--- a/jdk/src/share/classes/java/net/HttpCookie.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/java/net/HttpCookie.java Mon Sep 15 00:41:02 2008 -0700
@@ -75,6 +75,7 @@
private String path; // Path=VALUE ... URLs that see the cookie
private String portlist; // Port[="portlist"] ... the port cookie may be returned to
private boolean secure; // Secure ... e.g. use SSL
+ private boolean httpOnly; // HttpOnly ... i.e. not accessible to scripts
private int version = 1; // Version=1 ... RFC 2965 style
//
@@ -656,6 +657,32 @@
version = v;
}
+ /**
+ * Returns {@code true} if this cookie contains the <i>HttpOnly</i>
+ * attribute. This means that the cookie should not be accessible to
+ * scripting engines, like javascript.
+ *
+ * @return {@code true} if this cookie should be considered http only.
+ * @see #setHttpOnly(boolean)
+ */
+ public boolean isHttpOnly()
+ {
+ return httpOnly;
+ }
+
+ /**
+ * Indicates whether the cookie should be considered HTTP Only. If set to
+ * {@code true} it means the cookie should not be accessible to scripting
+ * engines like javascript.
+ *
+ * @param httpOnly if {@code true} make the cookie HTTP only, i.e.
+ * only visible as part of an HTTP request.
+ * @see #isHttpOnly()
+ */
+ public void setHttpOnly(boolean httpOnly)
+ {
+ this.httpOnly = httpOnly;
+ }
/**
* The utility method to check whether a host name is in a domain
@@ -877,6 +904,7 @@
|| name.equalsIgnoreCase("Port") // rfc2965 only
|| name.equalsIgnoreCase("Secure")
|| name.equalsIgnoreCase("Version")
+ || name.equalsIgnoreCase("HttpOnly")
|| name.charAt(0) == '$')
{
return true;
@@ -996,6 +1024,11 @@
cookie.setSecure(true);
}
});
+ assignors.put("httponly", new CookieAttributeAssignor(){
+ public void assign(HttpCookie cookie, String attrName, String attrValue) {
+ cookie.setHttpOnly(true);
+ }
+ });
assignors.put("version", new CookieAttributeAssignor(){
public void assign(HttpCookie cookie, String attrName, String attrValue) {
try {
--- a/jdk/src/share/classes/java/security/cert/CertPathValidatorException.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/java/security/cert/CertPathValidatorException.java Mon Sep 15 00:41:02 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2005 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,9 @@
package java.security.cert;
+import java.io.InvalidObjectException;
+import java.io.IOException;
+import java.io.ObjectInputStream;
import java.security.GeneralSecurityException;
/**
@@ -36,10 +39,11 @@
* if any, that caused this exception to be thrown.
* <p>
* A <code>CertPathValidatorException</code> may also include the
- * certification path that was being validated when the exception was thrown
- * and the index of the certificate in the certification path that caused the
- * exception to be thrown. Use the {@link #getCertPath getCertPath} and
- * {@link #getIndex getIndex} methods to retrieve this information.
+ * certification path that was being validated when the exception was thrown,
+ * the index of the certificate in the certification path that caused the
+ * exception to be thrown, and the reason that caused the failure. Use the
+ * {@link #getCertPath getCertPath}, {@link #getIndex getIndex}, and
+ * {@link #getReason getReason} methods to retrieve this information.
*
* <p>
* <b>Concurrent Access</b>
@@ -72,11 +76,16 @@
private CertPath certPath;
/**
+ * @serial the reason the validation failed
+ */
+ private Reason reason = BasicReason.UNSPECIFIED;
+
+ /**
* Creates a <code>CertPathValidatorException</code> with
* no detail message.
*/
public CertPathValidatorException() {
- super();
+ this(null, null);
}
/**
@@ -87,7 +96,7 @@
* @param msg the detail message
*/
public CertPathValidatorException(String msg) {
- super(msg);
+ this(msg, null);
}
/**
@@ -104,7 +113,7 @@
* permitted, and indicates that the cause is nonexistent or unknown.)
*/
public CertPathValidatorException(Throwable cause) {
- super(cause);
+ this(null, cause);
}
/**
@@ -117,7 +126,7 @@
* permitted, and indicates that the cause is nonexistent or unknown.)
*/
public CertPathValidatorException(String msg, Throwable cause) {
- super(msg, cause);
+ this(msg, cause, null, -1);
}
/**
@@ -139,6 +148,32 @@
*/
public CertPathValidatorException(String msg, Throwable cause,
CertPath certPath, int index) {
+ this(msg, cause, certPath, index, BasicReason.UNSPECIFIED);
+ }
+
+ /**
+ * Creates a <code>CertPathValidatorException</code> with the specified
+ * detail message, cause, certification path, index, and reason.
+ *
+ * @param msg the detail message (or <code>null</code> if none)
+ * @param cause the cause (or <code>null</code> if none)
+ * @param certPath the certification path that was in the process of
+ * being validated when the error was encountered
+ * @param index the index of the certificate in the certification path
+ * that caused the error (or -1 if not applicable). Note that
+ * the list of certificates in a <code>CertPath</code> is zero based.
