1.1 --- a/make/com/sun/security/auth/module/Makefile Thu Oct 27 13:54:42 2011 -0700
1.2 +++ b/make/com/sun/security/auth/module/Makefile Fri Oct 28 17:49:02 2011 -0700
1.3 @@ -78,7 +78,3 @@
1.4 #
1.5 include $(BUILDDIR)/common/Library.gmk
1.6
1.7 -#
1.8 -# JVMDI implementation lives in the VM.
1.9 -#
1.10 -OTHER_LDLIBS = $(JVMLIB)
2.1 --- a/make/common/Defs.gmk Thu Oct 27 13:54:42 2011 -0700
2.2 +++ b/make/common/Defs.gmk Fri Oct 28 17:49:02 2011 -0700
2.3 @@ -220,14 +220,30 @@
2.4 JRE_NONEXIST_LOCALES = en en_US de_DE es_ES fr_FR it_IT ja_JP ko_KR sv_SE zh
2.5
2.6 #
2.7 -# All libraries except libjava and libjvm itself link against libjvm and
2.8 -# libjava, the latter for its exported common utilities. libjava only links
2.9 -# against libjvm. Programs' makefiles take their own responsibility for
2.10 +# For now, most libraries except libjava and libjvm itself link against libjvm
2.11 +# and libjava, the latter for its exported common utilities. libjava only
2.12 +# links against libjvm. Programs' makefiles take their own responsibility for
2.13 # adding other libs.
2.14 #
2.15 +# The makefiles for these packages do not link against libjvm and libjava.
2.16 +# This list will eventually go away and each Programs' makefiles
2.17 +# will have to explicitly declare that they want to link to libjava/libjvm
2.18 +#
2.19 +NO_JAVALIB_PKGS = \
2.20 + sun.security.mscapi \
2.21 + sun.security.krb5 \
2.22 + sun.security.pkcs11 \
2.23 + sun.security.jgss \
2.24 + sun.security.jgss.wrapper \
2.25 + sun.security.ec \
2.26 + sun.security.smartcardio \
2.27 + com.sun.security.auth.module
2.28 +
2.29 ifdef PACKAGE
2.30 # put JAVALIB first, but do not lose any platform specific values....
2.31 - LDLIBS_COMMON = $(JAVALIB)
2.32 + ifeq (,$(findstring $(PACKAGE),$(NO_JAVALIB_PKGS)))
2.33 + LDLIBS_COMMON = $(JAVALIB)
2.34 + endif
2.35 endif # PACKAGE
2.36
2.37 #
3.1 --- a/make/common/Library.gmk Thu Oct 27 13:54:42 2011 -0700
3.2 +++ b/make/common/Library.gmk Fri Oct 28 17:49:02 2011 -0700
3.3 @@ -165,7 +165,7 @@
3.4 $(LINK) -dll -out:$(OBJDIR)/$(@F) \
3.5 -map:$(OBJDIR)/$(LIBRARY).map \
3.6 $(LFLAGS) @$(OBJDIR)/$(LIBRARY).lcf \
3.7 - $(OTHER_LCF) $(JAVALIB) $(LDLIBS)
3.8 + $(OTHER_LCF) $(LDLIBS)
3.9 $(CP) $(OBJDIR)/$(@F) $@
3.10 @$(call binary_file_verification,$@)
3.11 $(CP) $(OBJDIR)/$(LIBRARY).map $(@D)
4.1 --- a/make/java/java/mapfile-vers Thu Oct 27 13:54:42 2011 -0700
4.2 +++ b/make/java/java/mapfile-vers Fri Oct 28 17:49:02 2011 -0700
4.3 @@ -90,7 +90,6 @@
4.4 Java_java_io_FileSystem_getFileSystem;
4.5 Java_java_io_ObjectInputStream_bytesToDoubles;
4.6 Java_java_io_ObjectInputStream_bytesToFloats;
4.7 - Java_java_io_ObjectInputStream_latestUserDefinedLoader;
4.8 Java_java_io_ObjectOutputStream_doublesToBytes;
4.9 Java_java_io_ObjectOutputStream_floatsToBytes;
4.10 Java_java_io_ObjectStreamClass_hasStaticInitializer;
4.11 @@ -275,6 +274,7 @@
4.12 Java_sun_misc_Version_getJvmVersionInfo;
4.13 Java_sun_misc_Version_getJvmSpecialVersion;
4.14 Java_sun_misc_VM_getThreadStateValues;
4.15 + Java_sun_misc_VM_latestUserDefinedLoader;
4.16 Java_sun_misc_VM_initialize;
4.17 Java_sun_misc_VMSupport_initAgentProperties;
4.18
5.1 --- a/make/sun/javazic/tzdata/VERSION Thu Oct 27 13:54:42 2011 -0700
5.2 +++ b/make/sun/javazic/tzdata/VERSION Fri Oct 28 17:49:02 2011 -0700
5.3 @@ -21,4 +21,4 @@
5.4 # or visit www.oracle.com if you need additional information or have any
5.5 # questions.
5.6 #
5.7 -tzdata2011j
5.8 +tzdata2011l
6.1 --- a/make/sun/javazic/tzdata/asia Thu Oct 27 13:54:42 2011 -0700
6.2 +++ b/make/sun/javazic/tzdata/asia Fri Oct 28 17:49:02 2011 -0700
6.3 @@ -2216,7 +2216,47 @@
6.4 # http://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html
6.5 # </a>
6.6
6.7 +# From Steffen Thorsen (2011-08-26):
6.8 +# Gaza and the West Bank did go back to standard time in the beginning of
6.9 +# August, and will now enter daylight saving time again on 2011-08-30
6.10 +# 00:00 (so two periods of DST in 2011). The pause was because of
6.11 +# Ramadan.
6.12 +#
6.13 +# <a href="http://www.maannews.net/eng/ViewDetails.aspx?ID=416217">
6.14 +# http://www.maannews.net/eng/ViewDetails.aspx?ID=416217
6.15 +# </a>
6.16 +# Additional info:
6.17 +# <a href="http://www.timeanddate.com/news/time/palestine-dst-2011.html">
6.18 +# http://www.timeanddate.com/news/time/palestine-dst-2011.html
6.19 +# </a>
6.20 +
6.21 +# From Alexander Krivenyshev (2011-08-27):
6.22 +# According to the article in The Jerusalem Post:
6.23 +# "...Earlier this month, the Palestinian government in the West Bank decided to
6.24 +# move to standard time for 30 days, during Ramadan. The Palestinians in the
6.25 +# Gaza Strip accepted the change and also moved their clocks one hour back.
6.26 +# The Hamas government said on Saturday that it won't observe summertime after
6.27 +# the Muslim feast of Id al-Fitr, which begins on Tuesday..."
6.28 +# ...
6.29 +# <a href="http://www.jpost.com/MiddleEast/Article.aspx?id=235650">
6.30 +# http://www.jpost.com/MiddleEast/Article.aspx?id=235650
6.31 +# </a>
6.32 +# or
6.33 +# <a href="http://www.worldtimezone.com/dst_news/dst_news_gazastrip05.html">
6.34 +# http://www.worldtimezone.com/dst_news/dst_news_gazastrip05.html
6.35 +# </a>
6.36 # The rules for Egypt are stolen from the `africa' file.
6.37 +
6.38 +# From Steffen Thorsen (2011-09-30):
6.39 +# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30
6.40 +# 00:00).
6.41 +# So West Bank and Gaza now have the same time again.
6.42 +#
6.43 +# Many sources, including:
6.44 +# <a href="http://www.maannews.net/eng/ViewDetails.aspx?ID=424808">
6.45 +# http://www.maannews.net/eng/ViewDetails.aspx?ID=424808
6.46 +# </a>
6.47 +
6.48 # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
6.49 Rule EgyptAsia 1957 only - May 10 0:00 1:00 S
6.50 Rule EgyptAsia 1957 1958 - Oct 1 0:00 0 -
6.51 @@ -2232,19 +2272,37 @@
6.52 Rule Palestine 2006 2008 - Apr 1 0:00 1:00 S
6.53 Rule Palestine 2006 only - Sep 22 0:00 0 -
6.54 Rule Palestine 2007 only - Sep Thu>=8 2:00 0 -
6.55 -Rule Palestine 2008 only - Aug lastFri 2:00 0 -
6.56 +Rule Palestine 2008 only - Aug lastFri 0:00 0 -
6.57 Rule Palestine 2009 only - Mar lastFri 0:00 1:00 S
6.58 -Rule Palestine 2010 max - Mar lastSat 0:01 1:00 S
6.59 -Rule Palestine 2009 max - Sep Fri>=1 2:00 0 -
6.60 +Rule Palestine 2009 only - Sep Fri>=1 2:00 0 -
6.61 +Rule Palestine 2010 only - Mar lastSat 0:01 1:00 S
6.62 Rule Palestine 2010 only - Aug 11 0:00 0 -
6.63
6.64 +# From Arthur David Olson (2011-09-20):
6.65 +# 2011 transitions per http://www.timeanddate.com as of 2011-09-20.
6.66 +
6.67 # Zone NAME GMTOFF RULES FORMAT [UNTIL]
6.68 Zone Asia/Gaza 2:17:52 - LMT 1900 Oct
6.69 2:00 Zion EET 1948 May 15
6.70 2:00 EgyptAsia EE%sT 1967 Jun 5
6.71 2:00 Zion I%sT 1996
6.72 2:00 Jordan EE%sT 1999
6.73 - 2:00 Palestine EE%sT
6.74 + 2:00 Palestine EE%sT 2011 Apr 2 12:01
6.75 + 2:00 1:00 EEST 2011 Aug 1
6.76 + 2:00 - EET
6.77 +
6.78 +Zone Asia/Hebron 2:20:23 - LMT 1900 Oct
6.79 + 2:00 Zion EET 1948 May 15
6.80 + 2:00 EgyptAsia EE%sT 1967 Jun 5
6.81 + 2:00 Zion I%sT 1996
6.82 + 2:00 Jordan EE%sT 1999
6.83 + 2:00 Palestine EE%sT 2008 Aug
6.84 + 2:00 1:00 EEST 2008 Sep
6.85 + 2:00 Palestine EE%sT 2011 Apr 1 12:01
6.86 + 2:00 1:00 EEST 2011 Aug 1
6.87 + 2:00 - EET 2011 Aug 30
6.88 + 2:00 1:00 EEST 2011 Sep 30 3:00
6.89 + 2:00 - EET
6.90
6.91 # Paracel Is
6.92 # no information
7.1 --- a/make/sun/javazic/tzdata/australasia Thu Oct 27 13:54:42 2011 -0700
7.2 +++ b/make/sun/javazic/tzdata/australasia Fri Oct 28 17:49:02 2011 -0700
7.3 @@ -318,6 +318,18 @@
7.4 # http://www.worldtimezone.com/dst_news/dst_news_fiji04.html
7.5 # </a>
7.6
7.7 +# From Steffen Thorsen (2011-10-03):
7.8 +# Now the dates have been confirmed, and at least our start date
7.9 +# assumption was correct (end date was one week wrong).
7.10 +#
7.11 +# <a href="http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155">
7.12 +# www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155
7.13 +# </a>
7.14 +# which says
7.15 +# Members of the public are reminded to change their time to one hour in
7.16 +# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to
7.17 +# 2am on February 26 next year.
7.18 +
7.19 # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
7.20 Rule Fiji 1998 1999 - Nov Sun>=1 2:00 1:00 S
7.21 Rule Fiji 1999 2000 - Feb lastSun 3:00 0 -
7.22 @@ -325,6 +337,8 @@
7.23 Rule Fiji 2010 only - Mar lastSun 3:00 0 -
7.24 Rule Fiji 2010 only - Oct 24 2:00 1:00 S
7.25 Rule Fiji 2011 only - Mar Sun>=1 3:00 0 -
7.26 +Rule Fiji 2011 only - Oct 23 2:00 1:00 S
7.27 +Rule Fiji 2012 only - Feb 26 3:00 0 -
7.28 # Zone NAME GMTOFF RULES FORMAT [UNTIL]
7.29 Zone Pacific/Fiji 11:53:40 - LMT 1915 Oct 26 # Suva
7.30 12:00 Fiji FJ%sT # Fiji Time
8.1 --- a/make/sun/javazic/tzdata/europe Thu Oct 27 13:54:42 2011 -0700
8.2 +++ b/make/sun/javazic/tzdata/europe Fri Oct 28 17:49:02 2011 -0700
8.3 @@ -583,9 +583,9 @@
8.4 #
8.5 Rule Russia 1992 only - Mar lastSat 23:00 1:00 S
8.6 Rule Russia 1992 only - Sep lastSat 23:00 0 -
8.7 -Rule Russia 1993 max - Mar lastSun 2:00s 1:00 S
8.8 +Rule Russia 1993 2010 - Mar lastSun 2:00s 1:00 S
8.9 Rule Russia 1993 1995 - Sep lastSun 2:00s 0 -
8.10 -Rule Russia 1996 max - Oct lastSun 2:00s 0 -
8.11 +Rule Russia 1996 2010 - Oct lastSun 2:00s 0 -
8.12
8.13 # From Alexander Krivenyshev (2011-06-14):
8.14 # According to Kremlin press service, Russian President Dmitry Medvedev
8.15 @@ -605,7 +605,6 @@
8.16 # From Arthur David Olson (2011-06-15):
8.17 # Take "abolishing daylight saving time" to mean that time is now considered
8.18 # to be standard.
8.19 -# At least for now, keep the "old" Russia rules for the benefit of Belarus.
8.20
8.21 # These are for backward compatibility with older versions.
8.22
8.23 @@ -711,6 +710,23 @@
8.24 1:00 EU CE%sT
8.25
8.26 # Belarus
8.27 +# From Yauhen Kharuzhy (2011-09-16):
8.28 +# By latest Belarus government act Europe/Minsk timezone was changed to
8.29 +# GMT+3 without DST (was GMT+2 with DST).
8.30 +#
8.31 +# Sources (Russian language):
8.32 +# 1.
8.33 +# <a href="http://www.belta.by/ru/all_news/society/V-Belarusi-otmenjaetsja-perexod-na-sezonnoe-vremja_i_572952.html">
8.34 +# http://www.belta.by/ru/all_news/society/V-Belarusi-otmenjaetsja-perexod-na-sezonnoe-vremja_i_572952.html
8.35 +# </a>
8.36 +# 2.
8.37 +# <a href="http://naviny.by/rubrics/society/2011/09/16/ic_articles_116_175144/">
8.38 +# http://naviny.by/rubrics/society/2011/09/16/ic_articles_116_175144/
8.39 +# </a>
8.40 +# 3.
8.41 +# <a href="http://news.tut.by/society/250578.html">
8.42 +# http://news.tut.by/society/250578.html
8.43 +# </a>
8.44 # Zone NAME GMTOFF RULES FORMAT [UNTIL]
8.45 Zone Europe/Minsk 1:50:16 - LMT 1880
8.46 1:50 - MMT 1924 May 2 # Minsk Mean Time
8.47 @@ -722,7 +738,8 @@
8.48 2:00 1:00 EEST 1991 Sep 29 2:00s
8.49 2:00 - EET 1992 Mar 29 0:00s
8.50 2:00 1:00 EEST 1992 Sep 27 0:00s
8.51 - 2:00 Russia EE%sT
8.52 + 2:00 Russia EE%sT 2011 Mar 27 2:00s
8.53 + 3:00 - FET # Further-eastern European Time
8.54
8.55 # Belgium
8.56 #
8.57 @@ -2056,7 +2073,7 @@
8.58 2:00 Poland CE%sT 1946
8.59 3:00 Russia MSK/MSD 1991 Mar 31 2:00s
8.60 2:00 Russia EE%sT 2011 Mar 27 2:00s
8.61 - 3:00 - KALT
8.62 + 3:00 - FET # Further-eastern European Time
8.63 #
8.64 # From Oscar van Vlijmen (2001-08-25): [This region consists of]
8.65 # Respublika Adygeya, Arkhangel'skaya oblast',
8.66 @@ -2211,7 +2228,7 @@
8.67 # [parts of] Respublika Sakha (Yakutiya), Chitinskaya oblast'.
8.68
8.69 # From Oscar van Vlijmen (2009-11-29):
8.70 -# ...some regions of RUssia were merged with others since 2005...
8.71 +# ...some regions of [Russia] were merged with others since 2005...
8.72 # Some names were changed, no big deal, except for one instance: a new name.
8.73 # YAK/YAKST: UTC+9 Zabajkal'skij kraj.
8.74
8.75 @@ -2635,6 +2652,28 @@
8.76 # of March at 3am the time is changing to 4am and each last Sunday of
8.77 # October the time at 4am is changing to 3am"
8.78
8.79 +# From Alexander Krivenyshev (2011-09-20):
8.80 +# On September 20, 2011 the deputies of the Verkhovna Rada agreed to
8.81 +# abolish the transfer clock to winter time.
8.82 +#
8.83 +# Bill number 8330 of MP from the Party of Regions Oleg Nadoshi got
8.84 +# approval from 266 deputies.
8.85 +#
8.86 +# Ukraine abolishes transter back to the winter time (in Russian)
8.87 +# <a href="http://news.mail.ru/politics/6861560/">
8.88 +# http://news.mail.ru/politics/6861560/
8.89 +# </a>
8.90 +#
8.91 +# The Ukrainians will no longer change the clock (in Russian)
8.92 +# <a href="http://www.segodnya.ua/news/14290482.html">
8.93 +# http://www.segodnya.ua/news/14290482.html
8.94 +# </a>
8.95 +#
8.96 +# Deputies cancelled the winter time (in Russian)
8.97 +# <a href="http://www.pravda.com.ua/rus/news/2011/09/20/6600616/">
8.98 +# http://www.pravda.com.ua/rus/news/2011/09/20/6600616/
8.99 +# </a>
8.100 +
8.101 # Zone NAME GMTOFF RULES FORMAT [UNTIL]
8.102 # Most of Ukraine since 1970 has been like Kiev.
8.103 # "Kyiv" is the transliteration of the Ukrainian name, but
8.104 @@ -2648,7 +2687,8 @@
8.105 3:00 - MSK 1990 Jul 1 2:00
8.106 2:00 - EET 1992
8.107 2:00 E-Eur EE%sT 1995
8.108 - 2:00 EU EE%sT
8.109 + 2:00 EU EE%sT 2011 Mar lastSun 1:00u
8.110 + 3:00 - FET # Further-eastern European Time
8.111 # Ruthenia used CET 1990/1991.
8.112 # "Uzhhorod" is the transliteration of the Ukrainian name, but
8.113 # "Uzhgorod" is more common in English.
8.114 @@ -2662,7 +2702,8 @@
8.115 1:00 - CET 1991 Mar 31 3:00
8.116 2:00 - EET 1992
8.117 2:00 E-Eur EE%sT 1995
8.118 - 2:00 EU EE%sT
8.119 + 2:00 EU EE%sT 2011 Mar lastSun 1:00u
8.120 + 3:00 - FET # Further-eastern European Time
8.121 # Zaporozh'ye and eastern Lugansk oblasts observed DST 1990/1991.
8.122 # "Zaporizhia" is the transliteration of the Ukrainian name, but
8.123 # "Zaporozh'ye" is more common in English. Use the common English
8.124 @@ -2675,7 +2716,8 @@
8.125 1:00 C-Eur CE%sT 1943 Oct 25
8.126 3:00 Russia MSK/MSD 1991 Mar 31 2:00
8.127 2:00 E-Eur EE%sT 1995
8.128 - 2:00 EU EE%sT
8.129 + 2:00 EU EE%sT 2011 Mar lastSun 1:00u
8.130 + 3:00 - FET # Further-eastern European Time
8.131 # Central Crimea used Moscow time 1994/1997.
8.132 Zone Europe/Simferopol 2:16:24 - LMT 1880
8.133 2:16 - SMT 1924 May 2 # Simferopol Mean T
8.134 @@ -2700,7 +2742,8 @@
8.135 # Assume it happened in March by not changing the clocks.
8.136 3:00 Russia MSK/MSD 1997
8.137 3:00 - MSK 1997 Mar lastSun 1:00u
8.138 - 2:00 EU EE%sT
8.139 + 2:00 EU EE%sT 2011 Mar lastSun 1:00u
8.140 + 3:00 - FET # Further-eastern European Time
8.141
8.142 ###############################################################################
8.143
9.1 --- a/make/sun/javazic/tzdata/northamerica Thu Oct 27 13:54:42 2011 -0700
9.2 +++ b/make/sun/javazic/tzdata/northamerica Fri Oct 28 17:49:02 2011 -0700
9.3 @@ -505,7 +505,7 @@
9.4 -8:00 US P%sT 1983 Oct 30 2:00
9.5 -9:00 US Y%sT 1983 Nov 30
9.6 -9:00 US AK%sT
9.7 -Zone America/Sitka -14:58:47 - LMT 1867 Oct 18
9.8 +Zone America/Sitka 14:58:47 - LMT 1867 Oct 18
9.9 -9:01:13 - LMT 1900 Aug 20 12:00
9.10 -8:00 - PST 1942
9.11 -8:00 US P%sT 1946
9.12 @@ -1190,31 +1190,21 @@
9.13 # INMS (2000-09-12) says that, since 1988 at least, Newfoundland switches
9.14 # at 00:01 local time. For now, assume it started in 1987.
9.15
9.16 -# From Michael Pelley (2011-08-05):
9.17 -# The Government of Newfoundland and Labrador has pending changes to
9.18 -# modify the hour for daylight savings time to come into effect in
9.19 -# November 2011. This modification would change the time from 12:01AM to
9.20 -# 2:00AM on the dates of the switches of Daylight Savings Time to/from
9.21 -# Standard Time.
9.22 -#
9.23 -# As a matter of reference, in Canada provinces have the authority of
9.24 -# setting time zone information. The legislation has passed our
9.25 -# legislative body (The House of Assembly) and is awaiting the
9.26 -# proclamation to come into effect. You may find this information at:
9.27 -# <a href="http://www.assembly.nl.ca/legislation/sr/lists/Proclamation.htm">
9.28 -# http://www.assembly.nl.ca/legislation/sr/lists/Proclamation.htm
9.29 -# </a>
9.30 -# and
9.31 -# search within that web page for Standard Time (Amendment) Act. The Act
9.32 -# may be found at:
9.33 -# <a href="http://www.assembly.nl.ca/business/bills/Bill1106.htm">
9.34 -# http://www.assembly.nl.ca/business/bills/Bill1106.htm
9.35 +# From Michael Pelley (2011-09-12):
9.36 +# We received today, Monday, September 12, 2011, notification that the
9.37 +# changes to the Newfoundland Standard Time Act have been proclaimed.
9.38 +# The change in the Act stipulates that the change from Daylight Savings
9.39 +# Time to Standard Time and from Standard Time to Daylight Savings Time
9.40 +# now occurs at 2:00AM.
9.41 +# ...
9.42 +# <a href="http://www.assembly.nl.ca/legislation/sr/annualstatutes/2011/1106.chp.htm">
9.43 +# http://www.assembly.nl.ca/legislation/sr/annualstatutes/2011/1106.chp.htm
9.44 # </a>
9.45 # ...
9.46 -# MICHAEL PELLEY | Manager of Enterprise Architecture - Solution Delivery
9.47 -# Office of the Chief Information Officer Executive Council Government of
9.48 -# Newfoundland & Labrador P.O. Box 8700, 40 Higgins Line, St. John's NL
9.49 -# A1B 4J6
9.50 +# MICHAEL PELLEY | Manager of Enterprise Architecture - Solution Delivery
9.51 +# Office of the Chief Information Officer
9.52 +# Executive Council
9.53 +# Government of Newfoundland & Labrador
9.54
9.55 Rule StJohns 1987 only - Apr Sun>=1 0:01 1:00 D
9.56 Rule StJohns 1987 2006 - Oct lastSun 0:01 0 S
10.1 --- a/make/sun/javazic/tzdata/southamerica Thu Oct 27 13:54:42 2011 -0700
10.2 +++ b/make/sun/javazic/tzdata/southamerica Fri Oct 28 17:49:02 2011 -0700
10.3 @@ -819,6 +819,26 @@
10.4 # <a href="http://www.timeanddate.com/news/time/brazil-dst-2008-2009.html">
10.5 # http://www.timeanddate.com/news/time/brazil-dst-2008-2009.html
10.6 # </a>
10.7 +#
10.8 +# From Alexander Krivenyshev (2011-10-04):
10.9 +# State Bahia will return to Daylight savings time this year after 8 years off.
10.10 +# The announcement was made by Governor Jaques Wagner in an interview to a
10.11 +# television station in Salvador.
10.12 +
10.13 +# In Portuguese:
10.14 +# <a href="http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html">
10.15 +# http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html
10.16 +# </a> and
10.17 +# <a href="http://noticias.terra.com.br/brasil/noticias/0,,OI5390887-EI8139,00-Bahia+volta+a+ter+horario+de+verao+apos+oito+anos.html">
10.18 +# http://noticias.terra.com.br/brasil/noticias/0,,OI5390887-EI8139,00-Bahia+volta+a+ter+horario+de+verao+apos+oito+anos.html
10.19 +# </a>
10.20 +
10.21 +# From Guilherme Bernardes Rodrigues (2011-10-07):
10.22 +# There is news in the media, however there is still no decree about it.
10.23 +# I just send a e-mail to Zulmira Brandão at
10.24 +# <a href="http://pcdsh01.on.br/">http://pcdsh01.on.br/</a> the
10.25 +# oficial agency about time in Brazil, and she confirmed that the old rule is
10.26 +# still in force.
10.27
10.28 # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
10.29 # Decree <a href="http://pcdsh01.on.br/HV20466.htm">20,466</a> (1931-10-01)
10.30 @@ -1057,6 +1077,9 @@
10.31 Zone America/Bahia -2:34:04 - LMT 1914
10.32 -3:00 Brazil BR%sT 2003 Sep 24
10.33 -3:00 - BRT
10.34 +# as noted above, not yet in operation.
10.35 +# -3:00 - BRT 2011 Oct 16
10.36 +# -3:00 Brazil BR%sT
10.37 #
10.38 # Goias (GO), Distrito Federal (DF), Minas Gerais (MG),
10.39 # Espirito Santo (ES), Rio de Janeiro (RJ), Sao Paulo (SP), Parana (PR),
11.1 --- a/make/sun/javazic/tzdata/zone.tab Thu Oct 27 13:54:42 2011 -0700
11.2 +++ b/make/sun/javazic/tzdata/zone.tab Fri Oct 28 17:49:02 2011 -0700
11.3 @@ -341,7 +341,8 @@
11.4 PM +4703-05620 America/Miquelon
11.5 PN -2504-13005 Pacific/Pitcairn
11.6 PR +182806-0660622 America/Puerto_Rico
11.7 -PS +3130+03428 Asia/Gaza
11.8 +PS +3130+03428 Asia/Gaza Gaza Strip
11.9 +PS +313200+0350542 Asia/Hebron West Bank
11.10 PT +3843-00908 Europe/Lisbon mainland
11.11 PT +3238-01654 Atlantic/Madeira Madeira Islands
11.12 PT +3744-02540 Atlantic/Azores Azores
12.1 --- a/make/sun/rmi/rmi/Makefile Thu Oct 27 13:54:42 2011 -0700
12.2 +++ b/make/sun/rmi/rmi/Makefile Fri Oct 28 17:49:02 2011 -0700
12.3 @@ -30,16 +30,9 @@
12.4 BUILDDIR = ../../..
12.5 PACKAGE = sun.rmi
12.6 PRODUCT = sun
12.7 -LIBRARY = rmi
12.8 include $(BUILDDIR)/common/Defs.gmk
12.9
12.10 #
12.11 -# Add use of a mapfile
12.12 -#
12.13 -FILES_m = mapfile-vers
12.14 -include $(BUILDDIR)/common/Mapfile-vers.gmk
12.15 -
12.16 -#
12.17 # Java files to compile.
12.18 #
12.19 AUTO_FILES_JAVA_DIRS = \
12.20 @@ -52,31 +45,9 @@
12.21 com/sun/rmi
12.22
12.23 #
12.24 -# Native files to compile.
