, providers);
- try {
- provider.init();
- } catch (Exception e) {
- // Probably a permission problem (can't get declared members)
- Logger.getAnonymousLogger().warning(
- "Could not initialize tracing provider: " + e.getMessage());
- }
+ provider.init();
return provider.newProxyInstance();
}
}
--- a/jdk/src/share/classes/sun/tracing/NullProviderFactory.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/tracing/NullProviderFactory.java Sun Nov 29 15:24:32 2009 -0800
@@ -26,7 +26,6 @@
package sun.tracing;
import java.lang.reflect.Method;
-import java.util.logging.Logger;
import com.sun.tracing.ProviderFactory;
import com.sun.tracing.Provider;
@@ -53,13 +52,7 @@
*/
public <T extends Provider> T createProvider(Class<T> cls) {
NullProvider provider = new NullProvider(cls);
- try {
- provider.init();
- } catch (Exception e) {
- // Probably a permission problem (can't get declared members)
- Logger.getAnonymousLogger().warning(
- "Could not initialize tracing provider: " + e.getMessage());
- }
+ provider.init();
return provider.newProxyInstance();
}
}
--- a/jdk/src/share/classes/sun/tracing/PrintStreamProviderFactory.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/tracing/PrintStreamProviderFactory.java Sun Nov 29 15:24:32 2009 -0800
@@ -28,7 +28,6 @@
import java.lang.reflect.Method;
import java.io.PrintStream;
import java.util.HashMap;
-import java.util.logging.Logger;
import com.sun.tracing.ProviderFactory;
import com.sun.tracing.Provider;
@@ -54,13 +53,7 @@
public <T extends Provider> T createProvider(Class<T> cls) {
PrintStreamProvider provider = new PrintStreamProvider(cls, stream);
- try {
- provider.init();
- } catch (Exception e) {
- // Probably a permission problem (can't get declared members)
- Logger.getAnonymousLogger().warning(
- "Could not initialize tracing provider: " + e.getMessage());
- }
+ provider.init();
return provider.newProxyInstance();
}
}
--- a/jdk/src/share/classes/sun/tracing/ProviderSkeleton.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/tracing/ProviderSkeleton.java Sun Nov 29 15:24:32 2009 -0800
@@ -32,6 +32,8 @@
import java.lang.reflect.AnnotatedElement;
import java.lang.annotation.Annotation;
import java.util.HashMap;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import com.sun.tracing.Provider;
import com.sun.tracing.Probe;
@@ -99,7 +101,13 @@
* It is up to the factory implementations to call this after construction.
*/
public void init() {
- for (Method m : providerType.getDeclaredMethods()) {
+ Method[] methods = AccessController.doPrivileged(new PrivilegedAction<Method[]>() {
+ public Method[] run() {
+ return providerType.getDeclaredMethods();
+ }
+ });
+
+ for (Method m : methods) {
if ( m.getReturnType() != Void.TYPE ) {
throw new IllegalArgumentException(
"Return value of method is not void");
--- a/jdk/src/share/classes/sun/tracing/dtrace/DTraceProviderFactory.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/src/share/classes/sun/tracing/dtrace/DTraceProviderFactory.java Sun Nov 29 15:24:32 2009 -0800
@@ -29,7 +29,6 @@
import java.util.Set;
import java.util.HashMap;
import java.util.HashSet;
-import java.util.logging.Logger;
import java.security.Permission;
import com.sun.tracing.ProviderFactory;
@@ -80,15 +79,8 @@
DTraceProvider jsdt = new DTraceProvider(cls);
T proxy = jsdt.newProxyInstance();
jsdt.setProxy(proxy);
- try {
- jsdt.init();
- new Activation(jsdt.getModuleName(), new DTraceProvider[] { jsdt });
- } catch (Exception e) {
- // Probably a permission problem (can't get declared members)
- Logger.getAnonymousLogger().warning(
- "Could not initialize tracing provider: " + e.getMessage());
- jsdt.dispose();
- }
+ jsdt.init();
+ new Activation(jsdt.getModuleName(), new DTraceProvider[] { jsdt });
return proxy;
}
--- a/jdk/test/Makefile Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/Makefile Sun Nov 29 15:24:32 2009 -0800
@@ -337,9 +337,11 @@
# jtreg tests
# Expect JT_HOME to be set for jtreg tests. (home for jtreg)
-JT_HOME = $(SLASH_JAVA)/re/jtreg/4.0/promoted/latest/binaries/jtreg
-ifdef JPRT_JTREG_HOME
- JT_HOME = $(JPRT_JTREG_HOME)
+ifndef JT_HOME
+ JT_HOME = $(SLASH_JAVA)/re/jtreg/4.0/promoted/latest/binaries/jtreg
+ ifdef JPRT_JTREG_HOME
+ JT_HOME = $(JPRT_JTREG_HOME)
+ endif
endif
# Expect JPRT to set TESTDIRS to the jtreg test dirs
@@ -361,21 +363,22 @@
# Some tests annoy me and fail frequently
PROBLEM_LIST=ProblemList.txt
+PROBLEM_LISTS=$(PROBLEM_LIST) $(wildcard closed/$(PROBLEM_LIST))
EXCLUDELIST=$(ABS_TEST_OUTPUT_DIR)/excludelist.txt
# Create exclude list for this platform and arch
ifdef NO_EXCLUDES
-$(EXCLUDELIST): $(PROBLEM_LIST) $(TESTDIRS)
+$(EXCLUDELIST): $(PROBLEM_LISTS) $(TESTDIRS)
@$(ECHO) "NOTHING_EXCLUDED" > $@
else
-$(EXCLUDELIST): $(PROBLEM_LIST) $(TESTDIRS)
+$(EXCLUDELIST): $(PROBLEM_LISTS) $(TESTDIRS)
@$(RM) $@ $@.temp1 $@.temp2
- @( ( $(EGREP) -- '$(OS_NAME)-all' $< ) ;\
- ( $(EGREP) -- '$(OS_NAME)-$(OS_ARCH)' $< ) ;\
- ( $(EGREP) -- '$(OS_NAME)-$(OS_VERSION)' $< ) ;\
- ( $(EGREP) -- 'generic-$(OS_ARCH)' $< ) ;\
- ( $(EGREP) -- 'generic-all' $< ) ;\
- ( $(ECHO) "#") ;\
+ @(($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- '$(OS_NAME)-all' ) ;\
+ ($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- '$(OS_NAME)-$(OS_ARCH)' ) ;\
+ ($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- '$(OS_NAME)-$(OS_VERSION)') ;\
+ ($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- 'generic-$(OS_ARCH)' ) ;\
+ ($(CAT) $(PROBLEM_LISTS) | $(EGREP) -- 'generic-all' ) ;\
+ ($(ECHO) "#") ;\
) | $(SED) -e 's@^[\ ]*@@' \
| $(EGREP) -v '^#' > $@.temp1
@for tdir in $(TESTDIRS) ; do \
@@ -386,14 +389,18 @@
@$(ECHO) "Excluding list contains `$(EXPAND) $@ | $(WC) -l` items"
endif
+# Select list of directories that exist
+define TestDirs
+$(foreach i,$1,$(wildcard ${i})) $(foreach i,$1,$(wildcard closed/${i}))
+endef
# Running batches of tests with or without samevm
define RunSamevmBatch
-$(ECHO) "Running tests in samevm mode: $?"
-$(MAKE) TESTDIRS="$?" USE_JTREG_SAMEVM=true UNIQUE_DIR=$@ jtreg_tests
+$(ECHO) "Running tests in samevm mode: $(call TestDirs, $?)"
