--- a/jdk/src/share/classes/java/net/Inet6Address.java Tue Jul 22 11:40:06 2008 -0700
+++ b/jdk/src/share/classes/java/net/Inet6Address.java Wed Jul 23 12:16:28 2008 -0700
@@ -25,12 +25,9 @@
package java.net;
-import java.security.AccessController;
import java.io.ObjectInputStream;
import java.io.IOException;
-import java.io.ObjectStreamException;
import java.io.InvalidObjectException;
-import sun.security.action.*;
import java.util.Enumeration;
/**
@@ -358,13 +355,13 @@
}
private int deriveNumericScope (NetworkInterface ifc) throws UnknownHostException {
- Enumeration addresses = ifc.getInetAddresses();
+ Enumeration<InetAddress> addresses = ifc.getInetAddresses();
while (addresses.hasMoreElements()) {
- InetAddress address = (InetAddress)addresses.nextElement();
- if (!(address instanceof Inet6Address)) {
+ InetAddress addr = addresses.nextElement();
+ if (!(addr instanceof Inet6Address)) {
continue;
}
- Inet6Address ia6_addr = (Inet6Address)address;
+ Inet6Address ia6_addr = (Inet6Address)addr;
/* check if site or link local prefixes match */
if (!differentLocalAddressTypes(ia6_addr)){
/* type not the same, so carry on searching */
@@ -377,22 +374,22 @@
}
private int deriveNumericScope (String ifname) throws UnknownHostException {
- Enumeration en;
+ Enumeration<NetworkInterface> en;
try {
en = NetworkInterface.getNetworkInterfaces();
} catch (SocketException e) {
throw new UnknownHostException ("could not enumerate local network interfaces");
}
while (en.hasMoreElements()) {
- NetworkInterface ifc = (NetworkInterface)en.nextElement();
+ NetworkInterface ifc = en.nextElement();
if (ifc.getName().equals (ifname)) {
Enumeration addresses = ifc.getInetAddresses();
while (addresses.hasMoreElements()) {
- InetAddress address = (InetAddress)addresses.nextElement();
- if (!(address instanceof Inet6Address)) {
+ InetAddress addr = (InetAddress)addresses.nextElement();
+ if (!(addr instanceof Inet6Address)) {
continue;
}
- Inet6Address ia6_addr = (Inet6Address)address;
+ Inet6Address ia6_addr = (Inet6Address)addr;
/* check if site or link local prefixes match */
if (!differentLocalAddressTypes(ia6_addr)){
/* type not the same, so carry on searching */
@@ -420,21 +417,22 @@
if (ifname != null && !"".equals (ifname)) {
try {
scope_ifname = NetworkInterface.getByName(ifname);
- try {
- scope_id = deriveNumericScope (scope_ifname);
- } catch (UnknownHostException e) {
- // should not happen
- assert false;
+ if (scope_ifname == null) {
+ /* the interface does not exist on this system, so we clear
+ * the scope information completely */
+ scope_id_set = false;
+ scope_ifname_set = false;
+ scope_id = 0;
+ } else {
+ try {
+ scope_id = deriveNumericScope (scope_ifname);
+ } catch (UnknownHostException e) {
+ // should not happen
+ assert false;
+ }
}
} catch (SocketException e) {}
- if (scope_ifname == null) {
- /* the interface does not exist on this system, so we clear
- * the scope information completely */
- scope_id_set = false;
- scope_ifname_set = false;
- scope_id = 0;
- }
}
/* if ifname was not supplied, then the numeric info is used */
@@ -460,6 +458,7 @@
* an IP multicast address
* @since JDK1.1
*/
+ @Override
public boolean isMulticastAddress() {
return ((ipaddress[0] & 0xff) == 0xff);
}
@@ -470,6 +469,7 @@
* a wildcard address.
* @since 1.4
*/
+ @Override
public boolean isAnyLocalAddress() {
byte test = 0x00;
for (int i = 0; i < INADDRSZ; i++) {
@@ -485,6 +485,7 @@
* a loopback address; or false otherwise.
* @since 1.4
*/
+ @Override
public boolean isLoopbackAddress() {
byte test = 0x00;
for (int i = 0; i < 15; i++) {
@@ -500,6 +501,7 @@
* a link local address; or false if address is not a link local unicast address.
* @since 1.4
*/
+ @Override
public boolean isLinkLocalAddress() {
return ((ipaddress[0] & 0xff) == 0xfe
&& (ipaddress[1] & 0xc0) == 0x80);
@@ -512,6 +514,7 @@
* a site local address; or false if address is not a site local unicast address.
