--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/HostnameVerifier.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/HostnameVerifier.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -38,8 +38,9 @@
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.HostnameVerifier} and
* {@link javax.net.ssl.CertificateHostnameVerifier}.
+ * This class is subject to removal in a future version of JDK.
*/
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
public interface HostnameVerifier {
/**
* Verify that the hostname from the URL is an acceptable
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -44,8 +44,9 @@
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.HttpsURLConnection}.
+ * This class is subject to removal in a future version of JDK.
*/
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
public abstract
class HttpsURLConnection extends HttpURLConnection
{
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/KeyManager.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/KeyManager.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,8 @@
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.KeyManager}.
+ * This class is subject to removal in a future version of JDK.
*/
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
public interface KeyManager {
}
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactory.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactory.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,8 +39,9 @@
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.KeyManagerFactory}.
+ * This class is subject to removal in a future version of JDK.
*/
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
public class KeyManagerFactory {
// The provider
private Provider provider;
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactorySpi.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactorySpi.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -41,8 +41,9 @@
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.KeyManagerFactorySpi}.
+ * This class is subject to removal in a future version of JDK.
*/
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
public abstract class KeyManagerFactorySpi {
/**
* Initializes this factory with a source of key material. The
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/SSLContext.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/SSLContext.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -44,8 +44,9 @@
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.SSLContext}.
+ * This class is subject to removal in a future version of JDK.
*/
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
public class SSLContext {
private Provider provider;
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/SSLContextSpi.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/SSLContextSpi.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -43,8 +43,9 @@
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.SSLContextSpi}.
+ * This class is subject to removal in a future version of JDK.
*/
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
public abstract class SSLContextSpi {
/**
* Initializes this context.
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/SSLPermission.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/SSLPermission.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -97,8 +97,9 @@
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.SSLPermission}.
+ * This class is subject to removal in a future version of JDK.
*/
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
public final class SSLPermission extends BasicPermission {
private static final long serialVersionUID = -2583684302506167542L;
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/TrustManager.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/TrustManager.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,8 @@
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.TrustManager}.
+ * This class is subject to removal in a future version of JDK.
*/
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
public interface TrustManager {
}
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactory.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactory.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,8 +39,9 @@
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.TrustManagerFactory}.
+ * This class is subject to removal in a future version of JDK.
*/
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
public class TrustManagerFactory {
// The provider
private Provider provider;
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactorySpi.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactorySpi.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -41,8 +41,9 @@
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.TrustManagerFactorySpi}.
+ * This class is subject to removal in a future version of JDK.
*/
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
public abstract class TrustManagerFactorySpi {
/**
* Initializes this factory with a source of certificate
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/X509KeyManager.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/X509KeyManager.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -41,8 +41,9 @@
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.X509KeyManager}.
+ * This class is subject to removal in a future version of JDK.
*/
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
public interface X509KeyManager extends KeyManager {
/**
* Get the matching aliases for authenticating the client side of a secure
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/X509TrustManager.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/X509TrustManager.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -40,8 +40,9 @@
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.X509TrustManager}.
+ * This class is subject to removal in a future version of JDK.
*/
-@Deprecated
+@Deprecated(since="1.4", forRemoval=true)
public interface X509TrustManager extends TrustManager {
/**
* Given the partial or complete certificate chain
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/Provider.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/Provider.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,10 @@
* Main class for the SunJSSE provider. The actual code was moved to the
* class sun.security.ssl.SunJSSE, but for backward compatibility we
* continue to use this class as the main Provider class.
+ *
+ * @deprecated This class is subject to removal in a future version of JDK.
*/
+@Deprecated(since="9", forRemoval=true)
public final class Provider extends SunJSSE {
private static final long serialVersionUID = 3231825739635378733L;
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/X509ExtendedTrustManager.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/X509ExtendedTrustManager.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -54,7 +54,9 @@
*
* @since 1.6
* @author Xuelei Fan
+ * @deprecated This class is subject to removal in a future version of JDK.
*/
+@Deprecated(since="9", forRemoval=true)
public abstract class X509ExtendedTrustManager implements X509TrustManager {
/**
* Constructor used by subclasses only.
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -52,7 +52,9 @@
* of protocol implementation (this one)
* com.sun.net.ssl.HttpURLConnection is used in the com.sun version.
*
+ * @deprecated This class is subject to removal in a future version of JDK.
*/
+@Deprecated(since="9", forRemoval=true)
@SuppressWarnings("deprecation") // HttpsURLConnection is deprecated
public class DelegateHttpsURLConnection extends AbstractDelegateHttpsURLConnection {
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/Handler.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/Handler.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -34,7 +34,9 @@
* only. The HTTPS implementation can now be found in
* sun.net.www.protocol.https.
*
+ * @deprecated This class is subject to removal in a future version of JDK.
*/
+@Deprecated(since="9", forRemoval=true)
public class Handler extends sun.net.www.protocol.https.Handler {
public Handler() {
--- a/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -59,11 +59,13 @@
* needs to implement all public methods in it's super class and all
* the way to Object.
*
+ * @deprecated This class is subject to removal in a future version of JDK.
*/
// For both copies of the file, uncomment one line and comment the other
// public class HttpsURLConnectionImpl
// extends javax.net.ssl.HttpsURLConnection {
+@Deprecated(since="9", forRemoval=true)
@SuppressWarnings("deprecation") // HttpsURLConnection is deprecated
public class HttpsURLConnectionOldImpl
extends com.sun.net.ssl.HttpsURLConnection {
--- a/jdk/src/java.base/share/classes/java/security/CodeSource.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/java/security/CodeSource.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -86,10 +86,9 @@
* Constructs a CodeSource and associates it with the specified
* location and set of certificates.
*
- * @param url the location (URL).
- *
- * @param certs the certificate(s). It may be null. The contents of the
- * array are copied to protect against subsequent modification.
+ * @param url the location (URL). It may be {@code null}.
+ * @param certs the certificate(s). It may be {@code null}. The contents
+ * of the array are copied to protect against subsequent modification.
*/
public CodeSource(URL url, java.security.cert.Certificate[] certs) {
this.location = url;
@@ -107,9 +106,9 @@
* Constructs a CodeSource and associates it with the specified
* location and set of code signers.
*
- * @param url the location (URL).
- * @param signers the code signers. It may be null. The contents of the
- * array are copied to protect against subsequent modification.
+ * @param url the location (URL). It may be {@code null}.
+ * @param signers the code signers. It may be {@code null}. The contents
+ * of the array are copied to protect against subsequent modification.
*
* @since 1.5
*/
@@ -176,7 +175,8 @@
/**
* Returns the location associated with this CodeSource.
*
- * @return the location (URL).
+ * @return the location (URL), or {@code null} if no URL was supplied
+ * during construction.
*/
public final URL getLocation() {
/* since URL is practically immutable, returning itself is not
@@ -203,7 +203,8 @@
* bottom-to-top (i.e., with the signer certificate first and the (root)
* certificate authority last).
*
- * @return A copy of the certificates array, or null if there is none.
+ * @return a copy of the certificate array, or {@code null} if there
+ * is none.
*/
public final java.security.cert.Certificate[] getCertificates() {
if (certs != null) {
@@ -235,7 +236,8 @@
* create an array of CodeSigner objects. Note that only X.509 certificates
* are examined - all other certificate types are ignored.
*
- * @return A copy of the code signer array, or null if there is none.
+ * @return a copy of the code signer array, or {@code null} if there
+ * is none.
*
* @since 1.5
*/
@@ -322,7 +324,6 @@
* @return true if the specified codesource is implied by this codesource,
* false if not.
*/
-
public boolean implies(CodeSource codesource)
{
if (codesource == null)
@@ -336,7 +337,7 @@
* CodeSource are also in <i>that</i>.
*
* @param that the CodeSource to check against.
- * @param strict If true then a strict equality match is performed.
+ * @param strict if true then a strict equality match is performed.
* Otherwise a subset match is performed.
*/
boolean matchCerts(CodeSource that, boolean strict)
@@ -622,7 +623,7 @@
* The array of certificates is a concatenation of certificate chains
* where the initial certificate in each chain is the end-entity cert.
*
- * @return An array of code signers or null if none are generated.
+ * @return an array of code signers or null if none are generated.
*/
private CodeSigner[] convertCertArrayToSignerArray(
java.security.cert.Certificate[] certs) {
--- a/jdk/src/java.base/share/classes/java/util/AbstractList.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/java/util/AbstractList.java Mon Jul 11 12:07:59 2016 -0700
@@ -25,6 +25,8 @@
package java.util;
+import java.util.function.Consumer;
+
/**
* This class provides a skeletal implementation of the {@link List}
* interface to minimize the effort required to implement this interface
@@ -634,6 +636,115 @@
return "Index: "+index+", Size: "+size();
}
+ /**
+ * An index-based split-by-two, lazily initialized Spliterator covering
+ * a List that access elements via {@link List#get}.