+$(MAKE) TESTDIRS="$(call TestDirs, $?)" USE_JTREG_SAMEVM=true UNIQUE_DIR=$@ jtreg_tests
endef
define RunOthervmBatch
-$(ECHO) "Running tests in othervm mode: $?"
-$(MAKE) TESTDIRS="$?" USE_JTREG_SAMEVM=false UNIQUE_DIR=$@ jtreg_tests
+$(ECHO) "Running tests in othervm mode: $(call TestDirs, $?)"
+$(MAKE) TESTDIRS="$(call TestDirs, $?)" USE_JTREG_SAMEVM=false UNIQUE_DIR=$@ jtreg_tests
endef
define SummaryInfo
$(ECHO) "Summary for: $?"
@@ -428,6 +435,9 @@
jdk_beans3: java/beans/XMLEncoder
$(call RunOthervmBatch)
+jdk_beans: jdk_beans1 jdk_beans2 jdk_beans3
+ @$(SummaryInfo)
+
# Stable samevm testruns (minus items from PROBLEM_LIST)
JDK_ALL_TARGETS += jdk_io
jdk_io: java/io
@@ -450,6 +460,9 @@
jdk_management2: com/sun/jmx com/sun/management sun/management
$(call RunOthervmBatch)
+jdk_management: jdk_management1 jdk_management2
+ @$(SummaryInfo)
+
# Stable samevm testruns (minus items from PROBLEM_LIST)
JDK_ALL_TARGETS += jdk_math
jdk_math: java/math
@@ -482,6 +495,9 @@
jdk_nio3: com/sun/nio sun/nio
$(call RunOthervmBatch)
+jdk_nio: jdk_nio1 jdk_nio2 jdk_nio3
+ @$(SummaryInfo)
+
# Stable othervm testruns (minus items from PROBLEM_LIST)
# Using samevm has serious problems with these tests
JDK_ALL_TARGETS += jdk_rmi
@@ -502,6 +518,9 @@
jdk_security3: com/sun/security lib/security javax/security sun/security
$(call RunOthervmBatch)
+jdk_security: jdk_security1 jdk_security2 jdk_security3
+ @$(SummaryInfo)
+
# Stable othervm testruns (minus items from PROBLEM_LIST)
# Using samevm has problems, and doesn't help performance as much as others.
JDK_ALL_TARGETS += jdk_swing
@@ -517,11 +536,14 @@
# Using samevm has serious problems with these tests
JDK_ALL_TARGETS += jdk_tools1
jdk_tools1: com/sun/jdi
- $(call RunOthervmBatch)
+ $(call RunSamevmBatch)
JDK_ALL_TARGETS += jdk_tools2
jdk_tools2: com/sun/tools sun/jvmstat sun/tools tools vm com/sun/servicetag com/sun/tracing
$(call RunOthervmBatch)
+jdk_tools: jdk_tools1 jdk_tools2
+ @$(SummaryInfo)
+
# Stable samevm testruns (minus items from PROBLEM_LIST)
JDK_ALL_TARGETS += jdk_util
jdk_util: java/util sun/util
--- a/jdk/test/ProblemList.txt Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/ProblemList.txt Sun Nov 29 15:24:32 2009 -0800
@@ -344,6 +344,9 @@
# Some of these tests (like java/lang/management) may just need to be marked
# othervm, but that is partially speculation.
+# Samevm failure on OpenSolaris, security manager?
+java/lang/ClassLoader/UninitializedParent.java generic-all
+
# Times out on solaris 10 sparc
java/lang/ClassLoader/Assert.java generic-all
@@ -538,6 +541,18 @@
# Missing close on file wbmp*, windows samevm
javax/imageio/plugins/wbmp/CanDecodeTest.java generic-all
+# Failures on OpenSolaris, cannot read input files? samevm issues?
+javax/imageio/metadata/BooleanAttributes.java generic-all
+javax/imageio/plugins/bmp/BMPSubsamplingTest.java generic-all
+javax/imageio/plugins/bmp/TopDownTest.java generic-all
+javax/imageio/plugins/gif/EncodeSubImageTest.java generic-all
+javax/imageio/plugins/gif/GifTransparencyTest.java generic-all
+javax/imageio/plugins/png/GrayPngTest.java generic-all
+javax/imageio/plugins/png/ItxtUtf8Test.java generic-all
+javax/imageio/plugins/png/MergeStdCommentTest.java generic-all
+javax/imageio/plugins/png/ShortHistogramTest.java generic-all
+javax/imageio/plugins/shared/BitDepth.java generic-all
+
# Exclude all javax/print tests, even if they passed, they may need samevm work
# Times out on solaris-sparc, sparcv9, x64 -server, some on i586 -client
@@ -1073,9 +1088,6 @@
# So most if not all tools tests are now being run with "othervm" mode.
# Some of these tools tests have a tendency to use fixed ports, bad idea.
-# Solaris 10 client x86, java.lang.IndexOutOfBoundsException resumer Interrupted
-com/sun/jdi/SimulResumerTest.java generic-all
-
# Output of jps differs from expected output.
# Invalid argument count on solaris-sparc and x64
sun/tools/jstatd/jstatdPort.sh generic-all
@@ -1090,9 +1102,6 @@
# Server name error, port 2098 problem?
sun/tools/jstatd/jstatdServerName.sh generic-all
-# Solaris, handshake failed, othervm mode
-com/sun/jdi/RedefineException.sh generic-all
-
# These tests fail on solaris sparc, all the time
com/sun/servicetag/DeleteServiceTag.java generic-all
com/sun/servicetag/DuplicateNotFound.java generic-all
@@ -1117,9 +1126,6 @@
# Unexpected Monitor Exception, solaris sparc -client
sun/jvmstat/monitor/MonitoredVm/MonitorVmStartTerminate.sh generic-all
-# Probably should be samevm, but seem to cause errors even in othervm at times
-sun/tools/jhat/HatHeapDump1Test.java generic-all
-
# Problems on windows, jmap.exe hangs? (these run jmap)
sun/tools/jmap/Basic.sh windows-all
@@ -1129,9 +1135,6 @@
# Solaris sparcv9, jps output does not match, x64 different
sun/tools/jstatd/jstatdExternalRegistry.sh solaris-all
-# Probably should be samevm, but seem to cause errors even in othervm at times
-sun/tools/native2ascii/NativeErrors.java generic-all
-
# Solaris 10 sparc 32bit -client, java.lang.AssertionError: Some tests failed
tools/jar/JarEntryTime.java generic-all
--- a/jdk/test/com/sun/jdi/BadHandshakeTest.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/BadHandshakeTest.java Sun Nov 29 15:24:32 2009 -0800
@@ -112,6 +112,8 @@
String arch = System.getProperty("os.arch");
if (arch.equals("sparcv9")) {
exe += "sparcv9/java";
+ } else if (arch.equals("amd64")) {
+ exe += "amd64/java";
} else {
exe += "java";
}
--- a/jdk/test/com/sun/jdi/DoubleAgentTest.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/DoubleAgentTest.java Sun Nov 29 15:24:32 2009 -0800
@@ -94,6 +94,8 @@
String arch = System.getProperty("os.arch");
if (arch.equals("sparcv9")) {
exe += "sparcv9/java";
+ } else if (arch.equals("amd64")) {
+ exe += "amd64/java";
} else {
exe += "java";
}
--- a/jdk/test/com/sun/jdi/ExclusiveBind.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/ExclusiveBind.java Sun Nov 29 15:24:32 2009 -0800
@@ -101,6 +101,8 @@
String arch = System.getProperty("os.arch");
if (arch.equals("sparcv9")) {
exe += "sparcv9/java";
+ } else if (arch.equals("amd64")) {
+ exe += "amd64/java";
} else {
exe += "java";
}
--- a/jdk/test/com/sun/jdi/JITDebug.sh Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/JITDebug.sh Sun Nov 29 15:24:32 2009 -0800
@@ -103,10 +103,10 @@
#if running standalone (no test harness of any kind), compile the
#support files and the test case
${TESTJAVA}/bin/javac -d ${TESTCLASSES} \
- -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}." \
+ -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}${TESTSRC}" \
TestScaffold.java VMConnection.java TargetListener.java TargetAdapter.java
${TESTJAVA}/bin/javac -d ${TESTCLASSES} \
- -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}." -g \
+ -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}${TESTSRC}" -g \
JITDebug.java
fi
echo "JDK under test is: $TESTJAVA"
--- a/jdk/test/com/sun/jdi/RepStep.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/RepStep.java Sun Nov 29 15:24:32 2009 -0800
@@ -29,7 +29,7 @@
* @run compile -g RepStepTarg.java
* @run build VMConnection RepStep
*
- * @run main RepStep
+ * @run main/othervm RepStep
*
* @summary RepStep detects missed step events due to lack of
* frame pop events (in back-end).