+ * @param reason the reason the validation failed
+ * @throws IndexOutOfBoundsException if the index is out of range
+ * <code>(index < -1 || (certPath != null && index >=
+ * certPath.getCertificates().size())</code>
+ * @throws IllegalArgumentException if <code>certPath</code> is
+ * <code>null</code> and <code>index</code> is not -1
+ * @throws NullPointerException if <code>reason</code> is <code>null</code>
+ *
+ * @since 1.7
+ */
+ public CertPathValidatorException(String msg, Throwable cause,
+ CertPath certPath, int index, Reason reason) {
super(msg, cause);
if (certPath == null && index != -1) {
throw new IllegalArgumentException();
@@ -147,8 +182,12 @@
(certPath != null && index >= certPath.getCertificates().size())) {
throw new IndexOutOfBoundsException();
}
+ if (reason == null) {
+ throw new NullPointerException("reason can't be null");
+ }
this.certPath = certPath;
this.index = index;
+ this.reason = reason;
}
/**
@@ -174,4 +213,79 @@
return this.index;
}
+ /**
+ * Returns the reason that the validation failed. The reason is
+ * associated with the index of the certificate returned by
+ * {@link getIndex}.
+ *
+ * @return the reason that the validation failed, or
+ * <code>BasicReason.UNSPECIFIED</code> if a reason has not been
+ * specified
+ *
+ * @since 1.7
+ */
+ public Reason getReason() {
+ return this.reason;
+ }
+
+ private void readObject(ObjectInputStream stream)
+ throws ClassNotFoundException, IOException {
+ stream.defaultReadObject();
+ if (reason == null) {
+ reason = BasicReason.UNSPECIFIED;
+ }
+ if (certPath == null && index != -1) {
+ throw new InvalidObjectException("certpath is null and index != -1");
+ }
+ if (index < -1 ||
+ (certPath != null && index >= certPath.getCertificates().size())) {
+ throw new InvalidObjectException("index out of range");
+ }
+ }
+
+ /**
+ * The reason the validation algorithm failed.
+ *
+ * @since 1.7
+ */
+ public static interface Reason extends java.io.Serializable { }
+
+
+ /**
+ * The BasicReason enumerates the potential reasons that a certification
+ * path of any type may be invalid.
+ *
+ * @since 1.7
+ */
+ public static enum BasicReason implements Reason {
+ /**
+ * Unspecified reason.
+ */
+ UNSPECIFIED,
+
+ /**
+ * The certificate is expired.
+ */
+ EXPIRED,
+
+ /**
+ * The certificate is not yet valid.
+ */
+ NOT_YET_VALID,
+
+ /**
+ * The certificate is revoked.
+ */
+ REVOKED,
+
+ /**
+ * The revocation status of the certificate could not be determined.
+ */
+ UNDETERMINED_REVOCATION_STATUS,
+
+ /**
+ * The signature is invalid.
+ */
+ INVALID_SIGNATURE
+ }
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/java/security/cert/PKIXReason.java Mon Sep 15 00:41:02 2008 -0700
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package java.security.cert;
+
+/**
+ * The <code>PKIXReason</code> enumerates the potential PKIX-specific reasons
+ * that an X.509 certification path may be invalid according to the PKIX
+ * (RFC 3280) standard. These reasons are in addition to those of the
+ * <code>CertPathValidatorException.BasicReason</code> enumeration.
+ *
+ * @since 1.7
+ */
+public enum PKIXReason implements CertPathValidatorException.Reason {
+ /**
+ * The certificate does not chain correctly.
+ */
+ NAME_CHAINING,
+
+ /**
+ * The certificate's key usage is invalid.
+ */
+ INVALID_KEY_USAGE,
+
+ /**
+ * The policy constraints have been violated.
+ */
+ INVALID_POLICY,
+
+ /**
+ * No acceptable trust anchor found.
+ */
+ NO_TRUST_ANCHOR,
+
+ /**
+ * The certificate contains one or more unrecognized critical
+ * extensions.
+ */
+ UNRECOGNIZED_CRIT_EXT,
+
+ /**
+ * The certificate is not a CA certificate.
+ */
+ NOT_CA_CERT,
+
+ /**
+ * The path length constraint has been violated.
+ */
+ PATH_TOO_LONG,
+
+ /**
+ * The name constraints have been violated.