+ *
+ * If access results in an IndexOutOfBoundsException then a
+ * ConcurrentModificationException is thrown instead (since the list has
+ * been structurally modified while traversing).
+ *
+ * If the List is an instance of AbstractList then concurrent modification
+ * checking is performed using the AbstractList's modCount field.
+ */
+ static final class RandomAccessSpliterator<E> implements Spliterator<E> {
+
+ private final List<E> list;
+ private int index; // current index, modified on advance/split
+ private int fence; // -1 until used; then one past last index
+
+ // The following fields are valid if covering an AbstractList
+ private final AbstractList<E> alist;
+ private int expectedModCount; // initialized when fence set
+
+ RandomAccessSpliterator(List<E> list) {
+ assert list instanceof RandomAccess;
+
+ this.list = list;
+ this.index = 0;
+ this.fence = -1;
+
+ this.alist = list instanceof AbstractList ? (AbstractList<E>) list : null;
+ this.expectedModCount = alist != null ? alist.modCount : 0;
+ }
+
+ /** Create new spliterator covering the given range */
+ private RandomAccessSpliterator(RandomAccessSpliterator<E> parent,
+ int origin, int fence) {
+ this.list = parent.list;
+ this.index = origin;
+ this.fence = fence;
+
+ this.alist = parent.alist;
+ this.expectedModCount = parent.expectedModCount;
+ }
+
+ private int getFence() { // initialize fence to size on first use
+ int hi;
+ List<E> lst = list;
+ if ((hi = fence) < 0) {
+ if (alist != null) {
+ expectedModCount = alist.modCount;
+ }
+ hi = fence = lst.size();
+ }
+ return hi;
+ }
+
+ public Spliterator<E> trySplit() {
+ int hi = getFence(), lo = index, mid = (lo + hi) >>> 1;
+ return (lo >= mid) ? null : // divide range in half unless too small
+ new RandomAccessSpliterator<>(this, lo, index = mid);
+ }
+
+ public boolean tryAdvance(Consumer<? super E> action) {
+ if (action == null)
+ throw new NullPointerException();
+ int hi = getFence(), i = index;
+ if (i < hi) {
+ index = i + 1;
+ action.accept(get(list, i));
+ checkAbstractListModCount(alist, expectedModCount);
+ return true;
+ }
+ return false;
+ }
+
+ public void forEachRemaining(Consumer<? super E> action) {
+ Objects.requireNonNull(action);
+ List<E> lst = list;
+ int hi = getFence();
+ int i = index;
+ index = hi;
+ for (; i < hi; i++) {
+ action.accept(get(lst, i));
+ }
+ checkAbstractListModCount(alist, expectedModCount);
+ }
+
+ public long estimateSize() {
+ return (long) (getFence() - index);
+ }
+
+ public int characteristics() {
+ return Spliterator.ORDERED | Spliterator.SIZED | Spliterator.SUBSIZED;
+ }
+
+ private static <E> E get(List<E> list, int i) {
+ try {
+ return list.get(i);
+ } catch (IndexOutOfBoundsException ex) {
+ throw new ConcurrentModificationException();
+ }
+ }
+
+ static void checkAbstractListModCount(AbstractList<?> alist, int expectedModCount) {
+ if (alist != null && alist.modCount != expectedModCount) {
+ throw new ConcurrentModificationException();
+ }
+ }
+ }
+
private static class SubList<E> extends AbstractList<E> {
private final AbstractList<E> root;
private final SubList<E> parent;
--- a/jdk/src/java.base/share/classes/java/util/List.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/java/util/List.java Mon Jul 11 12:07:59 2016 -0700
@@ -741,9 +741,22 @@
*
* @implSpec
* The default implementation creates a
- * <em><a href="Spliterator.html#binding">late-binding</a></em> spliterator
- * from the list's {@code Iterator}. The spliterator inherits the
- * <em>fail-fast</em> properties of the list's iterator.
+ * <em><a href="Spliterator.html#binding">late-binding</a></em>
+ * spliterator as follows:
+ * <ul>
+ * <li>If the list is an instance of {@link RandomAccess} then the default
+ * implementation creates a spliterator that traverses elements by
+ * invoking the method {@link List#get}. If such invocation results or
+ * would result in an {@code IndexOutOfBoundsException} then the
+ * spliterator will <em>fail-fast</em> and throw a
+ * {@code ConcurrentModificationException}.
+ * If the list is also an instance of {@link AbstractList} then the
+ * spliterator will use the list's {@link AbstractList#modCount modCount}
+ * field to provide additional <em>fail-fast</em> behavior.
+ * <li>Otherwise, the default implementation creates a spliterator from the
+ * list's {@code Iterator}. The spliterator inherits the
+ * <em>fail-fast</em> of the list's iterator.
+ * </ul>
*
* @implNote
* The created {@code Spliterator} additionally reports
@@ -754,7 +767,11 @@
*/
@Override
default Spliterator<E> spliterator() {
- return Spliterators.spliterator(this, Spliterator.ORDERED);
+ if (this instanceof RandomAccess) {
+ return new AbstractList.RandomAccessSpliterator<>(this);
+ } else {
+ return Spliterators.spliterator(this, Spliterator.ORDERED);
+ }
}
/**
--- a/jdk/src/java.base/share/classes/javax/crypto/ExemptionMechanism.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/javax/crypto/ExemptionMechanism.java Mon Jul 11 12:07:59 2016 -0700
@@ -482,13 +482,4 @@
done = true;
return n;
}
-
- /**
- * Ensures that the key stored away by this ExemptionMechanism
- * object will be wiped out when there are no more references to it.
- */
- protected void finalize() {
- keyStored = null;
- // Are there anything else we could do?
- }
}
--- a/jdk/src/java.base/share/classes/javax/security/cert/Certificate.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/javax/security/cert/Certificate.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -58,10 +58,11 @@
* @since 1.4
* @see X509Certificate
* @deprecated Use the classes in {@code java.security.cert} instead.
+ * This class is subject to removal in a future version of Java SE.
*
* @author Hemma Prafullchandra
*/
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
public abstract class Certificate {
/**
--- a/jdk/src/java.base/share/classes/javax/security/cert/CertificateEncodingException.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/javax/security/cert/CertificateEncodingException.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,8 +39,9 @@
* @since 1.4
* @author Hemma Prafullchandra
* @deprecated Use the classes in {@code java.security.cert} instead.
+ * This class is subject to removal in a future version of Java SE.
*/
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
public class CertificateEncodingException extends CertificateException {
private static final long serialVersionUID = -8187642723048403470L;
--- a/jdk/src/java.base/share/classes/javax/security/cert/CertificateException.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/javax/security/cert/CertificateException.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,8 +39,9 @@
* @since 1.4
* @see Certificate
* @deprecated Use the classes in {@code java.security.cert} instead.
+ * This class is subject to removal in a future version of Java SE.
*/
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
public class CertificateException extends Exception {
private static final long serialVersionUID = -5757213374030785290L;
--- a/jdk/src/java.base/share/classes/javax/security/cert/CertificateExpiredException.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/javax/security/cert/CertificateExpiredException.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -41,8 +41,9 @@
* @since 1.4
* @author Hemma Prafullchandra
* @deprecated Use the classes in {@code java.security.cert} instead.
+ * This class is subject to removal in a future version of Java SE.
*/
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
public class CertificateExpiredException extends CertificateException {
private static final long serialVersionUID = 5091601212177261883L;
--- a/jdk/src/java.base/share/classes/javax/security/cert/CertificateNotYetValidException.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/javax/security/cert/CertificateNotYetValidException.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -41,8 +41,9 @@
* @since 1.4
* @author Hemma Prafullchandra
* @deprecated Use the classes in {@code java.security.cert} instead.
+ * This class is subject to removal in a future version of Java SE.
*/
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
public class CertificateNotYetValidException extends CertificateException {
private static final long serialVersionUID = -8976172474266822818L;
--- a/jdk/src/java.base/share/classes/javax/security/cert/CertificateParsingException.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/javax/security/cert/CertificateParsingException.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -40,8 +40,9 @@
* @since 1.4
* @author Hemma Prafullchandra
* @deprecated Use the classes in {@code java.security.cert} instead.
+ * This class is subject to removal in a future version of Java SE.
*/
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
public class CertificateParsingException extends CertificateException {
private static final long serialVersionUID = -8449352422951136229L;
--- a/jdk/src/java.base/share/classes/javax/security/cert/X509Certificate.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/javax/security/cert/X509Certificate.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -125,8 +125,9 @@
* @see java.security.cert.X509Extension
* @see java.security.Security security properties
* @deprecated Use the classes in {@code java.security.cert} instead.