12.25 -#
12.26 -FILES_c = \
12.27 - sun/rmi/server/MarshalInputStream.c
12.28 -
12.29 -#
12.30 -# Add ambient vpath to pick up files not part of sun.rmi package
12.31 -#
12.32 -vpath %.c $(SHARE_SRC)/native/sun/rmi/server
12.33 -
12.34 -#
12.35 -# Exported files that require generated .h
12.36 -#
12.37 -FILES_export = \
12.38 - sun/rmi/server/MarshalInputStream.java
12.39 -
12.40 -#
12.41 -# Link to JVM for JVM_LatestUserDefinedLoader
12.42 -#
12.43 -OTHER_LDLIBS = $(JVMLIB)
12.44 -
12.45 -#
12.46 # Rules
12.47 #
12.48 -include $(BUILDDIR)/common/Library.gmk
12.49 +include $(BUILDDIR)/common/Rules.gmk
12.50
12.51 #
12.52 # Full package names of implementations requiring stubs
13.1 --- a/make/sun/rmi/rmi/mapfile-vers Thu Oct 27 13:54:42 2011 -0700
13.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
13.3 @@ -1,33 +0,0 @@
13.4 -#
13.5 -# Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
13.6 -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
13.7 -#
13.8 -# This code is free software; you can redistribute it and/or modify it
13.9 -# under the terms of the GNU General Public License version 2 only, as
13.10 -# published by the Free Software Foundation. Oracle designates this
13.11 -# particular file as subject to the "Classpath" exception as provided
13.12 -# by Oracle in the LICENSE file that accompanied this code.
13.13 -#
13.14 -# This code is distributed in the hope that it will be useful, but WITHOUT
13.15 -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13.16 -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13.17 -# version 2 for more details (a copy is included in the LICENSE file that
13.18 -# accompanied this code).
13.19 -#
13.20 -# You should have received a copy of the GNU General Public License version
13.21 -# 2 along with this work; if not, write to the Free Software Foundation,
13.22 -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
13.23 -#
13.24 -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
13.25 -# or visit www.oracle.com if you need additional information or have any
13.26 -# questions.
13.27 -#
13.28 -
13.29 -# Define library interface.
13.30 -
13.31 -SUNWprivate_1.1 {
13.32 - global:
13.33 - Java_sun_rmi_server_MarshalInputStream_latestUserDefinedLoader;
13.34 - local:
13.35 - *;
13.36 -};
14.1 --- a/make/sun/security/ec/Makefile Thu Oct 27 13:54:42 2011 -0700
14.2 +++ b/make/sun/security/ec/Makefile Fri Oct 28 17:49:02 2011 -0700
14.3 @@ -192,10 +192,8 @@
14.4 #
14.5 # Libraries to link
14.6 #
14.7 - ifeq ($(PLATFORM), windows)
14.8 - OTHER_LDLIBS += $(JVMLIB)
14.9 - else
14.10 - OTHER_LDLIBS = -ldl $(JVMLIB) $(LIBCXX)
14.11 + ifneq ($(PLATFORM), windows)
14.12 + OTHER_LDLIBS = $(LIBCXX)
14.13 endif
14.14
14.15 include $(BUILDDIR)/common/Mapfile-vers.gmk
15.1 --- a/make/sun/security/jgss/wrapper/Makefile Thu Oct 27 13:54:42 2011 -0700
15.2 +++ b/make/sun/security/jgss/wrapper/Makefile Fri Oct 28 17:49:02 2011 -0700
15.3 @@ -72,5 +72,6 @@
15.4 # Libraries to link
15.5 #
15.6 ifneq ($(PLATFORM), windows)
15.7 - OTHER_LDLIBS = -ldl $(JVMLIB)
15.8 + OTHER_LDLIBS = -ldl
15.9 endif
15.10 +
16.1 --- a/make/sun/security/krb5/Makefile Thu Oct 27 13:54:42 2011 -0700
16.2 +++ b/make/sun/security/krb5/Makefile Fri Oct 28 17:49:02 2011 -0700
16.3 @@ -69,15 +69,6 @@
16.4 include $(BUILDDIR)/common/Classes.gmk
16.5 endif # PLATFORM
16.6
16.7 -#
16.8 -# Libraries to link
16.9 -#
16.10 -ifeq ($(PLATFORM), windows)
16.11 - OTHER_LDLIBS = $(JVMLIB)
16.12 -else
16.13 - OTHER_LDLIBS = -ldl $(JVMLIB)
16.14 -endif
16.15 -
16.16 build:
16.17 ifeq ($(PLATFORM),windows)
16.18 $(call make-launcher, kinit, sun.security.krb5.internal.tools.Kinit, , )
17.1 --- a/make/sun/security/mscapi/Makefile Thu Oct 27 13:54:42 2011 -0700
17.2 +++ b/make/sun/security/mscapi/Makefile Fri Oct 28 17:49:02 2011 -0700
17.3 @@ -159,7 +159,7 @@
17.4 # Libraries to link
17.5 #
17.6 ifeq ($(PLATFORM), windows)
17.7 - OTHER_LDLIBS += $(JVMLIB) Crypt32.Lib
17.8 + OTHER_LDLIBS += Crypt32.Lib
17.9 endif
17.10
17.11 #
18.1 --- a/make/sun/security/other/Makefile Thu Oct 27 13:54:42 2011 -0700
18.2 +++ b/make/sun/security/other/Makefile Fri Oct 28 17:49:02 2011 -0700
18.3 @@ -38,6 +38,7 @@
18.4 sun/security/acl \
18.5 sun/security/jca \
18.6 sun/security/pkcs \
18.7 + sun/security/pkcs10 \
18.8 sun/security/pkcs12 \
18.9 sun/security/provider \
18.10 sun/security/rsa \
19.1 --- a/make/sun/security/pkcs11/Makefile Thu Oct 27 13:54:42 2011 -0700
19.2 +++ b/make/sun/security/pkcs11/Makefile Fri Oct 28 17:49:02 2011 -0700
19.3 @@ -159,10 +159,8 @@
19.4 #
19.5 # Libraries to link
19.6 #
19.7 -ifeq ($(PLATFORM), windows)
19.8 - OTHER_LDLIBS = $(JVMLIB)
19.9 -else
19.10 - OTHER_LDLIBS = -ldl $(JVMLIB)
19.11 +ifneq ($(PLATFORM), windows)
19.12 + OTHER_LDLIBS = -ldl
19.13 endif
19.14
19.15 # Other config files
20.1 --- a/make/sun/security/smartcardio/Makefile Thu Oct 27 13:54:42 2011 -0700
20.2 +++ b/make/sun/security/smartcardio/Makefile Fri Oct 28 17:49:02 2011 -0700
20.3 @@ -73,8 +73,8 @@
20.4 # Libraries to link
20.5 #
20.6 ifeq ($(PLATFORM), windows)
20.7 - OTHER_LDLIBS = $(JVMLIB) winscard.lib
20.8 + OTHER_LDLIBS = winscard.lib
20.9 else
20.10 - OTHER_LDLIBS = -ldl $(JVMLIB)
20.11 + OTHER_LDLIBS = -ldl
20.12 OTHER_CFLAGS = -D__sun_jdk
20.13 endif
21.1 --- a/src/share/classes/java/io/ObjectInputStream.java Thu Oct 27 13:54:42 2011 -0700
21.2 +++ b/src/share/classes/java/io/ObjectInputStream.java Fri Oct 28 17:49:02 2011 -0700
21.3 @@ -2025,8 +2025,9 @@
21.4 * This method should not be removed or its signature changed without
21.5 * corresponding modifications to the above class.
21.6 */
21.7 - // REMIND: change name to something more accurate?
21.8 - private static native ClassLoader latestUserDefinedLoader();
21.9 + private static ClassLoader latestUserDefinedLoader() {
21.10 + return sun.misc.VM.latestUserDefinedLoader();
21.11 + }
21.12
21.13 /**
21.14 * Default GetField implementation.
22.1 --- a/src/share/classes/java/util/Collections.java Thu Oct 27 13:54:42 2011 -0700
22.2 +++ b/src/share/classes/java/util/Collections.java Fri Oct 28 17:49:02 2011 -0700
22.3 @@ -2352,6 +2352,64 @@
22.4 }
22.5
22.6 /**
22.7 + * Returns a dynamically typesafe view of the specified queue.
22.8 + * Any attempt to insert an element of the wrong type will result in
22.9 + * an immediate {@link ClassCastException}. Assuming a queue contains
22.10 + * no incorrectly typed elements prior to the time a dynamically typesafe
22.11 + * view is generated, and that all subsequent access to the queue
22.12 + * takes place through the view, it is <i>guaranteed</i> that the
22.13 + * queue cannot contain an incorrectly typed element.
22.14 + *
22.15 + * <p>A discussion of the use of dynamically typesafe views may be
22.16 + * found in the documentation for the {@link #checkedCollection
22.17 + * checkedCollection} method.
22.18 + *
22.19 + * <p>The returned queue will be serializable if the specified queue
22.20 + * is serializable.
22.21 + *
22.22 + * <p>Since {@code null} is considered to be a value of any reference
22.23 + * type, the returned queue permits insertion of {@code null} elements
22.24 + * whenever the backing queue does.
22.25 + *
22.26 + * @param queue the queue for which a dynamically typesafe view is to be
22.27 + * returned
22.28 + * @param type the type of element that {@code queue} is permitted to hold
22.29 + * @return a dynamically typesafe view of the specified queue
22.30 + * @since 1.8
22.31 + */
22.32 + public static <E> Queue<E> checkedQueue(Queue<E> queue, Class<E> type) {
22.33 + return new CheckedQueue<>(queue, type);
22.34 + }
22.35 +
22.36 + /**
22.37 + * @serial include
22.38 + */
22.39 + static class CheckedQueue<E>
22.40 + extends CheckedCollection<E>
22.41 + implements Queue<E>, Serializable
22.42 + {
22.43 + private static final long serialVersionUID = 1433151992604707767L;
22.44 + final Queue<E> queue;
22.45 +
22.46 + CheckedQueue(Queue<E> queue, Class<E> elementType) {
22.47 + super(queue, elementType);
22.48 + this.queue = queue;
22.49 + }
22.50 +
22.51 + public E element() {return queue.element();}
22.52 + public boolean equals(Object o) {return o == this || c.equals(o);}
22.53 + public int hashCode() {return c.hashCode();}
22.54 + public E peek() {return queue.peek();}
22.55 + public E poll() {return queue.poll();}
22.56 + public E remove() {return queue.remove();}
22.57 +
22.58 + public boolean offer(E e) {
22.59 + typeCheck(e);
22.60 + return add(e);
22.61 + }
22.62 + }
22.63 +
22.64 + /**
22.65 * Returns a dynamically typesafe view of the specified set.
22.66 * Any attempt to insert an element of the wrong type will result in
22.67 * an immediate {@link ClassCastException}. Assuming a set contains
23.1 --- a/src/share/classes/sun/misc/VM.java Thu Oct 27 13:54:42 2011 -0700
23.2 +++ b/src/share/classes/sun/misc/VM.java Fri Oct 28 17:49:02 2011 -0700
23.3 @@ -371,6 +371,12 @@
23.4 private final static int JVMTI_THREAD_STATE_WAITING_INDEFINITELY = 0x0010;
23.5 private final static int JVMTI_THREAD_STATE_WAITING_WITH_TIMEOUT = 0x0020;
23.6
23.7 + /*
23.8 + * Returns the first non-null class loader up the execution stack,
23.9 + * or null if only code from the null class loader is on the stack.
23.10 + */
23.11 + public static native ClassLoader latestUserDefinedLoader();
23.12 +
23.13 static {
23.14 initialize();
23.15 }
24.1 --- a/src/share/classes/sun/rmi/server/MarshalInputStream.java Thu Oct 27 13:54:42 2011 -0700
24.2 +++ b/src/share/classes/sun/rmi/server/MarshalInputStream.java Fri Oct 28 17:49:02 2011 -0700
24.3 @@ -110,14 +110,6 @@
24.4 }
24.5
24.6 /**
24.7 - * Load the "rmi" native library.
24.8 - */
24.9 - static {
24.10 - java.security.AccessController.doPrivileged(
24.11 - new sun.security.action.LoadLibraryAction("rmi"));
24.12 - }
24.13 -
24.14 - /**
24.15 * Create a new MarshalInputStream object.
24.16 */
24.17 public MarshalInputStream(InputStream in)
24.18 @@ -262,7 +254,9 @@
24.19 * Returns the first non-null class loader up the execution stack, or null
24.20 * if only code from the null class loader is on the stack.
24.21 */
24.22 - private static native ClassLoader latestUserDefinedLoader();
24.23 + private static ClassLoader latestUserDefinedLoader() {
24.24 + return sun.misc.VM.latestUserDefinedLoader();
24.25 + }
24.26
24.27 /**
24.28 * Fix for 4179055: Need to assist resolving sun stubs; resolve
25.1 --- a/src/share/classes/sun/security/pkcs/EncodingException.java Thu Oct 27 13:54:42 2011 -0700
25.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
25.3 @@ -1,45 +0,0 @@
25.4 -/*
25.5 - * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
25.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
25.7 - *
25.8 - * This code is free software; you can redistribute it and/or modify it
25.9 - * under the terms of the GNU General Public License version 2 only, as
25.10 - * published by the Free Software Foundation. Oracle designates this
25.11 - * particular file as subject to the "Classpath" exception as provided
25.12 - * by Oracle in the LICENSE file that accompanied this code.
25.13 - *
25.14 - * This code is distributed in the hope that it will be useful, but WITHOUT
25.15 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
25.16 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
25.17 - * version 2 for more details (a copy is included in the LICENSE file that
25.18 - * accompanied this code).
25.19 - *
25.20 - * You should have received a copy of the GNU General Public License version
25.21 - * 2 along with this work; if not, write to the Free Software Foundation,
25.22 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
25.23 - *
25.24 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
25.25 - * or visit www.oracle.com if you need additional information or have any
25.26 - * questions.
25.27 - */
25.28 -
25.29 -/**
25.30 - * Generic PKCS Encoding exception.
25.31 - *
25.32 - * @author Benjamin Renaud
25.33 - */
25.34 -
25.35 -package sun.security.pkcs;
25.36 -
25.37 -public class EncodingException extends Exception {
25.38 -
25.39 - private static final long serialVersionUID = 4060198374240668325L;
25.40 -
25.41 - public EncodingException() {
25.42 - super();
25.43 - }
25.44 -
25.45 - public EncodingException(String s) {
25.46 - super(s);
25.47 - }
25.48 -}
26.1 --- a/src/share/classes/sun/security/pkcs/PKCS10.java Thu Oct 27 13:54:42 2011 -0700
26.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
26.3 @@ -1,353 +0,0 @@
26.4 -/*
26.5 - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
26.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
26.7 - *
26.8 - * This code is free software; you can redistribute it and/or modify it
26.9 - * under the terms of the GNU General Public License version 2 only, as
26.10 - * published by the Free Software Foundation. Oracle designates this
26.11 - * particular file as subject to the "Classpath" exception as provided
26.12 - * by Oracle in the LICENSE file that accompanied this code.
26.13 - *
26.14 - * This code is distributed in the hope that it will be useful, but WITHOUT
26.15 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
26.16 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
26.17 - * version 2 for more details (a copy is included in the LICENSE file that
26.18 - * accompanied this code).
26.19 - *
26.20 - * You should have received a copy of the GNU General Public License version
26.21 - * 2 along with this work; if not, write to the Free Software Foundation,
26.22 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
26.23 - *
26.24 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
26.25 - * or visit www.oracle.com if you need additional information or have any
26.26 - * questions.
26.27 - */
26.28 -
26.29 -
26.30 -package sun.security.pkcs;
26.31 -
26.32 -import java.io.PrintStream;
26.33 -import java.io.IOException;
26.34 -import java.math.BigInteger;
26.35 -
26.36 -import java.security.cert.CertificateException;
26.37 -import java.security.NoSuchAlgorithmException;
26.38 -import java.security.InvalidKeyException;
26.39 -import java.security.Signature;
26.40 -import java.security.SignatureException;
26.41 -import java.security.PublicKey;
26.42 -
26.43 -import sun.misc.BASE64Encoder;
26.44 -
26.45 -import sun.security.util.*;
26.46 -import sun.security.x509.AlgorithmId;
26.47 -import sun.security.x509.X509Key;
26.48 -import sun.security.x509.X500Name;
26.49 -
26.50 -/**
26.51 - * A PKCS #10 certificate request is created and sent to a Certificate
26.52 - * Authority, which then creates an X.509 certificate and returns it to
26.53 - * the entity that requested it. A certificate request basically consists
26.54 - * of the subject's X.500 name, public key, and optionally some attributes,
26.55 - * signed using the corresponding private key.
26.56 - *
26.57 - * The ASN.1 syntax for a Certification Request is:
26.58 - * <pre>
26.59 - * CertificationRequest ::= SEQUENCE {
26.60 - * certificationRequestInfo CertificationRequestInfo,
26.61 - * signatureAlgorithm SignatureAlgorithmIdentifier,
26.62 - * signature Signature
26.63 - * }
26.64 - *
26.65 - * SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
26.66 - * Signature ::= BIT STRING
26.67 - *
26.68 - * CertificationRequestInfo ::= SEQUENCE {
26.69 - * version Version,
26.70 - * subject Name,
26.71 - * subjectPublicKeyInfo SubjectPublicKeyInfo,
26.72 - * attributes [0] IMPLICIT Attributes
26.73 - * }
26.74 - * Attributes ::= SET OF Attribute
26.75 - * </pre>
26.76 - *
26.77 - * @author David Brownell
26.78 - * @author Amit Kapoor
26.79 - * @author Hemma Prafullchandra
26.80 - */
26.81 -public class PKCS10 {
26.82 - /**
26.83 - * Constructs an unsigned PKCS #10 certificate request. Before this
26.84 - * request may be used, it must be encoded and signed. Then it
26.85 - * must be retrieved in some conventional format (e.g. string).
26.86 - *
26.87 - * @param publicKey the public key that should be placed
26.88 - * into the certificate generated by the CA.
26.89 - */
26.90 - public PKCS10(PublicKey publicKey) {
26.91 - subjectPublicKeyInfo = publicKey;
26.92 - attributeSet = new PKCS10Attributes();
26.93 - }
26.94 -
26.95 - /**
26.96 - * Constructs an unsigned PKCS #10 certificate request. Before this
26.97 - * request may be used, it must be encoded and signed. Then it
26.98 - * must be retrieved in some conventional format (e.g. string).
26.99 - *
26.100 - * @param publicKey the public key that should be placed
26.101 - * into the certificate generated by the CA.
26.102 - * @param attributes additonal set of PKCS10 attributes requested
26.103 - * for in the certificate.
26.104 - */
26.105 - public PKCS10(PublicKey publicKey, PKCS10Attributes attributes) {
26.106 - subjectPublicKeyInfo = publicKey;
26.107 - attributeSet = attributes;
26.108 - }
26.109 -
26.110 - /**
26.111 - * Parses an encoded, signed PKCS #10 certificate request, verifying
26.112 - * the request's signature as it does so. This constructor would
26.113 - * typically be used by a Certificate Authority, from which a new
26.114 - * certificate would then be constructed.
26.115 - *
26.116 - * @param data the DER-encoded PKCS #10 request.
26.117 - * @exception IOException for low level errors reading the data
26.118 - * @exception SignatureException when the signature is invalid
26.119 - * @exception NoSuchAlgorithmException when the signature
26.120 - * algorithm is not supported in this environment
26.121 - */
26.122 - public PKCS10(byte[] data)
26.123 - throws IOException, SignatureException, NoSuchAlgorithmException {
26.124 - DerInputStream in;
26.125 - DerValue[] seq;
26.126 - AlgorithmId id;
26.127 - byte[] sigData;
26.128 - Signature sig;
26.129 -
26.130 - encoded = data;
26.131 -
26.132 - //
26.133 - // Outer sequence: request, signature algorithm, signature.
26.134 - // Parse, and prepare to verify later.
26.135 - //
26.136 - in = new DerInputStream(data);
26.137 - seq = in.getSequence(3);
26.138 -
26.139 - if (seq.length != 3)
26.140 - throw new IllegalArgumentException("not a PKCS #10 request");
26.141 -
26.142 - data = seq[0].toByteArray(); // reusing this variable
26.143 - id = AlgorithmId.parse(seq[1]);
26.144 - sigData = seq[2].getBitString();
26.145 -
26.146 - //
26.147 - // Inner sequence: version, name, key, attributes
26.148 - //
26.149 - BigInteger serial;
26.150 - DerValue val;
26.151 -
26.152 - serial = seq[0].data.getBigInteger();
26.153 - if (!serial.equals(BigInteger.ZERO))
26.154 - throw new IllegalArgumentException("not PKCS #10 v1");
26.155 -
26.156 - subject = new X500Name(seq[0].data);
26.157 - subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue());
26.158 -
26.159 - // Cope with a somewhat common illegal PKCS #10 format
26.160 - if (seq[0].data.available() != 0)
26.161 - attributeSet = new PKCS10Attributes(seq[0].data);
26.162 - else
26.163 - attributeSet = new PKCS10Attributes();
26.164 -
26.165 - if (seq[0].data.available() != 0)
26.166 - throw new IllegalArgumentException("illegal PKCS #10 data");
26.167 -
26.168 - //
26.169 - // OK, we parsed it all ... validate the signature using the
26.170 - // key and signature algorithm we found.
26.171 - //
26.172 - try {
26.173 - sig = Signature.getInstance(id.getName());
26.174 - sig.initVerify(subjectPublicKeyInfo);
26.175 - sig.update(data);
26.176 - if (!sig.verify(sigData))
26.177 - throw new SignatureException("Invalid PKCS #10 signature");
26.178 - } catch (InvalidKeyException e) {
26.179 - throw new SignatureException("invalid key");
26.180 - }
26.181 - }
26.182 -
26.183 - /**
26.184 - * Create the signed certificate request. This will later be
26.185 - * retrieved in either string or binary format.
26.186 - *
26.187 - * @param subject identifies the signer (by X.500 name).
26.188 - * @param signature private key and signing algorithm to use.
26.189 - * @exception IOException on errors.
26.190 - * @exception CertificateException on certificate handling errors.
26.191 - * @exception SignatureException on signature handling errors.
26.192 - */
26.193 - public void encodeAndSign(X500Name subject, Signature signature)
26.194 - throws CertificateException, IOException, SignatureException {
26.195 - DerOutputStream out, scratch;
26.196 - byte[] certificateRequestInfo;
26.197 - byte[] sig;
26.198 -
26.199 - if (encoded != null)
26.200 - throw new SignatureException("request is already signed");
26.201 -
26.202 - this.subject = subject;
26.203 -
26.204 - /*
26.205 - * Encode cert request info, wrap in a sequence for signing
26.206 - */
26.207 - scratch = new DerOutputStream();
26.208 - scratch.putInteger(BigInteger.ZERO); // PKCS #10 v1.0
26.209 - subject.encode(scratch); // X.500 name
26.210 - scratch.write(subjectPublicKeyInfo.getEncoded()); // public key
26.211 - attributeSet.encode(scratch);
26.212 -
26.213 - out = new DerOutputStream();
26.214 - out.write(DerValue.tag_Sequence, scratch); // wrap it!
26.215 - certificateRequestInfo = out.toByteArray();
26.216 - scratch = out;
26.217 -
26.218 - /*
26.219 - * Sign it ...
26.220 - */
26.221 - signature.update(certificateRequestInfo, 0,
26.222 - certificateRequestInfo.length);
26.223 - sig = signature.sign();
26.224 -
26.225 - /*
26.226 - * Build guts of SIGNED macro
26.227 - */
26.228 - AlgorithmId algId = null;
26.229 - try {
26.230 - algId = AlgorithmId.get(signature.getAlgorithm());
26.231 - } catch (NoSuchAlgorithmException nsae) {
26.232 - throw new SignatureException(nsae);
26.233 - }
26.234 - algId.encode(scratch); // sig algorithm
26.235 - scratch.putBitString(sig); // sig
26.236 -
26.237 - /*
26.238 - * Wrap those guts in a sequence
26.239 - */
26.240 - out = new DerOutputStream();
26.241 - out.write(DerValue.tag_Sequence, scratch);
26.242 - encoded = out.toByteArray();
26.243 - }
26.244 -
26.245 - /**
26.246 - * Returns the subject's name.
26.247 - */
26.248 - public X500Name getSubjectName() { return subject; }
26.249 -
26.250 - /**
26.251 - * Returns the subject's public key.
26.252 - */
26.253 - public PublicKey getSubjectPublicKeyInfo()
26.254 - { return subjectPublicKeyInfo; }
26.255 -
26.256 - /**
26.257 - * Returns the additional attributes requested.
26.258 - */
26.259 - public PKCS10Attributes getAttributes()
26.260 - { return attributeSet; }
26.261 -
26.262 - /**
26.263 - * Returns the encoded and signed certificate request as a
26.264 - * DER-encoded byte array.
26.265 - *
26.266 - * @return the certificate request, or null if encodeAndSign()
26.267 - * has not yet been called.
26.268 - */
26.269 - public byte[] getEncoded() {
26.270 - if (encoded != null)
26.271 - return encoded.clone();
26.272 - else
26.273 - return null;
26.274 - }
26.275 -
26.276 - /**
26.277 - * Prints an E-Mailable version of the certificate request on the print
26.278 - * stream passed. The format is a common base64 encoded one, supported
26.279 - * by most Certificate Authorities because Netscape web servers have
26.280 - * used this for some time. Some certificate authorities expect some
26.281 - * more information, in particular contact information for the web
26.282 - * server administrator.
26.283 - *
26.284 - * @param out the print stream where the certificate request
26.285 - * will be printed.
26.286 - * @exception IOException when an output operation failed
26.287 - * @exception SignatureException when the certificate request was
26.288 - * not yet signed.
26.289 - */
26.290 - public void print(PrintStream out)
26.291 - throws IOException, SignatureException {
26.292 - if (encoded == null)
26.293 - throw new SignatureException("Cert request was not signed");
26.294 -
26.295 - BASE64Encoder encoder = new BASE64Encoder();
26.296 -
26.297 - out.println("-----BEGIN NEW CERTIFICATE REQUEST-----");
26.298 - encoder.encodeBuffer(encoded, out);
26.299 - out.println("-----END NEW CERTIFICATE REQUEST-----");
26.300 - }
26.301 -
26.302 - /**
26.303 - * Provides a short description of this request.
26.304 - */
26.305 - public String toString() {
26.306 - return "[PKCS #10 certificate request:\n"
26.307 - + subjectPublicKeyInfo.toString()
26.308 - + " subject: <" + subject + ">" + "\n"
26.309 - + " attributes: " + attributeSet.toString()
26.310 - + "\n]";
26.311 - }
26.312 -
26.313 - /**
26.314 - * Compares this object for equality with the specified
26.315 - * object. If the <code>other</code> object is an
26.316 - * <code>instanceof</code> <code>PKCS10</code>, then
26.317 - * its encoded form is retrieved and compared with the
26.318 - * encoded form of this certificate request.
26.319 - *
26.320 - * @param other the object to test for equality with this object.
26.321 - * @return true iff the encoded forms of the two certificate
26.322 - * requests match, false otherwise.
26.323 - */
26.324 - public boolean equals(Object other) {
26.325 - if (this == other)
26.326 - return true;
26.327 - if (!(other instanceof PKCS10))
26.328 - return false;
26.329 - if (encoded == null) // not signed yet
26.330 - return false;
26.331 - byte[] otherEncoded = ((PKCS10)other).getEncoded();
26.332 - if (otherEncoded == null)
26.333 - return false;
26.334 -
26.335 - return java.util.Arrays.equals(encoded, otherEncoded);
26.336 - }
26.337 -
26.338 - /**
26.339 - * Returns a hashcode value for this certificate request from its
26.340 - * encoded form.
26.341 - *
26.342 - * @return the hashcode value.
26.343 - */
26.344 - public int hashCode() {
26.345 - int retval = 0;
26.346 - if (encoded != null)
26.347 - for (int i = 1; i < encoded.length; i++)
26.348 - retval += encoded[i] * i;
26.349 - return(retval);
26.350 - }
26.351 -
26.352 - private X500Name subject;
26.353 - private PublicKey subjectPublicKeyInfo;
26.354 - private PKCS10Attributes attributeSet;
26.355 - private byte[] encoded; // signed
26.356 -}
27.1 --- a/src/share/classes/sun/security/pkcs/PKCS10Attribute.java Thu Oct 27 13:54:42 2011 -0700
27.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
27.3 @@ -1,135 +0,0 @@
27.4 -/*
27.5 - * Copyright (c) 1997, 1998, Oracle and/or its affiliates. All rights reserved.