--- a/jdk/test/com/sun/jdi/RunToExit.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/RunToExit.java Sun Nov 29 15:24:32 2009 -0800
@@ -26,7 +26,7 @@
* @summary Test that with server=y, when VM runs to System.exit() no error happens
*
* @build VMConnection RunToExit Exit0
- * @run main RunToExit
+ * @run main/othervm RunToExit
*/
import java.io.InputStream;
import java.io.IOException;
@@ -117,6 +117,8 @@
String arch = System.getProperty("os.arch");
if (arch.equals("sparcv9")) {
exe += "sparcv9/java";
+ } else if (arch.equals("amd64")) {
+ exe += "amd64/java";
} else {
exe += "java";
}
--- a/jdk/test/com/sun/jdi/ShellScaffold.sh Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/ShellScaffold.sh Sun Nov 29 15:24:32 2009 -0800
@@ -1,7 +1,7 @@
#!/bin/sh
#
-# Copyright 2002-2005 Sun Microsystems, Inc. All Rights Reserved.
+# Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -194,7 +194,7 @@
# Return 0 if $1 is the pid of a running process.
if [ -z "$isWin98" ] ; then
if [ "$osname" = SunOS ] ; then
- #Solaris and OpenSolaris use pgrep and not ps in psCmd
+ # Solaris and OpenSolaris use pgrep and not ps in psCmd
findPidCmd="$psCmd"
else
# Never use plain 'ps', which requires a "controlling terminal"
@@ -298,15 +298,15 @@
# On linux, core files take a long time, and can leave
# zombie processes
if [ "$osname" = SunOS ] ; then
- #Experiments show Solaris '/usr/ucb/ps -axwww' and
- #'/usr/bin/pgrep -f -l' provide the same small amount of the
- #argv string (PRARGSZ=80 in /usr/include/sys/procfs.h)
- # 1) This seems to have been working OK in ShellScaffold.
- # 2) OpenSolaris does not provide /usr/ucb/ps, so use pgrep
- # instead
- #The alternative would be to use /usr/bin/pargs [pid] to get
- #all the args for a process, splice them back into one
- #long string, then grep.
+ # Experiments show Solaris '/usr/ucb/ps -axwww' and
+ # '/usr/bin/pgrep -f -l' provide the same small amount of the
+ # argv string (PRARGSZ=80 in /usr/include/sys/procfs.h)
+ # 1) This seems to have been working OK in ShellScaffold.
+ # 2) OpenSolaris does not provide /usr/ucb/ps, so use pgrep
+ # instead
+ # The alternative would be to use /usr/bin/pargs [pid] to get
+ # all the args for a process, splice them back into one
+ # long string, then grep.
UU=`/usr/xpg4/bin/id -u -n`
psCmd="pgrep -f -l -U $UU"
else
@@ -519,7 +519,7 @@
# if jdb got a cont cmd that caused the debuggee
# to run to completion, jdb can be gone before
# we get here.
- echo quit >& 2
+ echo "--Sending cmd: quit" >& 2
echo quit
# See 6562090. Maybe there is a way that the exit
# can cause jdb to not get the quit.
@@ -531,7 +531,7 @@
# because after starting jdb, we waited
# for the prompt.
fileSize=`wc -c $jdbOutFile | awk '{ print $1 }'`
- echo $* >&2
+ echo "--Sending cmd: " $* >&2
# jjh: We have a few intermittent failures here.
# It is as if every so often, jdb doesn't
@@ -558,12 +558,85 @@
# seen the ].
echo $*
- # wait for jdb output to appear
+ # Now we have to wait for the next jdb prompt. We wait for a pattern
+ # to appear in the last line of jdb output. Normally, the prompt is
+ #
+ # 1) ^main[89] @
+ #
+ # where ^ means start of line, and @ means end of file with no end of line
+ # and 89 is the current command counter. But we have complications e.g.,
+ # the following jdb output can appear:
+ #
+ # 2) a[89] = 10
+ #
+ # The above form is an array assignment and not a prompt.
+ #
+ # 3) ^main[89] main[89] ...
+ #
+ # This occurs if the next cmd is one that causes no jdb output, e.g.,
+ # 'trace methods'.
+ #
+ # 4) ^main[89] [main[89]] .... > @
+ #
+ # jdb prints a > as a prompt after something like a cont.
+ # Thus, even though the above is the last 'line' in the file, it
+ # isn't the next prompt we are waiting for after the cont completes.
+ # HOWEVER, sometimes we see this for a cont command:
+ #
+ # ^main[89] $
+ # <lines output for hitting a bkpt>
+ #
+ # 5) ^main[89] > @
+ #
+ # i.e., the > prompt comes out AFTER the prompt we we need to wait for.
+ #
+ # So, how do we know when the next prompt has appeared??
+ # 1. Search for
+ # main[89] $
+ # This will handle cases 1, 2, 3
+ # 2. This leaves cases 4 and 5.
+ #
+ # What if we wait for 4 more chars to appear and then search for
+ #
+ # main[89] [>]$
+ #
+ # on the last line?
+ #
+ # a. if we are currently at
+ #
+ # ^main[89] main[89] @
+ #
+ # and a 'trace methods comes in, we will wait until at least
+ #
+ # ^main[89] main[89] main@
+ #
+ # and then the search will find the new prompt when it completes.
+ #
+ # b. if we are currently at
+ #
+ # ^main[89] main[89] @
+ #
+ # and the first form of cont comes in, then we will see
+ #
+ # ^main[89] main[89] > $
+ # ^x@
+ #
+ # where x is the first char of the msg output when the bkpt is hit
+ # and we will start our search, which will find the prompt
+ # when it comes out after the bkpt output, with or without the
+ # trailing >
+ #
+
+ # wait for 4 new chars to appear in the jdb output
count=0
+ desiredFileSize=`expr $fileSize + 4`
msg1=`echo At start: cmd/size/waiting : $* / $fileSize / \`date\``
while [ 1 = 1 ] ; do
newFileSize=`wc -c $jdbOutFile | awk '{ print $1 } '`
- if [ "$fileSize" != "$newFileSize" ] ; then
+ #echo jj: desired = $desiredFileSize, new = $newFileSize >& 2
+
+ done=`expr $newFileSize \>= $desiredFileSize`
+ if [ $done = 1 ] ; then
break
fi
sleep ${sleep_seconds}
@@ -573,14 +646,19 @@
echo "--DEBUG: jdb $$ didn't responded to command in $count secs: $*" >& 2
echo "--DEBUG:" $msg1 >& 2
echo "--DEBUG: "done size/waiting : / $newFileSize / `date` >& 2
- $psCmd | sed -e '/com.sun.javatest/d' -e '/nsk/d' >& 2
+ echo "-- $jdbOutFile follows-------------------------------" >& 2
+ cat $jdbOutFile >& 2
+ echo "------------------------------------------" >& 2
+ dojstack
+ #$psCmd | sed -e '/com.sun.javatest/d' -e '/nsk/d' >& 2
if [ $count = 60 ] ; then
dofail "jdb never responded to command: $*"
fi
fi
done
-
- waitForJdbMsg '^.*\[[0-9]*\] $' 1 allowExit
+ # Note that this assumes just these chars in thread names.