+ * This class is subject to removal in a future version of Java SE.
*/
-@Deprecated
+@Deprecated(since="9", forRemoval=true)
public abstract class X509Certificate extends Certificate {
/*
--- a/jdk/src/java.base/share/classes/sun/security/jca/ProviderConfig.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/jca/ProviderConfig.java Mon Jul 11 12:07:59 2016 -0700
@@ -159,6 +159,8 @@
/**
* Get the provider object. Loads the provider if it is not already loaded.
*/
+ // com.sun.net.ssl.internal.ssl.Provider has been deprecated since JDK 9
+ @SuppressWarnings("deprecation")
synchronized Provider getProvider() {
// volatile variable load
Provider p = provider;
--- a/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuite.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -376,36 +376,38 @@
static enum KeyExchange {
// key exchange algorithms
- K_NULL ("NULL", false),
- K_RSA ("RSA", true),
- K_RSA_EXPORT ("RSA_EXPORT", true),
- K_DH_RSA ("DH_RSA", false),
- K_DH_DSS ("DH_DSS", false),
- K_DHE_DSS ("DHE_DSS", true),
- K_DHE_RSA ("DHE_RSA", true),
- K_DH_ANON ("DH_anon", true),
+ K_NULL ("NULL", false, false),
+ K_RSA ("RSA", true, false),
+ K_RSA_EXPORT ("RSA_EXPORT", true, false),
+ K_DH_RSA ("DH_RSA", false, false),
+ K_DH_DSS ("DH_DSS", false, false),
+ K_DHE_DSS ("DHE_DSS", true, false),
+ K_DHE_RSA ("DHE_RSA", true, false),
+ K_DH_ANON ("DH_anon", true, false),
- K_ECDH_ECDSA ("ECDH_ECDSA", ALLOW_ECC),
- K_ECDH_RSA ("ECDH_RSA", ALLOW_ECC),
- K_ECDHE_ECDSA("ECDHE_ECDSA", ALLOW_ECC),
- K_ECDHE_RSA ("ECDHE_RSA", ALLOW_ECC),
- K_ECDH_ANON ("ECDH_anon", ALLOW_ECC),
+ K_ECDH_ECDSA ("ECDH_ECDSA", ALLOW_ECC, true),
+ K_ECDH_RSA ("ECDH_RSA", ALLOW_ECC, true),
+ K_ECDHE_ECDSA("ECDHE_ECDSA", ALLOW_ECC, true),
+ K_ECDHE_RSA ("ECDHE_RSA", ALLOW_ECC, true),
+ K_ECDH_ANON ("ECDH_anon", ALLOW_ECC, true),
// Kerberos cipher suites
- K_KRB5 ("KRB5", true),
- K_KRB5_EXPORT("KRB5_EXPORT", true),
+ K_KRB5 ("KRB5", true, false),
+ K_KRB5_EXPORT("KRB5_EXPORT", true, false),
// renegotiation protection request signaling cipher suite
- K_SCSV ("SCSV", true);
+ K_SCSV ("SCSV", true, false);
// name of the key exchange algorithm, e.g. DHE_DSS
final String name;
final boolean allowed;
+ final boolean isEC;
private final boolean alwaysAvailable;
- KeyExchange(String name, boolean allowed) {
+ KeyExchange(String name, boolean allowed, boolean isEC) {
this.name = name;
this.allowed = allowed;
+ this.isEC = isEC;
this.alwaysAvailable = allowed &&
(!name.startsWith("EC")) && (!name.startsWith("KRB"));
}
@@ -415,7 +417,7 @@
return true;
}
- if (name.startsWith("EC")) {
+ if (isEC) {
return (allowed && JsseJce.isEcAvailable());
} else if (name.startsWith("KRB")) {
return (allowed && JsseJce.isKerberosAvailable());
--- a/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuiteList.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/CipherSuiteList.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -112,20 +112,15 @@
boolean containsEC() {
if (containsEC == null) {
for (CipherSuite c : cipherSuites) {
- switch (c.keyExchange) {
- case K_ECDH_ECDSA:
- case K_ECDH_RSA:
- case K_ECDHE_ECDSA:
- case K_ECDHE_RSA:
- case K_ECDH_ANON:
+ if (c.keyExchange.isEC) {
containsEC = true;
return true;
- default:
- break;
}
}
+
containsEC = false;
}
+
return containsEC;
}
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java Mon Jul 11 12:07:59 2016 -0700
@@ -877,30 +877,33 @@
String typeName;
switch (certRequest.types[i]) {
- case CertificateRequest.cct_rsa_sign:
- typeName = "RSA";
- break;
+ case CertificateRequest.cct_rsa_sign:
+ typeName = "RSA";
+ break;
- case CertificateRequest.cct_dss_sign:
- typeName = "DSA";
- break;
+ case CertificateRequest.cct_dss_sign:
+ typeName = "DSA";
+ break;
+
+ case CertificateRequest.cct_ecdsa_sign:
+ // ignore if we do not have EC crypto available
+ typeName = JsseJce.isEcAvailable() ? "EC" : null;
+ break;
- case CertificateRequest.cct_ecdsa_sign:
- // ignore if we do not have EC crypto available
- typeName = JsseJce.isEcAvailable() ? "EC" : null;
- break;
-
- // Fixed DH/ECDH client authentication not supported
- case CertificateRequest.cct_rsa_fixed_dh:
- case CertificateRequest.cct_dss_fixed_dh:
- case CertificateRequest.cct_rsa_fixed_ecdh:
- case CertificateRequest.cct_ecdsa_fixed_ecdh:
- // Any other values (currently not used in TLS)
- case CertificateRequest.cct_rsa_ephemeral_dh:
- case CertificateRequest.cct_dss_ephemeral_dh:
- default:
- typeName = null;
- break;
+ // Fixed DH/ECDH client authentication not supported
+ //
+ // case CertificateRequest.cct_rsa_fixed_dh:
+ // case CertificateRequest.cct_dss_fixed_dh:
+ // case CertificateRequest.cct_rsa_fixed_ecdh:
+ // case CertificateRequest.cct_ecdsa_fixed_ecdh:
+ //
+ // Any other values (currently not used in TLS)
+ //
+ // case CertificateRequest.cct_rsa_ephemeral_dh:
+ // case CertificateRequest.cct_dss_ephemeral_dh:
+ default:
+ typeName = null;
+ break;
}
if ((typeName != null) && (!keytypesTmp.contains(typeName))) {
@@ -928,16 +931,6 @@
X509Certificate[] certs = km.getCertificateChain(alias);
if ((certs != null) && (certs.length != 0)) {
PublicKey publicKey = certs[0].getPublicKey();
- // for EC, make sure we use a supported named curve
- if (publicKey instanceof ECPublicKey) {
- ECParameterSpec params =
- ((ECPublicKey)publicKey).getParams();
- int index =
- EllipticCurvesExtension.getCurveIndex(params);
- if (!EllipticCurvesExtension.isSupported(index)) {
- publicKey = null;
- }
- }
if (publicKey != null) {
m1 = new CertificateMsg(certs);
signingKey = km.getPrivateKey(alias);
@@ -1499,6 +1492,17 @@
sslContext.getSecureRandom(), maxProtocolVersion,
sessionId, cipherSuites, isDTLS);
+ // add elliptic curves and point format extensions
+ if (cipherSuites.containsEC()) {
+ EllipticCurvesExtension ece =
+ EllipticCurvesExtension.createExtension(algorithmConstraints);
+ if (ece != null) {
+ clientHelloMessage.extensions.add(ece);
+ clientHelloMessage.extensions.add(
+ EllipticPointFormatsExtension.DEFAULT);
+ }
+ }
+
// add signature_algorithm extension
if (maxProtocolVersion.useTLS12PlusSpec()) {
// we will always send the signature_algorithm extension
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ECDHCrypt.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ECDHCrypt.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -56,10 +56,11 @@
}
// Called by ServerHandshaker for ephemeral ECDH
- ECDHCrypt(String curveName, SecureRandom random) {
+ ECDHCrypt(int curveId, SecureRandom random) {
try {
KeyPairGenerator kpg = JsseJce.getKeyPairGenerator("EC");
- ECGenParameterSpec params = new ECGenParameterSpec(curveName);
+ ECGenParameterSpec params =
+ EllipticCurvesExtension.getECGenParamSpec(curveId);
kpg.initialize(params, random);
KeyPair kp = kpg.generateKeyPair();
privateKey = kp.getPrivate();
--- a/jdk/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/EllipticCurvesExtension.java Mon Jul 11 12:07:59 2016 -0700
@@ -27,58 +27,271 @@
import java.io.IOException;
import java.security.spec.ECParameterSpec;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+import java.security.AlgorithmParameters;
+import java.security.AlgorithmConstraints;
+import java.security.CryptoPrimitive;
+import java.security.AccessController;
+import java.util.EnumSet;
import java.util.HashMap;
import java.util.Map;
+import java.util.ArrayList;
+import javax.net.ssl.SSLProtocolException;
-import javax.net.ssl.SSLProtocolException;
+import sun.security.action.GetPropertyAction;
final class EllipticCurvesExtension extends HelloExtension {
- // the extension value to send in the ClientHello message
- static final EllipticCurvesExtension DEFAULT;
+ private static final int ARBITRARY_PRIME = 0xff01;
+ private static final int ARBITRARY_CHAR2 = 0xff02;
+
+ // speed up the searching