* @since 1.4
*/
+ @Override
public boolean isSiteLocalAddress() {
return ((ipaddress[0] & 0xff) == 0xfe
&& (ipaddress[1] & 0xc0) == 0xc0);
@@ -525,6 +528,7 @@
* of global scope or it is not a multicast address
* @since 1.4
*/
+ @Override
public boolean isMCGlobal() {
return ((ipaddress[0] & 0xff) == 0xff
&& (ipaddress[1] & 0x0f) == 0x0e);
@@ -538,6 +542,7 @@
* of node-local scope or it is not a multicast address
* @since 1.4
*/
+ @Override
public boolean isMCNodeLocal() {
return ((ipaddress[0] & 0xff) == 0xff
&& (ipaddress[1] & 0x0f) == 0x01);
@@ -551,6 +556,7 @@
* of link-local scope or it is not a multicast address
* @since 1.4
*/
+ @Override
public boolean isMCLinkLocal() {
return ((ipaddress[0] & 0xff) == 0xff
&& (ipaddress[1] & 0x0f) == 0x02);
@@ -564,6 +570,7 @@
* of site-local scope or it is not a multicast address
* @since 1.4
*/
+ @Override
public boolean isMCSiteLocal() {
return ((ipaddress[0] & 0xff) == 0xff
&& (ipaddress[1] & 0x0f) == 0x05);
@@ -578,6 +585,7 @@
* or it is not a multicast address
* @since 1.4
*/
+ @Override
public boolean isMCOrgLocal() {
return ((ipaddress[0] & 0xff) == 0xff
&& (ipaddress[1] & 0x0f) == 0x08);
@@ -590,6 +598,7 @@
*
* @return the raw IP address of this object.
*/
+ @Override
public byte[] getAddress() {
return ipaddress.clone();
}
@@ -624,6 +633,7 @@
*
* @return the raw IP address in a string format.
*/
+ @Override
public String getHostAddress() {
String s = numericToTextFormat(ipaddress);
if (scope_ifname_set) { /* must check this first */
@@ -639,6 +649,7 @@
*
* @return a hash code value for this IP address.
*/
+ @Override
public int hashCode() {
if (ipaddress != null) {
@@ -677,6 +688,7 @@
* <code>false</code> otherwise.
* @see java.net.InetAddress#getAddress()
*/
+ @Override
public boolean equals(Object obj) {
if (obj == null ||
!(obj instanceof Inet6Address))
--- a/jdk/src/share/classes/sun/net/ftp/FtpClient.java Tue Jul 22 11:40:06 2008 -0700
+++ b/jdk/src/share/classes/sun/net/ftp/FtpClient.java Wed Jul 23 12:16:28 2008 -0700
@@ -352,6 +352,9 @@
s = new Socket(Proxy.NO_PROXY);
} else
s = new Socket();
+ // Bind the socket to the same address as the control channel. This
+ // is needed in case of multi-homed systems.
+ s.bind(new InetSocketAddress(serverSocket.getLocalAddress(),0));
if (connectTimeout >= 0) {
s.connect(dest, connectTimeout);
} else {
@@ -417,8 +420,10 @@
// since we can't accept a connection through SOCKS (yet)
// throw an exception
throw new FtpProtocolException("Passive mode failed");
- } else
- portSocket = new ServerSocket(0, 1);
+ }
+ // Bind the ServerSocket to the same address as the control channel
+ // This is needed for multi-homed systems
+ portSocket = new ServerSocket(0, 1, serverSocket.getLocalAddress());
try {
myAddress = portSocket.getInetAddress();
if (myAddress.isAnyLocalAddress())
--- a/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java Tue Jul 22 11:40:06 2008 -0700
+++ b/jdk/src/share/classes/sun/net/httpserver/ServerImpl.java Wed Jul 23 12:16:28 2008 -0700
@@ -120,14 +120,8 @@
if (executor == null) {
executor = new DefaultExecutor();
}
+ Thread t = new Thread (dispatcher);
started = true;
- final Dispatcher d = dispatcher;
- Thread t = AccessController.doPrivileged(new PrivilegedAction<Thread>() {
- public Thread run() {
- Thread t = new Thread (d);
- return t;
- }
- });
t.start();
}
@@ -355,10 +349,8 @@
}
}
}
- } catch (CancelledKeyException e) {
+ } catch (Exception e) {
logger.log (Level.FINER, "Dispatcher (3)", e);
- } catch (IOException e) {
- logger.log (Level.FINER, "Dispatcher (4)", e);
}
}
}
@@ -370,10 +362,10 @@
Exchange t = new Exchange (chan, protocol, conn);
executor.execute (t);
} catch (HttpError e1) {
- logger.log (Level.FINER, "Dispatcher (5)", e1);
+ logger.log (Level.FINER, "Dispatcher (4)", e1);
conn.close();
} catch (IOException e) {
- logger.log (Level.FINER, "Dispatcher (6)", e);
+ logger.log (Level.FINER, "Dispatcher (5)", e);
conn.close();
}
}
--- a/jdk/src/share/classes/sun/security/tools/KeyTool.java Tue Jul 22 11:40:06 2008 -0700
+++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java Wed Jul 23 12:16:28 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,35 +26,23 @@
package sun.security.tools;