+ waitForJdbMsg '[a-zA-Z0-9_-][a-zA-Z0-9_-]*\[[1-9][0-9]*\] [ >]*$' \
+ 1 allowExit
}
setBkpts()
@@ -596,15 +674,19 @@
runToBkpt()
{
cmd run
+ # Don't need to do this - the above waits for the next prompt which comes out
+ # AFTER the Breakpoint hit message.
# Wait for jdb to hit the bkpt
- waitForJdbMsg "Breakpoint hit" 5
+ #waitForJdbMsg "Breakpoint hit" 5
}
contToBkpt()
{
cmd cont
+ # Don't need to do this - the above waits for the next prompt which comes out
+ # AFTER the Breakpoint hit message.
# Wait for jdb to hit the bkpt
- waitForJdbMsg "Breakpoint hit" 5
+ #waitForJdbMsg "Breakpoint hit" 5
}
@@ -618,7 +700,7 @@
nlines=$2
allowExit="$3"
myCount=0
- timeLimit=40 # wait a max of 40 secs for a response from a jdb command
+ timeLimit=40 # wait a max of this many secs for a response from a jdb command
while [ 1 = 1 ] ; do
if [ -r $jdbOutFile ] ; then
# Something here causes jdb to complain about Unrecognized cmd on x86.
@@ -654,8 +736,11 @@
myCount=`expr $myCount + ${sleep_seconds}`
if [ $myCount -gt $timeLimit ] ; then
+ echo "--Fail: waitForJdbMsg timed out after $timeLimit seconds, looking for /$1/, in $nlines lines; exitting" >> $failFile
+ echo "vv jdbOutFile vvvvvvvvvvvvvvvvvvvvvvvvvvvv" >& 2
+ cat $jdbOutFile >& 2
+ echo "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" >& 2
dojstack
- echo "--Fail: waitForJdbMsg timed out after $timeLimit seconds; exitting" >> $failFile
exit 1
fi
done
@@ -865,35 +950,29 @@
# get inserted into the string we are searching for
# so ignore those chars.
if [ -z "$3" ] ; then
- case "$2" in
- *\>*)
- # Target string contains a > so we better
- # not ignore it
- $grep -s "$2" $1 > $devnull 2>&1
- stat=$?
- ;;
- *)
- # Target string does not contain a >.
- # Ignore > and '> ' in the file.
- cat $1 | sed -e 's@> @@g' -e 's@>@@g' | $grep -s "$2" > $devnull 2>&1
- stat=$?
- esac
+ theCmd=cat
else
- case "$2" in
- *\>*)
- # Target string contains a > so we better
- # not ignore it
- tail -$3 $1 | $grep -s "$2" > $devnull 2>&1
- stat=$?
- ;;
- *)
- # Target string does not contain a >.
- # Ignore > and '> ' in the file.
- tail -$3 $1 | sed -e 's@> @@g' -e 's@>@@g' | $grep -s "$2" > $devnull 2>&1
- stat=$?
- ;;
- esac
+ theCmd="tail -$3"
fi
+ case "$2" in
+ *\>*)
+ # Target string contains a > so we better
+ # not ignore it
+ $theCmd $1 | $grep -s "$2" > $devnull 2>&1
+ return $?
+ ;;
+ esac
+ # Target string does not contain a >.
+ # Ignore > and '> ' in the file.
+ # NOTE: if $1 does not end with a new line, piping it to sed doesn't include the
+ # chars on the last line. Detect this case, and add a new line.
+ cp $1 $1.tmp
+ if [ `tail -1 $1.tmp | wc -l | sed -e 's@ @@g'` = 0 ] ; then
+ echo >> $1.tmp
+ fi
+ $theCmd $1.tmp | sed -e 's@> @@g' -e 's@>@@g' | $grep -s "$2" > $devnull 2>&1
+ stat=$?
+ rm -f $1.tmp
return $stat
}
--- a/jdk/test/com/sun/jdi/SimulResumerTest.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/SimulResumerTest.java Sun Nov 29 15:24:32 2009 -0800
@@ -30,7 +30,7 @@
*
* @run build TestScaffold VMConnection TargetListener TargetAdapter
* @run compile -g SimulResumerTest.java
- * @run main SimulResumerTest
+ * @run main/othervm SimulResumerTest
*/
import com.sun.jdi.*;
import com.sun.jdi.event.*;
--- a/jdk/test/com/sun/jdi/Solaris32AndSolaris64Test.sh Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/Solaris32AndSolaris64Test.sh Sun Nov 29 15:24:32 2009 -0800
@@ -164,10 +164,10 @@
if [ -n "${STANDALONE}" ] ; then
#if running standalone, compile the support files
${TESTJAVA}/bin/javac -d ${TESTCLASSES} \
- -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}." \
+ -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}${TESTSRC}" \
TestScaffold.java VMConnection.java TargetListener.java TargetAdapter.java
${TESTJAVA}/bin/javac -d ${TESTCLASSES} \
- -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}." -g \
+ -classpath "$TESTJAVA/lib/tools.jar${PATHSEP}${TESTSRC}" -g \
FetchLocals.java DataModelTest.java
fi
--- a/jdk/test/com/sun/jdi/VMConnection.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/VMConnection.java Sun Nov 29 15:24:32 2009 -0800
@@ -57,6 +57,7 @@
if (testClasses == null) {
return retVal;
}
+ retVal += "-classpath " + testClasses + " ";
File myFile = new File(testClasses, "@debuggeeVMOptions");
if (!myFile.canRead()) {
@@ -97,7 +98,7 @@
if (line.length() != 0 && !line.startsWith("#")) {
System.out.println("-- Added debuggeeVM options from file " +
wholePath + ": " + line);
- retVal = line;
+ retVal += line;
break;
}
// Else, read he next line.
--- a/jdk/test/com/sun/jdi/connect/spi/DebugUsingCustomConnector.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/connect/spi/DebugUsingCustomConnector.java Sun Nov 29 15:24:32 2009 -0800
@@ -28,7 +28,7 @@
* This tests launches a debuggee using a custom LaunchingConnector.
*
* @build DebugUsingCustomConnector SimpleLaunchingConnector Foo NullTransportService
- * @run main DebugUsingCustomConnector
+ * @run main/othervm DebugUsingCustomConnector
*/
import com.sun.jdi.*;
import com.sun.jdi.connect.*;
--- a/jdk/test/com/sun/jdi/connect/spi/GeneratedConnectors.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/connect/spi/GeneratedConnectors.java Sun Nov 29 15:24:32 2009 -0800
@@ -31,7 +31,7 @@
* created and that they have an "address" argument.