+ private static final Map<String, Integer> oidToIdMap = new HashMap<>();
+ private static final Map<Integer, String> idToOidMap = new HashMap<>();
+
+ // speed up the parameters construction
+ private static final Map<Integer,
+ AlgorithmParameters> idToParams = new HashMap<>();
+
+ // the supported elliptic curves
+ private static final int[] supportedCurveIds;
+
+ // the curves of the extension
+ private final int[] curveIds;
+
+ // See sun.security.util.CurveDB for the OIDs
+ private static enum NamedEllipticCurve {
+ T163_K1(1, "sect163k1", "1.3.132.0.1", true), // NIST K-163
+ T163_R1(2, "sect163r1", "1.3.132.0.2", false),
+ T163_R2(3, "sect163r2", "1.3.132.0.15", true), // NIST B-163
+ T193_R1(4, "sect193r1", "1.3.132.0.24", false),
+ T193_R2(5, "sect193r2", "1.3.132.0.25", false),
+ T233_K1(6, "sect233k1", "1.3.132.0.26", true), // NIST K-233
+ T233_R1(7, "sect233r1", "1.3.132.0.27", true), // NIST B-233
+ T239_K1(8, "sect239k1", "1.3.132.0.3", false),
+ T283_K1(9, "sect283k1", "1.3.132.0.16", true), // NIST K-283
+ T283_R1(10, "sect283r1", "1.3.132.0.17", true), // NIST B-283
+ T409_K1(11, "sect409k1", "1.3.132.0.36", true), // NIST K-409
+ T409_R1(12, "sect409r1", "1.3.132.0.37", true), // NIST B-409
+ T571_K1(13, "sect571k1", "1.3.132.0.38", true), // NIST K-571
+ T571_R1(14, "sect571r1", "1.3.132.0.39", true), // NIST B-571
- private static final boolean fips;
+ P160_K1(15, "secp160k1", "1.3.132.0.9", false),
+ P160_R1(16, "secp160r1", "1.3.132.0.8", false),
+ P160_R2(17, "secp160r2", "1.3.132.0.30", false),
+ P192_K1(18, "secp192k1", "1.3.132.0.31", false),
+ P192_R1(19, "secp192r1", "1.2.840.10045.3.1.1", true), // NIST P-192
+ P224_K1(20, "secp224k1", "1.3.132.0.32", false),
+ P224_R1(21, "secp224r1", "1.3.132.0.33", true), // NIST P-224
+ P256_K1(22, "secp256k1", "1.3.132.0.10", false),
+ P256_R1(23, "secp256r1", "1.2.840.10045.3.1.7", true), // NIST P-256
+ P384_R1(24, "secp384r1", "1.3.132.0.34", true), // NIST P-384
+ P521_R1(25, "secp521r1", "1.3.132.0.35", true); // NIST P-521
+
+ int id;
+ String name;
+ String oid;
+ boolean isFips;
+
+ NamedEllipticCurve(int id, String name, String oid, boolean isFips) {
+ this.id = id;
+ this.name = name;
+ this.oid = oid;
+ this.isFips = isFips;
+
+ if (oidToIdMap.put(oid, id) != null ||
+ idToOidMap.put(id, oid) != null) {
+
+ throw new RuntimeException(
+ "Duplicate named elliptic curve definition: " + name);
+ }
+ }
+
+ static NamedEllipticCurve getCurve(String name, boolean requireFips) {
+ for (NamedEllipticCurve curve : NamedEllipticCurve.values()) {
+ if (curve.name.equals(name) && (!requireFips || curve.isFips)) {
+ return curve;
+ }
+ }
+
+ return null;
+ }
+ }
static {
- int[] ids;
- fips = SunJSSE.isFIPS();
- if (fips == false) {
- ids = new int[] {
- // NIST curves first
- // prefer NIST P-256, rest in order of increasing key length
- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
- // non-NIST curves
- 15, 16, 17, 2, 18, 4, 5, 20, 8, 22,
- };
+ boolean requireFips = SunJSSE.isFIPS();
+
+ // hack code to initialize NamedEllipticCurve
+ NamedEllipticCurve nec =
+ NamedEllipticCurve.getCurve("secp256r1", false);
+
+ // The value of the System Property defines a list of enabled named
+ // curves in preference order, separated with comma. For example:
+ //
+ // jdk.tls.namedGroups="secp521r1, secp256r1, secp384r1"
+ //
+ // If the System Property is not defined or the value is empty, the
+ // default curves and preferences will be used.
+ String property = AccessController.doPrivileged(
+ new GetPropertyAction("jdk.tls.namedGroups"));
+ if (property != null && property.length() != 0) {
+ // remove double quote marks from beginning/end of the property
+ if (property.length() > 1 && property.charAt(0) == '"' &&
+ property.charAt(property.length() - 1) == '"') {
+ property = property.substring(1, property.length() - 1);
+ }
+ }
+
+ ArrayList<Integer> idList;
+ if (property != null && property.length() != 0) { // customized curves
+ String[] curves = property.split(",");
+ idList = new ArrayList<>(curves.length);
+ for (String curve : curves) {
+ curve = curve.trim();
+ if (!curve.isEmpty()) {
+ NamedEllipticCurve namedCurve =
+ NamedEllipticCurve.getCurve(curve, requireFips);
+ if (namedCurve != null) {
+ if (isAvailableCurve(namedCurve.id)) {
+ idList.add(namedCurve.id);
+ }
+ } // ignore unknown curves
+ }
+ }
+ } else { // default curves
+ int[] ids;
+ if (requireFips) {
+ ids = new int[] {
+ // only NIST curves in FIPS mode
+ 23, 24, 25, 9, 10, 11, 12, 13, 14,
+ };
+ } else {
+ ids = new int[] {
+ // NIST curves first
+ 23, 24, 25, 9, 10, 11, 12, 13, 14,
+ // non-NIST curves
+ 22,
+ };
+ }
+
+ idList = new ArrayList<>(ids.length);
+ for (int curveId : ids) {
+ if (isAvailableCurve(curveId)) {
+ idList.add(curveId);
+ }
+ }
+ }
+
+ if (idList.isEmpty()) {
+ throw new IllegalArgumentException(
+ "System property jdk.tls.namedGroups(" + property + ") " +
+ "contains no supported elliptic curves");
} else {
- ids = new int[] {
- // same as above, but allow only NIST curves in FIPS mode
- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
- };
+ supportedCurveIds = new int[idList.size()];
+ int i = 0;
+ for (Integer id : idList) {
+ supportedCurveIds[i++] = id;
+ }
}
- DEFAULT = new EllipticCurvesExtension(ids);
}
- private final int[] curveIds;
+ // check whether the curve is supported by the underlying providers
+ private static boolean isAvailableCurve(int curveId) {
+ String oid = idToOidMap.get(curveId);
+ if (oid != null) {
+ AlgorithmParameters params = null;
+ try {
+ params = JsseJce.getAlgorithmParameters("EC");
+ params.init(new ECGenParameterSpec(oid));
+ } catch (Exception e) {
+ return false;
+ }
+
+ // cache the parameters
+ idToParams.put(curveId, params);
+
+ return true;
+ }
+
+ return false;
+ }
private EllipticCurvesExtension(int[] curveIds) {
super(ExtensionType.EXT_ELLIPTIC_CURVES);
+
this.curveIds = curveIds;
}
EllipticCurvesExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_ELLIPTIC_CURVES);
+
int k = s.getInt16();
if (((len & 1) != 0) || (k + 2 != len)) {
throw new SSLProtocolException("Invalid " + type + " extension");
}
+
+ // Note: unknown curves will be ignored later.
curveIds = new int[k >> 1];
for (int i = 0; i < curveIds.length; i++) {
curveIds[i] = s.getInt16();
}
}
+ // get the preferred active curve
+ static int getActiveCurves(AlgorithmConstraints constraints) {
+ return getPreferredCurve(supportedCurveIds, constraints);
+ }
+
+ static boolean hasActiveCurves(AlgorithmConstraints constraints) {
+ return getActiveCurves(constraints) >= 0;
+ }
+
+ static EllipticCurvesExtension createExtension(
+ AlgorithmConstraints constraints) {
+
+ ArrayList<Integer> idList = new ArrayList<>(supportedCurveIds.length);
+ for (int curveId : supportedCurveIds) {
+ if (constraints.permits(
+ EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+ "EC", idToParams.get(curveId))) {
+ idList.add(curveId);
+ }
+ }
+
+ if (!idList.isEmpty()) {
+ int[] ids = new int[idList.size()];
+ int i = 0;
+ for (Integer id : idList) {
+ ids[i++] = id;
+ }
+
+ return new EllipticCurvesExtension(ids);
+ }
+
+ return null;
+ }
+
+ // get the preferred activated curve
+ int getPreferredCurve(AlgorithmConstraints constraints) {
+ return getPreferredCurve(curveIds, constraints);
+ }
+
+ // get a preferred activated curve
+ private static int getPreferredCurve(int[] curves,
+ AlgorithmConstraints constraints) {
+ for (int curveId : curves) {
+ if (constraints.permits(
+ EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+ "EC", idToParams.get(curveId))) {
+ return curveId;
+ }
+ }
+
+ return -1;
+ }
+
boolean contains(int index) {
for (int curveId : curveIds) {
if (index == curveId) {
@@ -88,12 +301,6 @@
return false;
}
- // Return a reference to the internal curveIds array.