+ */
+ INVALID_NAME
+}
--- a/jdk/src/share/classes/sun/net/httpserver/ChunkedOutputStream.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/sun/net/httpserver/ChunkedOutputStream.java Mon Sep 15 00:41:02 2008 -0700
@@ -73,6 +73,7 @@
if (count == CHUNK_SIZE) {
writeChunk();
}
+ assert count < CHUNK_SIZE;
}
public void write (byte[]b, int off, int len) throws IOException {
@@ -86,20 +87,22 @@
writeChunk();
len -= remain;
off += remain;
- while (len > CHUNK_SIZE) {
+ while (len >= CHUNK_SIZE) {
System.arraycopy (b,off,buf,OFFSET,CHUNK_SIZE);
len -= CHUNK_SIZE;
off += CHUNK_SIZE;
count = CHUNK_SIZE;
writeChunk();
}
- pos = OFFSET;
}
if (len > 0) {
System.arraycopy (b,off,buf,pos,len);
count += len;
pos += len;
}
+ if (count == CHUNK_SIZE) {
+ writeChunk();
+ }
}
/**
--- a/jdk/src/share/classes/sun/security/krb5/Config.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/sun/security/krb5/Config.java Mon Sep 15 00:41:02 2008 -0700
@@ -803,7 +803,7 @@
for (int j = 0; j < line.length(); j++) {
if (line.charAt(j) == '=') {
int index;
- key = line.substring(0, j - 1).trim();
+ key = line.substring(0, j).trim();
if (! exists(key, keyVector)) {
keyVector.addElement(key);
nameVector = new Vector<String> ();
--- a/jdk/src/share/classes/sun/security/provider/certpath/BasicChecker.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/BasicChecker.java Mon Sep 15 00:41:02 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,12 +29,18 @@
import java.util.Collection;
import java.util.Date;
import java.util.Set;
+import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
+import java.security.SignatureException;
import java.security.cert.Certificate;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.CertPathValidatorException;
+import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.X509Certificate;
import java.security.cert.PKIXCertPathChecker;
-import java.security.cert.CertPathValidatorException;
+import java.security.cert.PKIXReason;
import java.security.cert.TrustAnchor;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
@@ -152,11 +158,11 @@
try {
cert.verify(prevPubKey, sigProvider);
- } catch (Exception e) {
- if (debug != null) {
- debug.println(e.getMessage());
- e.printStackTrace();
- }
+ } catch (SignatureException e) {
+ throw new CertPathValidatorException
+ (msg + " check failed", e, null, -1,
+ BasicReason.INVALID_SIGNATURE);
+ } catch (GeneralSecurityException e) {
throw new CertPathValidatorException(msg + " check failed", e);
}
@@ -176,12 +182,12 @@
try {
cert.checkValidity(date);
- } catch (Exception e) {
- if (debug != null) {
- debug.println(e.getMessage());
- e.printStackTrace();
- }
- throw new CertPathValidatorException(msg + " check failed", e);
+ } catch (CertificateExpiredException e) {
+ throw new CertPathValidatorException
+ (msg + " check failed", e, null, -1, BasicReason.EXPIRED);
+ } catch (CertificateNotYetValidException e) {
+ throw new CertPathValidatorException
+ (msg + " check failed", e, null, -1, BasicReason.NOT_YET_VALID);
}
if (debug != null)
@@ -204,12 +210,16 @@
// reject null or empty issuer DNs
if (X500Name.asX500Name(currIssuer).isEmpty()) {
- throw new CertPathValidatorException(msg + " check failed: " +
- "empty/null issuer DN in certificate is invalid");
+ throw new CertPathValidatorException
+ (msg + " check failed: " +
+ "empty/null issuer DN in certificate is invalid", null,
+ null, -1, PKIXReason.NAME_CHAINING);
}
if (!(currIssuer.equals(prevSubject))) {
- throw new CertPathValidatorException(msg + " check failed");
+ throw new CertPathValidatorException
+ (msg + " check failed", null, null, -1,
+ PKIXReason.NAME_CHAINING);
}
if (debug != null)
@@ -270,7 +280,7 @@
params.getQ(),
params.getG());
usableKey = kf.generatePublic(ks);
- } catch (Exception e) {
+ } catch (GeneralSecurityException e) {
throw new CertPathValidatorException("Unable to generate key with" +
" inherited parameters: " +
e.getMessage(), e);
--- a/jdk/src/share/classes/sun/security/provider/certpath/ConstraintsChecker.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/ConstraintsChecker.java Mon Sep 15 00:41:02 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,9 +32,10 @@
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
+import java.security.cert.CertPathValidatorException;
import java.security.cert.X509Certificate;
import java.security.cert.PKIXCertPathChecker;
-import java.security.cert.CertPathValidatorException;
+import java.security.cert.PKIXReason;
import sun.security.util.Debug;
import sun.security.x509.PKIXExtensions;
import sun.security.x509.NameConstraintsExtension;
@@ -147,7 +148,8 @@
try {
if (!prevNC.verify(currCert)) {
- throw new CertPathValidatorException(msg + " check failed");
+ throw new CertPathValidatorException(msg + " check failed",
+ null, null, -1, PKIXReason.INVALID_NAME);
}
} catch (IOException ioe) {
throw new CertPathValidatorException(ioe);
@@ -228,8 +230,9 @@
if (i < certPathLength) {
int pathLenConstraint = currCert.getBasicConstraints();
if (pathLenConstraint == -1) {
- throw new CertPathValidatorException(msg + " check failed: "
- + "this is not a CA certificate");
+ throw new CertPathValidatorException
+ (msg + " check failed: this is not a CA certificate", null,
+ null, -1, PKIXReason.NOT_CA_CERT);
}
if (!X509CertImpl.isSelfIssued(currCert)) {
@@ -237,7 +240,8 @@
throw new CertPathValidatorException
(msg + " check failed: pathLenConstraint violated - "
+ "this cert must be the last cert in the "
- + "certification path");
+ + "certification path", null, null, -1,
+ PKIXReason.PATH_TOO_LONG);
}
maxPathLength--;
}
--- a/jdk/src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/CrlRevocationChecker.java Mon Sep 15 00:41:02 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,7 @@
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.*;
+import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.interfaces.DSAPublicKey;