*
* @build GeneratedConnectors NullTransportService
- * @run main GeneratedConnectors
+ * @run main/othervm GeneratedConnectors
*/
import com.sun.jdi.*;
--- a/jdk/test/com/sun/jdi/connect/spi/SimpleLaunchingConnector.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/connect/spi/SimpleLaunchingConnector.java Sun Nov 29 15:24:32 2009 -0800
@@ -147,11 +147,15 @@
String arch = System.getProperty("os.arch");
if (arch.equals("sparcv9")) {
exe += "sparcv9/java";
+ } else if (arch.equals("amd64")) {
+ exe += "amd64/java";
} else {
exe += "java";
}
String cmd = exe + " -Xdebug -Xrunjdwp:transport=dt_socket,timeout=15000,address=" +
- key.address() + "" + className;
+ key.address() +
+ " -classpath " + System.getProperty("test.classes") +
+ " " + className;
Process process = Runtime.getRuntime().exec(cmd);
Connection conn = ts.accept(key, 30*1000, 9*1000);
ts.stopListening(key);
--- a/jdk/test/com/sun/jdi/redefine/RedefineTest.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/com/sun/jdi/redefine/RedefineTest.java Sun Nov 29 15:24:32 2009 -0800
@@ -34,7 +34,7 @@
* @run build TestScaffold VMConnection TargetListener TargetAdapter
* @run compile -g RedefineTest.java
* @run shell RedefineSetUp.sh
- * @run main RedefineTest
+ * @run main/othervm RedefineTest
*/
import com.sun.jdi.*;
import com.sun.jdi.event.*;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/com/sun/tracing/BasicWithSecurityMgr.java Sun Nov 29 15:24:32 2009 -0800
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/**
+ * @test
+ * @bug 6899605
+ * @summary Basic unit test for tracing framework with security manager
+ * enabled
+ */
+
+import com.sun.tracing.*;
+import java.lang.reflect.Method;
+
+@ProviderName("NamedProvider")
+interface BasicProvider extends Provider {
+ void plainProbe();
+ void probeWithArgs(int a, float f, String s, Long l);
+ @ProbeName("namedProbe") void probeWithName();
+ void overloadedProbe();
+ void overloadedProbe(int i);
+}
+
+interface InvalidProvider extends Provider {
+ int nonVoidProbe();
+}
+
+public class BasicWithSecurityMgr {
+
+ public static ProviderFactory factory;
+ public static BasicProvider bp;
+
+ public static void main(String[] args) throws Exception {
+ // enable security manager
+ System.setSecurityManager(new SecurityManager());
+
+ factory = ProviderFactory.getDefaultFactory();
+ if (factory != null) {
+ bp = factory.createProvider(BasicProvider.class);
+ }
+
+ testProviderFactory();
+ testProbe();
+ testProvider();
+ }
+
+ static void fail(String s) throws Exception {
+ throw new Exception(s);
+ }
+
+ static void testProviderFactory() throws Exception {
+ if (factory == null) {
+ fail("ProviderFactory.getDefaultFactory: Did not create factory");
+ }
+ if (bp == null) {
+ fail("ProviderFactory.createProvider: Did not create provider");
+ }
+ try {
+ factory.createProvider(null);
+ fail("ProviderFactory.createProvider: Did not throw NPE for null");
+ } catch (NullPointerException e) {}
+
+ try {
+ factory.createProvider(InvalidProvider.class);
+ fail("Factory.createProvider: Should error with non-void probes");
+ } catch (IllegalArgumentException e) {}
+ }
+
+ public static void testProvider() throws Exception {
+
+ // These just shouldn't throw any exeptions:
+ bp.plainProbe();
+ bp.probeWithArgs(42, (float)3.14, "spam", new Long(2L));
+ bp.probeWithArgs(42, (float)3.14, null, null);
+ bp.probeWithName();
+ bp.overloadedProbe();
+ bp.overloadedProbe(42);
+
+ Method m = BasicProvider.class.getMethod("plainProbe");
+ Probe p = bp.getProbe(m);
+ if (p == null) {
+ fail("Provider.getProbe: Did not return probe");
+ }
+
+ Method m2 = BasicWithSecurityMgr.class.getMethod("testProvider");
+ p = bp.getProbe(m2);
+ if (p != null) {
+ fail("Provider.getProbe: Got probe with invalid spec");
+ }
+
+ bp.dispose();
+ // These just shouldn't throw any exeptions:
+ bp.plainProbe();
+ bp.probeWithArgs(42, (float)3.14, "spam", new Long(2L));
+ bp.probeWithArgs(42, (float)3.14, null, null);
+ bp.probeWithName();
+ bp.overloadedProbe();
+ bp.overloadedProbe(42);
+
+ if (bp.getProbe(m) != null) {
+ fail("Provider.getProbe: Should return null after dispose()");
+ }
+
+ bp.dispose(); // just to make sure nothing bad happens
+ }
+
+ static void testProbe() throws Exception {
+ Method m = BasicProvider.class.getMethod("plainProbe");
+ Probe p = bp.getProbe(m);
+ p.isEnabled(); // just make sure it doesn't do anything bad
+ p.trigger();
+
+ try {
+ p.trigger(0);
+ fail("Probe.trigger: too many arguments not caught");
+ } catch (IllegalArgumentException e) {}
+
+ p = bp.getProbe(BasicProvider.class.getMethod(
+ "probeWithArgs", int.class, float.class, String.class, Long.class));
+ try {
+ p.trigger();
+ fail("Probe.trigger: too few arguments not caught");
+ } catch (IllegalArgumentException e) {}
+
+ try {
+ p.trigger((float)3.14, (float)3.14, "", new Long(0L));
+ fail("Probe.trigger: wrong type primitive arguments not caught");
+ } catch (IllegalArgumentException e) {}
+ }
+}
--- a/jdk/test/java/net/CookieHandler/TestHttpCookie.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/java/net/CookieHandler/TestHttpCookie.java Sun Nov 29 15:24:32 2009 -0800
@@ -24,7 +24,7 @@
/**
* @test
* @summary Unit test for java.net.HttpCookie
- * @bug 6244040 6277796 6277801 6277808 6294071 6692802 6790677
+ * @bug 6244040 6277796 6277801 6277808 6294071 6692802 6790677 6901170
* @author Edward Wang
*/
@@ -335,6 +335,9 @@
// bug 6277801
test("set-cookie: CUSTOMER=WILE_E_COYOTE; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT; path=\"/acme\"")
.n("CUSTOMER").v("WILE_E_COYOTE").p("/").ver(0);
+
+ // bug 6901170
+ test("set-cookie: CUSTOMER=WILE_E_COYOTE; version='1'").ver(1);
}
static void misc() {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/jgss/spnego/NoSpnegoAsDefMech.java Sun Nov 29 15:24:32 2009 -0800
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6770883
+ * @summary Infinite loop if SPNEGO specified as sun.security.jgss.mechanism
+ */
+
+import org.ietf.jgss.*;
+import sun.security.jgss.*;
+
+public class NoSpnegoAsDefMech {
+
+ public static void main(String[] argv) throws Exception {
+ System.setProperty("sun.security.jgss.mechanism", GSSUtil.GSS_SPNEGO_MECH_OID.toString());
+ try {
+ GSSManager.getInstance().createName("service@host", GSSName.NT_HOSTBASED_SERVICE, new Oid("1.3.6.1.5.5.2"));
+ } catch (GSSException e) {
+ // This is OK, for example, krb5.conf is missing or other problems
+ }
+ }
+}
--- a/jdk/test/sun/security/krb5/auto/Context.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/sun/security/krb5/auto/Context.java Sun Nov 29 15:24:32 2009 -0800
@@ -72,7 +72,7 @@
public class Context {
private Subject s;
- private GSSContext x;
+ private ExtendedGSSContext x;
private boolean f; // context established?
private String name;
private GSSCredential cred; // see static method delegated().
@@ -147,8 +147,8 @@
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
- me.x = m.createContext(
- target.indexOf('@') < 0 ?