- // The caller must NOT modify the contents.
- int[] curveIds() {
- return curveIds;
- }
-
@Override
int length() {
return 6 + (curveIds.length << 1);
@@ -122,17 +329,9 @@
sb.append(", ");
}
// first check if it is a known named curve, then try other cases.
- String oid = getCurveOid(curveId);
- if (oid != null) {
- ECParameterSpec spec = JsseJce.getECParameterSpec(oid);
- // this toString() output will look nice for the current
- // implementation of the ECParameterSpec class in the Sun
- // provider, but may not look good for other implementations.
- if (spec != null) {
- sb.append(spec.toString().split(" ")[0]);
- } else {
- sb.append(oid);
- }
+ String curveName = getCurveName(curveId);
+ if (curveName != null) {
+ sb.append(curveName);
} else if (curveId == ARBITRARY_PRIME) {
sb.append("arbitrary_explicit_prime_curves");
} else if (curveId == ARBITRARY_CHAR2) {
@@ -145,16 +344,15 @@
return sb.toString();
}
- // Test whether we support the curve with the given index.
+ // Test whether the given curve is supported.
static boolean isSupported(int index) {
- if ((index <= 0) || (index >= NAMED_CURVE_OID_TABLE.length)) {
- return false;
+ for (int curveId : supportedCurveIds) {
+ if (index == curveId) {
+ return true;
+ }
}
- if (fips == false) {
- // in non-FIPS mode, we support all valid indices
- return true;
- }
- return DEFAULT.contains(index);
+
+ return false;
}
static int getCurveIndex(ECParameterSpec params) {
@@ -162,57 +360,32 @@
if (oid == null) {
return -1;
}
- Integer n = curveIndices.get(oid);
+ Integer n = oidToIdMap.get(oid);
return (n == null) ? -1 : n;
}
static String getCurveOid(int index) {
- if ((index > 0) && (index < NAMED_CURVE_OID_TABLE.length)) {
- return NAMED_CURVE_OID_TABLE[index];
- }
- return null;
+ return idToOidMap.get(index);
}
- private static final int ARBITRARY_PRIME = 0xff01;
- private static final int ARBITRARY_CHAR2 = 0xff02;
-
- // See sun.security.util.NamedCurve for the OIDs
- private static final String[] NAMED_CURVE_OID_TABLE = new String[] {
- null, // (0) unused
- "1.3.132.0.1", // (1) sect163k1, NIST K-163
- "1.3.132.0.2", // (2) sect163r1
- "1.3.132.0.15", // (3) sect163r2, NIST B-163
- "1.3.132.0.24", // (4) sect193r1
- "1.3.132.0.25", // (5) sect193r2
- "1.3.132.0.26", // (6) sect233k1, NIST K-233
- "1.3.132.0.27", // (7) sect233r1, NIST B-233
- "1.3.132.0.3", // (8) sect239k1
- "1.3.132.0.16", // (9) sect283k1, NIST K-283
- "1.3.132.0.17", // (10) sect283r1, NIST B-283
- "1.3.132.0.36", // (11) sect409k1, NIST K-409
- "1.3.132.0.37", // (12) sect409r1, NIST B-409
- "1.3.132.0.38", // (13) sect571k1, NIST K-571
- "1.3.132.0.39", // (14) sect571r1, NIST B-571
- "1.3.132.0.9", // (15) secp160k1
- "1.3.132.0.8", // (16) secp160r1
- "1.3.132.0.30", // (17) secp160r2
- "1.3.132.0.31", // (18) secp192k1
- "1.2.840.10045.3.1.1", // (19) secp192r1, NIST P-192
- "1.3.132.0.32", // (20) secp224k1
- "1.3.132.0.33", // (21) secp224r1, NIST P-224
- "1.3.132.0.10", // (22) secp256k1
- "1.2.840.10045.3.1.7", // (23) secp256r1, NIST P-256
- "1.3.132.0.34", // (24) secp384r1, NIST P-384
- "1.3.132.0.35", // (25) secp521r1, NIST P-521
- };
-
- private static final Map<String,Integer> curveIndices;
-
- static {
- curveIndices = new HashMap<String,Integer>();
- for (int i = 1; i < NAMED_CURVE_OID_TABLE.length; i++) {
- curveIndices.put(NAMED_CURVE_OID_TABLE[i], i);
+ static ECGenParameterSpec getECGenParamSpec(int index) {
+ AlgorithmParameters params = idToParams.get(index);
+ try {
+ return params.getParameterSpec(ECGenParameterSpec.class);
+ } catch (InvalidParameterSpecException ipse) {
+ // should be unlikely
+ String curveOid = getCurveOid(index);
+ return new ECGenParameterSpec(curveOid);
}
}
+ private static String getCurveName(int index) {
+ for (NamedEllipticCurve namedCurve : NamedEllipticCurve.values()) {
+ if (namedCurve.id == index) {
+ return namedCurve.name;
+ }
+ }
+
+ return null;
+ }
}
--- a/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java Mon Jul 11 12:07:59 2016 -0700
@@ -313,11 +313,6 @@
this.cookie = null;
}
- if (cipherSuites.containsEC()) {
- extensions.add(EllipticCurvesExtension.DEFAULT);
- extensions.add(EllipticPointFormatsExtension.DEFAULT);
- }
-
clnt_random = new RandomCookie(generator);
compression_methods = NULL_COMPRESSION;
}
--- a/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -660,13 +660,42 @@
ArrayList<CipherSuite> suites = new ArrayList<>();
if (!(activeProtocols.collection().isEmpty()) &&
activeProtocols.min.v != ProtocolVersion.NONE.v) {
+ boolean checkedCurves = false;
+ boolean hasCurves = false;
for (CipherSuite suite : enabledCipherSuites.collection()) {
if (!activeProtocols.min.obsoletes(suite) &&
activeProtocols.max.supports(suite)) {
if (algorithmConstraints.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
suite.name, null)) {
- suites.add(suite);
+
+ boolean available = true;
+ if (suite.keyExchange.isEC) {
+ if (!checkedCurves) {
+ hasCurves = EllipticCurvesExtension
+ .hasActiveCurves(algorithmConstraints);
+ checkedCurves = true;
+
+ if (!hasCurves && debug != null &&
+ Debug.isOn("verbose")) {
+ System.out.println(
+ "No available elliptic curves");
+ }
+ }
+
+ available = hasCurves;
+
+ if (!available && debug != null &&
+ Debug.isOn("verbose")) {
+ System.out.println(
+ "No active elliptic curves, ignore " +
+ suite);
+ }
+ }
+
+ if (available) {
+ suites.add(suite);
+ }
}
} else if (debug != null && Debug.isOn("verbose")) {
if (activeProtocols.min.obsoletes(suite)) {
@@ -703,6 +732,8 @@
ProtocolList getActiveProtocols() {
if (activeProtocols == null) {
boolean enabledSSL20Hello = false;
+ boolean checkedCurves = false;
+ boolean hasCurves = false;
ArrayList<ProtocolVersion> protocols = new ArrayList<>(4);
for (ProtocolVersion protocol : enabledProtocols.collection()) {
// Need not to check the SSL20Hello protocol.