import java.io.*;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.InvalidParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
import java.security.Key;
import java.security.PublicKey;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
-import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.Principal;
import java.security.Provider;
import java.security.Identity;
-import java.security.Signer;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.DSAPublicKey;
-import java.security.interfaces.RSAPrivateCrtKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
import java.text.Collator;
import java.text.MessageFormat;
import java.util.*;
@@ -62,7 +50,6 @@
import java.net.URL;
import java.net.URLClassLoader;
-import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import sun.security.util.ObjectIdentifier;
import sun.security.pkcs.PKCS10;
@@ -72,11 +59,16 @@
import sun.security.provider.X509Factory;
import sun.security.util.DerOutputStream;
import sun.security.util.Password;
-import sun.security.util.Resources;
import sun.security.util.PathList;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
import sun.security.x509.*;
import static java.security.KeyStore.*;
@@ -132,6 +124,7 @@
private String ksfname = null;
private File ksfile = null;
private InputStream ksStream = null; // keystore stream
+ private String sslserver = null;
private KeyStore keyStore = null;
private boolean token = false;
private boolean nullStream = false;
@@ -347,6 +340,9 @@
} else if (collator.compare(flags, "-file") == 0) {
if (++i == args.length) errorNeedArgument(flags);
filename = args[i];
+ } else if (collator.compare(flags, "-sslserver") == 0) {
+ if (++i == args.length) errorNeedArgument(flags);
+ sslserver = args[i];
} else if (collator.compare(flags, "-srckeystore") == 0) {
if (++i == args.length) errorNeedArgument(flags);
srcksfname = args[i];
@@ -924,17 +920,7 @@
doPrintEntries(out);
}
} else if (command == PRINTCERT) {
- InputStream inStream = System.in;
- if (filename != null) {
- inStream = new FileInputStream(filename);
- }
- try {
- doPrintCert(inStream, out);
- } finally {
- if (inStream != System.in) {
- inStream.close();
- }
- }
+ doPrintCert(out);
} else if (command == SELFCERT) {
doSelfCert(alias, dname, sigAlgName);
kssave = true;
@@ -1744,7 +1730,7 @@
* Reads a certificate (or certificate chain) and prints its contents in
* a human readbable format.
*/
- private void doPrintCert(InputStream in, PrintStream out)
+ private void printCertFromStream(InputStream in, PrintStream out)
throws Exception
{
Collection<? extends Certificate> c = null;
@@ -1770,13 +1756,98 @@
Object[] source = {new Integer(i + 1)};
out.println(form.format(source));
}
- printX509Cert(x509Cert, out);
+ if (rfc) dumpCert(x509Cert, out);
+ else printX509Cert(x509Cert, out);
if (i < (certs.length-1)) {
out.println();
}
}
}
+ private void doPrintCert(final PrintStream out) throws Exception {
+ if (sslserver != null) {
+ SSLContext sc = SSLContext.getInstance("SSL");
+ final boolean[] certPrinted = new boolean[1];
+ sc.init(null, new TrustManager[] {
+ new X509TrustManager() {
+
+ public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+
+ public void checkClientTrusted(
+ java.security.cert.X509Certificate[] certs, String authType) {
+ }
+
+ public void checkServerTrusted(
+ java.security.cert.X509Certificate[] certs, String authType) {
+ for (int i=0; i<certs.length; i++) {
+ X509Certificate cert = certs[i];
+ try {
+ if (rfc) {
+ dumpCert(cert, out);
+ } else {
+ out.println("Certificate #" + i);
+ out.println("====================================");
+ printX509Cert(cert, out);
+ out.println();
+ }
+ } catch (Exception e) {
+ if (debug) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+ // Set to true where there's something to print
+ if (certs.length > 0) {
+ certPrinted[0] = true;
+ }
+ }
+ }
+ }, null);
+ HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+ HttpsURLConnection.setDefaultHostnameVerifier(
+ new HostnameVerifier() {
+ public boolean verify(String hostname, SSLSession session) {
+ return true;
+ }
+ });
+ // HTTPS instead of raw SSL, so that -Dhttps.proxyHost and
+ // -Dhttps.proxyPort can be used. Since we only go through
+ // the handshake process, an HTTPS server is not needed.