+ me.x = (ExtendedGSSContext)m.createContext(
+ target.indexOf('@') < 0 ?
m.createName(target, null) :
m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
mech,
@@ -170,7 +170,7 @@
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
- me.x = m.createContext(m.createCredential(
+ me.x = (ExtendedGSSContext)m.createContext(m.createCredential(
null,
GSSCredential.INDEFINITE_LIFETIME,
mech,
@@ -193,7 +193,7 @@
*
* @return the GSSContext object
*/
- public GSSContext x() {
+ public ExtendedGSSContext x() {
return x;
}
@@ -255,6 +255,11 @@
if (x.getSequenceDetState()) {
sb.append("seq det, ");
}
+ if (x instanceof ExtendedGSSContext) {
+ if (((ExtendedGSSContext)x).getDelegPolicyState()) {
+ sb.append("deleg policy, ");
+ }
+ }
System.out.println("Context status of " + name + ": " + sb.toString());
System.out.println(x.getSrcName() + " -> " + x.getTargName());
} catch (Exception e) {
--- a/jdk/test/sun/security/krb5/auto/KDC.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/sun/security/krb5/auto/KDC.java Sun Nov 29 15:24:32 2009 -0800
@@ -63,6 +63,14 @@
* settings after calling a KDC method, call <code>Config.refresh()</code> to
* make sure your changes are reflected in the <code>Config</code> object.
* </ol>
+ * System properties recognized:
+ * <ul>
+ * <li>test.kdc.save.ccache
+ * </ul>
+ * Support policies:
+ * <ul>
+ * <li>ok-as-delegate
+ * </ul>
* Issues and TODOs:
* <ol>
* <li> Generates krb5.conf to be used on another machine, currently the kdc is
@@ -151,7 +159,7 @@
* A standalone KDC server.
*/
public static void main(String[] args) throws Exception {
- KDC kdc = create("RABBIT.HOLE", "kdc.rabbit,hole", 0, false);
+ KDC kdc = create("RABBIT.HOLE", "kdc.rabbit.hole", 0, false);
kdc.addPrincipal("dummy", "bogus".toCharArray());
kdc.addPrincipal("foo", "bar".toCharArray());
kdc.addPrincipalRandKey("krbtgt/RABBIT.HOLE");
@@ -426,14 +434,17 @@
* @throws sun.security.krb5.KrbException when the principal is not inside
* the database.
*/
- private char[] getPassword(PrincipalName p) throws KrbException {
+ private char[] getPassword(PrincipalName p, boolean server)
+ throws KrbException {
String pn = p.toString();
if (p.getRealmString() == null) {
pn = pn + "@" + getRealm();
}
char[] pass = passwords.get(pn);
if (pass == null) {
- throw new KrbException(Krb5.KDC_ERR_C_PRINCIPAL_UNKNOWN);
+ throw new KrbException(server?
+ Krb5.KDC_ERR_S_PRINCIPAL_UNKNOWN:
+ Krb5.KDC_ERR_C_PRINCIPAL_UNKNOWN);
}
return pass;
}
@@ -457,10 +468,12 @@
* Returns the key for a given principal of the given encryption type
* @param p the principal
* @param etype the encryption type
+ * @param server looking for a server principal?
* @return the key
* @throws sun.security.krb5.KrbException for unknown/unsupported etype
*/
- private EncryptionKey keyForUser(PrincipalName p, int etype) throws KrbException {
+ private EncryptionKey keyForUser(PrincipalName p, int etype, boolean server)
+ throws KrbException {
try {
// Do not call EncryptionKey.acquireSecretKeys(), otherwise
// the krb5.conf config file would be loaded.
@@ -469,22 +482,71 @@
Integer kvno = null;
// For service whose password ending with a number, use it as kvno
if (p.toString().indexOf('/') >= 0) {
- char[] pass = getPassword(p);
+ char[] pass = getPassword(p, server);
if (Character.isDigit(pass[pass.length-1])) {
kvno = pass[pass.length-1] - '0';
}
}
return new EncryptionKey((byte[]) stringToKey.invoke(
- null, getPassword(p), getSalt(p), null, etype),
+ null, getPassword(p, server), getSalt(p), null, etype),
etype, kvno);
} catch (InvocationTargetException ex) {
KrbException ke = (KrbException)ex.getCause();
throw ke;
+ } catch (KrbException ke) {
+ throw ke;
} catch (Exception e) {
throw new RuntimeException(e); // should not happen
}
}
+ private Map<String,String> policies = new HashMap<String,String>();
+
+ public void setPolicy(String rule, String value) {
+ if (value == null) {
+ policies.remove(rule);
+ } else {
+ policies.put(rule, value);
+ }
+ }
+ /**
+ * If the provided client/server pair matches a rule
+ *
+ * A system property named test.kdc.policy.RULE will be consulted.
+ * If it's unset, returns false. If its value is "", any pair is
+ * matched. Otherwise, it should contains the server name matched.
+ *
+ * TODO: client name is not used currently.
+ *
+ * @param c client name
+ * @param s server name
+ * @param rule rule name
+ * @return if a match is found
+ */
+ private boolean configMatch(String c, String s, String rule) {
+ String policy = policies.get(rule);
+ boolean result = false;
+ if (policy == null) {
+ result = false;
+ } else if (policy.length() == 0) {
+ result = true;
+ } else {
+ String[] names = policy.split("\\s+");
+ for (String name: names) {
+ if (name.equals(s)) {
+ result = true;
+ break;
+ }
+ }
+ }
+ if (result) {
+ System.out.printf(">>>> Policy match result (%s vs %s on %s) %b\n",
+ c, s, rule, result);
+ }
+ return result;
+ }
+
+
/**
* Processes an incoming request and generates a response.
* @param in the request
@@ -530,7 +592,7 @@
tkt = apReq.ticket;
etype = tkt.encPart.getEType();
tkt.sname.setRealm(tkt.realm);
- EncryptionKey kkey = keyForUser(tkt.sname, etype);
+ EncryptionKey kkey = keyForUser(tkt.sname, etype, true);
byte[] bb = tkt.encPart.decrypt(kkey, KeyUsage.KU_TICKET);
DerInputStream derIn = new DerInputStream(bb);
DerValue der = derIn.getDerValue();
@@ -541,7 +603,7 @@
throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
}
}
- EncryptionKey skey = keyForUser(body.sname, etype);
+ EncryptionKey skey = keyForUser(body.sname, etype, true);
if (skey == null) {
throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP); // TODO
}
@@ -581,6 +643,10 @@
if (body.kdcOptions.get(KDCOptions.ALLOW_POSTDATE)) {
bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true;
}
+
+ if (configMatch("", body.sname.getNameString(), "ok-as-delegate")) {
+ bFlags[Krb5.TKT_OPTS_DELEGATE] = true;
+ }
bFlags[Krb5.TKT_OPTS_INITIAL] = true;
TicketFlags tFlags = new TicketFlags(bFlags);
@@ -671,8 +737,8 @@
eTypes = (int[])f.get(body);
int eType = eTypes[0];
- EncryptionKey ckey = keyForUser(body.cname, eType);
- EncryptionKey skey = keyForUser(body.sname, eType);
+ EncryptionKey ckey = keyForUser(body.cname, eType, false);
+ EncryptionKey skey = keyForUser(body.sname, eType, true);
if (ckey == null) {
throw new KrbException(Krb5.KDC_ERR_ETYPE_NOSUPP);
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/OkAsDelegate.java Sun Nov 29 15:24:32 2009 -0800
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+import com.sun.security.jgss.ExtendedGSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.Oid;
+import sun.security.jgss.GSSUtil;
+import sun.security.krb5.Config;
+
+public class OkAsDelegate {
+
+ public static void main(String[] args)
+ throws Exception {
+ OkAsDelegate ok = new OkAsDelegate();
+ ok.go(
+ Boolean.valueOf(args[0]), // FORWARDABLE in krb5.conf on?