@@ -729,9 +760,36 @@
if (algorithmConstraints.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
suite.name, null)) {
- protocols.add(protocol);
- found = true;
- break;
+
+ boolean available = true;
+ if (suite.keyExchange.isEC) {
+ if (!checkedCurves) {
+ hasCurves = EllipticCurvesExtension
+ .hasActiveCurves(algorithmConstraints);
+ checkedCurves = true;
+
+ if (!hasCurves && debug != null &&
+ Debug.isOn("verbose")) {
+ System.out.println(
+ "No activated elliptic curves");
+ }
+ }
+
+ available = hasCurves;
+
+ if (!available && debug != null &&
+ Debug.isOn("verbose")) {
+ System.out.println(
+ "No active elliptic curves, ignore " +
+ suite + " for " + protocol);
+ }
+ }
+
+ if (available) {
+ protocols.add(protocol);
+ found = true;
+ break;
+ }
} else if (debug != null && Debug.isOn("verbose")) {
System.out.println(
"Ignoring disabled cipher suite: " + suite +
--- a/jdk/src/java.base/share/classes/sun/security/ssl/JsseJce.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/JsseJce.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -275,6 +275,15 @@
}
}
+ static AlgorithmParameters getAlgorithmParameters(String algorithm)
+ throws NoSuchAlgorithmException {
+ if (cryptoProvider == null) {
+ return AlgorithmParameters.getInstance(algorithm);
+ } else {
+ return AlgorithmParameters.getInstance(algorithm, cryptoProvider);
+ }
+ }
+
static SecureRandom getSecureRandom() throws KeyManagementException {
if (cryptoProvider == null) {
return new SecureRandom();
@@ -394,6 +403,7 @@
JsseJce.getKeyAgreement("ECDH");
JsseJce.getKeyFactory("EC");
JsseJce.getKeyPairGenerator("EC");
+ JsseJce.getAlgorithmParameters("EC");
} catch (Exception e) {
mediator = false;
}
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java Mon Jul 11 12:07:59 2016 -0700
@@ -94,7 +94,8 @@
// we remember it for the RSA premaster secret version check
private ProtocolVersion clientRequestedVersion;
- private EllipticCurvesExtension supportedCurves;
+ // client supported elliptic curves
+ private EllipticCurvesExtension requestedCurves;
// the preferable signature algorithm used by ServerKeyExchange message
SignatureAndHashAlgorithm preferableSignatureAlgorithm;
@@ -741,7 +742,7 @@
throw new SSLException("Client did not resume a session");
}
- supportedCurves = (EllipticCurvesExtension)
+ requestedCurves = (EllipticCurvesExtension)
mesg.extensions.get(ExtensionType.EXT_ELLIPTIC_CURVES);
// We only need to handle the "signature_algorithm" extension
@@ -1572,26 +1573,15 @@
// If we cannot continue because we do not support any of the curves that
// the client requested, return false. Otherwise (all is well), return true.
private boolean setupEphemeralECDHKeys() {
- int index = -1;
- if (supportedCurves != null) {
- // if the client sent the supported curves extension, pick the
- // first one that we support;
- for (int curveId : supportedCurves.curveIds()) {
- if (EllipticCurvesExtension.isSupported(curveId)) {
- index = curveId;
- break;
- }
- }
- if (index < 0) {
- // no match found, cannot use this ciphersuite
- return false;
- }
- } else {
- // pick our preference
- index = EllipticCurvesExtension.DEFAULT.curveIds()[0];
+ int index = (requestedCurves != null) ?
+ requestedCurves.getPreferredCurve(algorithmConstraints) :
+ EllipticCurvesExtension.getActiveCurves(algorithmConstraints);
+ if (index < 0) {
+ // no match found, cannot use this ciphersuite
+ return false;
}
- String oid = EllipticCurvesExtension.getCurveOid(index);
- ecdh = new ECDHCrypt(oid, sslContext.getSecureRandom());
+
+ ecdh = new ECDHCrypt(index, sslContext.getSecureRandom());
return true;
}
@@ -1633,18 +1623,16 @@
return false;
}
// For ECC certs, check whether we support the EC domain parameters.
- // If the client sent a EllipticCurves ClientHello extension,
+ // If the client sent a SupportedEllipticCurves ClientHello extension,
// check against that too.
if (keyAlgorithm.equals("EC")) {
if (publicKey instanceof ECPublicKey == false) {
return false;
}
ECParameterSpec params = ((ECPublicKey)publicKey).getParams();
- int index = EllipticCurvesExtension.getCurveIndex(params);
- if (!EllipticCurvesExtension.isSupported(index)) {
- return false;
- }
- if ((supportedCurves != null) && !supportedCurves.contains(index)) {
+ int id = EllipticCurvesExtension.getCurveIndex(params);
+ if ((id <= 0) || !EllipticCurvesExtension.isSupported(id) ||
+ ((requestedCurves != null) && !requestedCurves.contains(id))) {
return false;
}
}
--- a/jdk/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -237,6 +237,8 @@
"sun.security.pkcs12.PKCS12KeyStore");
}
+ // com.sun.net.ssl.internal.ssl.Provider has been deprecated since JDK 9
+ @SuppressWarnings("deprecation")
private void subclassCheck() {
if (getClass() != com.sun.net.ssl.internal.ssl.Provider.class) {
throw new AssertionError("Illegal subclass: " + getClass());
--- a/jdk/src/java.base/share/conf/security/java.security Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.base/share/conf/security/java.security Mon Jul 11 12:07:59 2016 -0700
@@ -653,7 +653,7 @@
#
#
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
- DSA keySize < 1024
+ DSA keySize < 1024, EC keySize < 224
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
# (SSL/TLS/DTLS) processing
@@ -681,7 +681,8 @@
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024
+jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
+ EC keySize < 224
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation.
--- a/jdk/src/java.httpclient/share/classes/java/net/http/AsyncSSLDelegate.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/java.httpclient/share/classes/java/net/http/AsyncSSLDelegate.java Mon Jul 11 12:07:59 2016 -0700
@@ -81,7 +81,7 @@
* the channel to be closed, and the error is reported to the user's
* Consumer<Throwable>
*/
-public class AsyncSSLDelegate implements Closeable, AsyncConnection {
+class AsyncSSLDelegate implements Closeable, AsyncConnection {
// outgoing buffers put in this queue first and may remain here
// while SSL handshaking happening.
--- a/jdk/src/jdk.accessibility/share/classes/com/sun/java/accessibility/util/package-info.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/src/jdk.accessibility/share/classes/com/sun/java/accessibility/util/package-info.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
--- a/jdk/test/java/nio/file/FileStore/Basic.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/test/java/nio/file/FileStore/Basic.java Mon Jul 11 12:07:59 2016 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -124,6 +124,12 @@
// ignore exception as the store could have been
// deleted since the iterator was instantiated
System.err.format("%s was not found\n", store);
+ } catch (AccessDeniedException ade) {
+ // ignore exception as the lack of ability to access the
+ // store due to lack of file permission or similar does not
+ // reflect whether the space attributes would be accessible
+ // were access to be permitted
+ System.err.format("%s is inaccessible\n", store);
}
// two distinct FileStores should not be equal
--- a/jdk/test/java/util/Spliterator/SpliteratorLateBindingFailFastTest.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/test/java/util/Spliterator/SpliteratorLateBindingFailFastTest.java Mon Jul 11 12:07:59 2016 -0700
@@ -24,11 +24,13 @@
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
+import java.util.AbstractList;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.ConcurrentModificationException;
+import java.util.Iterator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
@@ -37,6 +39,7 @@
import java.util.List;
import java.util.Map;
import java.util.PriorityQueue;
+import java.util.RandomAccess;
import java.util.Set;
import java.util.Spliterator;
import java.util.Stack;
@@ -191,6 +194,46 @@
db.addList(Vector::new);
+ class AbstractRandomAccessListImpl extends AbstractList<Integer> implements RandomAccess {
+ List<Integer> l;
+
+ AbstractRandomAccessListImpl(Collection<Integer> c) {
+ this.l = new ArrayList<>(c);
+ }
+
+ @Override
+ public boolean add(Integer integer) {
+ modCount++;
+ return l.add(integer);
+ }
+
+ @Override
+ public Iterator<Integer> iterator() {
+ return l.iterator();
+ }
+
+ @Override
+ public Integer get(int index) {
+ return l.get(index);
+ }
+
+ @Override
+ public boolean remove(Object o) {
+ modCount++;
+ return l.remove(o);
+ }
+
+ @Override
+ public int size() {
+ return l.size();
+ }
+
+ @Override
+ public List<Integer> subList(int fromIndex, int toIndex) {