+ // This program should be able to deal with any SSL-based
+ // network service.
+ Exception ex = null;
+ try {
+ new URL("https://" + sslserver).openConnection().connect();
+ } catch (Exception e) {
+ ex = e;
+ }
+ // If the certs are not printed out, we consider it an error even
+ // if the URL connection is successful.
+ if (!certPrinted[0]) {
+ Exception e = new Exception(
+ rb.getString("No certificate from the SSL server"));
+ if (ex != null) {
+ e.initCause(ex);
+ }
+ throw e;
+ }
+ } else {
+ InputStream inStream = System.in;
+ if (filename != null) {
+ inStream = new FileInputStream(filename);
+ }
+ try {
+ printCertFromStream(inStream, out);
+ } finally {
+ if (inStream != System.in) {
+ inStream.close();
+ }
+ }
+ }
+ }
/**
* Creates a self-signed certificate, and stores it as a single-element
* certificate chain.
@@ -3127,7 +3198,7 @@
System.err.println();
System.err.println(rb.getString
- ("-printcert [-v] [-file <cert_file>]"));
+ ("-printcert [-v] [-rfc] [-file <cert_file> | -sslserver <host[:port]>]"));
System.err.println();
System.err.println(rb.getString
--- a/jdk/src/share/classes/sun/security/util/Resources.java Tue Jul 22 11:40:06 2008 -0700
+++ b/jdk/src/share/classes/sun/security/util/Resources.java Wed Jul 23 12:16:28 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2005 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -386,8 +386,10 @@
{"\t [-alias <alias>]", "\t [-alias <alias>]"},
/** rest is same as -certreq starting from -keystore **/
- {"-printcert [-v] [-file <cert_file>]",
- "-printcert [-v] [-file <cert_file>]"},
+ {"-printcert [-v] [-rfc] [-file <cert_file> | -sslserver <host[:port]>]",
+ "-printcert [-v] [-rfc] [-file <cert_file> | -sslserver <host[:port]>]"},
+ {"No certificate from the SSL server",
+ "No certificate from the SSL server"},
//{"-selfcert [-v] [-protected]",
// "-selfcert [-v] [-protected]"},
--- a/jdk/src/windows/native/java/net/NetworkInterface.h Tue Jul 22 11:40:06 2008 -0700
+++ b/jdk/src/windows/native/java/net/NetworkInterface.h Wed Jul 23 12:16:28 2008 -0700
@@ -26,6 +26,7 @@
#ifndef NETWORK_INTERFACE_H
#define NETWORK_INTERFACE_H
+#include <iphlpapi.h>
#include "net_util.h"
/*
@@ -86,6 +87,12 @@
extern jfieldID ni_ibbroadcastID; /* InterfaceAddress.broadcast */
extern jfieldID ni_ibmaskID; /* InterfaceAddress.maskLength */
+/* We have included iphlpapi.h which includes iptypes.h which has the definition
+ * for MAX_ADAPTER_DESCRIPTION_LENGTH (along with the other definitions in this
+ * ifndef block). Therefore if MAX_ADAPTER_DESCRIPTION_LENGTH is defined we can
+ * be sure that the other definitions are also defined */
+#ifndef MAX_ADAPTER_DESCRIPTION_LENGTH
+
/*
* Following includes come from iptypes.h
*/
@@ -372,6 +379,7 @@
UINT EnableProxy;
UINT EnableDns;
} FIXED_INFO, *PFIXED_INFO;
+#endif /*!MAX_ADAPTER_DESCRIPTION_LENGTH*/
#ifndef IP_INTERFACE_NAME_INFO_DEFINED
#define IP_INTERFACE_NAME_INFO_DEFINED
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/net/Inet6Address/serialize/Readme.txt Wed Jul 23 12:16:28 2008 -0700
@@ -0,0 +1,6 @@
+This test uses 2 binary data files that were each created by serializing an Inet6Address instance.