+ Boolean.valueOf(args[1]), // requestDelegState
+ Boolean.valueOf(args[2]), // requestDelegPolicyState
+ Boolean.valueOf(args[3]), // DelegState in response
+ Boolean.valueOf(args[4]), // DelegPolicyState in response
+ Boolean.valueOf(args[5]) // getDelegCred OK?
+ );
+ }
+
+ void go(
+ boolean forwardable,
+ boolean requestDelegState,
+ boolean requestDelegPolicyState,
+ boolean delegState,
+ boolean delegPolicyState,
+ boolean delegated
+ ) throws Exception {
+ OneKDC kdc = new OneKDC(null);
+ kdc.setPolicy("ok-as-delegate",
+ System.getProperty("test.kdc.policy.ok-as-delegate"));
+ kdc.writeJAASConf();
+ if (!forwardable) {
+ // The default OneKDC always includes "forwardable = true"
+ // in krb5.conf, override it.
+ KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
+ "default_keytab_name = " + OneKDC.KTAB);
+ Config.refresh();
+ }
+
+ Context c, s;
+ c = Context.fromJAAS("client");
+ s = Context.fromJAAS("server");
+
+ Oid mech = GSSUtil.GSS_KRB5_MECH_OID;
+ if (System.getProperty("test.spnego") != null) {
+ mech = GSSUtil.GSS_SPNEGO_MECH_OID;
+ }
+ c.startAsClient(OneKDC.SERVER, mech);
+ ExtendedGSSContext cx = (ExtendedGSSContext)c.x();
+ cx.requestCredDeleg(requestDelegState);
+ cx.requestDelegPolicy(requestDelegPolicyState);
+ s.startAsServer(mech);
+ ExtendedGSSContext sx = (ExtendedGSSContext)s.x();
+
+ Context.handshake(c, s);
+
+ if (cx.getCredDelegState() != delegState) {
+ throw new Exception("Initiator cred state error");
+ }
+ if (sx.getCredDelegState() != delegState) {
+ throw new Exception("Acceptor cred state error");
+ }
+ if (cx.getDelegPolicyState() != delegPolicyState) {
+ throw new Exception("Initiator cred policy state error");
+ }
+
+ GSSCredential cred = null;
+ try {
+ cred = s.x().getDelegCred();
+ } catch (GSSException e) {
+ // leave cred as null
+ }
+
+ if (delegated != (cred != null)) {
+ throw new Exception("get cred error");
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/OkAsDelegateXRealm.java Sun Nov 29 15:24:32 2009 -0800
@@ -0,0 +1,156 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+import com.sun.security.jgss.ExtendedGSSContext;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.security.Security;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import sun.security.jgss.GSSUtil;
+import sun.security.krb5.Config;
+
+public class OkAsDelegateXRealm implements CallbackHandler {
+
+ /**
+ * @param args boolean if the program should succeed
+ */
+ public static void main(String[] args)
+ throws Exception {
+
+ // Create and start the KDCs. Here we have 3 realms: R1, R2 and R3.
+ // R1 is trusted by R2, and R2 trusted by R3.
+ KDC kdc1 = KDC.create("R1");
+ kdc1.setPolicy("ok-as-delegate",
+ System.getProperty("test.kdc.policy.ok-as-delegate"));
+ kdc1.addPrincipal("dummy", "bogus".toCharArray());
+ kdc1.addPrincipalRandKey("krbtgt/R1");
+ kdc1.addPrincipal("krbtgt/R2@R1", "r1->r2".toCharArray());
+
+ KDC kdc2 = KDC.create("R2");
+ kdc2.setPolicy("ok-as-delegate",
+ System.getProperty("test.kdc.policy.ok-as-delegate"));
+ kdc2.addPrincipalRandKey("krbtgt/R2");
+ kdc2.addPrincipal("krbtgt/R2@R1", "r1->r2".toCharArray());
+ kdc2.addPrincipal("krbtgt/R3@R2", "r2->r3".toCharArray());
+
+ KDC kdc3 = KDC.create("R3");
+ kdc3.setPolicy("ok-as-delegate",
+ System.getProperty("test.kdc.policy.ok-as-delegate"));
+ kdc3.addPrincipalRandKey("krbtgt/R3");
+ kdc3.addPrincipal("krbtgt/R3@R2", "r2->r3".toCharArray());
+ kdc3.addPrincipalRandKey("host/host.r3.local");
+
+ KDC.saveConfig("krb5-localkdc.conf", kdc1, kdc2, kdc3,
+ "forwardable=true",
+ "[capaths]",
+ "R1 = {",
+ " R2 = .",
+ " R3 = R2",
+ "}",
+ "[domain_realm]",
+ ".r3.local=R3"
+ );
+
+ System.setProperty("java.security.krb5.conf", "krb5-localkdc.conf");
+ kdc3.writeKtab("localkdc.ktab");
+
+ FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
+
+ // Defines the client and server on R1 and R3 respectively.
+ fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
+ " com.sun.security.auth.module.Krb5LoginModule\n" +
+ " required\n" +
+ " principal=dummy\n" +
+ " doNotPrompt=false\n" +
+ " useTicketCache=false\n" +
+ " ;\n};\n" +
+ "com.sun.security.jgss.krb5.accept {\n" +
+ " com.sun.security.auth.module.Krb5LoginModule required\n" +
+ " principal=\"host/host.r3.local@R3\"\n" +
+ " useKeyTab=true\n" +
+ " keyTab=localkdc.ktab\n" +
+ " isInitiator=false\n" +
+ " storeKey=true;\n};\n" +
+ "\n").getBytes());
+ fos.close();
+
+ Security.setProperty("auth.login.defaultCallbackHandler",
+ "OkAsDelegateXRealm");
+
+ System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
+
+ new File("krb5-localkdc.conf").deleteOnExit();
+ new File("localkdc.ktab").deleteOnExit();
+ new File("jaas-localkdc.conf").deleteOnExit();
+ Config.refresh();
+
+ Context c = Context.fromJAAS("com.sun.security.jgss.krb5.initiate");
+ Context s = Context.fromJAAS("com.sun.security.jgss.krb5.accept");
+
+ // Test twice. The frist time the whole cross realm process is tried,
+ // the second time the cached service ticket is used. This is to make sure
+ // the behaviors are the same, especailly for the case when one of the
+ // cross-realm TGTs does not have OK-AS-DELEGATE on.
+
+ for (int i=0; i<2; i++) {
+ c.startAsClient("host@host.r3.local", GSSUtil.GSS_KRB5_MECH_OID);
+ s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
+ c.x().requestDelegPolicy(true);
+
+ Context.handshake(c, s);
+ boolean succeed = true;
+ try {
+ s.x().getDelegCred();
+ } catch (GSSException gsse) {
+ succeed = false;
+ }
+ if (succeed != Boolean.parseBoolean(args[0])) {
+ throw new Exception("Test fail at round #" + i);
+ }
+ }
+ }
+
+ @Override
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ if (callback instanceof NameCallback) {
+ ((NameCallback) callback).setName("dummy");
+ }
+ if (callback instanceof PasswordCallback) {
+ ((PasswordCallback) callback).setPassword("bogus".toCharArray());
+ }
+ }
+ }
+}
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/ok-as-delegate-xrealm.sh Sun Nov 29 15:24:32 2009 -0800
@@ -0,0 +1,79 @@
+#
+# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+# @test
+# @bug 6853328
+# @summary Support OK-AS-DELEGATE flag
+# @run shell/timeout=600 ok-as-delegate-xrealm.sh
+#
+
+if [ "${TESTSRC}" = "" ] ; then
+ TESTSRC=`dirname $0`
+fi
+
+if [ "${TESTJAVA}" = "" ] ; then
+ JAVAC_CMD=`which javac`
+ TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+ Windows_* )
+ FS="\\"
+ SEP=";"
+ ;;
+ CYGWIN* )
+ FS="/"
+ SEP=";"
+ ;;
+ * )
+ FS="/"
+ SEP=":"
+ ;;
+esac
+
+${TESTJAVA}${FS}bin${FS}javac -XDignore.symbol.file -d . \
+ ${TESTSRC}${FS}OkAsDelegateXRealm.java \
+ ${TESTSRC}${FS}KDC.java \
+ ${TESTSRC}${FS}OneKDC.java \
+ ${TESTSRC}${FS}Action.java \
+ ${TESTSRC}${FS}Context.java \
+ || exit 10
+
+# Add $TESTSRC to classpath so that customized nameservice can be used
+J="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}."