27.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
27.7 - *
27.8 - * This code is free software; you can redistribute it and/or modify it
27.9 - * under the terms of the GNU General Public License version 2 only, as
27.10 - * published by the Free Software Foundation. Oracle designates this
27.11 - * particular file as subject to the "Classpath" exception as provided
27.12 - * by Oracle in the LICENSE file that accompanied this code.
27.13 - *
27.14 - * This code is distributed in the hope that it will be useful, but WITHOUT
27.15 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
27.16 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
27.17 - * version 2 for more details (a copy is included in the LICENSE file that
27.18 - * accompanied this code).
27.19 - *
27.20 - * You should have received a copy of the GNU General Public License version
27.21 - * 2 along with this work; if not, write to the Free Software Foundation,
27.22 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
27.23 - *
27.24 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
27.25 - * or visit www.oracle.com if you need additional information or have any
27.26 - * questions.
27.27 - */
27.28 -
27.29 -package sun.security.pkcs;
27.30 -
27.31 -import java.io.OutputStream;
27.32 -import java.io.IOException;
27.33 -
27.34 -import sun.security.util.*;
27.35 -
27.36 -/**
27.37 - * Represent a PKCS#10 Attribute.
27.38 - *
27.39 - * <p>Attributes are additonal information which can be inserted in a PKCS#10
27.40 - * certificate request. For example a "Driving License Certificate" could have
27.41 - * the driving license number as an attribute.
27.42 - *
27.43 - * <p>Attributes are represented as a sequence of the attribute identifier
27.44 - * (Object Identifier) and a set of DER encoded attribute values.
27.45 - *
27.46 - * ASN.1 definition of Attribute:
27.47 - * <pre>
27.48 - * Attribute :: SEQUENCE {
27.49 - * type AttributeType,
27.50 - * values SET OF AttributeValue
27.51 - * }
27.52 - * AttributeType ::= OBJECT IDENTIFIER
27.53 - * AttributeValue ::= ANY defined by type
27.54 - * </pre>
27.55 - *
27.56 - * @author Amit Kapoor
27.57 - * @author Hemma Prafullchandra
27.58 - */
27.59 -public class PKCS10Attribute implements DerEncoder {
27.60 -
27.61 - protected ObjectIdentifier attributeId = null;
27.62 - protected Object attributeValue = null;
27.63 -
27.64 - /**
27.65 - * Constructs an attribute from a DER encoding.
27.66 - * This constructor expects the value to be encoded as defined above,
27.67 - * i.e. a SEQUENCE of OID and SET OF value(s), not a literal
27.68 - * X.509 v3 extension. Only PKCS9 defined attributes are supported
27.69 - * currently.
27.70 - *
27.71 - * @param derVal the der encoded attribute.
27.72 - * @exception IOException on parsing errors.
27.73 - */
27.74 - public PKCS10Attribute(DerValue derVal) throws IOException {
27.75 - PKCS9Attribute attr = new PKCS9Attribute(derVal);
27.76 - this.attributeId = attr.getOID();
27.77 - this.attributeValue = attr.getValue();
27.78 - }
27.79 -
27.80 - /**
27.81 - * Constructs an attribute from individual components of
27.82 - * ObjectIdentifier and the value (any java object).
27.83 - *
27.84 - * @param attributeId the ObjectIdentifier of the attribute.
27.85 - * @param attributeValue an instance of a class that implements
27.86 - * the attribute identified by the ObjectIdentifier.
27.87 - */
27.88 - public PKCS10Attribute(ObjectIdentifier attributeId,
27.89 - Object attributeValue) {
27.90 - this.attributeId = attributeId;
27.91 - this.attributeValue = attributeValue;
27.92 - }
27.93 -
27.94 - /**
27.95 - * Constructs an attribute from PKCS9 attribute.
27.96 - *
27.97 - * @param attr the PKCS9Attribute to create from.
27.98 - */
27.99 - public PKCS10Attribute(PKCS9Attribute attr) {
27.100 - this.attributeId = attr.getOID();
27.101 - this.attributeValue = attr.getValue();
27.102 - }
27.103 -
27.104 - /**
27.105 - * DER encode this object onto an output stream.
27.106 - * Implements the <code>DerEncoder</code> interface.
27.107 - *
27.108 - * @param out
27.109 - * the OutputStream on which to write the DER encoding.
27.110 - *
27.111 - * @exception IOException on encoding errors.
27.112 - */
27.113 - public void derEncode(OutputStream out) throws IOException {
27.114 - PKCS9Attribute attr = new PKCS9Attribute(attributeId, attributeValue);
27.115 - attr.derEncode(out);
27.116 - }
27.117 -
27.118 - /**
27.119 - * Returns the ObjectIdentifier of the attribute.
27.120 - */
27.121 - public ObjectIdentifier getAttributeId() {
27.122 - return (attributeId);
27.123 - }
27.124 -
27.125 - /**
27.126 - * Returns the attribute value.
27.127 - */
27.128 - public Object getAttributeValue() {
27.129 - return (attributeValue);
27.130 - }
27.131 -
27.132 - /**
27.133 - * Returns the attribute in user readable form.
27.134 - */
27.135 - public String toString() {
27.136 - return (attributeValue.toString());
27.137 - }
27.138 -}
28.1 --- a/src/share/classes/sun/security/pkcs/PKCS10Attributes.java Thu Oct 27 13:54:42 2011 -0700
28.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
28.3 @@ -1,219 +0,0 @@
28.4 -/*
28.5 - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
28.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
28.7 - *
28.8 - * This code is free software; you can redistribute it and/or modify it
28.9 - * under the terms of the GNU General Public License version 2 only, as
28.10 - * published by the Free Software Foundation. Oracle designates this
28.11 - * particular file as subject to the "Classpath" exception as provided
28.12 - * by Oracle in the LICENSE file that accompanied this code.
28.13 - *
28.14 - * This code is distributed in the hope that it will be useful, but WITHOUT
28.15 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
28.16 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
28.17 - * version 2 for more details (a copy is included in the LICENSE file that
28.18 - * accompanied this code).
28.19 - *
28.20 - * You should have received a copy of the GNU General Public License version
28.21 - * 2 along with this work; if not, write to the Free Software Foundation,
28.22 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
28.23 - *
28.24 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
28.25 - * or visit www.oracle.com if you need additional information or have any
28.26 - * questions.
28.27 - */
28.28 -
28.29 -package sun.security.pkcs;
28.30 -
28.31 -import java.io.IOException;
28.32 -import java.io.OutputStream;
28.33 -import java.security.cert.CertificateException;
28.34 -import java.util.Collection;
28.35 -import java.util.Collections;
28.36 -import java.util.Enumeration;
28.37 -import java.util.Hashtable;
28.38 -
28.39 -import sun.security.util.*;
28.40 -
28.41 -/**
28.42 - * This class defines the PKCS10 attributes for the request.
28.43 - * The ASN.1 syntax for this is:
28.44 - * <pre>
28.45 - * Attributes ::= SET OF Attribute
28.46 - * </pre>
28.47 - *
28.48 - * @author Amit Kapoor
28.49 - * @author Hemma Prafullchandra
28.50 - * @see PKCS10
28.51 - * @see PKCS10Attribute
28.52 - */
28.53 -public class PKCS10Attributes implements DerEncoder {
28.54 -
28.55 - private Hashtable<String, PKCS10Attribute> map =
28.56 - new Hashtable<String, PKCS10Attribute>(3);
28.57 -
28.58 - /**
28.59 - * Default constructor for the PKCS10 attribute.
28.60 - */
28.61 - public PKCS10Attributes() { }
28.62 -
28.63 - /**
28.64 - * Create the object from the array of PKCS10Attribute objects.
28.65 - *
28.66 - * @param attrs the array of PKCS10Attribute objects.
28.67 - */
28.68 - public PKCS10Attributes(PKCS10Attribute[] attrs) {
28.69 - for (int i = 0; i < attrs.length; i++) {
28.70 - map.put(attrs[i].getAttributeId().toString(), attrs[i]);
28.71 - }
28.72 - }
28.73 -
28.74 - /**
28.75 - * Create the object, decoding the values from the passed DER stream.
28.76 - * The DER stream contains the SET OF Attribute.
28.77 - *
28.78 - * @param in the DerInputStream to read the attributes from.
28.79 - * @exception IOException on decoding errors.
28.80 - */
28.81 - public PKCS10Attributes(DerInputStream in) throws IOException {
28.82 - DerValue[] attrs = in.getSet(3, true);
28.83 -
28.84 - if (attrs == null)
28.85 - throw new IOException("Illegal encoding of attributes");
28.86 - for (int i = 0; i < attrs.length; i++) {
28.87 - PKCS10Attribute attr = new PKCS10Attribute(attrs[i]);
28.88 - map.put(attr.getAttributeId().toString(), attr);
28.89 - }
28.90 - }
28.91 -
28.92 - /**
28.93 - * Encode the attributes in DER form to the stream.
28.94 - *
28.95 - * @param out the OutputStream to marshal the contents to.
28.96 - * @exception IOException on encoding errors.
28.97 - */
28.98 - public void encode(OutputStream out) throws IOException {
28.99 - derEncode(out);
28.100 - }
28.101 -
28.102 - /**
28.103 - * Encode the attributes in DER form to the stream.
28.104 - * Implements the <code>DerEncoder</code> interface.
28.105 - *
28.106 - * @param out the OutputStream to marshal the contents to.
28.107 - * @exception IOException on encoding errors.
28.108 - */
28.109 - public void derEncode(OutputStream out) throws IOException {
28.110 - // first copy the elements into an array
28.111 - Collection<PKCS10Attribute> allAttrs = map.values();
28.112 - PKCS10Attribute[] attribs =
28.113 - allAttrs.toArray(new PKCS10Attribute[map.size()]);
28.114 -
28.115 - DerOutputStream attrOut = new DerOutputStream();
28.116 - attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT,
28.117 - true, (byte)0),
28.118 - attribs);
28.119 - out.write(attrOut.toByteArray());
28.120 - }
28.121 -
28.122 - /**
28.123 - * Set the attribute value.
28.124 - */
28.125 - public void setAttribute(String name, Object obj) {
28.126 - if (obj instanceof PKCS10Attribute) {
28.127 - map.put(name, (PKCS10Attribute)obj);
28.128 - }
28.129 - }
28.130 -
28.131 - /**
28.132 - * Get the attribute value.
28.133 - */
28.134 - public Object getAttribute(String name) {
28.135 - return map.get(name);
28.136 - }
28.137 -
28.138 - /**
28.139 - * Delete the attribute value.
28.140 - */
28.141 - public void deleteAttribute(String name) {
28.142 - map.remove(name);
28.143 - }
28.144 -
28.145 - /**
28.146 - * Return an enumeration of names of attributes existing within this
28.147 - * attribute.
28.148 - */
28.149 - public Enumeration<PKCS10Attribute> getElements() {
28.150 - return (map.elements());
28.151 - }
28.152 -
28.153 - /**
28.154 - * Return a Collection of attributes existing within this
28.155 - * PKCS10Attributes object.
28.156 - */
28.157 - public Collection<PKCS10Attribute> getAttributes() {
28.158 - return (Collections.unmodifiableCollection(map.values()));
28.159 - }
28.160 -
28.161 - /**
28.162 - * Compares this PKCS10Attributes for equality with the specified
28.163 - * object. If the <code>other</code> object is an
28.164 - * <code>instanceof</code> <code>PKCS10Attributes</code>, then
28.165 - * all the entries are compared with the entries from this.
28.166 - *
28.167 - * @param other the object to test for equality with this PKCS10Attributes.
28.168 - * @return true if all the entries match that of the Other,
28.169 - * false otherwise.
28.170 - */
28.171 - public boolean equals(Object other) {
28.172 - if (this == other)
28.173 - return true;
28.174 - if (!(other instanceof PKCS10Attributes))
28.175 - return false;
28.176 -
28.177 - Collection<PKCS10Attribute> othersAttribs =
28.178 - ((PKCS10Attributes)other).getAttributes();
28.179 - PKCS10Attribute[] attrs =
28.180 - othersAttribs.toArray(new PKCS10Attribute[othersAttribs.size()]);
28.181 - int len = attrs.length;
28.182 - if (len != map.size())
28.183 - return false;
28.184 - PKCS10Attribute thisAttr, otherAttr;
28.185 - String key = null;
28.186 - for (int i=0; i < len; i++) {
28.187 - otherAttr = attrs[i];
28.188 - key = otherAttr.getAttributeId().toString();
28.189 -
28.190 - if (key == null)
28.191 - return false;
28.192 - thisAttr = map.get(key);
28.193 - if (thisAttr == null)
28.194 - return false;
28.195 - if (! thisAttr.equals(otherAttr))
28.196 - return false;
28.197 - }
28.198 - return true;
28.199 - }
28.200 -
28.201 - /**
28.202 - * Returns a hashcode value for this PKCS10Attributes.
28.203 - *
28.204 - * @return the hashcode value.
28.205 - */
28.206 - public int hashCode() {
28.207 - return map.hashCode();
28.208 - }
28.209 -
28.210 - /**
28.211 - * Returns a string representation of this <tt>PKCS10Attributes</tt> object
28.212 - * in the form of a set of entries, enclosed in braces and separated
28.213 - * by the ASCII characters "<tt>, </tt>" (comma and space).
28.214 - * <p>Overrides the <tt>toString</tt> method of <tt>Object</tt>.
28.215 - *
28.216 - * @return a string representation of this PKCS10Attributes.
28.217 - */
28.218 - public String toString() {
28.219 - String s = map.size() + "\n" + map.toString();
28.220 - return s;
28.221 - }
28.222 -}
29.1 --- a/src/share/classes/sun/security/pkcs/PKCS7.java Thu Oct 27 13:54:42 2011 -0700
29.2 +++ b/src/share/classes/sun/security/pkcs/PKCS7.java Fri Oct 28 17:49:02 2011 -0700
29.3 @@ -27,6 +27,7 @@
29.4
29.5 import java.io.*;
29.6 import java.math.BigInteger;
29.7 +import java.net.URI;
29.8 import java.util.*;
29.9 import java.security.cert.X509Certificate;
29.10 import java.security.cert.CertificateException;
29.11 @@ -35,6 +36,7 @@
29.12 import java.security.cert.CertificateFactory;
29.13 import java.security.*;
29.14
29.15 +import sun.security.timestamp.*;
29.16 import sun.security.util.*;
29.17 import sun.security.x509.AlgorithmId;
29.18 import sun.security.x509.CertificateIssuerName;
29.19 @@ -68,6 +70,30 @@
29.20
29.21 private Principal[] certIssuerNames;
29.22
29.23 + /*
29.24 + * Random number generator for creating nonce values
29.25 + */
29.26 + private static final SecureRandom RANDOM;
29.27 + static {
29.28 + SecureRandom tmp = null;
29.29 + try {
29.30 + tmp = SecureRandom.getInstance("SHA1PRNG");
29.31 + } catch (NoSuchAlgorithmException e) {
29.32 + // should not happen
29.33 + }
29.34 + RANDOM = tmp;
29.35 + }
29.36 +
29.37 + /*
29.38 + * Object identifier for the timestamping key purpose.
29.39 + */
29.40 + private static final String KP_TIMESTAMPING_OID = "1.3.6.1.5.5.7.3.8";
29.41 +
29.42 + /*
29.43 + * Object identifier for extendedKeyUsage extension
29.44 + */
29.45 + private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37";
29.46 +
29.47 /**
29.48 * Unmarshals a PKCS7 block from its encoded form, parsing the
29.49 * encoded bytes from the InputStream.
29.50 @@ -733,4 +759,164 @@
29.51 public boolean isOldStyle() {
29.52 return this.oldStyle;
29.53 }
29.54 +
29.55 + /**
29.56 + * Assembles a PKCS #7 signed data message that optionally includes a
29.57 + * signature timestamp.
29.58 + *
29.59 + * @param signature the signature bytes
29.60 + * @param signerChain the signer's X.509 certificate chain
29.61 + * @param content the content that is signed; specify null to not include
29.62 + * it in the PKCS7 data
29.63 + * @param signatureAlgorithm the name of the signature algorithm
29.64 + * @param tsaURI the URI of the Timestamping Authority; or null if no
29.65 + * timestamp is requested
29.66 + * @return the bytes of the encoded PKCS #7 signed data message
29.67 + * @throws NoSuchAlgorithmException The exception is thrown if the signature
29.68 + * algorithm is unrecognised.
29.69 + * @throws CertificateException The exception is thrown if an error occurs
29.70 + * while processing the signer's certificate or the TSA's
29.71 + * certificate.
29.72 + * @throws IOException The exception is thrown if an error occurs while
29.73 + * generating the signature timestamp or while generating the signed
29.74 + * data message.
29.75 + */
29.76 + public static byte[] generateSignedData(byte[] signature,
29.77 + X509Certificate[] signerChain,
29.78 + byte[] content,
29.79 + String signatureAlgorithm,
29.80 + URI tsaURI)
29.81 + throws CertificateException, IOException, NoSuchAlgorithmException
29.82 + {
29.83 +
29.84 + // Generate the timestamp token
29.85 + PKCS9Attributes unauthAttrs = null;
29.86 + if (tsaURI != null) {
29.87 + // Timestamp the signature
29.88 + HttpTimestamper tsa = new HttpTimestamper(tsaURI);
29.89 + byte[] tsToken = generateTimestampToken(tsa, signature);
29.90 +
29.91 + // Insert the timestamp token into the PKCS #7 signer info element
29.92 + // (as an unsigned attribute)
29.93 + unauthAttrs =
29.94 + new PKCS9Attributes(new PKCS9Attribute[]{
29.95 + new PKCS9Attribute(
29.96 + PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR,
29.97 + tsToken)});
29.98 + }
29.99 +
29.100 + // Create the SignerInfo
29.101 + X500Name issuerName =
29.102 + X500Name.asX500Name(signerChain[0].getIssuerX500Principal());
29.103 + BigInteger serialNumber = signerChain[0].getSerialNumber();
29.104 + String encAlg = AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm);
29.105 + String digAlg = AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm);
29.106 + SignerInfo signerInfo = new SignerInfo(issuerName, serialNumber,
29.107 + AlgorithmId.get(digAlg), null,
29.108 + AlgorithmId.get(encAlg),
29.109 + signature, unauthAttrs);
29.110 +
29.111 + // Create the PKCS #7 signed data message
29.112 + SignerInfo[] signerInfos = {signerInfo};
29.113 + AlgorithmId[] algorithms = {signerInfo.getDigestAlgorithmId()};
29.114 + // Include or exclude content
29.115 + ContentInfo contentInfo = (content == null)
29.116 + ? new ContentInfo(ContentInfo.DATA_OID, null)
29.117 + : new ContentInfo(content);
29.118 + PKCS7 pkcs7 = new PKCS7(algorithms, contentInfo,
29.119 + signerChain, signerInfos);
29.120 + ByteArrayOutputStream p7out = new ByteArrayOutputStream();
29.121 + pkcs7.encodeSignedData(p7out);
29.122 +
29.123 + return p7out.toByteArray();
29.124 + }
29.125 +
29.126 + /**
29.127 + * Requests, processes and validates a timestamp token from a TSA using
29.128 + * common defaults. Uses the following defaults in the timestamp request:
29.129 + * SHA-1 for the hash algorithm, a 64-bit nonce, and request certificate
29.130 + * set to true.
29.131 + *
29.132 + * @param tsa the timestamping authority to use
29.133 + * @param toBeTimestamped the token that is to be timestamped
29.134 + * @return the encoded timestamp token
29.135 + * @throws IOException The exception is thrown if an error occurs while
29.136 + * communicating with the TSA.
29.137 + * @throws CertificateException The exception is thrown if the TSA's
29.138 + * certificate is not permitted for timestamping.
29.139 + */
29.140 + private static byte[] generateTimestampToken(Timestamper tsa,
29.141 + byte[] toBeTimestamped)
29.142 + throws IOException, CertificateException
29.143 + {
29.144 + // Generate a timestamp
29.145 + MessageDigest messageDigest = null;
29.146 + TSRequest tsQuery = null;
29.147 + try {
29.148 + // SHA-1 is always used.
29.149 + messageDigest = MessageDigest.getInstance("SHA-1");
29.150 + tsQuery = new TSRequest(toBeTimestamped, messageDigest);
29.151 + } catch (NoSuchAlgorithmException e) {
29.152 + // ignore
29.153 + }
29.154 +
29.155 + // Generate a nonce
29.156 + BigInteger nonce = null;
29.157 + if (RANDOM != null) {
29.158 + nonce = new BigInteger(64, RANDOM);
29.159 + tsQuery.setNonce(nonce);
29.160 + }
29.161 + tsQuery.requestCertificate(true);
29.162 +
29.163 + TSResponse tsReply = tsa.generateTimestamp(tsQuery);
29.164 + int status = tsReply.getStatusCode();
29.165 + // Handle TSP error
29.166 + if (status != 0 && status != 1) {
29.167 + throw new IOException("Error generating timestamp: " +
29.168 + tsReply.getStatusCodeAsText() + " " +
29.169 + tsReply.getFailureCodeAsText());
29.170 + }
29.171 + PKCS7 tsToken = tsReply.getToken();
29.172 +
29.173 + TimestampToken tst = tsReply.getTimestampToken();
29.174 + if (!tst.getHashAlgorithm().getName().equals("SHA")) {
29.175 + throw new IOException("Digest algorithm not SHA-1 in "
29.176 + + "timestamp token");
29.177 + }
29.178 + if (!MessageDigest.isEqual(tst.getHashedMessage(),
29.179 + tsQuery.getHashedMessage())) {
29.180 + throw new IOException("Digest octets changed in timestamp token");
29.181 + }
29.182 +
29.183 + BigInteger replyNonce = tst.getNonce();
29.184 + if (replyNonce == null && nonce != null) {
29.185 + throw new IOException("Nonce missing in timestamp token");
29.186 + }
29.187 + if (replyNonce != null && !replyNonce.equals(nonce)) {
29.188 + throw new IOException("Nonce changed in timestamp token");
29.189 + }
29.190 +
29.191 + // Examine the TSA's certificate (if present)
29.192 + for (SignerInfo si: tsToken.getSignerInfos()) {
29.193 + X509Certificate cert = si.getCertificate(tsToken);
29.194 + if (cert == null) {
29.195 + // Error, we've already set tsRequestCertificate = true
29.196 + throw new CertificateException(
29.197 + "Certificate not included in timestamp token");
29.198 + } else {
29.199 + if (!cert.getCriticalExtensionOIDs().contains(
29.200 + EXTENDED_KEY_USAGE_OID)) {
29.201 + throw new CertificateException(
29.202 + "Certificate is not valid for timestamping");
29.203 + }
29.204 + List<String> keyPurposes = cert.getExtendedKeyUsage();
29.205 + if (keyPurposes == null ||
29.206 + !keyPurposes.contains(KP_TIMESTAMPING_OID)) {
29.207 + throw new CertificateException(
29.208 + "Certificate is not valid for timestamping");
29.209 + }
29.210 + }
29.211 + }
29.212 + return tsReply.getEncodedToken();
29.213 + }
29.214 }
30.1 --- a/src/share/classes/sun/security/pkcs/SignerInfo.java Thu Oct 27 13:54:42 2011 -0700
30.2 +++ b/src/share/classes/sun/security/pkcs/SignerInfo.java Fri Oct 28 17:49:02 2011 -0700
30.3 @@ -28,10 +28,14 @@
30.4 import java.io.OutputStream;
30.5 import java.io.IOException;
30.6 import java.math.BigInteger;
30.7 +import java.security.cert.CertificateException;
30.8 +import java.security.cert.CertificateFactory;
30.9 +import java.security.cert.CertPath;
30.10 import java.security.cert.X509Certificate;
30.11 import java.security.*;
30.12 import java.util.ArrayList;
30.13
30.14 +import sun.security.timestamp.TimestampToken;
30.15 import sun.security.util.*;
30.16 import sun.security.x509.AlgorithmId;
30.17 import sun.security.x509.X500Name;
30.18 @@ -51,6 +55,8 @@
30.19 AlgorithmId digestAlgorithmId;
30.20 AlgorithmId digestEncryptionAlgorithmId;
30.21 byte[] encryptedDigest;
30.22 + Timestamp timestamp;
30.23 + private boolean hasTimestamp = true;
30.24
30.25 PKCS9Attributes authenticatedAttributes;
30.26 PKCS9Attributes unauthenticatedAttributes;
30.27 @@ -442,6 +448,62 @@
30.28 return unauthenticatedAttributes;
30.29 }
30.30
30.31 + /*
30.32 + * Extracts a timestamp from a PKCS7 SignerInfo.
30.33 + *
30.34 + * Examines the signer's unsigned attributes for a
30.35 + * <tt>signatureTimestampToken</tt> attribute. If present,
30.36 + * then it is parsed to extract the date and time at which the
30.37 + * timestamp was generated.
30.38 + *
30.39 + * @param info A signer information element of a PKCS 7 block.
30.40 + *
30.41 + * @return A timestamp token or null if none is present.
30.42 + * @throws IOException if an error is encountered while parsing the
30.43 + * PKCS7 data.
30.44 + * @throws NoSuchAlgorithmException if an error is encountered while
30.45 + * verifying the PKCS7 object.
30.46 + * @throws SignatureException if an error is encountered while
30.47 + * verifying the PKCS7 object.
30.48 + * @throws CertificateException if an error is encountered while generating
30.49 + * the TSA's certpath.
30.50 + */
30.51 + public Timestamp getTimestamp()
30.52 + throws IOException, NoSuchAlgorithmException, SignatureException,
30.53 + CertificateException
30.54 + {
30.55 + if (timestamp != null || !hasTimestamp)
30.56 + return timestamp;
30.57 +
30.58 + if (unauthenticatedAttributes == null) {
30.59 + hasTimestamp = false;
30.60 + return null;
30.61 + }
30.62 + PKCS9Attribute tsTokenAttr =
30.63 + unauthenticatedAttributes.getAttribute(
30.64 + PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
30.65 + if (tsTokenAttr == null) {
30.66 + hasTimestamp = false;
30.67 + return null;
30.68 + }
30.69 +
30.70 + PKCS7 tsToken = new PKCS7((byte[])tsTokenAttr.getValue());
30.71 + // Extract the content (an encoded timestamp token info)
30.72 + byte[] encTsTokenInfo = tsToken.getContentInfo().getData();
30.73 + // Extract the signer (the Timestamping Authority)
30.74 + // while verifying the content
30.75 + SignerInfo[] tsa = tsToken.verify(encTsTokenInfo);
30.76 + // Expect only one signer
30.77 + ArrayList<X509Certificate> chain = tsa[0].getCertificateChain(tsToken);
30.78 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
30.79 + CertPath tsaChain = cf.generateCertPath(chain);
30.80 + // Create a timestamp token info object
30.81 + TimestampToken tsTokenInfo = new TimestampToken(encTsTokenInfo);
30.82 + // Create a timestamp object
30.83 + timestamp = new Timestamp(tsTokenInfo.getDate(), tsaChain);
30.84 + return timestamp;
30.85 + }
30.86 +
30.87 public String toString() {
30.88 HexDumpEncoder hexDump = new HexDumpEncoder();
30.89
30.90 @@ -467,5 +529,4 @@
30.91 }
30.92 return out;
30.93 }
30.94 -
30.95 }
31.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
31.2 +++ b/src/share/classes/sun/security/pkcs10/PKCS10.java Fri Oct 28 17:49:02 2011 -0700
31.3 @@ -0,0 +1,353 @@
31.4 +/*
31.5 + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
31.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
31.7 + *
31.8 + * This code is free software; you can redistribute it and/or modify it
31.9 + * under the terms of the GNU General Public License version 2 only, as
31.10 + * published by the Free Software Foundation. Oracle designates this
31.11 + * particular file as subject to the "Classpath" exception as provided
31.12 + * by Oracle in the LICENSE file that accompanied this code.
31.13 + *
31.14 + * This code is distributed in the hope that it will be useful, but WITHOUT
31.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
31.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
31.17 + * version 2 for more details (a copy is included in the LICENSE file that
31.18 + * accompanied this code).
31.19 + *
31.20 + * You should have received a copy of the GNU General Public License version
31.21 + * 2 along with this work; if not, write to the Free Software Foundation,
31.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
31.23 + *
31.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
31.25 + * or visit www.oracle.com if you need additional information or have any
31.26 + * questions.