import javax.security.auth.x500.X500Principal;
import sun.security.util.Debug;
@@ -268,7 +269,8 @@
" circular dependency");
}
throw new CertPathValidatorException
- ("Could not determine revocation status");
+ ("Could not determine revocation status", null, null, -1,
+ BasicReason.UNDETERMINED_REVOCATION_STATUS);
}
// init the state for this run
@@ -324,7 +326,8 @@
return;
} else {
throw new CertPathValidatorException
- ("Could not determine revocation status");
+ ("Could not determine revocation status", null, null, -1,
+ BasicReason.UNDETERMINED_REVOCATION_STATUS);
}
}
@@ -370,7 +373,8 @@
+ unresCritExts);
}
throw new CertPathValidatorException
- ("Could not determine revocation status");
+ ("Could not determine revocation status", null, null,
+ -1, BasicReason.UNDETERMINED_REVOCATION_STATUS);
}
}
@@ -378,10 +382,11 @@
if (reasonCode == null) {
reasonCode = CRLReason.UNSPECIFIED;
}
- throw new CertPathValidatorException(
- new CertificateRevokedException
- (entry.getRevocationDate(), reasonCode,
- crl.getIssuerX500Principal(), entry.getExtensions()));
+ Throwable t = new CertificateRevokedException
+ (entry.getRevocationDate(), reasonCode,
+ crl.getIssuerX500Principal(), entry.getExtensions());
+ throw new CertPathValidatorException(t.getMessage(), t,
+ null, -1, BasicReason.REVOKED);
}
}
}
@@ -428,7 +433,8 @@
" circular dependency");
}
throw new CertPathValidatorException
- ("Could not determine revocation status");
+ ("Could not determine revocation status", null, null,
+ -1, BasicReason.UNDETERMINED_REVOCATION_STATUS);
}
// If prevKey wasn't trusted, maybe we just didn't have the right
@@ -617,7 +623,7 @@
return;
} catch (CertPathValidatorException cpve) {
// If it is revoked, rethrow exception
- if (cpve.getCause() instanceof CertificateRevokedException) {
+ if (cpve.getReason() == BasicReason.REVOKED) {
throw cpve;
}
// Otherwise, ignore the exception and
@@ -628,7 +634,8 @@
throw new CertPathValidatorException(iape);
} catch (CertPathBuilderException cpbe) {
throw new CertPathValidatorException
- ("Could not determine revocation status", cpbe);
+ ("Could not determine revocation status", null, null,
+ -1, BasicReason.UNDETERMINED_REVOCATION_STATUS);
}
}
}
--- a/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java Mon Sep 15 00:41:02 2008 -0700
@@ -32,6 +32,7 @@
import java.security.InvalidKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertPathValidatorException;
+import java.security.cert.PKIXReason;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.PKIXBuilderParameters;
@@ -732,8 +733,9 @@
PKIXExtensions.ExtendedKeyUsage_Id.toString());
if (!unresCritExts.isEmpty())
- throw new CertificateException("Unrecognized critical "
- + "extension(s)");
+ throw new CertPathValidatorException
+ ("Unrecognized critical extension(s)", null, null, -1,
+ PKIXReason.UNRECOGNIZED_CRIT_EXT);
}
}
--- a/jdk/src/share/classes/sun/security/provider/certpath/KeyChecker.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/KeyChecker.java Mon Sep 15 00:41:02 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2003 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
import java.util.*;
import java.security.cert.*;
+import java.security.cert.PKIXReason;
import sun.security.util.Debug;
import sun.security.x509.PKIXExtensions;
@@ -75,11 +76,12 @@
if (!forward) {
remainingCerts = certPathLen;
} else {
- throw new CertPathValidatorException("forward checking not supported");
+ throw new CertPathValidatorException
+ ("forward checking not supported");
}
}
- public boolean isForwardCheckingSupported() {
+ public final boolean isForwardCheckingSupported() {
return false;
}
@@ -155,8 +157,9 @@
// throw an exception if the keyCertSign bit is not set
if (!keyUsageBits[keyCertSign]) {
- throw new CertPathValidatorException(msg + " check failed: "
- + "keyCertSign bit is not set");
+ throw new CertPathValidatorException
+ (msg + " check failed: keyCertSign bit is not set", null,
+ null, -1, PKIXReason.INVALID_KEY_USAGE);
}
if (debug != null) {
--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Mon Sep 15 00:41:02 2008 -0700
@@ -33,6 +33,7 @@
import java.security.PrivilegedAction;
import java.security.Security;
import java.security.cert.*;
+import java.security.cert.CertPathValidatorException.BasicReason;
import java.net.*;
import javax.security.auth.x500.X500Principal;
@@ -381,17 +382,18 @@
}
if (certOCSPStatus == OCSPResponse.CERT_STATUS_REVOKED) {
- throw new CertPathValidatorException(
- new CertificateRevokedException(
+ Throwable t = new CertificateRevokedException(
ocspResponse.getRevocationTime(),
ocspResponse.getRevocationReason(),
responderCert.getSubjectX500Principal(),
- ocspResponse.getSingleExtensions()));
+ ocspResponse.getSingleExtensions());
+ throw new CertPathValidatorException(t.getMessage(), t,
+ null, -1, BasicReason.REVOKED);
} else if (certOCSPStatus == OCSPResponse.CERT_STATUS_UNKNOWN) {
throw new CertPathValidatorException(
"Certificate's revocation status is unknown", null, cp,
- remainingCerts);
+ remainingCerts, BasicReason.UNDETERMINED_REVOCATION_STATUS);
}
} catch (Exception e) {
throw new CertPathValidatorException(e);
--- a/jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Mon Sep 15 00:41:02 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -38,6 +38,7 @@
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
+import java.security.cert.PKIXReason;
import java.security.cert.PolicyNode;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
@@ -47,7 +48,6 @@
import java.util.ArrayList;
import java.util.Date;
import java.util.Set;
-import java.util.HashSet;
import javax.security.auth.x500.X500Principal;
import sun.security.util.Debug;
@@ -67,6 +67,7 @@
private List<PKIXCertPathChecker> userCheckers;
private String sigProvider;
private BasicChecker basicChecker;
+ private String ocspProperty;
/**
* Default constructor.