+ return l.subList(fromIndex, toIndex);
+ }
+ }
+ db.addList(AbstractRandomAccessListImpl::new);
db.addCollection(HashSet::new);
--- a/jdk/test/java/util/Spliterator/SpliteratorTraversingAndSplittingTest.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/test/java/util/Spliterator/SpliteratorTraversingAndSplittingTest.java Mon Jul 11 12:07:59 2016 -0700
@@ -49,8 +49,10 @@
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
+import java.util.ListIterator;
import java.util.Map;
import java.util.PriorityQueue;
+import java.util.RandomAccess;
import java.util.Set;
import java.util.SortedSet;
import java.util.Spliterator;
@@ -379,6 +381,150 @@
db.addList(Vector::new);
+ class AbstractRandomAccessListImpl extends AbstractList<Integer> implements RandomAccess {
+ Integer[] ia;
+
+ AbstractRandomAccessListImpl(Collection<Integer> c) {
+ this.ia = c.toArray(new Integer[c.size()]);
+ }
+
+ @Override
+ public Integer get(int index) {
+ return ia[index];
+ }
+
+ @Override
+ public int size() {
+ return ia.length;
+ }
+ }
+ db.addList(AbstractRandomAccessListImpl::new);
+
+ class RandomAccessListImpl implements List<Integer>, RandomAccess {
+ Integer[] ia;
+ List<Integer> l;
+
+ RandomAccessListImpl(Collection<Integer> c) {
+ this.ia = c.toArray(new Integer[c.size()]);
+ this.l = Arrays.asList(ia);
+ }
+
+ @Override
+ public Integer get(int index) {
+ return ia[index];
+ }
+
+ @Override
+ public Integer set(int index, Integer element) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public void add(int index, Integer element) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public Integer remove(int index) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public int indexOf(Object o) {
+ return l.indexOf(o);
+ }
+
+ @Override
+ public int lastIndexOf(Object o) {
+ return Arrays.asList(ia).lastIndexOf(o);
+ }
+
+ @Override
+ public ListIterator<Integer> listIterator() {
+ return l.listIterator();
+ }
+
+ @Override
+ public ListIterator<Integer> listIterator(int index) {
+ return l.listIterator(index);
+ }
+
+ @Override
+ public List<Integer> subList(int fromIndex, int toIndex) {
+ return l.subList(fromIndex, toIndex);
+ }
+
+ @Override
+ public int size() {
+ return ia.length;
+ }
+
+ @Override
+ public boolean isEmpty() {
+ return size() != 0;
+ }
+
+ @Override
+ public boolean contains(Object o) {
+ return l.contains(o);
+ }
+
+ @Override
+ public Iterator<Integer> iterator() {
+ return l.iterator();
+ }
+
+ @Override
+ public Object[] toArray() {
+ return l.toArray();
+ }
+
+ @Override
+ public <T> T[] toArray(T[] a) {
+ return l.toArray(a);
+ }
+
+ @Override
+ public boolean add(Integer integer) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public boolean remove(Object o) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public boolean containsAll(Collection<?> c) {
+ return l.containsAll(c);
+ }
+
+ @Override
+ public boolean addAll(Collection<? extends Integer> c) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public boolean addAll(int index, Collection<? extends Integer> c) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public boolean removeAll(Collection<?> c) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public boolean retainAll(Collection<?> c) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public void clear() {
+ throw new UnsupportedOperationException();
+ }
+ }
+ db.addList(RandomAccessListImpl::new);
db.addCollection(HashSet::new);
--- a/jdk/test/java/util/logging/CheckLockLocationTest.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/test/java/util/logging/CheckLockLocationTest.java Mon Jul 11 12:07:59 2016 -0700
@@ -30,13 +30,16 @@
* @run main/othervm CheckLockLocationTest
*/
import java.io.File;
+import java.io.FileOutputStream;
import java.io.IOException;
+import java.io.OutputStream;
import java.nio.file.AccessDeniedException;
import java.nio.file.FileSystemException;
import java.nio.file.Files;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.nio.file.attribute.UserPrincipal;
+import java.util.UUID;
import java.util.logging.FileHandler;
public class CheckLockLocationTest {
@@ -78,7 +81,11 @@
} catch (IOException ex) {
throw new RuntimeException("Test failed: should have been able"
+ " to create FileHandler for " + "%t/" + WRITABLE_DIR
- + "/log.log in writable directory.", ex);
+ + "/log.log in writable directory"
+ + (!writableDir.canRead() // concurrent tests running or user conf issue?
+ ? ": directory not readable.\n\tPlease check your "
+ + "environment and machine configuration."
+ : "."), ex);
} finally {
// the above test leaves files in the directory. Get rid of the
// files created and the directory
@@ -149,8 +156,41 @@
+ " writable working directory "
+ writableDir.getAbsolutePath() );
}
+
+ if (!writableDir.canRead()) {
+ throw new RuntimeException("Test setup failed: can't read "
+ + " writable working directory "
+ + writableDir.getAbsolutePath() );
+ }
+
// writableDirectory and its contents will be deleted after the test
- // that uses it
+ // that uses it.
+
+ // check that we can write in the new writable dir.
+ File dummyFile = new File(writableDir, UUID.randomUUID().toString() + ".txt" );
+ try {
+ if (!dummyFile.createNewFile()) {
+ throw new RuntimeException("Test setup failed: can't create "
+ + " dummy file in writable working directory "
+ + dummyFile.getAbsolutePath() );
+ }
+ try (OutputStream os = new FileOutputStream(dummyFile)) {
+ os.write('A');
+ } finally {
+ dummyFile.delete();
+ }
+ if (dummyFile.canRead()) {
+ throw new RuntimeException("Test setup failed: can't delete "
+ + " dummy file in writable working directory "
+ + dummyFile.getAbsolutePath() );
+ }
+ System.out.println("Successfully created and deleted dummy file: " +
+ dummyFile.getAbsolutePath());
+ } catch(IOException x) {
+ throw new RuntimeException("Test setup failed: can't write "
+ + " or delete dummy file in writable working directory "
+ + dummyFile.getAbsolutePath(), x);
+ }
// Create a plain file which we will attempt to use as a directory
// (%t/not-a-dir)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/net/ssl/ciphersuites/ECCurvesconstraints.java Mon Jul 11 12:07:59 2016 -0700
@@ -0,0 +1,408 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
+/*
+ * @test
+ * @bug 8148516
+ * @summary Improve the default strength of EC in JDK
+ * @run main/othervm ECCurvesconstraints PKIX
+ * @run main/othervm ECCurvesconstraints SunX509
+ */
+
+import java.net.*;
+import java.util.*;
+import java.io.*;
+import javax.net.ssl.*;
+import java.security.Security;
+import java.security.KeyStore;
+import java.security.KeyFactory;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.spec.*;
+import java.security.interfaces.*;
+import java.util.Base64;
+
+
+public class ECCurvesconstraints {
+
+ /*
+ * =============================================================
+ * Set the various variables needed for the tests, then
+ * specify what tests to run on each side.
+ */
+
+ /*
+ * Should we run the client or server in a separate thread?
+ * Both sides can throw exceptions, but do you have a preference
+ * as to which side should be the main thread.
+ */
+ static boolean separateServerThread = false;
+
+ /*
+ * Where do we find the keystores?
+ */
+ // Certificates and key used in the test.
+ //
+ // EC curve: secp224k1
+ static String trustedCertStr =
+ "-----BEGIN CERTIFICATE-----\n" +
+ "MIIBCzCBugIEVz2lcjAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA93d3cuZXhhbXBs\n" +
+ "ZS5vcmcwHhcNMTYwNTE5MTEzNzM5WhcNMTcwNTE5MTEzNzM5WjAaMRgwFgYDVQQD\n" +
+ "DA93d3cuZXhhbXBsZS5vcmcwTjAQBgcqhkjOPQIBBgUrgQQAIAM6AAT68uovMZ8f\n" +
+ "KARn5NOjvieJaq6h8zHYkM9w5DuN0kkOo4KBhke06EkQj0nvQQcSvppTV6RoDLY4\n" +
+ "djAKBggqhkjOPQQDAgNAADA9AhwMNIujM0R0llpPH6d89d1S3VRGH/78ovc+zw51\n" +
+ "Ah0AuZ1YlQkUbrJIzkuPSICxz5UfCWPe+7w4as+wiA==\n" +
+ "-----END CERTIFICATE-----";
+
+ // Private key in the format of PKCS#8
+ static String targetPrivateKey =
+ "MIGCAgEAMBAGByqGSM49AgEGBSuBBAAgBGswaQIBAQQdAPbckc86mgW/zexB1Ajq\n" +
+ "38HntWOjdxL6XSoiAsWgBwYFK4EEACChPAM6AAT68uovMZ8fKARn5NOjvieJaq6h\n" +
+ "8zHYkM9w5DuN0kkOo4KBhke06EkQj0nvQQcSvppTV6RoDLY4dg==";
+
+ static String[] serverCerts = {trustedCertStr};
+ static String[] serverKeys = {targetPrivateKey};
+ static String[] clientCerts = {trustedCertStr};
+ static String[] clientKeys = {targetPrivateKey};
+
+ static char passphrase[] = "passphrase".toCharArray();
+
+ /*
+ * Is the server ready to serve?