31.27 + */
31.28 +
31.29 +
31.30 +package sun.security.pkcs10;
31.31 +
31.32 +import java.io.PrintStream;
31.33 +import java.io.IOException;
31.34 +import java.math.BigInteger;
31.35 +
31.36 +import java.security.cert.CertificateException;
31.37 +import java.security.NoSuchAlgorithmException;
31.38 +import java.security.InvalidKeyException;
31.39 +import java.security.Signature;
31.40 +import java.security.SignatureException;
31.41 +import java.security.PublicKey;
31.42 +
31.43 +import sun.misc.BASE64Encoder;
31.44 +
31.45 +import sun.security.util.*;
31.46 +import sun.security.x509.AlgorithmId;
31.47 +import sun.security.x509.X509Key;
31.48 +import sun.security.x509.X500Name;
31.49 +
31.50 +/**
31.51 + * A PKCS #10 certificate request is created and sent to a Certificate
31.52 + * Authority, which then creates an X.509 certificate and returns it to
31.53 + * the entity that requested it. A certificate request basically consists
31.54 + * of the subject's X.500 name, public key, and optionally some attributes,
31.55 + * signed using the corresponding private key.
31.56 + *
31.57 + * The ASN.1 syntax for a Certification Request is:
31.58 + * <pre>
31.59 + * CertificationRequest ::= SEQUENCE {
31.60 + * certificationRequestInfo CertificationRequestInfo,
31.61 + * signatureAlgorithm SignatureAlgorithmIdentifier,
31.62 + * signature Signature
31.63 + * }
31.64 + *
31.65 + * SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
31.66 + * Signature ::= BIT STRING
31.67 + *
31.68 + * CertificationRequestInfo ::= SEQUENCE {
31.69 + * version Version,
31.70 + * subject Name,
31.71 + * subjectPublicKeyInfo SubjectPublicKeyInfo,
31.72 + * attributes [0] IMPLICIT Attributes
31.73 + * }
31.74 + * Attributes ::= SET OF Attribute
31.75 + * </pre>
31.76 + *
31.77 + * @author David Brownell
31.78 + * @author Amit Kapoor
31.79 + * @author Hemma Prafullchandra
31.80 + */
31.81 +public class PKCS10 {
31.82 + /**
31.83 + * Constructs an unsigned PKCS #10 certificate request. Before this
31.84 + * request may be used, it must be encoded and signed. Then it
31.85 + * must be retrieved in some conventional format (e.g. string).
31.86 + *
31.87 + * @param publicKey the public key that should be placed
31.88 + * into the certificate generated by the CA.
31.89 + */
31.90 + public PKCS10(PublicKey publicKey) {
31.91 + subjectPublicKeyInfo = publicKey;
31.92 + attributeSet = new PKCS10Attributes();
31.93 + }
31.94 +
31.95 + /**
31.96 + * Constructs an unsigned PKCS #10 certificate request. Before this
31.97 + * request may be used, it must be encoded and signed. Then it
31.98 + * must be retrieved in some conventional format (e.g. string).
31.99 + *
31.100 + * @param publicKey the public key that should be placed
31.101 + * into the certificate generated by the CA.
31.102 + * @param attributes additonal set of PKCS10 attributes requested
31.103 + * for in the certificate.
31.104 + */
31.105 + public PKCS10(PublicKey publicKey, PKCS10Attributes attributes) {
31.106 + subjectPublicKeyInfo = publicKey;
31.107 + attributeSet = attributes;
31.108 + }
31.109 +
31.110 + /**
31.111 + * Parses an encoded, signed PKCS #10 certificate request, verifying
31.112 + * the request's signature as it does so. This constructor would
31.113 + * typically be used by a Certificate Authority, from which a new
31.114 + * certificate would then be constructed.
31.115 + *
31.116 + * @param data the DER-encoded PKCS #10 request.
31.117 + * @exception IOException for low level errors reading the data
31.118 + * @exception SignatureException when the signature is invalid
31.119 + * @exception NoSuchAlgorithmException when the signature
31.120 + * algorithm is not supported in this environment
31.121 + */
31.122 + public PKCS10(byte[] data)
31.123 + throws IOException, SignatureException, NoSuchAlgorithmException {
31.124 + DerInputStream in;
31.125 + DerValue[] seq;
31.126 + AlgorithmId id;
31.127 + byte[] sigData;
31.128 + Signature sig;
31.129 +
31.130 + encoded = data;
31.131 +
31.132 + //
31.133 + // Outer sequence: request, signature algorithm, signature.
31.134 + // Parse, and prepare to verify later.
31.135 + //
31.136 + in = new DerInputStream(data);
31.137 + seq = in.getSequence(3);
31.138 +
31.139 + if (seq.length != 3)
31.140 + throw new IllegalArgumentException("not a PKCS #10 request");
31.141 +
31.142 + data = seq[0].toByteArray(); // reusing this variable
31.143 + id = AlgorithmId.parse(seq[1]);
31.144 + sigData = seq[2].getBitString();
31.145 +
31.146 + //
31.147 + // Inner sequence: version, name, key, attributes
31.148 + //
31.149 + BigInteger serial;
31.150 + DerValue val;
31.151 +
31.152 + serial = seq[0].data.getBigInteger();
31.153 + if (!serial.equals(BigInteger.ZERO))
31.154 + throw new IllegalArgumentException("not PKCS #10 v1");
31.155 +
31.156 + subject = new X500Name(seq[0].data);
31.157 + subjectPublicKeyInfo = X509Key.parse(seq[0].data.getDerValue());
31.158 +
31.159 + // Cope with a somewhat common illegal PKCS #10 format
31.160 + if (seq[0].data.available() != 0)
31.161 + attributeSet = new PKCS10Attributes(seq[0].data);
31.162 + else
31.163 + attributeSet = new PKCS10Attributes();
31.164 +
31.165 + if (seq[0].data.available() != 0)
31.166 + throw new IllegalArgumentException("illegal PKCS #10 data");
31.167 +
31.168 + //
31.169 + // OK, we parsed it all ... validate the signature using the
31.170 + // key and signature algorithm we found.
31.171 + //
31.172 + try {
31.173 + sig = Signature.getInstance(id.getName());
31.174 + sig.initVerify(subjectPublicKeyInfo);
31.175 + sig.update(data);
31.176 + if (!sig.verify(sigData))
31.177 + throw new SignatureException("Invalid PKCS #10 signature");
31.178 + } catch (InvalidKeyException e) {
31.179 + throw new SignatureException("invalid key");
31.180 + }
31.181 + }
31.182 +
31.183 + /**
31.184 + * Create the signed certificate request. This will later be
31.185 + * retrieved in either string or binary format.
31.186 + *
31.187 + * @param subject identifies the signer (by X.500 name).
31.188 + * @param signature private key and signing algorithm to use.
31.189 + * @exception IOException on errors.
31.190 + * @exception CertificateException on certificate handling errors.
31.191 + * @exception SignatureException on signature handling errors.
31.192 + */
31.193 + public void encodeAndSign(X500Name subject, Signature signature)
31.194 + throws CertificateException, IOException, SignatureException {
31.195 + DerOutputStream out, scratch;
31.196 + byte[] certificateRequestInfo;
31.197 + byte[] sig;
31.198 +
31.199 + if (encoded != null)
31.200 + throw new SignatureException("request is already signed");
31.201 +
31.202 + this.subject = subject;
31.203 +
31.204 + /*
31.205 + * Encode cert request info, wrap in a sequence for signing
31.206 + */
31.207 + scratch = new DerOutputStream();
31.208 + scratch.putInteger(BigInteger.ZERO); // PKCS #10 v1.0
31.209 + subject.encode(scratch); // X.500 name
31.210 + scratch.write(subjectPublicKeyInfo.getEncoded()); // public key
31.211 + attributeSet.encode(scratch);
31.212 +
31.213 + out = new DerOutputStream();
31.214 + out.write(DerValue.tag_Sequence, scratch); // wrap it!
31.215 + certificateRequestInfo = out.toByteArray();
31.216 + scratch = out;
31.217 +
31.218 + /*
31.219 + * Sign it ...
31.220 + */
31.221 + signature.update(certificateRequestInfo, 0,
31.222 + certificateRequestInfo.length);
31.223 + sig = signature.sign();
31.224 +
31.225 + /*
31.226 + * Build guts of SIGNED macro
31.227 + */
31.228 + AlgorithmId algId = null;
31.229 + try {
31.230 + algId = AlgorithmId.get(signature.getAlgorithm());
31.231 + } catch (NoSuchAlgorithmException nsae) {
31.232 + throw new SignatureException(nsae);
31.233 + }
31.234 + algId.encode(scratch); // sig algorithm
31.235 + scratch.putBitString(sig); // sig
31.236 +
31.237 + /*
31.238 + * Wrap those guts in a sequence
31.239 + */
31.240 + out = new DerOutputStream();
31.241 + out.write(DerValue.tag_Sequence, scratch);
31.242 + encoded = out.toByteArray();
31.243 + }
31.244 +
31.245 + /**
31.246 + * Returns the subject's name.
31.247 + */
31.248 + public X500Name getSubjectName() { return subject; }
31.249 +
31.250 + /**
31.251 + * Returns the subject's public key.
31.252 + */
31.253 + public PublicKey getSubjectPublicKeyInfo()
31.254 + { return subjectPublicKeyInfo; }
31.255 +
31.256 + /**
31.257 + * Returns the additional attributes requested.
31.258 + */
31.259 + public PKCS10Attributes getAttributes()
31.260 + { return attributeSet; }
31.261 +
31.262 + /**
31.263 + * Returns the encoded and signed certificate request as a
31.264 + * DER-encoded byte array.
31.265 + *
31.266 + * @return the certificate request, or null if encodeAndSign()
31.267 + * has not yet been called.
31.268 + */
31.269 + public byte[] getEncoded() {
31.270 + if (encoded != null)
31.271 + return encoded.clone();
31.272 + else
31.273 + return null;
31.274 + }
31.275 +
31.276 + /**
31.277 + * Prints an E-Mailable version of the certificate request on the print
31.278 + * stream passed. The format is a common base64 encoded one, supported
31.279 + * by most Certificate Authorities because Netscape web servers have
31.280 + * used this for some time. Some certificate authorities expect some
31.281 + * more information, in particular contact information for the web
31.282 + * server administrator.
31.283 + *
31.284 + * @param out the print stream where the certificate request
31.285 + * will be printed.
31.286 + * @exception IOException when an output operation failed
31.287 + * @exception SignatureException when the certificate request was
31.288 + * not yet signed.
31.289 + */
31.290 + public void print(PrintStream out)
31.291 + throws IOException, SignatureException {
31.292 + if (encoded == null)
31.293 + throw new SignatureException("Cert request was not signed");
31.294 +
31.295 + BASE64Encoder encoder = new BASE64Encoder();
31.296 +
31.297 + out.println("-----BEGIN NEW CERTIFICATE REQUEST-----");
31.298 + encoder.encodeBuffer(encoded, out);
31.299 + out.println("-----END NEW CERTIFICATE REQUEST-----");
31.300 + }
31.301 +
31.302 + /**
31.303 + * Provides a short description of this request.
31.304 + */
31.305 + public String toString() {
31.306 + return "[PKCS #10 certificate request:\n"
31.307 + + subjectPublicKeyInfo.toString()
31.308 + + " subject: <" + subject + ">" + "\n"
31.309 + + " attributes: " + attributeSet.toString()
31.310 + + "\n]";
31.311 + }
31.312 +
31.313 + /**
31.314 + * Compares this object for equality with the specified
31.315 + * object. If the <code>other</code> object is an
31.316 + * <code>instanceof</code> <code>PKCS10</code>, then
31.317 + * its encoded form is retrieved and compared with the
31.318 + * encoded form of this certificate request.
31.319 + *
31.320 + * @param other the object to test for equality with this object.
31.321 + * @return true iff the encoded forms of the two certificate
31.322 + * requests match, false otherwise.
31.323 + */
31.324 + public boolean equals(Object other) {
31.325 + if (this == other)
31.326 + return true;
31.327 + if (!(other instanceof PKCS10))
31.328 + return false;
31.329 + if (encoded == null) // not signed yet
31.330 + return false;
31.331 + byte[] otherEncoded = ((PKCS10)other).getEncoded();
31.332 + if (otherEncoded == null)
31.333 + return false;
31.334 +
31.335 + return java.util.Arrays.equals(encoded, otherEncoded);
31.336 + }
31.337 +
31.338 + /**
31.339 + * Returns a hashcode value for this certificate request from its
31.340 + * encoded form.
31.341 + *
31.342 + * @return the hashcode value.
31.343 + */
31.344 + public int hashCode() {
31.345 + int retval = 0;
31.346 + if (encoded != null)
31.347 + for (int i = 1; i < encoded.length; i++)
31.348 + retval += encoded[i] * i;
31.349 + return(retval);
31.350 + }
31.351 +
31.352 + private X500Name subject;
31.353 + private PublicKey subjectPublicKeyInfo;
31.354 + private PKCS10Attributes attributeSet;
31.355 + private byte[] encoded; // signed
31.356 +}
32.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
32.2 +++ b/src/share/classes/sun/security/pkcs10/PKCS10Attribute.java Fri Oct 28 17:49:02 2011 -0700
32.3 @@ -0,0 +1,136 @@
32.4 +/*
32.5 + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
32.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
32.7 + *
32.8 + * This code is free software; you can redistribute it and/or modify it
32.9 + * under the terms of the GNU General Public License version 2 only, as
32.10 + * published by the Free Software Foundation. Oracle designates this
32.11 + * particular file as subject to the "Classpath" exception as provided
32.12 + * by Oracle in the LICENSE file that accompanied this code.
32.13 + *
32.14 + * This code is distributed in the hope that it will be useful, but WITHOUT
32.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
32.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
32.17 + * version 2 for more details (a copy is included in the LICENSE file that
32.18 + * accompanied this code).
32.19 + *
32.20 + * You should have received a copy of the GNU General Public License version
32.21 + * 2 along with this work; if not, write to the Free Software Foundation,
32.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
32.23 + *
32.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
32.25 + * or visit www.oracle.com if you need additional information or have any
32.26 + * questions.
32.27 + */
32.28 +
32.29 +package sun.security.pkcs10;
32.30 +
32.31 +import java.io.OutputStream;
32.32 +import java.io.IOException;
32.33 +
32.34 +import sun.security.pkcs.PKCS9Attribute;
32.35 +import sun.security.util.*;
32.36 +
32.37 +/**
32.38 + * Represent a PKCS#10 Attribute.
32.39 + *
32.40 + * <p>Attributes are additonal information which can be inserted in a PKCS#10
32.41 + * certificate request. For example a "Driving License Certificate" could have
32.42 + * the driving license number as an attribute.
32.43 + *
32.44 + * <p>Attributes are represented as a sequence of the attribute identifier
32.45 + * (Object Identifier) and a set of DER encoded attribute values.
32.46 + *
32.47 + * ASN.1 definition of Attribute:
32.48 + * <pre>
32.49 + * Attribute :: SEQUENCE {
32.50 + * type AttributeType,
32.51 + * values SET OF AttributeValue
32.52 + * }
32.53 + * AttributeType ::= OBJECT IDENTIFIER
32.54 + * AttributeValue ::= ANY defined by type
32.55 + * </pre>
32.56 + *
32.57 + * @author Amit Kapoor
32.58 + * @author Hemma Prafullchandra
32.59 + */
32.60 +public class PKCS10Attribute implements DerEncoder {
32.61 +
32.62 + protected ObjectIdentifier attributeId = null;
32.63 + protected Object attributeValue = null;
32.64 +
32.65 + /**
32.66 + * Constructs an attribute from a DER encoding.
32.67 + * This constructor expects the value to be encoded as defined above,
32.68 + * i.e. a SEQUENCE of OID and SET OF value(s), not a literal
32.69 + * X.509 v3 extension. Only PKCS9 defined attributes are supported
32.70 + * currently.
32.71 + *
32.72 + * @param derVal the der encoded attribute.
32.73 + * @exception IOException on parsing errors.
32.74 + */
32.75 + public PKCS10Attribute(DerValue derVal) throws IOException {
32.76 + PKCS9Attribute attr = new PKCS9Attribute(derVal);
32.77 + this.attributeId = attr.getOID();
32.78 + this.attributeValue = attr.getValue();
32.79 + }
32.80 +
32.81 + /**
32.82 + * Constructs an attribute from individual components of
32.83 + * ObjectIdentifier and the value (any java object).
32.84 + *
32.85 + * @param attributeId the ObjectIdentifier of the attribute.
32.86 + * @param attributeValue an instance of a class that implements
32.87 + * the attribute identified by the ObjectIdentifier.
32.88 + */
32.89 + public PKCS10Attribute(ObjectIdentifier attributeId,
32.90 + Object attributeValue) {
32.91 + this.attributeId = attributeId;
32.92 + this.attributeValue = attributeValue;
32.93 + }
32.94 +
32.95 + /**
32.96 + * Constructs an attribute from PKCS9 attribute.
32.97 + *
32.98 + * @param attr the PKCS9Attribute to create from.
32.99 + */
32.100 + public PKCS10Attribute(PKCS9Attribute attr) {
32.101 + this.attributeId = attr.getOID();
32.102 + this.attributeValue = attr.getValue();
32.103 + }
32.104 +
32.105 + /**
32.106 + * DER encode this object onto an output stream.
32.107 + * Implements the <code>DerEncoder</code> interface.
32.108 + *
32.109 + * @param out
32.110 + * the OutputStream on which to write the DER encoding.
32.111 + *
32.112 + * @exception IOException on encoding errors.
32.113 + */
32.114 + public void derEncode(OutputStream out) throws IOException {
32.115 + PKCS9Attribute attr = new PKCS9Attribute(attributeId, attributeValue);
32.116 + attr.derEncode(out);
32.117 + }
32.118 +
32.119 + /**
32.120 + * Returns the ObjectIdentifier of the attribute.
32.121 + */
32.122 + public ObjectIdentifier getAttributeId() {
32.123 + return (attributeId);
32.124 + }
32.125 +
32.126 + /**
32.127 + * Returns the attribute value.
32.128 + */
32.129 + public Object getAttributeValue() {
32.130 + return (attributeValue);
32.131 + }
32.132 +
32.133 + /**
32.134 + * Returns the attribute in user readable form.
32.135 + */
32.136 + public String toString() {
32.137 + return (attributeValue.toString());
32.138 + }
32.139 +}
33.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
33.2 +++ b/src/share/classes/sun/security/pkcs10/PKCS10Attributes.java Fri Oct 28 17:49:02 2011 -0700
33.3 @@ -0,0 +1,219 @@
33.4 +/*
33.5 + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
33.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
33.7 + *
33.8 + * This code is free software; you can redistribute it and/or modify it
33.9 + * under the terms of the GNU General Public License version 2 only, as
33.10 + * published by the Free Software Foundation. Oracle designates this
33.11 + * particular file as subject to the "Classpath" exception as provided
33.12 + * by Oracle in the LICENSE file that accompanied this code.
33.13 + *
33.14 + * This code is distributed in the hope that it will be useful, but WITHOUT
33.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
33.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
33.17 + * version 2 for more details (a copy is included in the LICENSE file that
33.18 + * accompanied this code).
33.19 + *
33.20 + * You should have received a copy of the GNU General Public License version
33.21 + * 2 along with this work; if not, write to the Free Software Foundation,
33.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
33.23 + *
33.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
33.25 + * or visit www.oracle.com if you need additional information or have any
33.26 + * questions.
33.27 + */
33.28 +
33.29 +package sun.security.pkcs10;
33.30 +
33.31 +import java.io.IOException;
33.32 +import java.io.OutputStream;
33.33 +import java.security.cert.CertificateException;
33.34 +import java.util.Collection;
33.35 +import java.util.Collections;
33.36 +import java.util.Enumeration;
33.37 +import java.util.Hashtable;
33.38 +
33.39 +import sun.security.util.*;
33.40 +
33.41 +/**
33.42 + * This class defines the PKCS10 attributes for the request.
33.43 + * The ASN.1 syntax for this is:
33.44 + * <pre>
33.45 + * Attributes ::= SET OF Attribute
33.46 + * </pre>
33.47 + *
33.48 + * @author Amit Kapoor
33.49 + * @author Hemma Prafullchandra
33.50 + * @see PKCS10
33.51 + * @see PKCS10Attribute
33.52 + */
33.53 +public class PKCS10Attributes implements DerEncoder {
33.54 +
33.55 + private Hashtable<String, PKCS10Attribute> map =
33.56 + new Hashtable<String, PKCS10Attribute>(3);
33.57 +
33.58 + /**
33.59 + * Default constructor for the PKCS10 attribute.
33.60 + */
33.61 + public PKCS10Attributes() { }
33.62 +
33.63 + /**
33.64 + * Create the object from the array of PKCS10Attribute objects.
33.65 + *
33.66 + * @param attrs the array of PKCS10Attribute objects.
33.67 + */
33.68 + public PKCS10Attributes(PKCS10Attribute[] attrs) {
33.69 + for (int i = 0; i < attrs.length; i++) {
33.70 + map.put(attrs[i].getAttributeId().toString(), attrs[i]);
33.71 + }
33.72 + }
33.73 +
33.74 + /**
33.75 + * Create the object, decoding the values from the passed DER stream.
33.76 + * The DER stream contains the SET OF Attribute.
33.77 + *
33.78 + * @param in the DerInputStream to read the attributes from.
33.79 + * @exception IOException on decoding errors.
33.80 + */
33.81 + public PKCS10Attributes(DerInputStream in) throws IOException {
33.82 + DerValue[] attrs = in.getSet(3, true);
33.83 +
33.84 + if (attrs == null)
33.85 + throw new IOException("Illegal encoding of attributes");
33.86 + for (int i = 0; i < attrs.length; i++) {
33.87 + PKCS10Attribute attr = new PKCS10Attribute(attrs[i]);
33.88 + map.put(attr.getAttributeId().toString(), attr);
33.89 + }
33.90 + }
33.91 +
33.92 + /**
33.93 + * Encode the attributes in DER form to the stream.
33.94 + *
33.95 + * @param out the OutputStream to marshal the contents to.
33.96 + * @exception IOException on encoding errors.
33.97 + */
33.98 + public void encode(OutputStream out) throws IOException {
33.99 + derEncode(out);
33.100 + }
33.101 +
33.102 + /**
33.103 + * Encode the attributes in DER form to the stream.
33.104 + * Implements the <code>DerEncoder</code> interface.
33.105 + *
33.106 + * @param out the OutputStream to marshal the contents to.
33.107 + * @exception IOException on encoding errors.
33.108 + */
33.109 + public void derEncode(OutputStream out) throws IOException {
33.110 + // first copy the elements into an array
33.111 + Collection<PKCS10Attribute> allAttrs = map.values();
33.112 + PKCS10Attribute[] attribs =
33.113 + allAttrs.toArray(new PKCS10Attribute[map.size()]);
33.114 +
33.115 + DerOutputStream attrOut = new DerOutputStream();
33.116 + attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT,
33.117 + true, (byte)0),
33.118 + attribs);
33.119 + out.write(attrOut.toByteArray());
33.120 + }
33.121 +
33.122 + /**
33.123 + * Set the attribute value.
33.124 + */
33.125 + public void setAttribute(String name, Object obj) {
33.126 + if (obj instanceof PKCS10Attribute) {
33.127 + map.put(name, (PKCS10Attribute)obj);
33.128 + }
33.129 + }
33.130 +
33.131 + /**
33.132 + * Get the attribute value.
33.133 + */
33.134 + public Object getAttribute(String name) {
33.135 + return map.get(name);
33.136 + }
33.137 +
33.138 + /**
33.139 + * Delete the attribute value.
33.140 + */
33.141 + public void deleteAttribute(String name) {
33.142 + map.remove(name);
33.143 + }
33.144 +
33.145 + /**
33.146 + * Return an enumeration of names of attributes existing within this
33.147 + * attribute.
33.148 + */
33.149 + public Enumeration<PKCS10Attribute> getElements() {
33.150 + return (map.elements());
33.151 + }
33.152 +
33.153 + /**
33.154 + * Return a Collection of attributes existing within this
33.155 + * PKCS10Attributes object.
33.156 + */
33.157 + public Collection<PKCS10Attribute> getAttributes() {
33.158 + return (Collections.unmodifiableCollection(map.values()));
33.159 + }
33.160 +
33.161 + /**
33.162 + * Compares this PKCS10Attributes for equality with the specified
33.163 + * object. If the <code>other</code> object is an
33.164 + * <code>instanceof</code> <code>PKCS10Attributes</code>, then
33.165 + * all the entries are compared with the entries from this.
33.166 + *
33.167 + * @param other the object to test for equality with this PKCS10Attributes.
33.168 + * @return true if all the entries match that of the Other,
33.169 + * false otherwise.
33.170 + */
33.171 + public boolean equals(Object other) {
33.172 + if (this == other)
33.173 + return true;
33.174 + if (!(other instanceof PKCS10Attributes))
33.175 + return false;
33.176 +
33.177 + Collection<PKCS10Attribute> othersAttribs =
33.178 + ((PKCS10Attributes)other).getAttributes();
33.179 + PKCS10Attribute[] attrs =
33.180 + othersAttribs.toArray(new PKCS10Attribute[othersAttribs.size()]);
33.181 + int len = attrs.length;
33.182 + if (len != map.size())
33.183 + return false;
33.184 + PKCS10Attribute thisAttr, otherAttr;
33.185 + String key = null;
33.186 + for (int i=0; i < len; i++) {
33.187 + otherAttr = attrs[i];
33.188 + key = otherAttr.getAttributeId().toString();
33.189 +
33.190 + if (key == null)
33.191 + return false;
33.192 + thisAttr = map.get(key);
33.193 + if (thisAttr == null)
33.194 + return false;
33.195 + if (! thisAttr.equals(otherAttr))
33.196 + return false;
33.197 + }
33.198 + return true;
33.199 + }
33.200 +
33.201 + /**
33.202 + * Returns a hashcode value for this PKCS10Attributes.
33.203 + *
33.204 + * @return the hashcode value.
33.205 + */
33.206 + public int hashCode() {
33.207 + return map.hashCode();
33.208 + }
33.209 +
33.210 + /**
33.211 + * Returns a string representation of this <tt>PKCS10Attributes</tt> object
33.212 + * in the form of a set of entries, enclosed in braces and separated
33.213 + * by the ASCII characters "<tt>, </tt>" (comma and space).
33.214 + * <p>Overrides the <tt>toString</tt> method of <tt>Object</tt>.
33.215 + *
33.216 + * @return a string representation of this PKCS10Attributes.
33.217 + */
33.218 + public String toString() {
33.219 + String s = map.size() + "\n" + map.toString();
33.220 + return s;
33.221 + }
33.222 +}
34.1 --- a/src/share/classes/sun/security/pkcs11/Config.java Thu Oct 27 13:54:42 2011 -0700
34.2 +++ b/src/share/classes/sun/security/pkcs11/Config.java Fri Oct 28 17:49:02 2011 -0700
34.3 @@ -192,6 +192,11 @@
34.4 // works only for NSS providers created via the Secmod API
34.5 private boolean nssUseSecmodTrust = false;
34.6
34.7 + // Flag to indicate whether the X9.63 encoding for EC points shall be used
34.8 + // (true) or whether that encoding shall be wrapped in an ASN.1 OctetString
34.9 + // (false).