@@ -126,7 +127,7 @@
// Must copy elements of certList into a new modifiable List before
// calling Collections.reverse().
- List<X509Certificate> certList = new ArrayList<X509Certificate>
+ ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>
((List<X509Certificate>)cp.getCertificates());
if (debug != null) {
if (certList.isEmpty()) {
@@ -201,7 +202,8 @@
}
// (b) otherwise, generate new exception
throw new CertPathValidatorException
- ("Path does not chain with any of the trust anchors");
+ ("Path does not chain with any of the trust anchors",
+ null, null, -1, PKIXReason.NO_TRUST_ANCHOR);
}
/**
@@ -210,7 +212,6 @@
*/
private boolean isWorthTrying(X509Certificate trustedCert,
X509Certificate firstCert)
- throws CertPathValidatorException
{
if (debug != null) {
debug.println("PKIXCertPathValidator.isWorthTrying() checking "
@@ -240,7 +241,6 @@
* Internal method to setup the internal state
*/
private void populateVariables(PKIXParameters pkixParam)
- throws CertPathValidatorException
{
// default value for testDate is current time
testDate = pkixParam.getDate();
@@ -250,6 +250,17 @@
userCheckers = pkixParam.getCertPathCheckers();
sigProvider = pkixParam.getSigProvider();
+
+ if (pkixParam.isRevocationEnabled()) {
+ // Examine OCSP security property
+ ocspProperty = AccessController.doPrivileged(
+ new PrivilegedAction<String>() {
+ public String run() {
+ return
+ Security.getProperty(OCSPChecker.OCSP_ENABLE_PROP);
+ }
+ });
+ }
}
/**
@@ -259,12 +270,9 @@
*/
private PolicyNode doValidate(
TrustAnchor anchor, CertPath cpOriginal,
- List<X509Certificate> certList, PKIXParameters pkixParam,
+ ArrayList<X509Certificate> certList, PKIXParameters pkixParam,
PolicyNodeImpl rootNode) throws CertPathValidatorException
{
- List<PKIXCertPathChecker> certPathCheckers =
- new ArrayList<PKIXCertPathChecker>();
-
int certPathLen = certList.size();
basicChecker = new BasicChecker(anchor, testDate, sigProvider, false);
@@ -281,6 +289,8 @@
pkixParam.getPolicyQualifiersRejected(),
rootNode);
+ ArrayList<PKIXCertPathChecker> certPathCheckers =
+ new ArrayList<PKIXCertPathChecker>();
// add standard checkers that we will be using
certPathCheckers.add(keyChecker);
certPathCheckers.add(constraintsChecker);
@@ -290,15 +300,6 @@
// only add a revocationChecker if revocation is enabled
if (pkixParam.isRevocationEnabled()) {
- // Examine OCSP security property
- String ocspProperty = AccessController.doPrivileged(
- new PrivilegedAction<String>() {
- public String run() {
- return
- Security.getProperty(OCSPChecker.OCSP_ENABLE_PROP);
- }
- });
-
// Use OCSP if it has been enabled
if ("true".equalsIgnoreCase(ocspProperty)) {
OCSPChecker ocspChecker =
--- a/jdk/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java Mon Sep 15 00:41:02 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,11 +30,12 @@
import java.util.Collections;
import java.util.List;
import java.util.Set;
-import java.util.Iterator;
+import java.security.cert.CertificateRevokedException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
-import java.security.cert.CertificateRevokedException;
+import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.PKIXCertPathChecker;
+import java.security.cert.PKIXReason;
import java.security.cert.X509Certificate;
/**
@@ -153,10 +154,11 @@
*/
CertPathValidatorException currentCause =
new CertPathValidatorException(cpve.getMessage(),
- cpve.getCause(), cpOriginal, cpSize - (i + 1));
+ cpve.getCause(), cpOriginal, cpSize - (i + 1),
+ cpve.getReason());
// Check if OCSP has confirmed that the cert was revoked
- if (cpve.getCause() instanceof CertificateRevokedException) {
+ if (cpve.getReason() == BasicReason.REVOKED) {
throw currentCause;
}
// Check if it is appropriate to failover
@@ -184,7 +186,8 @@
debug.println("checking for unresolvedCritExts");
if (!unresolvedCritExts.isEmpty()) {
throw new CertPathValidatorException("unrecognized " +
- "critical extension(s)", null, cpOriginal, cpSize-(i+1));
+ "critical extension(s)", null, cpOriginal, cpSize-(i+1),
+ PKIXReason.UNRECOGNIZED_CRIT_EXT);
}
if (debug != null)
--- a/jdk/src/share/classes/sun/security/provider/certpath/PolicyChecker.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/PolicyChecker.java Mon Sep 15 00:41:02 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,11 +30,12 @@
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
+import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXCertPathChecker;
-import java.security.cert.CertPathValidatorException;
+import java.security.cert.PKIXReason;
import java.security.cert.PolicyNode;
import java.security.cert.PolicyQualifierInfo;
+import java.security.cert.X509Certificate;
import sun.security.util.Debug;
import sun.security.x509.CertificatePoliciesExtension;
@@ -482,8 +483,9 @@
// the policyQualifiersRejected flag is set in the params
if (!pQuals.isEmpty() && rejectPolicyQualifiers &&
policiesCritical) {
- throw new CertPathValidatorException("critical " +
- "policy qualifiers present in certificate");
+ throw new CertPathValidatorException(
+ "critical policy qualifiers present in certificate",
+ null, null, -1, PKIXReason.INVALID_POLICY);