+ */
+ volatile static boolean serverReady = false;
+
+ /*
+ * Turn on SSL debugging?
+ */
+ static boolean debug = false;
+
+ /*
+ * Define the server side of the test.
+ *
+ * If the server prematurely exits, serverReady will be set to true
+ * to avoid infinite hangs.
+ */
+ void doServerSide() throws Exception {
+ SSLContext context = generateSSLContext(false);
+ SSLServerSocketFactory sslssf = context.getServerSocketFactory();
+ SSLServerSocket sslServerSocket =
+ (SSLServerSocket)sslssf.createServerSocket(serverPort);
+ serverPort = sslServerSocket.getLocalPort();
+
+ /*
+ * Signal Client, we're ready for his connect.
+ */
+ serverReady = true;
+
+ SSLSocket sslSocket = (SSLSocket)sslServerSocket.accept();
+ try {
+ sslSocket.setSoTimeout(5000);
+ sslSocket.setSoLinger(true, 5);
+
+ InputStream sslIS = sslSocket.getInputStream();
+ OutputStream sslOS = sslSocket.getOutputStream();
+
+ sslIS.read();
+ sslOS.write('A');
+ sslOS.flush();
+
+ throw new Exception("EC curve secp224k1 should be disabled");
+ } catch (SSLHandshakeException she) {
+ // expected exception: no cipher suites in common
+ System.out.println("Expected exception: " + she);
+ } finally {
+ sslSocket.close();
+ sslServerSocket.close();
+ }
+ }
+
+ /*
+ * Define the client side of the test.
+ *
+ * If the server prematurely exits, serverReady will be set to true
+ * to avoid infinite hangs.
+ */
+ void doClientSide() throws Exception {
+
+ /*
+ * Wait for server to get started.
+ */
+ while (!serverReady) {
+ Thread.sleep(50);
+ }
+
+ SSLContext context = generateSSLContext(true);
+ SSLSocketFactory sslsf = context.getSocketFactory();
+
+ SSLSocket sslSocket =
+ (SSLSocket)sslsf.createSocket("localhost", serverPort);
+
+ try {
+ sslSocket.setSoTimeout(5000);
+ sslSocket.setSoLinger(true, 5);
+
+ InputStream sslIS = sslSocket.getInputStream();
+ OutputStream sslOS = sslSocket.getOutputStream();
+
+ sslOS.write('B');
+ sslOS.flush();
+ sslIS.read();
+
+ throw new Exception("EC curve secp224k1 should be disabled");
+ } catch (SSLHandshakeException she) {
+ // expected exception: Received fatal alert
+ System.out.println("Expected exception: " + she);
+ } finally {
+ sslSocket.close();
+ }
+ }
+
+ /*
+ * =============================================================
+ * The remainder is just support stuff
+ */
+ private static String tmAlgorithm; // trust manager
+
+ private static void parseArguments(String[] args) {
+ tmAlgorithm = args[0];
+ }
+
+ private static SSLContext generateSSLContext(boolean isClient)
+ throws Exception {
+
+ // generate certificate from cert string
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+ // create a key store
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(null, null);
+
+ // import the trused cert
+ ByteArrayInputStream is =
+ new ByteArrayInputStream(trustedCertStr.getBytes());
+ Certificate trusedCert = cf.generateCertificate(is);
+ is.close();
+
+ ks.setCertificateEntry("Export Signer", trusedCert);
+
+ String[] certStrs = null;
+ String[] keyStrs = null;
+ if (isClient) {
+ certStrs = clientCerts;
+ keyStrs = clientKeys;
+ } else {
+ certStrs = serverCerts;
+ keyStrs = serverKeys;
+ }
+
+ for (int i = 0; i < certStrs.length; i++) {
+ // generate the private key.
+ String keySpecStr = keyStrs[i];
+ PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
+ Base64.getMimeDecoder().decode(keySpecStr));
+ KeyFactory kf = KeyFactory.getInstance("EC");
+ ECPrivateKey priKey =
+ (ECPrivateKey)kf.generatePrivate(priKeySpec);
+
+ // generate certificate chain
+ String keyCertStr = certStrs[i];
+ is = new ByteArrayInputStream(keyCertStr.getBytes());
+ Certificate keyCert = cf.generateCertificate(is);
+ is.close();
+
+ Certificate[] chain = new Certificate[2];
+ chain[0] = keyCert;
+ chain[1] = trusedCert;
+
+ // import the key entry.
+ ks.setKeyEntry("key-entry-" + i, priKey, passphrase, chain);
+ }
+
+ // create SSL context
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlgorithm);
+ tmf.init(ks);
+
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509");
+ kmf.init(ks, passphrase);
+
+ ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+ ks = null;
+
+ return ctx;
+ }
+
+ // use any free port by default
+ volatile int serverPort = 0;
+
+ volatile Exception serverException = null;
+ volatile Exception clientException = null;
+
+ public static void main(String[] args) throws Exception {
+ if (debug) {
+ System.setProperty("javax.net.debug", "all");
+ }
+
+ /*
+ * Get the customized arguments.
+ */
+ parseArguments(args);
+
+ /*
+ * Start the tests.
+ */
+ new ECCurvesconstraints();
+ }
+
+ Thread clientThread = null;
+ Thread serverThread = null;
+
+ /*
+ * Primary constructor, used to drive remainder of the test.
+ *
+ * Fork off the other side, then do your work.
+ */
+ ECCurvesconstraints() throws Exception {
+ try {
+ if (separateServerThread) {
+ startServer(true);
+ startClient(false);
+ } else {
+ startClient(true);
+ startServer(false);
+ }
+ } catch (Exception e) {
+ // swallow for now. Show later
+ }
+
+ /*
+ * Wait for other side to close down.
+ */
+ if (separateServerThread) {
+ serverThread.join();
+ } else {
+ clientThread.join();
+ }
+
+ /*
+ * When we get here, the test is pretty much over.
+ * Which side threw the error?
+ */
+ Exception local;
+ Exception remote;
+ String whichRemote;
+
+ if (separateServerThread) {
+ remote = serverException;
+ local = clientException;
+ whichRemote = "server";
+ } else {
+ remote = clientException;
+ local = serverException;
+ whichRemote = "client";
+ }
+
+ /*
+ * If both failed, return the curthread's exception, but also
+ * print the remote side Exception
+ */
+ if ((local != null) && (remote != null)) {
+ System.out.println(whichRemote + " also threw:");
+ remote.printStackTrace();
+ System.out.println();
+ throw local;
+ }
+
+ if (remote != null) {
+ throw remote;
+ }
+
+ if (local != null) {
+ throw local;
+ }
+ }
+
+ void startServer(boolean newThread) throws Exception {
+ if (newThread) {
+ serverThread = new Thread() {
+ public void run() {
+ try {
+ doServerSide();
+ } catch (Exception e) {
+ /*
+ * Our server thread just died.
+ *
+ * Release the client, if not active already...
+ */
+ System.err.println("Server died, because of " + e);
+ serverReady = true;
+ serverException = e;
+ }
+ }
+ };
+ serverThread.start();
+ } else {
+ try {
+ doServerSide();
+ } catch (Exception e) {
+ serverException = e;
+ } finally {
+ serverReady = true;
+ }
+ }
+ }
+
+ void startClient(boolean newThread) throws Exception {
+ if (newThread) {
+ clientThread = new Thread() {
+ public void run() {
+ try {
+ doClientSide();
+ } catch (Exception e) {
+ /*
+ * Our client thread just died.
+ */
+ System.err.println("Client died, because of " + e);
+ clientException = e;
+ }
+ }
+ };
+ clientThread.start();
+ } else {
+ try {
+ doClientSide();
+ } catch (Exception e) {
+ clientException = e;
+ }
+ }
+ }
+}
--- a/jdk/test/sun/security/ec/TestEC.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/test/sun/security/ec/TestEC.java Mon Jul 11 12:07:59 2016 -0700
@@ -36,7 +36,7 @@
* @library ../../../java/security/testlibrary
* @modules jdk.crypto.pkcs11/sun.security.pkcs11.wrapper
* @compile -XDignore.symbol.file TestEC.java
- * @run main/othervm TestEC
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC
*/
import java.security.NoSuchProviderException;
--- a/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Mon Jul 11 16:52:50 2016 +0200
+++ b/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Mon Jul 11 12:07:59 2016 -0700
@@ -33,8 +33,10 @@
* @author Andreas Sterbenz
* @library ..
* @library ../../../../java/security/testlibrary
- * @run main/othervm ClientJSSEServerJSSE
- * @run main/othervm ClientJSSEServerJSSE sm policy
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1"
+ * ClientJSSEServerJSSE
+ * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1"
+ * ClientJSSEServerJSSE sm policy
*/
import java.security.Provider;