34.10 + private boolean useEcX963Encoding = false;
34.11 +
34.12 private Config(String filename, InputStream in) throws IOException {
34.13 if (in == null) {
34.14 if (filename.startsWith("--")) {
34.15 @@ -320,6 +325,10 @@
34.16 return nssUseSecmodTrust;
34.17 }
34.18
34.19 + boolean getUseEcX963Encoding() {
34.20 + return useEcX963Encoding;
34.21 + }
34.22 +
34.23 private static String expand(final String s) throws IOException {
34.24 try {
34.25 return PropertyExpander.expand(s);
34.26 @@ -440,6 +449,8 @@
34.27 parseNSSArgs(word);
34.28 } else if (word.equals("nssUseSecmodTrust")) {
34.29 nssUseSecmodTrust = parseBooleanEntry(word);
34.30 + } else if (word.equals("useEcX963Encoding")) {
34.31 + useEcX963Encoding = parseBooleanEntry(word);
34.32 } else {
34.33 throw new ConfigurationException
34.34 ("Unknown keyword '" + word + "', line " + st.lineno());
35.1 --- a/src/share/classes/sun/security/pkcs11/KeyCache.java Thu Oct 27 13:54:42 2011 -0700
35.2 +++ b/src/share/classes/sun/security/pkcs11/KeyCache.java Fri Oct 28 17:49:02 2011 -0700
35.3 @@ -1,5 +1,5 @@
35.4 /*
35.5 - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
35.6 + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
35.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
35.8 *
35.9 * This code is free software; you can redistribute it and/or modify it
35.10 @@ -48,7 +48,7 @@
35.11 */
35.12 final class KeyCache {
35.13
35.14 - private final Cache strongCache;
35.15 + private final Cache<IdentityWrapper, P11Key> strongCache;
35.16
35.17 private WeakReference<Map<Key,P11Key>> cacheReference;
35.18
35.19 @@ -77,7 +77,7 @@
35.20 }
35.21
35.22 synchronized P11Key get(Key key) {
35.23 - P11Key p11Key = (P11Key)strongCache.get(new IdentityWrapper(key));
35.24 + P11Key p11Key = strongCache.get(new IdentityWrapper(key));
35.25 if (p11Key != null) {
35.26 return p11Key;
35.27 }
35.28 @@ -94,8 +94,8 @@
35.29 Map<Key,P11Key> map =
35.30 (cacheReference == null) ? null : cacheReference.get();
35.31 if (map == null) {
35.32 - map = new IdentityHashMap<Key,P11Key>();
35.33 - cacheReference = new WeakReference<Map<Key,P11Key>>(map);
35.34 + map = new IdentityHashMap<>();
35.35 + cacheReference = new WeakReference<>(map);
35.36 }
35.37 map.put(key, p11Key);
35.38 }
36.1 --- a/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Thu Oct 27 13:54:42 2011 -0700
36.2 +++ b/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Fri Oct 28 17:49:02 2011 -0700
36.3 @@ -203,14 +203,20 @@
36.4
36.5 private PublicKey generatePublic(ECPoint point, ECParameterSpec params) throws PKCS11Exception {
36.6 byte[] encodedParams = ECParameters.encodeParameters(params);
36.7 - byte[] encodedPoint = null;
36.8 - DerValue pkECPoint = new DerValue(DerValue.tag_OctetString,
36.9 - ECParameters.encodePoint(point, params.getCurve()));
36.10 + byte[] encodedPoint =
36.11 + ECParameters.encodePoint(point, params.getCurve());
36.12
36.13 - try {
36.14 - encodedPoint = pkECPoint.toByteArray();
36.15 - } catch (IOException e) {
36.16 - throw new IllegalArgumentException("Could not DER encode point", e);
36.17 + // Check whether the X9.63 encoding of an EC point shall be wrapped
36.18 + // in an ASN.1 OCTET STRING
36.19 + if (!token.config.getUseEcX963Encoding()) {
36.20 + try {
36.21 + encodedPoint =
36.22 + new DerValue(DerValue.tag_OctetString, encodedPoint)
36.23 + .toByteArray();
36.24 + } catch (IOException e) {
36.25 + throw new
36.26 + IllegalArgumentException("Could not DER encode point", e);
36.27 + }
36.28 }
36.29
36.30 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
37.1 --- a/src/share/classes/sun/security/pkcs11/P11Key.java Thu Oct 27 13:54:42 2011 -0700
37.2 +++ b/src/share/classes/sun/security/pkcs11/P11Key.java Fri Oct 28 17:49:02 2011 -0700
37.3 @@ -1028,28 +1028,21 @@
37.4 try {
37.5 params = P11ECKeyFactory.decodeParameters
37.6 (attributes[1].getByteArray());
37.7 -
37.8 - /*
37.9 - * An uncompressed EC point may be in either of two formats.
37.10 - * First try the OCTET STRING encoding:
37.11 - * 04 <length> 04 <X-coordinate> <Y-coordinate>
37.12 - *
37.13 - * Otherwise try the raw encoding:
37.14 - * 04 <X-coordinate> <Y-coordinate>
37.15 - */
37.16 byte[] ecKey = attributes[0].getByteArray();
37.17
37.18 - try {
37.19 + // Check whether the X9.63 encoding of an EC point is wrapped
37.20 + // in an ASN.1 OCTET STRING
37.21 + if (!token.config.getUseEcX963Encoding()) {
37.22 DerValue wECPoint = new DerValue(ecKey);
37.23 - if (wECPoint.getTag() != DerValue.tag_OctetString)
37.24 - throw new IOException("Unexpected tag: " +
37.25 - wECPoint.getTag());
37.26
37.27 + if (wECPoint.getTag() != DerValue.tag_OctetString) {
37.28 + throw new IOException("Could not DER decode EC point." +
37.29 + " Unexpected tag: " + wECPoint.getTag());
37.30 + }
37.31 w = P11ECKeyFactory.decodePoint
37.32 (wECPoint.getDataBytes(), params.getCurve());
37.33
37.34 - } catch (IOException e) {
37.35 - // Failover
37.36 + } else {
37.37 w = P11ECKeyFactory.decodePoint(ecKey, params.getCurve());
37.38 }
37.39
38.1 --- a/src/share/classes/sun/security/provider/X509Factory.java Thu Oct 27 13:54:42 2011 -0700
38.2 +++ b/src/share/classes/sun/security/provider/X509Factory.java Fri Oct 28 17:49:02 2011 -0700
38.3 @@ -64,8 +64,10 @@
38.4
38.5 private static final int ENC_MAX_LENGTH = 4096 * 1024; // 4 MB MAX
38.6
38.7 - private static final Cache certCache = Cache.newSoftMemoryCache(750);
38.8 - private static final Cache crlCache = Cache.newSoftMemoryCache(750);
38.9 + private static final Cache<Object, X509CertImpl> certCache
38.10 + = Cache.newSoftMemoryCache(750);
38.11 + private static final Cache<Object, X509CRLImpl> crlCache
38.12 + = Cache.newSoftMemoryCache(750);
38.13
38.14 /**
38.15 * Generates an X.509 certificate object and initializes it with
38.16 @@ -90,7 +92,7 @@
38.17 try {
38.18 byte[] encoding = readOneBlock(is);
38.19 if (encoding != null) {
38.20 - X509CertImpl cert = (X509CertImpl)getFromCache(certCache, encoding);
38.21 + X509CertImpl cert = getFromCache(certCache, encoding);
38.22 if (cert != null) {
38.23 return cert;
38.24 }
38.25 @@ -151,7 +153,7 @@
38.26 } else {
38.27 encoding = c.getEncoded();
38.28 }
38.29 - X509CertImpl newC = (X509CertImpl)getFromCache(certCache, encoding);
38.30 + X509CertImpl newC = getFromCache(certCache, encoding);
38.31 if (newC != null) {
38.32 return newC;
38.33 }
38.34 @@ -181,7 +183,7 @@
38.35 } else {
38.36 encoding = c.getEncoded();
38.37 }
38.38 - X509CRLImpl newC = (X509CRLImpl)getFromCache(crlCache, encoding);
38.39 + X509CRLImpl newC = getFromCache(crlCache, encoding);
38.40 if (newC != null) {
38.41 return newC;
38.42 }
38.43 @@ -198,18 +200,17 @@
38.44 /**
38.45 * Get the X509CertImpl or X509CRLImpl from the cache.
38.46 */
38.47 - private static synchronized Object getFromCache(Cache cache,
38.48 + private static synchronized <K,V> V getFromCache(Cache<K,V> cache,
38.49 byte[] encoding) {
38.50 Object key = new Cache.EqualByteArray(encoding);
38.51 - Object value = cache.get(key);
38.52 - return value;
38.53 + return cache.get(key);
38.54 }
38.55
38.56 /**
38.57 * Add the X509CertImpl or X509CRLImpl to the cache.
38.58 */
38.59 - private static synchronized void addToCache(Cache cache, byte[] encoding,
38.60 - Object value) {
38.61 + private static synchronized <V> void addToCache(Cache<Object, V> cache,
38.62 + byte[] encoding, V value) {
38.63 if (encoding.length > ENC_MAX_LENGTH) {
38.64 return;
38.65 }
38.66 @@ -361,7 +362,7 @@
38.67 try {
38.68 byte[] encoding = readOneBlock(is);
38.69 if (encoding != null) {
38.70 - X509CRLImpl crl = (X509CRLImpl)getFromCache(crlCache, encoding);
38.71 + X509CRLImpl crl = getFromCache(crlCache, encoding);
38.72 if (crl != null) {
38.73 return crl;
38.74 }
38.75 @@ -669,6 +670,23 @@
38.76 bout.write(midByte);
38.77 bout.write(lowByte);
38.78 length = (highByte << 16) | (midByte << 8) | lowByte;
38.79 + } else if (n == 0x84) {
38.80 + int highByte = is.read();
38.81 + int nextByte = is.read();
38.82 + int midByte = is.read();
38.83 + int lowByte = is.read();
38.84 + if (lowByte == -1) {
38.85 + throw new IOException("Incomplete BER/DER length info");
38.86 + }
38.87 + if (highByte > 127) {
38.88 + throw new IOException("Invalid BER/DER data (a little huge?)");
38.89 + }
38.90 + bout.write(highByte);
38.91 + bout.write(nextByte);
38.92 + bout.write(midByte);
38.93 + bout.write(lowByte);
38.94 + length = (highByte << 24 ) | (nextByte << 16) |
38.95 + (midByte << 8) | lowByte;
38.96 } else { // ignore longer length forms
38.97 throw new IOException("Invalid BER/DER data (too huge?)");
38.98 }
39.1 --- a/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java Thu Oct 27 13:54:42 2011 -0700
39.2 +++ b/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java Fri Oct 28 17:49:02 2011 -0700
39.3 @@ -1,5 +1,5 @@
39.4 /*
39.5 - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
39.6 + * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
39.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
39.8 *
39.9 * This code is free software; you can redistribute it and/or modify it
39.10 @@ -27,32 +27,87 @@
39.11
39.12 import java.net.URI;
39.13 import java.util.Collection;
39.14 +import java.util.HashMap;
39.15 +import java.util.Map;
39.16 +import java.security.AccessController;
39.17 import java.security.NoSuchAlgorithmException;
39.18 import java.security.InvalidAlgorithmParameterException;
39.19 +import java.security.PrivilegedActionException;
39.20 +import java.security.PrivilegedExceptionAction;
39.21 import java.security.cert.CertStore;
39.22 import java.security.cert.X509CertSelector;
39.23 import java.security.cert.X509CRLSelector;
39.24 import javax.security.auth.x500.X500Principal;
39.25 import java.io.IOException;
39.26
39.27 +import sun.security.util.Cache;
39.28 +
39.29 /**
39.30 - * Helper used by URICertStore when delegating to another CertStore to
39.31 - * fetch certs and CRLs.
39.32 + * Helper used by URICertStore and others when delegating to another CertStore
39.33 + * to fetch certs and CRLs.
39.34 */
39.35
39.36 -public interface CertStoreHelper {
39.37 +public abstract class CertStoreHelper {
39.38 +
39.39 + private static final int NUM_TYPES = 2;
39.40 + private final static Map<String,String> classMap = new HashMap<>(NUM_TYPES);
39.41 + static {
39.42 + classMap.put(
39.43 + "LDAP",
39.44 + "sun.security.provider.certpath.ldap.LDAPCertStoreHelper");
39.45 + classMap.put(
39.46 + "SSLServer",
39.47 + "sun.security.provider.certpath.ssl.SSLServerCertStoreHelper");
39.48 + };
39.49 + private static Cache<String, CertStoreHelper> cache
39.50 + = Cache.newSoftMemoryCache(NUM_TYPES);
39.51 +
39.52 + public static CertStoreHelper getInstance(final String type)
39.53 + throws NoSuchAlgorithmException
39.54 + {
39.55 + CertStoreHelper helper = cache.get(type);
39.56 + if (helper != null) {
39.57 + return helper;
39.58 + }
39.59 + final String cl = classMap.get(type);
39.60 + if (cl == null) {
39.61 + throw new NoSuchAlgorithmException(type + " not available");
39.62 + }
39.63 + try {
39.64 + helper = AccessController.doPrivileged(
39.65 + new PrivilegedExceptionAction<CertStoreHelper>() {
39.66 + public CertStoreHelper run() throws ClassNotFoundException {
39.67 + try {
39.68 + Class<?> c = Class.forName(cl, true, null);
39.69 + CertStoreHelper csh
39.70 + = (CertStoreHelper)c.newInstance();
39.71 + cache.put(type, csh);
39.72 + return csh;
39.73 + } catch (InstantiationException e) {
39.74 + throw new AssertionError(e);
39.75 + } catch (IllegalAccessException e) {
39.76 + throw new AssertionError(e);
39.77 + }
39.78 + }
39.79 + });
39.80 + return helper;
39.81 + } catch (PrivilegedActionException e) {
39.82 + throw new NoSuchAlgorithmException(type + " not available",
39.83 + e.getException());
39.84 + }
39.85 + }
39.86
39.87 /**
39.88 * Returns a CertStore using the given URI as parameters.
39.89 */
39.90 - CertStore getCertStore(URI uri)
39.91 + public abstract CertStore getCertStore(URI uri)
39.92 throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
39.93
39.94 /**
39.95 * Wraps an existing X509CertSelector when needing to avoid DN matching
39.96 * issues.
39.97 */
39.98 - X509CertSelector wrap(X509CertSelector selector,
39.99 + public abstract X509CertSelector wrap(X509CertSelector selector,
39.100 X500Principal certSubject,
39.101 String dn)
39.102 throws IOException;
39.103 @@ -61,7 +116,7 @@
39.104 * Wraps an existing X509CRLSelector when needing to avoid DN matching
39.105 * issues.
39.106 */
39.107 - X509CRLSelector wrap(X509CRLSelector selector,
39.108 + public abstract X509CRLSelector wrap(X509CRLSelector selector,
39.109 Collection<X500Principal> certIssuers,
39.110 String dn)
39.111 throws IOException;
40.1 --- a/src/share/classes/sun/security/provider/certpath/URICertStore.java Thu Oct 27 13:54:42 2011 -0700
40.2 +++ b/src/share/classes/sun/security/provider/certpath/URICertStore.java Fri Oct 28 17:49:02 2011 -0700
40.3 @@ -30,8 +30,6 @@
40.4 import java.net.HttpURLConnection;
40.5 import java.net.URI;
40.6 import java.net.URLConnection;
40.7 -import java.security.AccessController;
40.8 -import java.security.PrivilegedAction;
40.9 import java.security.InvalidAlgorithmParameterException;
40.10 import java.security.NoSuchAlgorithmException;
40.11 import java.security.Provider;
40.12 @@ -102,8 +100,7 @@
40.13 private final CertificateFactory factory;
40.14
40.15 // cached Collection of X509Certificates (may be empty, never null)
40.16 - private Collection<X509Certificate> certs =
40.17 - Collections.<X509Certificate>emptySet();
40.18 + private Collection<X509Certificate> certs = Collections.emptySet();
40.19
40.20 // cached X509CRL (may be null)
40.21 private X509CRL crl;
40.22 @@ -120,36 +117,11 @@
40.23
40.24 // true if URI is ldap
40.25 private boolean ldap = false;
40.26 + private CertStoreHelper ldapHelper;
40.27 private CertStore ldapCertStore;
40.28 private String ldapPath;
40.29
40.30 /**
40.31 - * Holder class to lazily load LDAPCertStoreHelper if present.
40.32 - */
40.33 - private static class LDAP {
40.34 - private static final String CERT_STORE_HELPER =
40.35 - "sun.security.provider.certpath.ldap.LDAPCertStoreHelper";
40.36 - private static final CertStoreHelper helper =
40.37 - AccessController.doPrivileged(
40.38 - new PrivilegedAction<CertStoreHelper>() {
40.39 - public CertStoreHelper run() {
40.40 - try {
40.41 - Class<?> c = Class.forName(CERT_STORE_HELPER, true, null);
40.42 - return (CertStoreHelper)c.newInstance();
40.43 - } catch (ClassNotFoundException cnf) {
40.44 - return null;
40.45 - } catch (InstantiationException e) {
40.46 - throw new AssertionError(e);
40.47 - } catch (IllegalAccessException e) {
40.48 - throw new AssertionError(e);
40.49 - }
40.50 - }});
40.51 - static CertStoreHelper helper() {
40.52 - return helper;
40.53 - }
40.54 - }
40.55 -
40.56 - /**
40.57 * Creates a URICertStore.
40.58 *
40.59 * @param parameters specifying the URI
40.60 @@ -164,10 +136,9 @@
40.61 this.uri = ((URICertStoreParameters) params).uri;
40.62 // if ldap URI, use an LDAPCertStore to fetch certs and CRLs
40.63 if (uri.getScheme().toLowerCase(Locale.ENGLISH).equals("ldap")) {
40.64 - if (LDAP.helper() == null)
40.65 - throw new NoSuchAlgorithmException("LDAP not present");
40.66 ldap = true;
40.67 - ldapCertStore = LDAP.helper().getCertStore(uri);
40.68 + ldapHelper = CertStoreHelper.getInstance("LDAP");
40.69 + ldapCertStore = ldapHelper.getCertStore(uri);
40.70 ldapPath = uri.getPath();
40.71 // strip off leading '/'
40.72 if (ldapPath.charAt(0) == '/') {
40.73 @@ -185,14 +156,14 @@
40.74 * Returns a URI CertStore. This method consults a cache of
40.75 * CertStores (shared per JVM) using the URI as a key.
40.76 */
40.77 - private static final Cache certStoreCache =
40.78 - Cache.newSoftMemoryCache(CACHE_SIZE);
40.79 + private static final Cache<URICertStoreParameters, CertStore>
40.80 + certStoreCache = Cache.newSoftMemoryCache(CACHE_SIZE);
40.81 static synchronized CertStore getInstance(URICertStoreParameters params)
40.82 throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
40.83 if (debug != null) {
40.84 debug.println("CertStore URI:" + params.uri);
40.85 }
40.86 - CertStore ucs = (CertStore) certStoreCache.get(params);
40.87 + CertStore ucs = certStoreCache.get(params);
40.88 if (ucs == null) {
40.89 ucs = new UCS(new URICertStore(params), null, "URI", params);
40.90 certStoreCache.put(params, ucs);
40.91 @@ -251,7 +222,7 @@
40.92 if (ldap) {
40.93 X509CertSelector xsel = (X509CertSelector) selector;
40.94 try {
40.95 - xsel = LDAP.helper().wrap(xsel, xsel.getSubject(), ldapPath);
40.96 + xsel = ldapHelper.wrap(xsel, xsel.getSubject(), ldapPath);
40.97 } catch (IOException ioe) {
40.98 throw new CertStoreException(ioe);
40.99 }
40.100 @@ -273,62 +244,49 @@
40.101 return getMatchingCerts(certs, selector);
40.102 }
40.103 lastChecked = time;
40.104 - InputStream in = null;
40.105 try {
40.106 URLConnection connection = uri.toURL().openConnection();
40.107 if (lastModified != 0) {
40.108 connection.setIfModifiedSince(lastModified);
40.109 }
40.110 - in = connection.getInputStream();
40.111 long oldLastModified = lastModified;
40.112 - lastModified = connection.getLastModified();
40.113 - if (oldLastModified != 0) {
40.114 - if (oldLastModified == lastModified) {
40.115 - if (debug != null) {
40.116 - debug.println("Not modified, using cached copy");
40.117 - }
40.118 - return getMatchingCerts(certs, selector);
40.119 - } else if (connection instanceof HttpURLConnection) {
40.120 - // some proxy servers omit last modified
40.121 - HttpURLConnection hconn = (HttpURLConnection) connection;
40.122 - if (hconn.getResponseCode()
40.123 - == HttpURLConnection.HTTP_NOT_MODIFIED) {
40.124 + try (InputStream in = connection.getInputStream()) {
40.125 + lastModified = connection.getLastModified();
40.126 + if (oldLastModified != 0) {
40.127 + if (oldLastModified == lastModified) {
40.128 if (debug != null) {
40.129 debug.println("Not modified, using cached copy");
40.130 }
40.131 return getMatchingCerts(certs, selector);
40.132 + } else if (connection instanceof HttpURLConnection) {
40.133 + // some proxy servers omit last modified
40.134 + HttpURLConnection hconn = (HttpURLConnection)connection;
40.135 + if (hconn.getResponseCode()
40.136 + == HttpURLConnection.HTTP_NOT_MODIFIED) {
40.137 + if (debug != null) {
40.138 + debug.println("Not modified, using cached copy");
40.139 + }
40.140 + return getMatchingCerts(certs, selector);
40.141 + }
40.142 }
40.143 }
40.144 + if (debug != null) {
40.145 + debug.println("Downloading new certificates...");
40.146 + }
40.147 + // Safe cast since factory is an X.509 certificate factory
40.148 + certs = (Collection<X509Certificate>)
40.149 + factory.generateCertificates(in);
40.150 }
40.151 - if (debug != null) {
40.152 - debug.println("Downloading new certificates...");
40.153 - }
40.154 - // Safe cast since factory is an X.509 certificate factory
40.155 - certs = (Collection<X509Certificate>)
40.156 - factory.generateCertificates(in);
40.157 return getMatchingCerts(certs, selector);
40.158 - } catch (IOException e) {
40.159 + } catch (IOException | CertificateException e) {
40.160 if (debug != null) {
40.161 debug.println("Exception fetching certificates:");
40.162 e.printStackTrace();
40.163 }
40.164 - } catch (CertificateException e) {
40.165 - if (debug != null) {
40.166 - debug.println("Exception fetching certificates:");
40.167 - e.printStackTrace();
40.168 - }
40.169 - } finally {
40.170 - if (in != null) {
40.171 - try {
40.172 - in.close();
40.173 - } catch (IOException e) {
40.174 - // ignore
40.175 - }
40.176 - }
40.177 }
40.178 // exception, forget previous values
40.179 lastModified = 0;
40.180 - certs = Collections.<X509Certificate>emptySet();
40.181 + certs = Collections.emptySet();
40.182 return certs;
40.183 }
40.184
40.185 @@ -343,8 +301,7 @@
40.186 if (selector == null) {
40.187 return certs;
40.188 }
40.189 - List<X509Certificate> matchedCerts =
40.190 - new ArrayList<X509Certificate>(certs.size());
40.191 + List<X509Certificate> matchedCerts = new ArrayList<>(certs.size());
40.192 for (X509Certificate cert : certs) {
40.193 if (selector.match(cert)) {
40.194 matchedCerts.add(cert);
40.195 @@ -374,7 +331,7 @@
40.196 if (ldap) {
40.197 X509CRLSelector xsel = (X509CRLSelector) selector;
40.198 try {
40.199 - xsel = LDAP.helper().wrap(xsel, null, ldapPath);
40.200 + xsel = ldapHelper.wrap(xsel, null, ldapPath);
40.201 } catch (IOException ioe) {
40.202 throw new CertStoreException(ioe);
40.203 }
40.204 @@ -395,61 +352,48 @@
40.205 return getMatchingCRLs(crl, selector);
40.206 }
40.207 lastChecked = time;
40.208 - InputStream in = null;
40.209 try {
40.210 URLConnection connection = uri.toURL().openConnection();
40.211 if (lastModified != 0) {
40.212 connection.setIfModifiedSince(lastModified);
40.213 }
40.214 - in = connection.getInputStream();
40.215 long oldLastModified = lastModified;
40.216 - lastModified = connection.getLastModified();
40.217 - if (oldLastModified != 0) {
40.218 - if (oldLastModified == lastModified) {
40.219 - if (debug != null) {
40.220 - debug.println("Not modified, using cached copy");
40.221 - }
40.222 - return getMatchingCRLs(crl, selector);
40.223 - } else if (connection instanceof HttpURLConnection) {
40.224 - // some proxy servers omit last modified
40.225 - HttpURLConnection hconn = (HttpURLConnection) connection;
40.226 - if (hconn.getResponseCode()
40.227 - == HttpURLConnection.HTTP_NOT_MODIFIED) {
40.228 + try (InputStream in = connection.getInputStream()) {
40.229 + lastModified = connection.getLastModified();
40.230 + if (oldLastModified != 0) {
40.231 + if (oldLastModified == lastModified) {
40.232 if (debug != null) {
40.233 debug.println("Not modified, using cached copy");
40.234 }
40.235 return getMatchingCRLs(crl, selector);
40.236 + } else if (connection instanceof HttpURLConnection) {
40.237 + // some proxy servers omit last modified
40.238 + HttpURLConnection hconn = (HttpURLConnection)connection;
40.239 + if (hconn.getResponseCode()
40.240 + == HttpURLConnection.HTTP_NOT_MODIFIED) {
40.241 + if (debug != null) {
40.242 + debug.println("Not modified, using cached copy");
40.243 + }
40.244 + return getMatchingCRLs(crl, selector);
40.245 + }
40.246 }
40.247 }
40.248 + if (debug != null) {
40.249 + debug.println("Downloading new CRL...");
40.250 + }
40.251 + crl = (X509CRL) factory.generateCRL(in);
40.252 }
40.253 - if (debug != null) {
40.254 - debug.println("Downloading new CRL...");
40.255 - }
40.256 - crl = (X509CRL) factory.generateCRL(in);
40.257 return getMatchingCRLs(crl, selector);
40.258 - } catch (IOException e) {
40.259 + } catch (IOException | CRLException e) {
40.260 if (debug != null) {
40.261 debug.println("Exception fetching CRL:");
40.262 e.printStackTrace();
40.263 }
40.264 - } catch (CRLException e) {
40.265 - if (debug != null) {
40.266 - debug.println("Exception fetching CRL:");
40.267 - e.printStackTrace();
40.268 - }
40.269 - } finally {
40.270 - if (in != null) {
40.271 - try {
40.272 - in.close();
40.273 - } catch (IOException e) {
40.274 - // ignore
40.275 - }
40.276 - }
40.277 }
40.278 // exception, forget previous values
40.279 lastModified = 0;
40.280 crl = null;
40.281 - return Collections.<X509CRL>emptyList();
40.282 + return Collections.emptyList();
40.283 }
40.284
40.285 /**
40.286 @@ -459,9 +403,9 @@
40.287 private static Collection<X509CRL> getMatchingCRLs
40.288 (X509CRL crl, CRLSelector selector) {
40.289 if (selector == null || (crl != null && selector.match(crl))) {
40.290 - return Collections.<X509CRL>singletonList(crl);
40.291 + return Collections.singletonList(crl);
40.292 } else {
40.293 - return Collections.<X509CRL>emptyList();
40.294 + return Collections.emptyList();
40.295 }
40.296 }
40.297
41.1 --- a/src/share/classes/sun/security/provider/certpath/X509CertificatePair.java Thu Oct 27 13:54:42 2011 -0700
41.2 +++ b/src/share/classes/sun/security/provider/certpath/X509CertificatePair.java Fri Oct 28 17:49:02 2011 -0700
41.3 @@ -1,5 +1,5 @@
41.4 /*
41.5 - * Copyright (c) 2000, 2002, Oracle and/or its affiliates. All rights reserved.
41.6 + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
41.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
41.8 *
41.9 * This code is free software; you can redistribute it and/or modify it
41.10 @@ -79,7 +79,8 @@
41.11 private X509Certificate reverse;
41.12 private byte[] encoded;
41.13
41.14 - private static final Cache cache = Cache.newSoftMemoryCache(750);
41.15 + private static final Cache<Object, X509CertificatePair> cache
41.16 + = Cache.newSoftMemoryCache(750);
41.17
41.18 /**
41.19 * Creates an empty instance of X509CertificatePair.
41.20 @@ -114,7 +115,7 @@
41.21 *
41.22 * For internal use only, external code should use generateCertificatePair.