}
// PKIX: Section 6.1.3: Step (d)(1)(i)
@@ -567,7 +569,8 @@
if ((explicitPolicy == 0) && (rootNode == null)) {
throw new CertPathValidatorException
- ("non-null policy tree required and policy tree is null");
+ ("non-null policy tree required and policy tree is null",
+ null, null, -1, PKIXReason.INVALID_POLICY);
}
return rootNode;
@@ -776,12 +779,14 @@
if (issuerDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException
- ("encountered an issuerDomainPolicy of ANY_POLICY");
+ ("encountered an issuerDomainPolicy of ANY_POLICY",
+ null, null, -1, PKIXReason.INVALID_POLICY);
}
if (subjectDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException
- ("encountered a subjectDomainPolicy of ANY_POLICY");
+ ("encountered a subjectDomainPolicy of ANY_POLICY",
+ null, null, -1, PKIXReason.INVALID_POLICY);
}
Set<PolicyNodeImpl> validNodes =
--- a/jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java Mon Sep 15 00:41:02 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,14 +29,15 @@
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
+import java.security.cert.PKIXReason;
import java.security.cert.TrustAnchor;
+import java.security.cert.X509Certificate;
import java.security.cert.X509CertSelector;
import java.util.ArrayList;
import java.util.Collection;
@@ -402,7 +403,8 @@
*/
if ((currentState.remainingCACerts <= 0) && !X509CertImpl.isSelfIssued(cert)) {
throw new CertPathValidatorException
- ("pathLenConstraint violated, path too long");
+ ("pathLenConstraint violated, path too long", null,
+ null, -1, PKIXReason.PATH_TOO_LONG);
}
/*
@@ -438,7 +440,8 @@
try {
if (!currentState.nc.verify(cert)){
throw new CertPathValidatorException
- ("name constraints check failed");
+ ("name constraints check failed", null, null, -1,
+ PKIXReason.INVALID_NAME);
}
} catch (IOException ioe){
throw new CertPathValidatorException(ioe);
@@ -483,7 +486,9 @@
unresolvedCritExts.remove(PKIXExtensions.ExtendedKeyUsage_Id.toString());
if (!unresolvedCritExts.isEmpty())
- throw new CertificateException("Unrecognized critical extension(s)");
+ throw new CertPathValidatorException
+ ("Unrecognized critical extension(s)", null, null, -1,
+ PKIXReason.UNRECOGNIZED_CRIT_EXT);
}
/*
--- a/jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Mon Sep 15 00:41:02 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,9 @@
import java.security.InvalidAlgorithmParameterException;
import java.security.Principal;
import java.security.PublicKey;
+import java.security.cert.*;
+import java.security.cert.PKIXReason;
+import java.security.interfaces.DSAPublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -39,10 +42,6 @@
import java.util.List;
import java.util.LinkedList;
import java.util.Set;
-
-import java.security.cert.*;
-import java.security.interfaces.DSAPublicKey;
-
import javax.security.auth.x500.X500Principal;
import sun.security.x509.X500Name;
@@ -565,8 +564,9 @@
(PKIXExtensions.ExtendedKeyUsage_Id.toString());
if (!unresCritExts.isEmpty()) {
- throw new CertPathValidatorException("unrecognized "
- + "critical extension(s)");
+ throw new CertPathValidatorException
+ ("unrecognized critical extension(s)", null,
+ null, -1, PKIXReason.UNRECOGNIZED_CRIT_EXT);
}
}
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/com/sun/net/httpserver/bugs/B6744329.java Mon Sep 15 00:41:02 2008 -0700
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/**
+ * @test
+ * @bug B6744329
+ * @summary Exception in light weight Http server
+ */
+
+import com.sun.net.httpserver.*;
+
+import java.util.*;
+import java.util.concurrent.*;
+import java.io.*;
+import java.net.*;
+import java.security.*;
+import java.security.cert.*;
+import javax.net.ssl.*;
+
+public class B6744329 {
+
+ public static void main (String[] args) throws Exception {
+ Handler handler = new Handler();
+ InetSocketAddress addr = new InetSocketAddress (0);
+ HttpServer server = HttpServer.create (addr, 0);
+ HttpContext ctx = server.createContext ("/test", handler);
+ ExecutorService executor = Executors.newCachedThreadPool();
+ server.setExecutor (executor);
+ server.start ();
+
+ URL url = new URL ("http://localhost:"+server.getAddress().getPort()+"/test/foo.html");
+ HttpURLConnection urlc = (HttpURLConnection)url.openConnection ();
+ try {
+ InputStream is = urlc.getInputStream();
+ int c = 0;
+ while (is.read()!= -1) {
+ c ++;
+ }
+ System.out.println ("OK");
+ } catch (IOException e) {
+ System.out.println ("exception");
+ error = true;
+ }
+ server.stop(2);
+ executor.shutdown();
+ if (error) {
+ throw new RuntimeException ("Test failed");
+ }
+ }
+
+ public static boolean error = false;
+
+ /* this must be the same size as in ChunkedOutputStream.java
+ */
+ final static int CHUNK_SIZE = 4096;
+
+ static class Handler implements HttpHandler {
+ int invocation = 1;
+ public void handle (HttpExchange t)
+ throws IOException
+ {
+ InputStream is = t.getRequestBody();
+ Headers map = t.getRequestHeaders();
+ Headers rmap = t.getResponseHeaders();
+ while (is.read () != -1) ;
+ is.close();
+ /* chunked response */
+ t.sendResponseHeaders (200, 0);
+ OutputStream os = t.getResponseBody();