+
+# KDC no OK-AS-DELEGATE, fail
+$J OkAsDelegateXRealm false || exit 1
+
+# KDC set OK-AS-DELEGATE for all, succeed
+$J -Dtest.kdc.policy.ok-as-delegate OkAsDelegateXRealm true || exit 2
+
+# KDC set OK-AS-DELEGATE for host/host.r3.local only, fail
+$J -Dtest.kdc.policy.ok-as-delegate=host/host.r3.local OkAsDelegateXRealm false || exit 3
+
+# KDC set OK-AS-DELEGATE for all, succeed
+$J "-Dtest.kdc.policy.ok-as-delegate=host/host.r3.local krbtgt/R2 krbtgt/R3" OkAsDelegateXRealm true || exit 4
+
+exit 0
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/krb5/auto/ok-as-delegate.sh Sun Nov 29 15:24:32 2009 -0800
@@ -0,0 +1,118 @@
+#
+# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+# @test
+# @bug 6853328
+# @summary Support OK-AS-DELEGATE flag
+# @run shell/timeout=600 ok-as-delegate.sh
+#
+
+if [ "${TESTSRC}" = "" ] ; then
+ TESTSRC=`dirname $0`
+fi
+
+if [ "${TESTJAVA}" = "" ] ; then
+ JAVAC_CMD=`which javac`
+ TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+ Windows_* )
+ FS="\\"
+ SEP=";"
+ ;;
+ CYGWIN* )
+ FS="/"
+ SEP=";"
+ ;;
+ * )
+ FS="/"
+ SEP=":"
+ ;;
+esac
+
+${TESTJAVA}${FS}bin${FS}javac -XDignore.symbol.file -d . \
+ ${TESTSRC}${FS}OkAsDelegate.java \
+ ${TESTSRC}${FS}KDC.java \
+ ${TESTSRC}${FS}OneKDC.java \
+ ${TESTSRC}${FS}Action.java \
+ ${TESTSRC}${FS}Context.java \
+ || exit 10
+
+# Testing Kerberos 5
+
+# Add $TESTSRC to classpath so that customized nameservice can be used
+J="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}. OkAsDelegate"
+JOK="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}. -Dtest.kdc.policy.ok-as-delegate OkAsDelegate"
+
+# FORWARDABLE ticket not allowed, always fail
+$J false true true false false false || exit 1
+
+# Service ticket no OK-AS-DELEGATE
+
+# Request nothing, gain nothing
+$J true false false false false false || exit 2
+# Request deleg policy, gain nothing
+$J true false true false false false || exit 3
+# Request deleg, granted
+$J true true false true false true || exit 4
+# Request deleg and deleg policy, granted, with info not by policy
+$J true true true true false true || exit 5
+
+# Service ticket has OK-AS-DELEGATE
+
+# Request deleg policy, granted
+$JOK true false true true true true || exit 6
+# Request deleg and deleg policy, granted, with info by policy
+$JOK true true true true true true || exit 7
+
+# Testing SPNEGO
+
+# Add $TESTSRC to classpath so that customized nameservice can be used
+J="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}. -Dtest.spnego OkAsDelegate"
+JOK="${TESTJAVA}${FS}bin${FS}java -cp $TESTSRC${SEP}. -Dtest.spnego -Dtest.kdc.policy.ok-as-delegate OkAsDelegate"
+
+# FORWARDABLE ticket not allowed, always fail
+$J false true true false false false || exit 11
+
+# Service ticket no OK-AS-DELEGATE
+
+# Request nothing, gain nothing
+$J true false false false false false || exit 12
+# Request deleg policy, gain nothing
+$J true false true false false false || exit 13
+# Request deleg, granted
+$J true true false true false true || exit 14
+# Request deleg and deleg policy, granted, with info not by policy
+$J true true true true false true || exit 15
+
+# Service ticket has OK-AS-DELEGATE
+
+# Request deleg policy, granted
+$JOK true false true true true true || exit 16
+# Request deleg and deleg policy, granted, with info by policy
+$JOK true true true true true true || exit 17
+
+exit 0
--- a/jdk/test/sun/tools/jhat/HatRun.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/sun/tools/jhat/HatRun.java Sun Nov 29 15:24:32 2009 -0800
@@ -186,11 +186,13 @@
*/
int nvm_options = 0;
if ( vm_options != null ) nvm_options = vm_options.length;
- String cmd[] = new String[1 + (d64?1:0) + 5 + nvm_options];
+ String cmd[] = new String[1 + (d64?1:0) + 7 + nvm_options];
int i,j;
i = 0;
cmd[i++] = java;
+ cmd[i++] = "-cp";
+ cmd[i++] = cdir;
cmd[i++] = "-Dtest.classes=" + cdir;
if ( d64 ) {
cmd[i++] = "-d64";
--- a/jdk/test/sun/tools/native2ascii/NativeErrors.java Tue Nov 24 18:12:46 2009 -0800
+++ b/jdk/test/sun/tools/native2ascii/NativeErrors.java Sun Nov 29 15:24:32 2009 -0800
@@ -59,15 +59,28 @@
in = new BufferedReader(new InputStreamReader(p.getInputStream()));
checkResult(in, "err.bad.arg");
- command = getComString("test123");
+ File f0 = new File(System.getProperty("test.src", "."), "test123");
+ String path0 = f0.getPath();
+ if ( f0.exists() ) {
+ throw new Error("Input file should not exist: " + path0);
+ }
+
+ command = getComString(path0);
p = Runtime.getRuntime().exec(command);
in = new BufferedReader(new InputStreamReader(p.getInputStream()));
checkResult(in, "err.cannot.read");
File f1 = new File(System.getProperty("test.src", "."), "test1");
- File f2 = new File(System.getProperty("test.src", "."), "test2");
+ File f2 = File.createTempFile("test2", ".tmp");
String path1 = f1.getPath();
String path2 = f2.getPath();
+ if ( !f1.exists() ) {
+ throw new Error("Missing input file: " + path1);
+ }
+ if ( !f2.setWritable(false) ) {
+ throw new Error("Output file cannot be made read only: " + path2);
+ }
+ f2.deleteOnExit();
command = getComString(path1, path2);
p = Runtime.getRuntime().exec(command);
@@ -80,7 +93,9 @@
throws Exception {
String errorReceived;
errorReceived = in.readLine();
+ assert errorReceived != null : "First readline cannot be null";
errorExpected = rsrc.getString(errorExpected);
+ assert errorExpected != null : "Expected message cannot be null";
StringBuffer error = new StringBuffer(errorExpected);
int start = errorExpected.indexOf("{0}");
if (start >= 0) {
@@ -128,6 +143,7 @@
f = new File(path);
if (!f.exists())
throw new RuntimeException("Cannot find native2ascii at "+path);
+ System.out.println("Using native2ascii at "+path);
}
return path;
}
--- a/jdk/test/sun/tools/native2ascii/test2 Tue Nov 24 18:12:46 2009 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-This file exists as a non-writable placeholder for NativeErrors.java