41.23 */
41.24 - private X509CertificatePair(byte[] encoded)throws CertificateException {
41.25 + private X509CertificatePair(byte[] encoded) throws CertificateException {
41.26 try {
41.27 parse(new DerValue(encoded));
41.28 this.encoded = encoded;
41.29 @@ -138,7 +139,7 @@
41.30 public static synchronized X509CertificatePair generateCertificatePair
41.31 (byte[] encoded) throws CertificateException {
41.32 Object key = new Cache.EqualByteArray(encoded);
41.33 - X509CertificatePair pair = (X509CertificatePair)cache.get(key);
41.34 + X509CertificatePair pair = cache.get(key);
41.35 if (pair != null) {
41.36 return pair;
41.37 }
42.1 --- a/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Thu Oct 27 13:54:42 2011 -0700
42.2 +++ b/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java Fri Oct 28 17:49:02 2011 -0700
42.3 @@ -1,5 +1,5 @@
42.4 /*
42.5 - * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
42.6 + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
42.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
42.8 *
42.9 * This code is free software; you can redistribute it and/or modify it
42.10 @@ -103,7 +103,7 @@
42.11 * @author Steve Hanna
42.12 * @author Andreas Sterbenz
42.13 */
42.14 -public class LDAPCertStore extends CertStoreSpi {
42.15 +public final class LDAPCertStore extends CertStoreSpi {
42.16
42.17 private static final Debug debug = Debug.getInstance("certpath");
42.18
42.19 @@ -160,7 +160,7 @@
42.20 */
42.21 private boolean prefetchCRLs = false;
42.22
42.23 - private final Cache valueCache;
42.24 + private final Cache<String, byte[][]> valueCache;
42.25
42.26 private int cacheHits = 0;
42.27 private int cacheMisses = 0;
42.28 @@ -207,10 +207,11 @@
42.29 * Returns an LDAP CertStore. This method consults a cache of
42.30 * CertStores (shared per JVM) using the LDAP server/port as a key.
42.31 */
42.32 - private static final Cache certStoreCache = Cache.newSoftMemoryCache(185);
42.33 + private static final Cache<LDAPCertStoreParameters, CertStore>
42.34 + certStoreCache = Cache.newSoftMemoryCache(185);
42.35 static synchronized CertStore getInstance(LDAPCertStoreParameters params)
42.36 throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
42.37 - CertStore lcs = (CertStore) certStoreCache.get(params);
42.38 + CertStore lcs = certStoreCache.get(params);
42.39 if (lcs == null) {
42.40 lcs = CertStore.getInstance("LDAP", params);
42.41 certStoreCache.put(params, lcs);
42.42 @@ -232,7 +233,7 @@
42.43 private void createInitialDirContext(String server, int port)
42.44 throws InvalidAlgorithmParameterException {
42.45 String url = "ldap://" + server + ":" + port;
42.46 - Hashtable<String,Object> env = new Hashtable<String,Object>();
42.47 + Hashtable<String,Object> env = new Hashtable<>();
42.48 env.put(Context.INITIAL_CONTEXT_FACTORY,
42.49 "com.sun.jndi.ldap.LdapCtxFactory");
42.50 env.put(Context.PROVIDER_URL, url);
42.51 @@ -283,7 +284,7 @@
42.52
42.53 LDAPRequest(String name) {
42.54 this.name = name;
42.55 - requestedAttributes = new ArrayList<String>(5);
42.56 + requestedAttributes = new ArrayList<>(5);
42.57 }
42.58
42.59 String getName() {
42.60 @@ -311,7 +312,7 @@
42.61 + cacheMisses);
42.62 }
42.63 String cacheKey = name + "|" + attrId;
42.64 - byte[][] values = (byte[][])valueCache.get(cacheKey);
42.65 + byte[][] values = valueCache.get(cacheKey);
42.66 if (values != null) {
42.67 cacheHits++;
42.68 return values;
42.69 @@ -347,7 +348,7 @@
42.70 System.out.println("LDAP requests: " + requests);
42.71 }
42.72 }
42.73 - valueMap = new HashMap<String, byte[][]>(8);
42.74 + valueMap = new HashMap<>(8);
42.75 String[] attrIds = requestedAttributes.toArray(STRING0);
42.76 Attributes attrs;
42.77 try {
42.78 @@ -429,10 +430,10 @@
42.79
42.80 int n = encodedCert.length;
42.81 if (n == 0) {
42.82 - return Collections.<X509Certificate>emptySet();
42.83 + return Collections.emptySet();
42.84 }
42.85
42.86 - List<X509Certificate> certs = new ArrayList<X509Certificate>(n);
42.87 + List<X509Certificate> certs = new ArrayList<>(n);
42.88 /* decode certs and check if they satisfy selector */
42.89 for (int i = 0; i < n; i++) {
42.90 ByteArrayInputStream bais = new ByteArrayInputStream(encodedCert[i]);
42.91 @@ -477,11 +478,10 @@
42.92
42.93 int n = encodedCertPair.length;
42.94 if (n == 0) {
42.95 - return Collections.<X509CertificatePair>emptySet();
42.96 + return Collections.emptySet();
42.97 }
42.98
42.99 - List<X509CertificatePair> certPairs =
42.100 - new ArrayList<X509CertificatePair>(n);
42.101 + List<X509CertificatePair> certPairs = new ArrayList<>(n);
42.102 /* decode each cert pair and add it to the Collection */
42.103 for (int i = 0; i < n; i++) {
42.104 try {
42.105 @@ -528,8 +528,7 @@
42.106 getCertPairs(request, CROSS_CERT);
42.107
42.108 // Find Certificates that match and put them in a list
42.109 - ArrayList<X509Certificate> matchingCerts =
42.110 - new ArrayList<X509Certificate>();
42.111 + ArrayList<X509Certificate> matchingCerts = new ArrayList<>();
42.112 for (X509CertificatePair certPair : certPairs) {
42.113 X509Certificate cert;
42.114 if (forward != null) {
42.115 @@ -587,7 +586,7 @@
42.116 int basicConstraints = xsel.getBasicConstraints();
42.117 String subject = xsel.getSubjectAsString();
42.118 String issuer = xsel.getIssuerAsString();
42.119 - HashSet<X509Certificate> certs = new HashSet<X509Certificate>();
42.120 + HashSet<X509Certificate> certs = new HashSet<>();
42.121 if (debug != null) {
42.122 debug.println("LDAPCertStore.engineGetCertificates() basicConstraints: "
42.123 + basicConstraints);
42.124 @@ -706,10 +705,10 @@
42.125
42.126 int n = encodedCRL.length;
42.127 if (n == 0) {
42.128 - return Collections.<X509CRL>emptySet();
42.129 + return Collections.emptySet();
42.130 }
42.131
42.132 - List<X509CRL> crls = new ArrayList<X509CRL>(n);
42.133 + List<X509CRL> crls = new ArrayList<>(n);
42.134 /* decode each crl and check if it matches selector */
42.135 for (int i = 0; i < n; i++) {
42.136 try {
42.137 @@ -765,13 +764,13 @@
42.138 throw new CertStoreException("need X509CRLSelector to find CRLs");
42.139 }
42.140 X509CRLSelector xsel = (X509CRLSelector) selector;
42.141 - HashSet<X509CRL> crls = new HashSet<X509CRL>();
42.142 + HashSet<X509CRL> crls = new HashSet<>();
42.143
42.144 // Look in directory entry for issuer of cert we're checking.
42.145 Collection<Object> issuerNames;
42.146 X509Certificate certChecking = xsel.getCertificateChecking();
42.147 if (certChecking != null) {
42.148 - issuerNames = new HashSet<Object>();
42.149 + issuerNames = new HashSet<>();
42.150 X500Principal issuer = certChecking.getIssuerX500Principal();
42.151 issuerNames.add(issuer.getName(X500Principal.RFC2253));
42.152 } else {
42.153 @@ -796,7 +795,7 @@
42.154 issuerName = (String)nameObject;
42.155 }
42.156 // If all we want is CA certs, try to get the (probably shorter) ARL
42.157 - Collection<X509CRL> entryCRLs = Collections.<X509CRL>emptySet();
42.158 + Collection<X509CRL> entryCRLs = Collections.emptySet();
42.159 if (certChecking == null || certChecking.getBasicConstraints() != -1) {
42.160 LDAPRequest request = new LDAPRequest(issuerName);
42.161 request.addRequestedAttribute(CROSS_CERT);
42.162 @@ -1028,9 +1027,9 @@
42.163 throws IOException {
42.164 this.selector = selector == null ? new X509CRLSelector() : selector;
42.165 this.certIssuers = certIssuers;
42.166 - issuerNames = new HashSet<Object>();
42.167 + issuerNames = new HashSet<>();
42.168 issuerNames.add(ldapDN);
42.169 - issuers = new HashSet<X500Principal>();
42.170 + issuers = new HashSet<>();
42.171 issuers.add(new X500Name(ldapDN).asX500Principal());
42.172 }
42.173 // we only override the get (accessor methods) since the set methods
43.1 --- a/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java Thu Oct 27 13:54:42 2011 -0700
43.2 +++ b/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java Fri Oct 28 17:49:02 2011 -0700
43.3 @@ -1,5 +1,5 @@
43.4 /*
43.5 - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
43.6 + * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
43.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
43.8 *
43.9 * This code is free software; you can redistribute it and/or modify it
43.10 @@ -41,11 +41,9 @@
43.11 * LDAP implementation of CertStoreHelper.
43.12 */
43.13
43.14 -public class LDAPCertStoreHelper
43.15 - implements CertStoreHelper
43.16 +public final class LDAPCertStoreHelper
43.17 + extends CertStoreHelper
43.18 {
43.19 - public LDAPCertStoreHelper() { }
43.20 -
43.21 @Override
43.22 public CertStore getCertStore(URI uri)
43.23 throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
44.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
44.2 +++ b/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStore.java Fri Oct 28 17:49:02 2011 -0700
44.3 @@ -0,0 +1,153 @@
44.4 +/*
44.5 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
44.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44.7 + *
44.8 + * This code is free software; you can redistribute it and/or modify it
44.9 + * under the terms of the GNU General Public License version 2 only, as
44.10 + * published by the Free Software Foundation. Oracle designates this
44.11 + * particular file as subject to the "Classpath" exception as provided
44.12 + * by Oracle in the LICENSE file that accompanied this code.
44.13 + *
44.14 + * This code is distributed in the hope that it will be useful, but WITHOUT
44.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
44.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
44.17 + * version 2 for more details (a copy is included in the LICENSE file that
44.18 + * accompanied this code).
44.19 + *
44.20 + * You should have received a copy of the GNU General Public License version
44.21 + * 2 along with this work; if not, write to the Free Software Foundation,
44.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
44.23 + *
44.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
44.25 + * or visit www.oracle.com if you need additional information or have any
44.26 + * questions.
44.27 + */
44.28 +
44.29 +package sun.security.provider.certpath.ssl;
44.30 +
44.31 +import java.io.IOException;
44.32 +import java.net.URI;
44.33 +import java.util.ArrayList;
44.34 +import java.util.Arrays;
44.35 +import java.util.Collection;
44.36 +import java.util.Collections;
44.37 +import java.util.List;
44.38 +import java.security.GeneralSecurityException;
44.39 +import java.security.InvalidAlgorithmParameterException;
44.40 +import java.security.Provider;
44.41 +import java.security.cert.CertificateException;
44.42 +import java.security.cert.CertSelector;
44.43 +import java.security.cert.CertStore;
44.44 +import java.security.cert.CertStoreException;
44.45 +import java.security.cert.CertStoreParameters;
44.46 +import java.security.cert.CertStoreSpi;
44.47 +import java.security.cert.CRLSelector;
44.48 +import java.security.cert.X509Certificate;
44.49 +import java.security.cert.X509CRL;
44.50 +import javax.net.ssl.HostnameVerifier;
44.51 +import javax.net.ssl.HttpsURLConnection;
44.52 +import javax.net.ssl.SSLContext;
44.53 +import javax.net.ssl.SSLSession;
44.54 +import javax.net.ssl.TrustManager;
44.55 +import javax.net.ssl.X509TrustManager;
44.56 +
44.57 +/**
44.58 + * A CertStore that retrieves an SSL server's certificate chain.
44.59 + */
44.60 +public final class SSLServerCertStore extends CertStoreSpi {
44.61 +
44.62 + private final URI uri;
44.63 +
44.64 + SSLServerCertStore(URI uri) throws InvalidAlgorithmParameterException {
44.65 + super(null);
44.66 + this.uri = uri;
44.67 + }
44.68 +
44.69 + public synchronized Collection<X509Certificate> engineGetCertificates
44.70 + (CertSelector selector) throws CertStoreException
44.71 + {
44.72 + try {
44.73 + SSLContext sc = SSLContext.getInstance("SSL");
44.74 + GetChainTrustManager xtm = new GetChainTrustManager();
44.75 + sc.init(null, new TrustManager[] { xtm }, null);
44.76 + HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
44.77 + HttpsURLConnection.setDefaultHostnameVerifier(
44.78 + new HostnameVerifier() {
44.79 + public boolean verify(String hostname, SSLSession session) {
44.80 + return true;
44.81 + }
44.82 + });
44.83 + uri.toURL().openConnection().connect();
44.84 + return getMatchingCerts(xtm.serverChain, selector);
44.85 + } catch (GeneralSecurityException | IOException e) {
44.86 + throw new CertStoreException(e);
44.87 + }
44.88 + }
44.89 +
44.90 + private static List<X509Certificate> getMatchingCerts
44.91 + (List<X509Certificate> certs, CertSelector selector)
44.92 + {
44.93 + // if selector not specified, all certs match
44.94 + if (selector == null) {
44.95 + return certs;
44.96 + }
44.97 + List<X509Certificate> matchedCerts = new ArrayList<>(certs.size());
44.98 + for (X509Certificate cert : certs) {
44.99 + if (selector.match(cert)) {
44.100 + matchedCerts.add(cert);
44.101 + }
44.102 + }
44.103 + return matchedCerts;
44.104 + }
44.105 +
44.106 + public Collection<X509CRL> engineGetCRLs(CRLSelector selector)
44.107 + throws CertStoreException
44.108 + {
44.109 + throw new UnsupportedOperationException();
44.110 + }
44.111 +
44.112 + static synchronized CertStore getInstance(URI uri)
44.113 + throws InvalidAlgorithmParameterException
44.114 + {
44.115 + return new CS(new SSLServerCertStore(uri), null, "SSLServer", null);
44.116 + }
44.117 +
44.118 + /*
44.119 + * An X509TrustManager that simply stores a reference to the server's
44.120 + * certificate chain.
44.121 + */
44.122 + private static class GetChainTrustManager implements X509TrustManager {
44.123 + private List<X509Certificate> serverChain;
44.124 +
44.125 + public X509Certificate[] getAcceptedIssuers() {
44.126 + throw new UnsupportedOperationException();
44.127 + }
44.128 +
44.129 + public void checkClientTrusted(X509Certificate[] chain,
44.130 + String authType)
44.131 + throws CertificateException
44.132 + {
44.133 + throw new UnsupportedOperationException();
44.134 + }
44.135 +
44.136 + public void checkServerTrusted(X509Certificate[] chain,
44.137 + String authType)
44.138 + throws CertificateException
44.139 + {
44.140 + this.serverChain = (chain == null)
44.141 + ? Collections.<X509Certificate>emptyList()
44.142 + : Arrays.asList(chain);
44.143 + }
44.144 + }
44.145 +
44.146 + /**
44.147 + * This class allows the SSLServerCertStore to be accessed as a CertStore.
44.148 + */
44.149 + private static class CS extends CertStore {
44.150 + protected CS(CertStoreSpi spi, Provider p, String type,
44.151 + CertStoreParameters params)
44.152 + {
44.153 + super(spi, p, type, params);
44.154 + }
44.155 + }
44.156 +}
45.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
45.2 +++ b/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java Fri Oct 28 17:49:02 2011 -0700
45.3 @@ -0,0 +1,69 @@
45.4 +/*
45.5 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
45.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
45.7 + *
45.8 + * This code is free software; you can redistribute it and/or modify it
45.9 + * under the terms of the GNU General Public License version 2 only, as
45.10 + * published by the Free Software Foundation. Oracle designates this
45.11 + * particular file as subject to the "Classpath" exception as provided
45.12 + * by Oracle in the LICENSE file that accompanied this code.
45.13 + *
45.14 + * This code is distributed in the hope that it will be useful, but WITHOUT
45.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
45.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
45.17 + * version 2 for more details (a copy is included in the LICENSE file that
45.18 + * accompanied this code).
45.19 + *
45.20 + * You should have received a copy of the GNU General Public License version
45.21 + * 2 along with this work; if not, write to the Free Software Foundation,
45.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
45.23 + *
45.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
45.25 + * or visit www.oracle.com if you need additional information or have any
45.26 + * questions.
45.27 + */
45.28 +
45.29 +package sun.security.provider.certpath.ssl;
45.30 +
45.31 +import java.net.URI;
45.32 +import java.util.Collection;
45.33 +import java.security.NoSuchAlgorithmException;
45.34 +import java.security.InvalidAlgorithmParameterException;
45.35 +import java.security.cert.CertStore;
45.36 +import java.security.cert.X509CertSelector;
45.37 +import java.security.cert.X509CRLSelector;
45.38 +import javax.security.auth.x500.X500Principal;
45.39 +import java.io.IOException;
45.40 +
45.41 +import sun.security.provider.certpath.CertStoreHelper;
45.42 +
45.43 +/**
45.44 + * SSL implementation of CertStoreHelper.
45.45 + */
45.46 +public final class SSLServerCertStoreHelper extends CertStoreHelper {
45.47 +
45.48 + @Override
45.49 + public CertStore getCertStore(URI uri)
45.50 + throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
45.51 + {
45.52 + return SSLServerCertStore.getInstance(uri);
45.53 + }
45.54 +
45.55 + @Override
45.56 + public X509CertSelector wrap(X509CertSelector selector,
45.57 + X500Principal certSubject,
45.58 + String ldapDN)
45.59 + throws IOException
45.60 + {
45.61 + throw new UnsupportedOperationException();
45.62 + }
45.63 +
45.64 + @Override
45.65 + public X509CRLSelector wrap(X509CRLSelector selector,
45.66 + Collection<X500Principal> certIssuers,
45.67 + String ldapDN)
45.68 + throws IOException
45.69 + {
45.70 + throw new UnsupportedOperationException();
45.71 + }
45.72 +}
46.1 --- a/src/share/classes/sun/security/ssl/CipherBox.java Thu Oct 27 13:54:42 2011 -0700
46.2 +++ b/src/share/classes/sun/security/ssl/CipherBox.java Fri Oct 28 17:49:02 2011 -0700
46.3 @@ -1,5 +1,5 @@
46.4 /*
46.5 - * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
46.6 + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
46.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
46.8 *
46.9 * This code is free software; you can redistribute it and/or modify it
46.10 @@ -305,9 +305,11 @@
46.11 byte[] buf = null;
46.12 int limit = bb.limit();
46.13 if (bb.hasArray()) {
46.14 + int arrayOffset = bb.arrayOffset();
46.15 buf = bb.array();
46.16 - System.arraycopy(buf, pos,
46.17 - buf, pos + prefix.length, limit - pos);
46.18 + System.arraycopy(buf, arrayOffset + pos,
46.19 + buf, arrayOffset + pos + prefix.length,
46.20 + limit - pos);
46.21 bb.limit(limit + prefix.length);
46.22 } else {
46.23 buf = new byte[limit - pos];
46.24 @@ -491,9 +493,10 @@
46.25 byte[] buf = null;
46.26 int limit = bb.limit();
46.27 if (bb.hasArray()) {
46.28 + int arrayOffset = bb.arrayOffset();
46.29 buf = bb.array();
46.30 - System.arraycopy(buf, pos + blockSize,
46.31 - buf, pos, limit - pos - blockSize);
46.32 + System.arraycopy(buf, arrayOffset + pos + blockSize,
46.33 + buf, arrayOffset + pos, limit - pos - blockSize);
46.34 bb.limit(limit - blockSize);
46.35 } else {
46.36 buf = new byte[limit - pos - blockSize];
47.1 --- a/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java Thu Oct 27 13:54:42 2011 -0700
47.2 +++ b/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java Fri Oct 28 17:49:02 2011 -0700
47.3 @@ -1,5 +1,5 @@
47.4 /*
47.5 - * Copyright (c) 1999, 2009, Oracle and/or its affiliates. All rights reserved.
47.6 + * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
47.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
47.8 *
47.9 * This code is free software; you can redistribute it and/or modify it
47.10 @@ -43,11 +43,14 @@
47.11 import javax.net.ssl.SSLSession;
47.12
47.13 import sun.security.util.Cache;
47.14 +import sun.security.util.Cache.CacheVisitor;
47.15
47.16
47.17 final class SSLSessionContextImpl implements SSLSessionContext {
47.18 - private Cache sessionCache; // session cache, session id as key
47.19 - private Cache sessionHostPortCache; // session cache, "host:port" as key
47.20 + private Cache<SessionId, SSLSessionImpl> sessionCache;
47.21 + // session cache, session id as key
47.22 + private Cache<String, SSLSessionImpl> sessionHostPortCache;
47.23 + // session cache, "host:port" as key
47.24 private int cacheLimit; // the max cache size
47.25 private int timeout; // timeout in seconds
47.26
47.27 @@ -71,8 +74,7 @@
47.28 throw new NullPointerException("session id cannot be null");
47.29 }
47.30
47.31 - SSLSessionImpl sess =
47.32 - (SSLSessionImpl)sessionCache.get(new SessionId(sessionId));
47.33 + SSLSessionImpl sess = sessionCache.get(new SessionId(sessionId));
47.34 if (!isTimedout(sess)) {
47.35 return sess;
47.36 }
47.37 @@ -157,8 +159,7 @@
47.38 return null;
47.39 }
47.40
47.41 - SSLSessionImpl sess =
47.42 - (SSLSessionImpl)sessionHostPortCache.get(getKey(hostname, port));
47.43 + SSLSessionImpl sess = sessionHostPortCache.get(getKey(hostname, port));
47.44 if (!isTimedout(sess)) {
47.45 return sess;
47.46 }
47.47 @@ -193,7 +194,7 @@
47.48
47.49 // package-private method, remove a cached SSLSession
47.50 void remove(SessionId key) {
47.51 - SSLSessionImpl s = (SSLSessionImpl)sessionCache.get(key);
47.52 + SSLSessionImpl s = sessionCache.get(key);
47.53 if (s != null) {
47.54 sessionCache.remove(key);
47.55 sessionHostPortCache.remove(
47.56 @@ -233,17 +234,17 @@
47.57 }
47.58
47.59 final class SessionCacheVisitor
47.60 - implements sun.security.util.Cache.CacheVisitor {
47.61 + implements Cache.CacheVisitor<SessionId, SSLSessionImpl> {
47.62 Vector<byte[]> ids = null;
47.63
47.64 - // public void visit(java.util.Map<Object, Object> map) {}
47.65 - public void visit(java.util.Map<Object, Object> map) {
47.66 - ids = new Vector<byte[]>(map.size());
47.67 + // public void visit(java.util.Map<K,V> map) {}
47.68 + public void visit(java.util.Map<SessionId, SSLSessionImpl> map) {
47.69 + ids = new Vector<>(map.size());
47.70
47.71 - for (Object key : map.keySet()) {
47.72 - SSLSessionImpl value = (SSLSessionImpl)map.get(key);
47.73 + for (SessionId key : map.keySet()) {
47.74 + SSLSessionImpl value = map.get(key);
47.75 if (!isTimedout(value)) {
47.76 - ids.addElement(((SessionId)key).getId());
47.77 + ids.addElement(key.getId());
47.78 }
47.79 }
47.80 }
48.1 --- a/src/share/classes/sun/security/timestamp/HttpTimestamper.java Thu Oct 27 13:54:42 2011 -0700
48.2 +++ b/src/share/classes/sun/security/timestamp/HttpTimestamper.java Fri Oct 28 17:49:02 2011 -0700
48.3 @@ -28,13 +28,13 @@
48.4 import java.io.BufferedInputStream;
48.5 import java.io.DataOutputStream;
48.6 import java.io.IOException;
48.7 +import java.net.URI;
48.8 import java.net.URL;
48.9 import java.net.HttpURLConnection;
48.10 -import java.util.List;
48.11 -import java.util.Map;
48.12 -import java.util.Set;
48.13 +import java.util.*;
48.14
48.15 import sun.misc.IOUtils;
48.16 +import sun.security.util.Debug;
48.17
48.18 /**
48.19 * A timestamper that communicates with a Timestamping Authority (TSA)
48.20 @@ -58,20 +58,23 @@
48.21 private static final String TS_REPLY_MIME_TYPE =
48.22 "application/timestamp-reply";
48.23
48.24 - private static final boolean DEBUG = false;
48.25 + private static final Debug debug = Debug.getInstance("ts");
48.26
48.27 /*
48.28 - * HTTP URL identifying the location of the TSA
48.29 + * HTTP URI identifying the location of the TSA
48.30 */
48.31 - private String tsaUrl = null;
48.32 + private URI tsaURI = null;
48.33
48.34 /**
48.35 * Creates a timestamper that connects to the specified TSA.
48.36 *
48.37 - * @param tsa The location of the TSA. It must be an HTTP URL.
48.38 + * @param tsa The location of the TSA. It must be an HTTP URI.
48.39 + * @throws IllegalArgumentException if tsaURI is not an HTTP URI
48.40 */
48.41 - public HttpTimestamper(String tsaUrl) {
48.42 - this.tsaUrl = tsaUrl;
48.43 + public HttpTimestamper(URI tsaURI) {
48.44 + if (!tsaURI.getScheme().equalsIgnoreCase("http"))
48.45 + throw new IllegalArgumentException("TSA must be an HTTP URI");
48.46 + this.tsaURI = tsaURI;
48.47 }
48.48
48.49 /**
48.50 @@ -85,7 +88,7 @@
48.51 public TSResponse generateTimestamp(TSRequest tsQuery) throws IOException {
48.52
48.53 HttpURLConnection connection =
48.54 - (HttpURLConnection) new URL(tsaUrl).openConnection();
48.55 + (HttpURLConnection) tsaURI.toURL().openConnection();
48.56 connection.setDoOutput(true);
48.57 connection.setUseCaches(false); // ignore cache
48.58 connection.setRequestProperty("Content-Type", TS_QUERY_MIME_TYPE);
48.59 @@ -93,15 +96,15 @@
48.60 // Avoids the "hang" when a proxy is required but none has been set.
48.61 connection.setConnectTimeout(CONNECT_TIMEOUT);
48.62
48.63 - if (DEBUG) {
48.64 + if (debug != null) {
48.65 Set<Map.Entry<String, List<String>>> headers =
48.66 - connection.getRequestProperties().entrySet();
48.67 - System.out.println(connection.getRequestMethod() + " " + tsaUrl +
48.68 + connection.getRequestProperties().entrySet();
48.69 + debug.println(connection.getRequestMethod() + " " + tsaURI +
48.70 " HTTP/1.1");
48.71 - for (Map.Entry<String, List<String>> entry : headers) {
48.72 - System.out.println(" " + entry);
48.73 + for (Map.Entry<String, List<String>> e : headers) {
48.74 + debug.println(" " + e);
48.75 }
48.76 - System.out.println();
48.77 + debug.println();
48.78 }
48.79 connection.connect(); // No HTTP authentication is performed
48.80
48.81 @@ -112,8 +115,8 @@
48.82 byte[] request = tsQuery.encode();
48.83 output.write(request, 0, request.length);
48.84 output.flush();
48.85 - if (DEBUG) {
48.86 - System.out.println("sent timestamp query (length=" +
48.87 + if (debug != null) {
48.88 + debug.println("sent timestamp query (length=" +
48.89 request.length + ")");
48.90 }
48.91 } finally {
48.92 @@ -127,17 +130,17 @@
48.93 byte[] replyBuffer = null;
48.94 try {
48.95 input = new BufferedInputStream(connection.getInputStream());
48.96 - if (DEBUG) {
48.97 + if (debug != null) {
48.98 String header = connection.getHeaderField(0);
48.99 - System.out.println(header);
48.100 + debug.println(header);
48.101 int i = 1;
48.102 while ((header = connection.getHeaderField(i)) != null) {
48.103 String key = connection.getHeaderFieldKey(i);
48.104 - System.out.println(" " + ((key==null) ? "" : key + ": ") +
48.105 + debug.println(" " + ((key==null) ? "" : key + ": ") +
48.106 header);
48.107 i++;
48.108 }
48.109 - System.out.println();
48.110 + debug.println();
48.111 }
48.112 verifyMimeType(connection.getContentType());
48.113
48.114 @@ -145,8 +148,8 @@
48.115 int contentLength = connection.getContentLength();
48.116 replyBuffer = IOUtils.readFully(input, contentLength, false);
48.117
48.118 - if (DEBUG) {
48.119 - System.out.println("received timestamp response (length=" +
48.120 + if (debug != null) {
48.121 + debug.println("received timestamp response (length=" +
48.122 total + ")");
48.123 }
48.124 } finally {
49.1 --- a/src/share/classes/sun/security/timestamp/TSRequest.java Thu Oct 27 13:54:42 2011 -0700
49.2 +++ b/src/share/classes/sun/security/timestamp/TSRequest.java Fri Oct 28 17:49:02 2011 -0700
49.3 @@ -1,5 +1,5 @@
49.4 /*
49.5 - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
49.6 + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
49.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
49.8 *
49.9 * This code is free software; you can redistribute it and/or modify it
49.10 @@ -27,10 +27,13 @@
49.11
49.12 import java.io.IOException;
49.13 import java.math.BigInteger;
49.14 +import java.security.MessageDigest;
49.15 +import java.security.NoSuchAlgorithmException;
49.16 import java.security.cert.X509Extension;
49.17 import sun.security.util.DerValue;
49.18 import sun.security.util.DerOutputStream;
49.19 import sun.security.util.ObjectIdentifier;
49.20 +import sun.security.x509.AlgorithmId;
49.21
49.22 /**
49.23 * This class provides a timestamp request, as defined in
49.24 @@ -64,24 +67,9 @@
49.25
49.26 public class TSRequest {
49.27
49.28 - private static final ObjectIdentifier SHA1_OID;
49.29 - private static final ObjectIdentifier MD5_OID;
49.30 - static {
49.31 - ObjectIdentifier sha1 = null;
49.32 - ObjectIdentifier md5 = null;
49.33 - try {
49.34 - sha1 = new ObjectIdentifier("1.3.14.3.2.26");
49.35 - md5 = new ObjectIdentifier("1.2.840.113549.2.5");
49.36 - } catch (IOException ioe) {
49.37 - // should not happen
49.38 - }
49.39 - SHA1_OID = sha1;
49.40 - MD5_OID = md5;
49.41 - }
49.42 -
49.43 private int version = 1;
49.44
49.45 - private ObjectIdentifier hashAlgorithmId = null;
49.46 + private AlgorithmId hashAlgorithmId = null;
49.47
49.48 private byte[] hashValue;
49.49
49.50 @@ -94,30 +82,21 @@
49.51 private X509Extension[] extensions = null;
49.52
49.53 /**
49.54 - * Constructs a timestamp request for the supplied hash value..