+ byte[] first = new byte [CHUNK_SIZE * 2];
+ byte[] second = new byte [2];
+ os.write (first);
+ os.write ('x');
+ os.write ('x');
+ /* An index out of bounds exception will be thrown
+ * below, which is caught by server, and connection
+ * will be closed. resulting in IOException to client
+ * - if bug present
+ */
+ os.write ('x');
+ os.write ('x');
+ os.write ('x');
+ t.close();
+ }
+ }
+}
--- a/jdk/test/java/net/CookieHandler/TestHttpCookie.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/test/java/net/CookieHandler/TestHttpCookie.java Mon Sep 15 00:41:02 2008 -0700
@@ -24,7 +24,7 @@
/**
* @test
* @summary Unit test for java.net.HttpCookie
- * @bug 6244040 6277796 6277801 6277808 6294071
+ * @bug 6244040 6277796 6277801 6277808 6294071 6692802
* @author Edward Wang
*/
@@ -178,6 +178,19 @@
}
TestHttpCookie port(String p) { return port(0, p); }
+ // check http only
+ TestHttpCookie httpOnly(int index, boolean b) {
+ HttpCookie cookie = cookies.get(index);
+ if (cookie == null || b != cookie.isHttpOnly()) {
+ raiseError("HttpOnly", String.valueOf(cookie.isHttpOnly()), String.valueOf(b));
+ }
+ return this;
+ }
+
+ TestHttpCookie httpOnly(boolean b) {
+ return httpOnly(0, b);
+ }
+
// check equality
static void eq(HttpCookie ck1, HttpCookie ck2, boolean same) {
testCount++;
@@ -362,6 +375,10 @@
} catch (IllegalArgumentException ignored) {
// expected exception; no-op
}
+
+ // CR 6692802: HttpOnly flag
+ test("set-cookie: CUSTOMER=WILE_E_COYOTE;HttpOnly").httpOnly(true);
+ test("set-cookie: CUSTOMER=WILE_E_COYOTE").httpOnly(false);
}
static void header(String prompt) {
--- a/jdk/test/java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/test/java/security/cert/CertPathValidator/nameConstraintsRFC822/ValidateCertPath.java Mon Sep 15 00:41:02 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2002 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2002-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,7 @@
import java.io.IOException;
import java.security.cert.*;
+import java.security.cert.PKIXReason;
import java.util.ArrayList;
import java.util.Collections;
@@ -69,6 +70,9 @@
validate(path, params);
throw new Exception("Successfully validated invalid path.");
} catch (CertPathValidatorException e) {
+ if (e.getReason() != PKIXReason.INVALID_NAME) {
+ throw new Exception("unexpected reason: " + e.getReason());
+ }
System.out.println("Path rejected as expected: " + e);
}
}
@@ -86,14 +90,14 @@
args = new String[] {"jane2jane.cer", "jane2steve.cer", "steve2tom.cer"};
TrustAnchor anchor = new TrustAnchor(getCertFromFile(args[0]), null);
- List list = new ArrayList();
+ List<X509Certificate> list = new ArrayList<X509Certificate>();
for (int i = 1; i < args.length; i++) {
list.add(0, getCertFromFile(args[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
- Set anchors = Collections.singleton(anchor);
+ Set<TrustAnchor> anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/cert/CertPathValidatorException/ReasonTest.java Mon Sep 15 00:41:02 2008 -0700
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6465942
+ * @summary unit test for CertPathValidatorException.Reason
+ */
+
+import java.security.cert.CertPathValidatorException;
+import java.security.cert.CertPathValidatorException.BasicReason;
+
+public class ReasonTest {
+ private static volatile boolean failed = false;
+ public static void main(String[] args) throws Exception {
+
+ // check that getReason returns UNSPECIFIED if reason not specified
+ CertPathValidatorException cpve = new CertPathValidatorException("abc");
+ if (cpve.getReason() != BasicReason.UNSPECIFIED) {
+ failed = true;
+ System.err.println("FAILED: unexpected reason: " + cpve.getReason());
+ }
+
+ // check that getReason returns specified reason
+ cpve = new CertPathValidatorException
+ ("abc", null, null, -1, BasicReason.REVOKED);
+ if (cpve.getReason() != BasicReason.REVOKED) {
+ failed = true;
+ System.err.println("FAILED: unexpected reason: " + cpve.getReason());
+ }
+
+ // check that ctor throws NPE when reason is null
+ try {
+ cpve = new CertPathValidatorException("abc", null, null, -1, null);
+ failed = true;
+ System.err.println("ctor did not throw NPE for null reason");
+ } catch (Exception e) {
+ if (!(e instanceof NullPointerException)) {
+ failed = true;
+ System.err.println("FAILED: unexpected exception: " + e);
+ }
+ }
+ if (failed) {
+ throw new Exception("Some tests FAILED");
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/cert/CertPathValidatorException/Serial.java Mon Sep 15 00:41:02 2008 -0700
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/*
+ * @test
+ * @bug 6465942
+ * @summary Test deserialization of CertPathValidatorException
+ */
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+//import java.io.FileOutputStream;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertPath;
+import java.security.cert.CertPathValidatorException;
+import java.security.cert.CertPathValidatorException.BasicReason;
+import java.util.Collections;
+
+/**
+ * This class tests to see if CertPathValidatorException can be serialized and
+ * deserialized properly.