+In both cases this has to do with the tricky issue of scopes in serialized addresses.
+
+serial1.4.2.ser: Was created by serializing an Inet6Address (::1) with J2SE 1.4.2 and is used to check for backward compatibility.
+
+serial-bge0.ser: Was created on a Sparc workstation because it has an uncommon interface name ('bge0') which is useful for the test.
--- a/jdk/test/java/net/Inet6Address/serialize/Serialize.java Tue Jul 22 11:40:06 2008 -0700
+++ b/jdk/test/java/net/Inet6Address/serialize/Serialize.java Wed Jul 23 12:16:28 2008 -0700
@@ -24,7 +24,9 @@
/**
* @test
* @bug 4921029
+ * @bug 6656849
* @summary java.net.Inet6Address fails to be serialized with IPv6 support
+ * @summary NullPointerException thrown while de-serializing IPV6 Address.
*/
import java.net.*;
@@ -76,11 +78,20 @@
System.out.println(nobj);
- // create an address with an unlikely numeric scope_id
- if (!test ((Inet6Address)InetAddress.getByName ("fe80::1%99"))) {
- throw new RuntimeException ("test failed on fe80::1%99");
- }
+ // create an address with an unlikely numeric scope_id
+ if (!test ((Inet6Address)InetAddress.getByName ("fe80::1%99"))) {
+ throw new RuntimeException ("test failed on fe80::1%99");
+ }
+ // Deserialize an Inet6 address with a named interface
+ file = new File (System.getProperty("test.src"), "serial-bge0.ser");
+ ois = new ObjectInputStream(new FileInputStream(file));
+ try {
+ nobj = (Inet6Address) ois.readObject();
+ } catch (NullPointerException e) {
+ throw new RuntimeException("6656849 Not fixed: NullPointer when deserializing");
+ }
+ System.out.println(nobj);
System.out.println("All tests passed");
}
@@ -97,8 +108,5 @@
} else {
return false;
}
-
-
}
-
}
Binary file jdk/test/java/net/Inet6Address/serialize/serial-bge0.ser has changed
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/tools/keytool/PrintSSL.java Wed Jul 23 12:16:28 2008 -0700
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+// Read printssl.sh, this Java program starts an SSL server
+
+import java.net.ServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
+
+public class PrintSSL {
+ public static void main(String[] args) throws Exception {
+ System.setProperty("javax.net.ssl.keyStorePassword", "passphrase");
+ System.setProperty("javax.net.ssl.keyStore",
+ System.getProperty("test.src", "./") + "/../../ssl/etc/keystore");
+ SSLServerSocketFactory sslssf =
+ (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
+ final ServerSocket server = sslssf.createServerSocket(0);
+ System.out.println(server.getLocalPort());
+ System.out.flush();
+ Thread t = new Thread() {
+ public void run() {
+ try {
+ Thread.sleep(30000);
+ server.close();
+ } catch (Exception e) {
+ ;
+ }
+ throw new RuntimeException("Timeout");
+ }
+ };
+ t.setDaemon(true);
+ t.start();
+ ((SSLSocket)server.accept()).startHandshake();
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/tools/keytool/printssl.sh Wed Jul 23 12:16:28 2008 -0700
@@ -0,0 +1,58 @@
+#
+# Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+# @test
+# @bug 6480981
+# @summary keytool should be able to import certificates from remote SSL servers
+
+if [ "${TESTSRC}" = "" ] ; then
+ TESTSRC="."
+fi
+if [ "${TESTJAVA}" = "" ] ; then
+ echo "TESTJAVA not set. Test cannot execute."
+ echo "FAILED!!!"
+ exit 1
+fi
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+ SunOS | Linux )
+ FS="/"
+ ;;
+ Windows_* )
+ FS="\\"
+ ;;
+ * )
+ echo "Unrecognized operating system!"
+ exit 1;
+ ;;
+esac
+
+${TESTJAVA}${FS}bin${FS}javac -d . ${TESTSRC}${FS}PrintSSL.java || exit 10
+${TESTJAVA}${FS}bin${FS}java -Dtest.src=$TESTSRC PrintSSL | ( read PORT; ${TESTJAVA}${FS}bin${FS}keytool -printcert -sslserver localhost:$PORT )
+status=$?
+
+rm PrintSSL*.class
+
+exit $status