49.55 + * Constructs a timestamp request for the supplied data.
49.56 *
49.57 - * @param hashValue The hash value. This is the data to be timestamped.
49.58 - * @param hashAlgorithm The name of the hash algorithm.
49.59 + * @param toBeTimeStamped The data to be timestamped.
49.60 + * @param messageDigest The MessageDigest of the hash algorithm to use.
49.61 + * @throws NoSuchAlgorithmException if the hash algorithm is not supported
49.62 */
49.63 - public TSRequest(byte[] hashValue, String hashAlgorithm) {
49.64 + public TSRequest(byte[] toBeTimeStamped, MessageDigest messageDigest)
49.65 + throws NoSuchAlgorithmException {
49.66
49.67 - // Check the common hash algorithms
49.68 - if ("MD5".equalsIgnoreCase(hashAlgorithm)) {
49.69 - hashAlgorithmId = MD5_OID;
49.70 - // Check that the hash value matches the hash algorithm
49.71 - assert hashValue.length == 16;
49.72 + this.hashAlgorithmId = AlgorithmId.get(messageDigest.getAlgorithm());
49.73 + this.hashValue = messageDigest.digest(toBeTimeStamped);
49.74 + }
49.75
49.76 - } else if ("SHA-1".equalsIgnoreCase(hashAlgorithm) ||
49.77 - "SHA".equalsIgnoreCase(hashAlgorithm) ||
49.78 - "SHA1".equalsIgnoreCase(hashAlgorithm)) {
49.79 - hashAlgorithmId = SHA1_OID;
49.80 - // Check that the hash value matches the hash algorithm
49.81 - assert hashValue.length == 20;
49.82 -
49.83 - }
49.84 - // Clone the hash value
49.85 - this.hashValue = new byte[hashValue.length];
49.86 - System.arraycopy(hashValue, 0, this.hashValue, 0, hashValue.length);
49.87 + public byte[] getHashedMessage() {
49.88 + return hashValue.clone();
49.89 }
49.90
49.91 /**
49.92 @@ -176,9 +155,7 @@
49.93
49.94 // encode messageImprint
49.95 DerOutputStream messageImprint = new DerOutputStream();
49.96 - DerOutputStream hashAlgorithm = new DerOutputStream();
49.97 - hashAlgorithm.putOID(hashAlgorithmId);
49.98 - messageImprint.write(DerValue.tag_Sequence, hashAlgorithm);
49.99 + hashAlgorithmId.encode(messageImprint);
49.100 messageImprint.putOctetString(hashValue);
49.101 request.write(DerValue.tag_Sequence, messageImprint);
49.102
50.1 --- a/src/share/classes/sun/security/timestamp/TSResponse.java Thu Oct 27 13:54:42 2011 -0700
50.2 +++ b/src/share/classes/sun/security/timestamp/TSResponse.java Fri Oct 28 17:49:02 2011 -0700
50.3 @@ -27,6 +27,7 @@
50.4
50.5 import java.io.IOException;
50.6 import sun.security.pkcs.PKCS7;
50.7 +import sun.security.util.Debug;
50.8 import sun.security.util.DerValue;
50.9
50.10 /**
50.11 @@ -175,18 +176,20 @@
50.12 */
50.13 public static final int SYSTEM_FAILURE = 25;
50.14
50.15 - private static final boolean DEBUG = false;
50.16 + private static final Debug debug = Debug.getInstance("ts");
50.17
50.18 private int status;
50.19
50.20 private String[] statusString = null;
50.21
50.22 - private int failureInfo = -1;
50.23 + private boolean[] failureInfo = null;
50.24
50.25 private byte[] encodedTsToken = null;
50.26
50.27 private PKCS7 tsToken = null;
50.28
50.29 + private TimestampToken tstInfo;
50.30 +
50.31 /**
50.32 * Constructs an object to store the response to a timestamp request.
50.33 *
50.34 @@ -215,11 +218,11 @@
50.35 }
50.36
50.37 /**
50.38 - * Retrieve the failure code returned by the TSA.
50.39 + * Retrieve the failure info returned by the TSA.
50.40 *
50.41 - * @return If -1 then no failure code was received.
50.42 + * @return the failure info, or null if no failure code was received.
50.43 */
50.44 - public int getFailureCode() {
50.45 + public boolean[] getFailureInfo() {
50.46 return failureInfo;
50.47 }
50.48
50.49 @@ -250,42 +253,38 @@
50.50 }
50.51 }
50.52
50.53 + private boolean isSet(int position) {
50.54 + return failureInfo[position];
50.55 + }
50.56 +
50.57 public String getFailureCodeAsText() {
50.58
50.59 - if (failureInfo == -1) {
50.60 - return null;
50.61 + if (failureInfo == null) {
50.62 + return "";
50.63 }
50.64
50.65 - switch (failureInfo) {
50.66 + try {
50.67 + if (isSet(BAD_ALG))
50.68 + return "Unrecognized or unsupported algorithm identifier.";
50.69 + if (isSet(BAD_REQUEST))
50.70 + return "The requested transaction is not permitted or " +
50.71 + "supported.";
50.72 + if (isSet(BAD_DATA_FORMAT))
50.73 + return "The data submitted has the wrong format.";
50.74 + if (isSet(TIME_NOT_AVAILABLE))
50.75 + return "The TSA's time source is not available.";
50.76 + if (isSet(UNACCEPTED_POLICY))
50.77 + return "The requested TSA policy is not supported by the TSA.";
50.78 + if (isSet(UNACCEPTED_EXTENSION))
50.79 + return "The requested extension is not supported by the TSA.";
50.80 + if (isSet(ADD_INFO_NOT_AVAILABLE))
50.81 + return "The additional information requested could not be " +
50.82 + "understood or is not available.";
50.83 + if (isSet(SYSTEM_FAILURE))
50.84 + return "The request cannot be handled due to system failure.";
50.85 + } catch (ArrayIndexOutOfBoundsException ex) {}
50.86
50.87 - case BAD_ALG:
50.88 - return "Unrecognized or unsupported alrorithm identifier.";
50.89 -
50.90 - case BAD_REQUEST:
50.91 - return "The requested transaction is not permitted or supported.";
50.92 -
50.93 - case BAD_DATA_FORMAT:
50.94 - return "The data submitted has the wrong format.";
50.95 -
50.96 - case TIME_NOT_AVAILABLE:
50.97 - return "The TSA's time source is not available.";
50.98 -
50.99 - case UNACCEPTED_POLICY:
50.100 - return "The requested TSA policy is not supported by the TSA.";
50.101 -
50.102 - case UNACCEPTED_EXTENSION:
50.103 - return "The requested extension is not supported by the TSA.";
50.104 -
50.105 - case ADD_INFO_NOT_AVAILABLE:
50.106 - return "The additional information requested could not be " +
50.107 - "understood or is not available.";
50.108 -
50.109 - case SYSTEM_FAILURE:
50.110 - return "The request cannot be handled due to system failure.";
50.111 -
50.112 - default:
50.113 - return ("unknown status code " + status);
50.114 - }
50.115 + return ("unknown failure code");
50.116 }
50.117
50.118 /**
50.119 @@ -297,6 +296,10 @@
50.120 return tsToken;
50.121 }
50.122
50.123 + public TimestampToken getTimestampToken() {
50.124 + return tstInfo;
50.125 + }
50.126 +
50.127 /**
50.128 * Retrieve the ASN.1 BER encoded timestamp token returned by the TSA.
50.129 *
50.130 @@ -323,29 +326,30 @@
50.131
50.132 // Parse status
50.133
50.134 - DerValue status = derValue.data.getDerValue();
50.135 - // Parse status
50.136 - this.status = status.data.getInteger();
50.137 - if (DEBUG) {
50.138 - System.out.println("timestamp response: status=" + this.status);
50.139 + DerValue statusInfo = derValue.data.getDerValue();
50.140 + this.status = statusInfo.data.getInteger();
50.141 + if (debug != null) {
50.142 + debug.println("timestamp response: status=" + this.status);
50.143 }
50.144 // Parse statusString, if present
50.145 - if (status.data.available() > 0) {
50.146 - DerValue[] strings = status.data.getSequence(1);
50.147 - statusString = new String[strings.length];
50.148 - for (int i = 0; i < strings.length; i++) {
50.149 - statusString[i] = strings[i].data.getUTF8String();
50.150 + if (statusInfo.data.available() > 0) {
50.151 + byte tag = (byte)statusInfo.data.peekByte();
50.152 + if (tag == DerValue.tag_SequenceOf) {
50.153 + DerValue[] strings = statusInfo.data.getSequence(1);
50.154 + statusString = new String[strings.length];
50.155 + for (int i = 0; i < strings.length; i++) {
50.156 + statusString[i] = strings[i].getUTF8String();
50.157 + if (debug != null) {
50.158 + debug.println("timestamp response: statusString=" +
50.159 + statusString[i]);
50.160 + }
50.161 + }
50.162 }
50.163 }
50.164 // Parse failInfo, if present
50.165 - if (status.data.available() > 0) {
50.166 - byte[] failInfo = status.data.getBitString();
50.167 - int failureInfo = (new Byte(failInfo[0])).intValue();
50.168 - if (failureInfo < 0 || failureInfo > 25 || failInfo.length != 1) {
50.169 - throw new IOException("Bad encoding for timestamp response: " +
50.170 - "unrecognized value for the failInfo element");
50.171 - }
50.172 - this.failureInfo = failureInfo;
50.173 + if (statusInfo.data.available() > 0) {
50.174 + this.failureInfo
50.175 + = statusInfo.data.getUnalignedBitString().toBooleanArray();
50.176 }
50.177
50.178 // Parse timeStampToken, if present
50.179 @@ -353,6 +357,7 @@
50.180 DerValue timestampToken = derValue.data.getDerValue();
50.181 encodedTsToken = timestampToken.toByteArray();
50.182 tsToken = new PKCS7(encodedTsToken);
50.183 + tstInfo = new TimestampToken(tsToken.getContentInfo().getData());
50.184 }
50.185
50.186 // Check the format of the timestamp response
51.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
51.2 +++ b/src/share/classes/sun/security/tools/CertAndKeyGen.java Fri Oct 28 17:49:02 2011 -0700
51.3 @@ -0,0 +1,313 @@
51.4 +/*
51.5 + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
51.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
51.7 + *
51.8 + * This code is free software; you can redistribute it and/or modify it
51.9 + * under the terms of the GNU General Public License version 2 only, as
51.10 + * published by the Free Software Foundation. Oracle designates this
51.11 + * particular file as subject to the "Classpath" exception as provided
51.12 + * by Oracle in the LICENSE file that accompanied this code.
51.13 + *
51.14 + * This code is distributed in the hope that it will be useful, but WITHOUT
51.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
51.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
51.17 + * version 2 for more details (a copy is included in the LICENSE file that
51.18 + * accompanied this code).
51.19 + *
51.20 + * You should have received a copy of the GNU General Public License version
51.21 + * 2 along with this work; if not, write to the Free Software Foundation,
51.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
51.23 + *
51.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
51.25 + * or visit www.oracle.com if you need additional information or have any
51.26 + * questions.
51.27 + */
51.28 +
51.29 +package sun.security.tools;
51.30 +
51.31 +import java.io.IOException;
51.32 +import java.security.cert.X509Certificate;
51.33 +import java.security.cert.CertificateException;
51.34 +import java.security.cert.CertificateEncodingException;
51.35 +import java.security.*;
51.36 +import java.util.Date;
51.37 +
51.38 +import sun.security.pkcs10.PKCS10;
51.39 +import sun.security.x509.AlgorithmId;
51.40 +import sun.security.x509.CertificateAlgorithmId;
51.41 +import sun.security.x509.CertificateIssuerName;
51.42 +import sun.security.x509.CertificateSerialNumber;
51.43 +import sun.security.x509.CertificateSubjectName;
51.44 +import sun.security.x509.CertificateValidity;
51.45 +import sun.security.x509.CertificateVersion;
51.46 +import sun.security.x509.CertificateX509Key;
51.47 +import sun.security.x509.X500Name;
51.48 +import sun.security.x509.X509CertImpl;
51.49 +import sun.security.x509.X509CertInfo;
51.50 +import sun.security.x509.X509Key;
51.51 +
51.52 +
51.53 +/**
51.54 + * Generate a pair of keys, and provide access to them. This class is
51.55 + * provided primarily for ease of use.
51.56 + *
51.57 + * <P>This provides some simple certificate management functionality.
51.58 + * Specifically, it allows you to create self-signed X.509 certificates
51.59 + * as well as PKCS 10 based certificate signing requests.
51.60 + *
51.61 + * <P>Keys for some public key signature algorithms have algorithm
51.62 + * parameters, such as DSS/DSA. Some sites' Certificate Authorities
51.63 + * adopt fixed algorithm parameters, which speeds up some operations
51.64 + * including key generation and signing. <em>At this time, this interface
51.65 + * does not provide a way to provide such algorithm parameters, e.g.
51.66 + * by providing the CA certificate which includes those parameters.</em>
51.67 + *
51.68 + * <P>Also, note that at this time only signature-capable keys may be
51.69 + * acquired through this interface. Diffie-Hellman keys, used for secure
51.70 + * key exchange, may be supported later.
51.71 + *
51.72 + * @author David Brownell
51.73 + * @author Hemma Prafullchandra
51.74 + * @see PKCS10
51.75 + * @see X509CertImpl
51.76 + */
51.77 +public final class CertAndKeyGen {
51.78 + /**
51.79 + * Creates a CertAndKeyGen object for a particular key type
51.80 + * and signature algorithm.
51.81 + *
51.82 + * @param keyType type of key, e.g. "RSA", "DSA"
51.83 + * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA",
51.84 + * "MD2WithRSA", "SHAwithDSA".
51.85 + * @exception NoSuchAlgorithmException on unrecognized algorithms.
51.86 + */
51.87 + public CertAndKeyGen (String keyType, String sigAlg)
51.88 + throws NoSuchAlgorithmException
51.89 + {
51.90 + keyGen = KeyPairGenerator.getInstance(keyType);
51.91 + this.sigAlg = sigAlg;
51.92 + }
51.93 +
51.94 + /**
51.95 + * Creates a CertAndKeyGen object for a particular key type,
51.96 + * signature algorithm, and provider.
51.97 + *
51.98 + * @param keyType type of key, e.g. "RSA", "DSA"
51.99 + * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA",
51.100 + * "MD2WithRSA", "SHAwithDSA".
51.101 + * @param providerName name of the provider
51.102 + * @exception NoSuchAlgorithmException on unrecognized algorithms.
51.103 + * @exception NoSuchProviderException on unrecognized providers.
51.104 + */
51.105 + public CertAndKeyGen (String keyType, String sigAlg, String providerName)
51.106 + throws NoSuchAlgorithmException, NoSuchProviderException
51.107 + {
51.108 + if (providerName == null) {
51.109 + keyGen = KeyPairGenerator.getInstance(keyType);
51.110 + } else {
51.111 + try {
51.112 + keyGen = KeyPairGenerator.getInstance(keyType, providerName);
51.113 + } catch (Exception e) {
51.114 + // try first available provider instead
51.115 + keyGen = KeyPairGenerator.getInstance(keyType);
51.116 + }
51.117 + }
51.118 + this.sigAlg = sigAlg;
51.119 + }
51.120 +
51.121 + /**
51.122 + * Sets the source of random numbers used when generating keys.
51.123 + * If you do not provide one, a system default facility is used.
51.124 + * You may wish to provide your own source of random numbers
51.125 + * to get a reproducible sequence of keys and signatures, or
51.126 + * because you may be able to take advantage of strong sources
51.127 + * of randomness/entropy in your environment.
51.128 + */
51.129 + public void setRandom (SecureRandom generator)
51.130 + {
51.131 + prng = generator;
51.132 + }
51.133 +
51.134 + // want "public void generate (X509Certificate)" ... inherit DSA/D-H param
51.135 +
51.136 + /**
51.137 + * Generates a random public/private key pair, with a given key
51.138 + * size. Different algorithms provide different degrees of security
51.139 + * for the same key size, because of the "work factor" involved in
51.140 + * brute force attacks. As computers become faster, it becomes
51.141 + * easier to perform such attacks. Small keys are to be avoided.
51.142 + *
51.143 + * <P>Note that not all values of "keyBits" are valid for all
51.144 + * algorithms, and not all public key algorithms are currently
51.145 + * supported for use in X.509 certificates. If the algorithm
51.146 + * you specified does not produce X.509 compatible keys, an
51.147 + * invalid key exception is thrown.
51.148 + *
51.149 + * @param keyBits the number of bits in the keys.
51.150 + * @exception InvalidKeyException if the environment does not
51.151 + * provide X.509 public keys for this signature algorithm.
51.152 + */
51.153 + public void generate (int keyBits)
51.154 + throws InvalidKeyException
51.155 + {
51.156 + KeyPair pair;
51.157 +
51.158 + try {
51.159 + if (prng == null) {
51.160 + prng = new SecureRandom();
51.161 + }
51.162 + keyGen.initialize(keyBits, prng);
51.163 + pair = keyGen.generateKeyPair();
51.164 +
51.165 + } catch (Exception e) {
51.166 + throw new IllegalArgumentException(e.getMessage());
51.167 + }
51.168 +
51.169 + publicKey = pair.getPublic();
51.170 + privateKey = pair.getPrivate();
51.171 + }
51.172 +
51.173 +
51.174 + /**
51.175 + * Returns the public key of the generated key pair if it is of type
51.176 + * <code>X509Key</code>, or null if the public key is of a different type.
51.177 + *
51.178 + * XXX Note: This behaviour is needed for backwards compatibility.
51.179 + * What this method really should return is the public key of the
51.180 + * generated key pair, regardless of whether or not it is an instance of
51.181 + * <code>X509Key</code>. Accordingly, the return type of this method
51.182 + * should be <code>PublicKey</code>.
51.183 + */
51.184 + public X509Key getPublicKey()
51.185 + {
51.186 + if (!(publicKey instanceof X509Key)) {
51.187 + return null;
51.188 + }
51.189 + return (X509Key)publicKey;
51.190 + }
51.191 +
51.192 +
51.193 + /**
51.194 + * Returns the private key of the generated key pair.
51.195 + *
51.196 + * <P><STRONG><em>Be extremely careful when handling private keys.
51.197 + * When private keys are not kept secret, they lose their ability
51.198 + * to securely authenticate specific entities ... that is a huge
51.199 + * security risk!</em></STRONG>
51.200 + */
51.201 + public PrivateKey getPrivateKey ()
51.202 + {
51.203 + return privateKey;
51.204 + }
51.205 +
51.206 +
51.207 + /**
51.208 + * Returns a self-signed X.509v3 certificate for the public key.
51.209 + * The certificate is immediately valid. No extensions.
51.210 + *
51.211 + * <P>Such certificates normally are used to identify a "Certificate
51.212 + * Authority" (CA). Accordingly, they will not always be accepted by
51.213 + * other parties. However, such certificates are also useful when
51.214 + * you are bootstrapping your security infrastructure, or deploying
51.215 + * system prototypes.
51.216 + *
51.217 + * @param myname X.500 name of the subject (who is also the issuer)
51.218 + * @param firstDate the issue time of the certificate
51.219 + * @param validity how long the certificate should be valid, in seconds
51.220 + * @exception CertificateException on certificate handling errors.
51.221 + * @exception InvalidKeyException on key handling errors.
51.222 + * @exception SignatureException on signature handling errors.
51.223 + * @exception NoSuchAlgorithmException on unrecognized algorithms.
51.224 + * @exception NoSuchProviderException on unrecognized providers.
51.225 + */
51.226 + public X509Certificate getSelfCertificate (
51.227 + X500Name myname, Date firstDate, long validity)
51.228 + throws CertificateException, InvalidKeyException, SignatureException,
51.229 + NoSuchAlgorithmException, NoSuchProviderException
51.230 + {
51.231 + X509CertImpl cert;
51.232 + Date lastDate;
51.233 +
51.234 + try {
51.235 + lastDate = new Date ();
51.236 + lastDate.setTime (firstDate.getTime () + validity * 1000);
51.237 +
51.238 + CertificateValidity interval =
51.239 + new CertificateValidity(firstDate,lastDate);
51.240 +
51.241 + X509CertInfo info = new X509CertInfo();
51.242 + // Add all mandatory attributes
51.243 + info.set(X509CertInfo.VERSION,
51.244 + new CertificateVersion(CertificateVersion.V3));
51.245 + info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
51.246 + new java.util.Random().nextInt() & 0x7fffffff));
51.247 + AlgorithmId algID = AlgorithmId.get(sigAlg);
51.248 + info.set(X509CertInfo.ALGORITHM_ID,
51.249 + new CertificateAlgorithmId(algID));
51.250 + info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname));
51.251 + info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
51.252 + info.set(X509CertInfo.VALIDITY, interval);
51.253 + info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
51.254 +
51.255 + cert = new X509CertImpl(info);
51.256 + cert.sign(privateKey, this.sigAlg);
51.257 +
51.258 + return (X509Certificate)cert;
51.259 +
51.260 + } catch (IOException e) {
51.261 + throw new CertificateEncodingException("getSelfCert: " +
51.262 + e.getMessage());
51.263 + }
51.264 + }
51.265 +
51.266 + // Keep the old method
51.267 + public X509Certificate getSelfCertificate (X500Name myname, long validity)
51.268 + throws CertificateException, InvalidKeyException, SignatureException,
51.269 + NoSuchAlgorithmException, NoSuchProviderException
51.270 + {
51.271 + return getSelfCertificate(myname, new Date(), validity);
51.272 + }
51.273 +
51.274 + /**
51.275 + * Returns a PKCS #10 certificate request. The caller uses either
51.276 + * <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code>
51.277 + * operations on the result, to get the request in an appropriate
51.278 + * transmission format.
51.279 + *
51.280 + * <P>PKCS #10 certificate requests are sent, along with some proof
51.281 + * of identity, to Certificate Authorities (CAs) which then issue
51.282 + * X.509 public key certificates.
51.283 + *
51.284 + * @param myname X.500 name of the subject
51.285 + * @exception InvalidKeyException on key handling errors.
51.286 + * @exception SignatureException on signature handling errors.