+ */
+public class Serial {
+ private static volatile boolean failed = false;
+ public static void main(String[] args) throws Exception {
+
+ File f = new File(System.getProperty("test.src", "."), "cert_file");
+ FileInputStream fis = new FileInputStream(f);
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ Certificate c = cf.generateCertificate(fis);
+ fis.close();
+ CertPath cp = cf.generateCertPath(Collections.singletonList(c));
+
+ CertPathValidatorException cpve1 =
+ new CertPathValidatorException
+ ("Test", new Exception("Expired"), cp, 0, BasicReason.EXPIRED);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+// FileOutputStream fos = new FileOutputStream("jdk7.serial");
+ ObjectOutputStream oos = new ObjectOutputStream(baos);
+// ObjectOutputStream foos = new ObjectOutputStream(fos);
+ oos.writeObject(cpve1);
+// foos.writeObject(cpve1);
+ ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
+ ObjectInputStream ois = new ObjectInputStream(bais);
+ CertPathValidatorException cpve2 =
+ (CertPathValidatorException) ois.readObject();
+ check(!cpve1.getMessage().equals(cpve2.getMessage()),
+ "CertPathValidatorException messages not equal");
+ check(!cpve1.getCause().getMessage().equals(cpve2.getCause().getMessage()),
+ "CertPathValidatorException causes not equal");
+ check(!cpve1.getCertPath().equals(cpve2.getCertPath()),
+ "CertPathValidatorException certpaths not equal");
+ check(cpve1.getIndex() != cpve2.getIndex(),
+ "CertPathValidatorException indexes not equal");
+ check(cpve1.getReason() != cpve2.getReason(),
+ "CertPathValidatorException reasons not equal");
+ oos.close();
+ ois.close();
+
+ f = new File(System.getProperty("test.src", "."), "jdk6.serial");
+ fis = new FileInputStream(f);
+ ois = new ObjectInputStream(fis);
+ cpve2 = (CertPathValidatorException) ois.readObject();
+ check(!cpve1.getMessage().equals(cpve2.getMessage()),
+ "CertPathValidatorException messages not equal");
+ check(!cpve1.getCause().getMessage().equals(cpve2.getCause().getMessage()),
+ "CertPathValidatorException causes not equal");
+ check(!cpve1.getCertPath().equals(cpve2.getCertPath()),
+ "CertPathValidatorException certpaths not equal");
+ check(cpve1.getIndex() != cpve2.getIndex(),
+ "CertPathValidatorException indexes not equal");
+// System.out.println(cpve2.getReason());
+ check(cpve2.getReason() != BasicReason.UNSPECIFIED,
+ "CertPathValidatorException reasons not equal");
+ oos.close();
+ ois.close();
+ if (failed) {
+ throw new Exception("Some tests FAILED");
+ }
+ }
+
+ private static void check(boolean expr, String message) {
+ if (expr) {
+ failed = true;
+ System.err.println("FAILED: " + message);
+ }
+ }
+}
Binary file jdk/test/java/security/cert/CertPathValidatorException/cert_file has changed
Binary file jdk/test/java/security/cert/CertPathValidatorException/jdk6.serial has changed
--- a/jdk/test/java/security/cert/PolicyNode/GetPolicyQualifiers.java Fri Sep 12 19:06:38 2008 +0200
+++ b/jdk/test/java/security/cert/PolicyNode/GetPolicyQualifiers.java Mon Sep 15 00:41:02 2008 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright 2001 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2001-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -74,6 +74,10 @@
throw new Exception("Validation of CertPath containing critical " +
"qualifiers should have failed when policyQualifiersRejected " +
"flag is true");
- } catch (CertPathValidatorException cpve) {}
+ } catch (CertPathValidatorException cpve) {
+ if (cpve.getReason() != PKIXReason.INVALID_POLICY) {
+ throw new Exception("unexpected reason: " + cpve.getReason());
+ }
+ }
}
}