51.287 + */
51.288 + public PKCS10 getCertRequest (X500Name myname)
51.289 + throws InvalidKeyException, SignatureException
51.290 + {
51.291 + PKCS10 req = new PKCS10 (publicKey);
51.292 +
51.293 + try {
51.294 + Signature signature = Signature.getInstance(sigAlg);
51.295 + signature.initSign (privateKey);
51.296 + req.encodeAndSign(myname, signature);
51.297 +
51.298 + } catch (CertificateException e) {
51.299 + throw new SignatureException (sigAlg + " CertificateException");
51.300 +
51.301 + } catch (IOException e) {
51.302 + throw new SignatureException (sigAlg + " IOException");
51.303 +
51.304 + } catch (NoSuchAlgorithmException e) {
51.305 + // "can't happen"
51.306 + throw new SignatureException (sigAlg + " unavailable?");
51.307 + }
51.308 + return req;
51.309 + }
51.310 +
51.311 + private SecureRandom prng;
51.312 + private String sigAlg;
51.313 + private KeyPairGenerator keyGen;
51.314 + private PublicKey publicKey;
51.315 + private PrivateKey privateKey;
51.316 +}
52.1 --- a/src/share/classes/sun/security/tools/JarSigner.java Thu Oct 27 13:54:42 2011 -0700
52.2 +++ b/src/share/classes/sun/security/tools/JarSigner.java Fri Oct 28 17:49:02 2011 -0700
52.3 @@ -1277,11 +1277,10 @@
52.4 System.out.println(rb.getString("TSA.location.") + tsaUrl);
52.5 }
52.6 if (tsaCert != null) {
52.7 - String certUrl =
52.8 - TimestampedSigner.getTimestampingUrl(tsaCert);
52.9 - if (certUrl != null) {
52.10 + URI tsaURI = TimestampedSigner.getTimestampingURI(tsaCert);
52.11 + if (tsaURI != null) {
52.12 System.out.println(rb.getString("TSA.location.") +
52.13 - certUrl);
52.14 + tsaURI);
52.15 }
52.16 System.out.println(rb.getString("TSA.certificate.") +
52.17 printCert("", tsaCert, false, 0, false));
53.1 --- a/src/share/classes/sun/security/tools/KeyTool.java Thu Oct 27 13:54:42 2011 -0700
53.2 +++ b/src/share/classes/sun/security/tools/KeyTool.java Fri Oct 28 17:49:02 2011 -0700
53.3 @@ -38,10 +38,12 @@
53.4 import java.security.Timestamp;
53.5 import java.security.UnrecoverableEntryException;
53.6 import java.security.UnrecoverableKeyException;
53.7 +import java.security.NoSuchAlgorithmException;
53.8 import java.security.Principal;
53.9 import java.security.Provider;
53.10 import java.security.cert.Certificate;
53.11 import java.security.cert.CertificateFactory;
53.12 +import java.security.cert.CertStoreException;
53.13 import java.security.cert.CRL;
53.14 import java.security.cert.X509Certificate;
53.15 import java.security.cert.CertificateException;
53.16 @@ -63,23 +65,16 @@
53.17 import javax.security.auth.x500.X500Principal;
53.18 import sun.misc.BASE64Encoder;
53.19 import sun.security.util.ObjectIdentifier;
53.20 -import sun.security.pkcs.PKCS10;
53.21 +import sun.security.pkcs10.PKCS10;
53.22 +import sun.security.pkcs10.PKCS10Attribute;
53.23 import sun.security.provider.X509Factory;
53.24 +import sun.security.provider.certpath.CertStoreHelper;
53.25 import sun.security.util.Password;
53.26 -import sun.security.util.PathList;
53.27 import javax.crypto.KeyGenerator;
53.28 import javax.crypto.SecretKey;
53.29
53.30 -import javax.net.ssl.HostnameVerifier;
53.31 -import javax.net.ssl.HttpsURLConnection;
53.32 -import javax.net.ssl.SSLContext;
53.33 -import javax.net.ssl.SSLSession;
53.34 -import javax.net.ssl.TrustManager;
53.35 -import javax.net.ssl.X509TrustManager;
53.36 import sun.misc.BASE64Decoder;
53.37 -import sun.security.pkcs.PKCS10Attribute;
53.38 import sun.security.pkcs.PKCS9Attribute;
53.39 -import sun.security.provider.certpath.ldap.LDAPCertStoreHelper;
53.40 import sun.security.util.DerValue;
53.41 import sun.security.x509.*;
53.42
53.43 @@ -917,18 +912,13 @@
53.44
53.45 // Perform the specified command
53.46 if (command == CERTREQ) {
53.47 - PrintStream ps = null;
53.48 if (filename != null) {
53.49 - ps = new PrintStream(new FileOutputStream
53.50 - (filename));
53.51 - out = ps;
53.52 - }
53.53 - try {
53.54 + try (PrintStream ps = new PrintStream(new FileOutputStream
53.55 + (filename))) {
53.56 + doCertReq(alias, sigAlgName, ps);
53.57 + }
53.58 + } else {
53.59 doCertReq(alias, sigAlgName, out);
53.60 - } finally {
53.61 - if (ps != null) {
53.62 - ps.close();
53.63 - }
53.64 }
53.65 if (verbose && filename != null) {
53.66 MessageFormat form = new MessageFormat(rb.getString
53.67 @@ -941,18 +931,13 @@
53.68 doDeleteEntry(alias);
53.69 kssave = true;
53.70 } else if (command == EXPORTCERT) {
53.71 - PrintStream ps = null;
53.72 if (filename != null) {
53.73 - ps = new PrintStream(new FileOutputStream
53.74 - (filename));
53.75 - out = ps;
53.76 - }
53.77 - try {
53.78 + try (PrintStream ps = new PrintStream(new FileOutputStream
53.79 + (filename))) {
53.80 + doExportCert(alias, ps);
53.81 + }
53.82 + } else {
53.83 doExportCert(alias, out);
53.84 - } finally {
53.85 - if (ps != null) {
53.86 - ps.close();
53.87 - }
53.88 }
53.89 if (filename != null) {
53.90 MessageFormat form = new MessageFormat(rb.getString
53.91 @@ -973,16 +958,12 @@
53.92 doGenSecretKey(alias, keyAlgName, keysize);
53.93 kssave = true;
53.94 } else if (command == IDENTITYDB) {
53.95 - InputStream inStream = System.in;
53.96 if (filename != null) {
53.97 - inStream = new FileInputStream(filename);
53.98 - }
53.99 - try {
53.100 - doImportIdentityDatabase(inStream);
53.101 - } finally {
53.102 - if (inStream != System.in) {
53.103 - inStream.close();
53.104 + try (InputStream inStream = new FileInputStream(filename)) {
53.105 + doImportIdentityDatabase(inStream);
53.106 }
53.107 + } else {
53.108 + doImportIdentityDatabase(System.in);
53.109 }
53.110 } else if (command == IMPORTCERT) {
53.111 InputStream inStream = System.in;
53.112 @@ -1101,29 +1082,21 @@
53.113 if (alias == null) {
53.114 alias = keyAlias;
53.115 }
53.116 - PrintStream ps = null;
53.117 if (filename != null) {
53.118 - ps = new PrintStream(new FileOutputStream(filename));
53.119 - out = ps;
53.120 - }
53.121 - try {
53.122 + try (PrintStream ps =
53.123 + new PrintStream(new FileOutputStream(filename))) {
53.124 + doGenCRL(ps);
53.125 + }
53.126 + } else {
53.127 doGenCRL(out);
53.128 - } finally {
53.129 - if (ps != null) {
53.130 - ps.close();
53.131 - }
53.132 }
53.133 } else if (command == PRINTCERTREQ) {
53.134 - InputStream inStream = System.in;
53.135 if (filename != null) {
53.136 - inStream = new FileInputStream(filename);
53.137 - }
53.138 - try {
53.139 - doPrintCertReq(inStream, out);
53.140 - } finally {
53.141 - if (inStream != System.in) {
53.142 - inStream.close();
53.143 + try (InputStream inStream = new FileInputStream(filename)) {
53.144 + doPrintCertReq(inStream, out);
53.145 }
53.146 + } else {
53.147 + doPrintCertReq(System.in, out);
53.148 }
53.149 } else if (command == PRINTCRL) {
53.150 doPrintCRL(filename, out);
53.151 @@ -2070,12 +2043,13 @@
53.152 }
53.153 }
53.154 } else { // must be LDAP, and uri is not null
53.155 + // Lazily load LDAPCertStoreHelper if present
53.156 + CertStoreHelper helper = CertStoreHelper.getInstance("LDAP");
53.157 String path = uri.getPath();
53.158 if (path.charAt(0) == '/') path = path.substring(1);
53.159 - LDAPCertStoreHelper h = new LDAPCertStoreHelper();
53.160 - CertStore s = h.getCertStore(uri);
53.161 + CertStore s = helper.getCertStore(uri);
53.162 X509CRLSelector sel =
53.163 - h.wrap(new X509CRLSelector(), null, path);
53.164 + helper.wrap(new X509CRLSelector(), null, path);
53.165 return s.getCRLs(sel);
53.166 }
53.167 }
53.168 @@ -2259,18 +2233,12 @@
53.169 int pos = 0;
53.170 while (entries.hasMoreElements()) {
53.171 JarEntry je = entries.nextElement();
53.172 - InputStream is = null;
53.173 - try {
53.174 - is = jf.getInputStream(je);
53.175 + try (InputStream is = jf.getInputStream(je)) {
53.176 while (is.read(buffer) != -1) {
53.177 // we just read. this will throw a SecurityException
53.178 // if a signature/digest check fails. This also
53.179 // populate the signers
53.180 }
53.181 - } finally {
53.182 - if (is != null) {
53.183 - is.close();
53.184 - }
53.185 }
53.186 CodeSigner[] signers = je.getCodeSigners();
53.187 if (signers != null) {
53.188 @@ -2316,85 +2284,52 @@
53.189 out.println(rb.getString("Not.a.signed.jar.file"));
53.190 }
53.191 } else if (sslserver != null) {
53.192 - SSLContext sc = SSLContext.getInstance("SSL");
53.193 - final boolean[] certPrinted = new boolean[1];
53.194 - sc.init(null, new TrustManager[] {
53.195 - new X509TrustManager() {
53.196 -
53.197 - public java.security.cert.X509Certificate[] getAcceptedIssuers() {
53.198 - return null;
53.199 + // Lazily load SSLCertStoreHelper if present
53.200 + CertStoreHelper helper = CertStoreHelper.getInstance("SSLServer");
53.201 + CertStore cs = helper.getCertStore(new URI("https://" + sslserver));
53.202 + Collection<? extends Certificate> chain;
53.203 + try {
53.204 + chain = cs.getCertificates(null);
53.205 + if (chain.isEmpty()) {
53.206 + // If the certs are not retrieved, we consider it an error
53.207 + // even if the URL connection is successful.
53.208 + throw new Exception(rb.getString(
53.209 + "No.certificate.from.the.SSL.server"));
53.210 + }
53.211 + } catch (CertStoreException cse) {
53.212 + if (cse.getCause() instanceof IOException) {
53.213 + throw new Exception(rb.getString(
53.214 + "No.certificate.from.the.SSL.server"),
53.215 + cse.getCause());
53.216 + } else {
53.217 + throw cse;
53.218 + }
53.219 + }
53.220 +
53.221 + int i = 0;
53.222 + for (Certificate cert : chain) {
53.223 + try {
53.224 + if (rfc) {
53.225 + dumpCert(cert, out);
53.226 + } else {
53.227 + out.println("Certificate #" + i++);
53.228 + out.println("====================================");
53.229 + printX509Cert((X509Certificate)cert, out);
53.230 + out.println();
53.231 }
53.232 -
53.233 - public void checkClientTrusted(
53.234 - java.security.cert.X509Certificate[] certs, String authType) {
53.235 - }
53.236 -
53.237 - public void checkServerTrusted(
53.238 - java.security.cert.X509Certificate[] certs, String authType) {
53.239 - for (int i=0; i<certs.length; i++) {
53.240 - X509Certificate cert = certs[i];
53.241 - try {
53.242 - if (rfc) {
53.243 - dumpCert(cert, out);
53.244 - } else {
53.245 - out.println("Certificate #" + i);
53.246 - out.println("====================================");
53.247 - printX509Cert(cert, out);
53.248 - out.println();
53.249 - }
53.250 - } catch (Exception e) {
53.251 - if (debug) {
53.252 - e.printStackTrace();
53.253 - }
53.254 - }
53.255 - }
53.256 -
53.257 - // Set to true where there's something to print
53.258 - if (certs.length > 0) {
53.259 - certPrinted[0] = true;
53.260 - }
53.261 + } catch (Exception e) {
53.262 + if (debug) {
53.263 + e.printStackTrace();
53.264 }
53.265 }
53.266 - }, null);
53.267 - HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
53.268 - HttpsURLConnection.setDefaultHostnameVerifier(
53.269 - new HostnameVerifier() {
53.270 - public boolean verify(String hostname, SSLSession session) {
53.271 - return true;
53.272 - }
53.273 - });
53.274 - // HTTPS instead of raw SSL, so that -Dhttps.proxyHost and
53.275 - // -Dhttps.proxyPort can be used. Since we only go through
53.276 - // the handshake process, an HTTPS server is not needed.
53.277 - // This program should be able to deal with any SSL-based
53.278 - // network service.
53.279 - Exception ex = null;
53.280 - try {
53.281 - new URL("https://" + sslserver).openConnection().connect();
53.282 - } catch (Exception e) {
53.283 - ex = e;
53.284 - }
53.285 - // If the certs are not printed out, we consider it an error even
53.286 - // if the URL connection is successful.
53.287 - if (!certPrinted[0]) {
53.288 - Exception e = new Exception(
53.289 - rb.getString("No.certificate.from.the.SSL.server"));
53.290 - if (ex != null) {
53.291 - e.initCause(ex);
53.292 - }
53.293 - throw e;
53.294 }
53.295 } else {
53.296 - InputStream inStream = System.in;
53.297 if (filename != null) {
53.298 - inStream = new FileInputStream(filename);
53.299 - }
53.300 - try {
53.301 - printCertFromStream(inStream, out);
53.302 - } finally {
53.303 - if (inStream != System.in) {
53.304 - inStream.close();
53.305 + try (FileInputStream inStream = new FileInputStream(filename)) {
53.306 + printCertFromStream(inStream, out);
53.307 }
53.308 + } else {
53.309 + printCertFromStream(System.in, out);
53.310 }
53.311 }
53.312 }
53.313 @@ -2590,9 +2525,7 @@
53.314 X509Certificate cert = null;
53.315 try {
53.316 cert = (X509Certificate)cf.generateCertificate(in);
53.317 - } catch (ClassCastException cce) {
53.318 - throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
53.319 - } catch (CertificateException ce) {
53.320 + } catch (ClassCastException | CertificateException ce) {
53.321 throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
53.322 }
53.323
53.324 @@ -3441,16 +3374,10 @@
53.325 if (!file.exists()) {
53.326 return null;
53.327 }
53.328 - FileInputStream fis = null;
53.329 KeyStore caks = null;
53.330 - try {
53.331 - fis = new FileInputStream(file);
53.332 + try (FileInputStream fis = new FileInputStream(file)) {
53.333 caks = KeyStore.getInstance(JKS);
53.334 caks.load(fis, null);
53.335 - } finally {
53.336 - if (fis != null) {
53.337 - fis.close();
53.338 - }
53.339 }
53.340 return caks;
53.341 }
54.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
54.2 +++ b/src/share/classes/sun/security/tools/PathList.java Fri Oct 28 17:49:02 2011 -0700
54.3 @@ -0,0 +1,111 @@
54.4 +/*
54.5 + * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
54.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
54.7 + *
54.8 + * This code is free software; you can redistribute it and/or modify it
54.9 + * under the terms of the GNU General Public License version 2 only, as
54.10 + * published by the Free Software Foundation. Oracle designates this
54.11 + * particular file as subject to the "Classpath" exception as provided
54.12 + * by Oracle in the LICENSE file that accompanied this code.
54.13 + *
54.14 + * This code is distributed in the hope that it will be useful, but WITHOUT
54.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
54.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
54.17 + * version 2 for more details (a copy is included in the LICENSE file that
54.18 + * accompanied this code).
54.19 + *
54.20 + * You should have received a copy of the GNU General Public License version
54.21 + * 2 along with this work; if not, write to the Free Software Foundation,
54.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
54.23 + *
54.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
54.25 + * or visit www.oracle.com if you need additional information or have any
54.26 + * questions.
54.27 + */
54.28 +
54.29 +package sun.security.tools;
54.30 +
54.31 +import java.io.File;
54.32 +import java.io.IOException;
54.33 +import java.lang.String;
54.34 +import java.util.StringTokenizer;
54.35 +import java.net.URL;
54.36 +import java.net.URLClassLoader;
54.37 +import java.net.MalformedURLException;
54.38 +
54.39 +/**
54.40 + * A utility class for handle path list
54.41 + *
54.42 + */
54.43 +public class PathList {
54.44 + /**
54.45 + * Utility method for appending path from pathFrom to pathTo.
54.46 + *
54.47 + * @param pathTo the target path
54.48 + * @param pathSource the path to be appended to pathTo
54.49 + * @return the resulting path
54.50 + */
54.51 + public static String appendPath(String pathTo, String pathFrom) {
54.52 + if (pathTo == null || pathTo.length() == 0) {
54.53 + return pathFrom;
54.54 + } else if (pathFrom == null || pathFrom.length() == 0) {
54.55 + return pathTo;
54.56 + } else {
54.57 + return pathTo + File.pathSeparator + pathFrom;
54.58 + }
54.59 + }
54.60 +
54.61 + /**
54.62 + * Utility method for converting a search path string to an array
54.63 + * of directory and JAR file URLs.
54.64 + *
54.65 + * @param path the search path string
54.66 + * @return the resulting array of directory and JAR file URLs
54.67 + */
54.68 + public static URL[] pathToURLs(String path) {
54.69 + StringTokenizer st = new StringTokenizer(path, File.pathSeparator);
54.70 + URL[] urls = new URL[st.countTokens()];
54.71 + int count = 0;
54.72 + while (st.hasMoreTokens()) {
54.73 + URL url = fileToURL(new File(st.nextToken()));
54.74 + if (url != null) {
54.75 + urls[count++] = url;
54.76 + }
54.77 + }
54.78 + if (urls.length != count) {
54.79 + URL[] tmp = new URL[count];
54.80 + System.arraycopy(urls, 0, tmp, 0, count);
54.81 + urls = tmp;
54.82 + }
54.83 + return urls;
54.84 + }
54.85 +
54.86 + /**
54.87 + * Returns the directory or JAR file URL corresponding to the specified
54.88 + * local file name.
54.89 + *
54.90 + * @param file the File object
54.91 + * @return the resulting directory or JAR file URL, or null if unknown
54.92 + */
54.93 + private static URL fileToURL(File file) {
54.94 + String name;
54.95 + try {
54.96 + name = file.getCanonicalPath();
54.97 + } catch (IOException e) {
54.98 + name = file.getAbsolutePath();
54.99 + }
54.100 + name = name.replace(File.separatorChar, '/');
54.101 + if (!name.startsWith("/")) {
54.102 + name = "/" + name;
54.103 + }
54.104 + // If the file does not exist, then assume that it's a directory
54.105 + if (!file.isFile()) {
54.106 + name = name + "/";
54.107 + }
54.108 + try {
54.109 + return new URL("file", "", name);
54.110 + } catch (MalformedURLException e) {
54.111 + throw new IllegalArgumentException("file");
54.112 + }
54.113 + }
54.114 +}
55.1 --- a/src/share/classes/sun/security/tools/TimestampedSigner.java Thu Oct 27 13:54:42 2011 -0700
55.2 +++ b/src/share/classes/sun/security/tools/TimestampedSigner.java Fri Oct 28 17:49:02 2011 -0700
55.3 @@ -25,22 +25,14 @@
55.4
55.5 package sun.security.tools;
55.6
55.7 -import java.io.ByteArrayOutputStream;
55.8 import java.io.IOException;
55.9 -import java.math.BigInteger;
55.10 import java.net.URI;
55.11 -import java.security.MessageDigest;
55.12 import java.security.NoSuchAlgorithmException;
55.13 -import java.security.Principal;
55.14 -import java.security.SecureRandom;
55.15 import java.security.cert.CertificateException;
55.16 import java.security.cert.X509Certificate;
55.17 -import java.util.List;
55.18
55.19 import com.sun.jarsigner.*;
55.20 -import java.util.Arrays;
55.21 -import sun.security.pkcs.*;
55.22 -import sun.security.timestamp.*;
55.23 +import sun.security.pkcs.PKCS7;
55.24 import sun.security.util.*;
55.25 import sun.security.x509.*;
55.26
55.27 @@ -57,36 +49,12 @@
55.28 public final class TimestampedSigner extends ContentSigner {
55.29
55.30 /*
55.31 - * Random number generator for creating nonce values
55.32 - */
55.33 - private static final SecureRandom RANDOM;
55.34 - static {
55.35 - SecureRandom tmp = null;
55.36 - try {
55.37 - tmp = SecureRandom.getInstance("SHA1PRNG");
55.38 - } catch (NoSuchAlgorithmException e) {
55.39 - // should not happen
55.40 - }
55.41 - RANDOM = tmp;
55.42 - }
55.43 -
55.44 - /*
55.45 * Object identifier for the subject information access X.509 certificate
55.46 * extension.
55.47 */
55.48 private static final String SUBJECT_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.11";
55.49
55.50 /*
55.51 - * Object identifier for the timestamping key purpose.
55.52 - */
55.53 - private static final String KP_TIMESTAMPING_OID = "1.3.6.1.5.5.7.3.8";
55.54 -
55.55 - /*
55.56 - * Object identifier for extendedKeyUsage extension
55.57 - */
55.58 - private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37";
55.59 -
55.60 - /*
55.61 * Object identifier for the timestamping access descriptors.
55.62 */
55.63 private static final ObjectIdentifier AD_TIMESTAMPING_Id;
55.64 @@ -100,26 +68,6 @@
55.65 AD_TIMESTAMPING_Id = tmp;
55.66 }
55.67
55.68 - /*
55.69 - * Location of the TSA.
55.70 - */
55.71 - private String tsaUrl = null;
55.72 -
55.73 - /*
55.74 - * TSA's X.509 certificate.
55.75 - */
55.76 - private X509Certificate tsaCertificate = null;
55.77 -
55.78 - /*
55.79 - * Generates an SHA-1 hash value for the data to be timestamped.
55.80 - */
55.81 - private MessageDigest messageDigest = null;
55.82 -
55.83 - /*
55.84 - * Parameters for the timestamping protocol.
55.85 - */
55.86 - private boolean tsRequestCertificate = true;
55.87 -
55.88 /**
55.89 * Instantiates a content signer that supports timestamped signatures.
55.90 */
55.91 @@ -134,7 +82,7 @@
55.92 * and optionally the content that was signed, are packaged into a PKCS #7
55.93 * signed data message.
55.94 *
55.95 - * @param parameters The non-null input parameters.
55.96 + * @param params The non-null input parameters.
55.97 * @param omitContent true if the content should be omitted from the
55.98 * signed data message. Otherwise the content is included.
55.99 * @param applyTimestamp true if the signature should be timestamped.
55.100 @@ -151,98 +99,41 @@
55.101 * @throws NullPointerException The exception is thrown if parameters is
55.102 * null.
55.103 */
55.104 - public byte[] generateSignedData(ContentSignerParameters parameters,
55.105 + public byte[] generateSignedData(ContentSignerParameters params,
55.106 boolean omitContent, boolean applyTimestamp)
55.107 throws NoSuchAlgorithmException, CertificateException, IOException {
55.108
55.109 - if (parameters == null) {
55.110 + if (params == null) {
55.111 throw new NullPointerException();
55.112 }
55.113
55.114 - // Parse the signature algorithm to extract the digest and key
55.115 - // algorithms. The expected format is:
55.116 + // Parse the signature algorithm to extract the digest
55.117 + // algorithm. The expected format is:
55.118 // "<digest>with<encryption>"
55.119 // or "<digest>with<encryption>and<mgf>"
55.120 - String signatureAlgorithm = parameters.getSignatureAlgorithm();
55.121 - String keyAlgorithm =
55.122 - AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm);
55.123 - String digestAlgorithm =
55.124 - AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm);
55.125 - AlgorithmId digestAlgorithmId = AlgorithmId.get(digestAlgorithm);
55.126 + String signatureAlgorithm = params.getSignatureAlgorithm();
55.127
55.128 - // Examine signer's certificate
55.129 - X509Certificate[] signerCertificateChain =
55.130 - parameters.getSignerCertificateChain();
55.131 - Principal issuerName = signerCertificateChain[0].getIssuerDN();
55.132 - if (!(issuerName instanceof X500Name)) {
55.133 - // must extract the original encoded form of DN for subsequent
55.134 - // name comparison checks (converting to a String and back to
55.135 - // an encoded DN could cause the types of String attribute
55.136 - // values to be changed)
55.137 - X509CertInfo tbsCert = new
55.138 - X509CertInfo(signerCertificateChain[0].getTBSCertificate());
55.139 - issuerName = (Principal)
55.140 - tbsCert.get(CertificateIssuerName.NAME + "." +
55.141 - CertificateIssuerName.DN_NAME);
55.142 - }
55.143 - BigInteger serialNumber = signerCertificateChain[0].getSerialNumber();
55.144 + X509Certificate[] signerChain = params.getSignerCertificateChain();
55.145 + byte[] signature = params.getSignature();
55.146
55.147 // Include or exclude content
55.148 - byte[] content = parameters.getContent();
55.149 - ContentInfo contentInfo;
55.150 - if (omitContent) {
55.151 - contentInfo = new ContentInfo(ContentInfo.DATA_OID, null);
55.152 - } else {
55.153 - contentInfo = new ContentInfo(content);
55.154 - }
55.155 + byte[] content = (omitContent == true) ? null : params.getContent();
55.156
55.157 - // Generate the timestamp token
55.158 - byte[] signature = parameters.getSignature();
55.159 - SignerInfo signerInfo = null;
55.160 + URI tsaURI = null;
55.161 if (applyTimestamp) {
55.162 -
55.163 - tsaCertificate = parameters.getTimestampingAuthorityCertificate();
55.164 - URI tsaUri = parameters.getTimestampingAuthority();
55.165 - if (tsaUri != null) {
55.166 - tsaUrl = tsaUri.toString();
55.167 - } else {
55.168 + tsaURI = params.getTimestampingAuthority();
55.169 + if (tsaURI == null) {
55.170 // Examine TSA cert
55.171 - String certUrl = getTimestampingUrl(tsaCertificate);
55.172 - if (certUrl == null) {
55.173 + tsaURI = getTimestampingURI(
55.174 + params.getTimestampingAuthorityCertificate());
55.175 + if (tsaURI == null) {
55.176 throw new CertificateException(
55.177 "Subject Information Access extension not found");
55.178 }
55.179 - tsaUrl = certUrl;
55.180 }
55.181 -
55.182 - // Timestamp the signature
55.183 - byte[] tsToken = generateTimestampToken(signature);
55.184 -
55.185 - // Insert the timestamp token into the PKCS #7 signer info element
55.186 - // (as an unsigned attribute)
55.187 - PKCS9Attributes unsignedAttrs =
55.188 - new PKCS9Attributes(new PKCS9Attribute[]{
55.189 - new PKCS9Attribute(
55.190 - PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR,
55.191 - tsToken)});
55.192 - signerInfo = new SignerInfo((X500Name)issuerName, serialNumber,
55.193 - digestAlgorithmId, null, AlgorithmId.get(keyAlgorithm),
55.194 - signature, unsignedAttrs);
55.195 - } else {
55.196 - signerInfo = new SignerInfo((X500Name)issuerName, serialNumber,
55.197 - digestAlgorithmId, AlgorithmId.get(keyAlgorithm), signature);
55.198 }
55.199 -
55.200 - SignerInfo[] signerInfos = {signerInfo};
55.201 - AlgorithmId[] algorithms = {digestAlgorithmId};
55.202 -
55.203 - // Create the PKCS #7 signed data message
55.204 - PKCS7 p7 = new PKCS7(algorithms, contentInfo, signerCertificateChain,
55.205 - null, signerInfos);
55.206 - ByteArrayOutputStream p7out = new ByteArrayOutputStream();
55.207 - p7.encodeSignedData(p7out);
55.208 -
55.209 - return p7out.toByteArray();
55.210 + return PKCS7.generateSignedData(signature, signerChain, content,
55.211 + params.getSignatureAlgorithm(), tsaURI);
55.212 }
55.213
55.214 /**
55.215 @@ -253,9 +144,9 @@
55.216 * <tt>accessLocation</tt> field should contain an HTTP or HTTPS URL.
55.217 *
55.218 * @param tsaCertificate An X.509 certificate for the TSA.
55.219 - * @return An HTTP or HTTPS URL or null if none was found.
55.220 + * @return An HTTP or HTTPS URI or null if none was found.
55.221 */
55.222 - public static String getTimestampingUrl(X509Certificate tsaCertificate) {
55.223 + public static URI getTimestampingURI(X509Certificate tsaCertificate) {
55.224
55.225 if (tsaCertificate == null) {
55.226 return null;
55.227 @@ -282,7 +173,7 @@
55.228 uri = (URIName) location.getName();
55.229 if (uri.getScheme().equalsIgnoreCase("http") ||
55.230 uri.getScheme().equalsIgnoreCase("https")) {
55.231 - return uri.getName();
55.232 + return uri.getURI();
55.233 }
55.234 }
55.235 }
55.236 @@ -292,97 +183,4 @@
55.237 }
55.238 return null;
55.239 }
55.240 -
55.241 - /*
55.242 - * Returns a timestamp token from a TSA for the given content.
55.243 - * Performs a basic check on the token to confirm that it has been signed
55.244 - * by a certificate that is permitted to sign timestamps.
55.245 - *
55.246 - * @param toBeTimestamped The data to be timestamped.
55.247 - * @throws IOException The exception is throw if an error occurs while
55.248 - * communicating with the TSA.
55.249 - * @throws CertificateException The exception is throw if the TSA's
55.250 - * certificate is not permitted for timestamping.
55.251 - */
55.252 - private byte[] generateTimestampToken(byte[] toBeTimestamped)
55.253 - throws CertificateException, IOException {
55.254 -
55.255 - // Generate hash value for the data to be timestamped
55.256 - // SHA-1 is always used.
55.257 - if (messageDigest == null) {
55.258 - try {
55.259 - messageDigest = MessageDigest.getInstance("SHA-1");
55.260 - } catch (NoSuchAlgorithmException e) {
55.261 - // ignore
55.262 - }
55.263 - }
55.264 - byte[] digest = messageDigest.digest(toBeTimestamped);
55.265 -
55.266 - // Generate a timestamp
55.267 - TSRequest tsQuery = new TSRequest(digest, "SHA-1");
55.268 - // Generate a nonce
55.269 - BigInteger nonce = null;
55.270 - if (RANDOM != null) {
55.271 - nonce = new BigInteger(64, RANDOM);
55.272 - tsQuery.setNonce(nonce);
55.273 - }
55.274 - tsQuery.requestCertificate(tsRequestCertificate);
55.275 -
55.276 - Timestamper tsa = new HttpTimestamper(tsaUrl); // use supplied TSA
55.277 - TSResponse tsReply = tsa.generateTimestamp(tsQuery);
55.278 - int status = tsReply.getStatusCode();
55.279 - // Handle TSP error
55.280 - if (status != 0 && status != 1) {
55.281 - int failureCode = tsReply.getFailureCode();
55.282 - if (failureCode == -1) {
55.283 - throw new IOException("Error generating timestamp: " +
55.284 - tsReply.getStatusCodeAsText());
55.285 - } else {
55.286 - throw new IOException("Error generating timestamp: " +
55.287 - tsReply.getStatusCodeAsText() + " " +
55.288 - tsReply.getFailureCodeAsText());
55.289 - }
55.290 - }
55.291 - PKCS7 tsToken = tsReply.getToken();
55.292 -
55.293 - TimestampToken tst = new TimestampToken(tsToken.getContentInfo().getData());
55.294 - if (!tst.getHashAlgorithm().equals(
55.295 - new AlgorithmId(new ObjectIdentifier("1.3.14.3.2.26")))) {
55.296 - throw new IOException("Digest algorithm not SHA-1 in timestamp token");
55.297 - }
55.298 - if (!Arrays.equals(tst.getHashedMessage(), digest)) {
55.299 - throw new IOException("Digest octets changed in timestamp token");
55.300 - }
55.301 -
55.302 - BigInteger replyNonce = tst.getNonce();
55.303 - if (replyNonce == null && nonce != null) {
55.304 - throw new IOException("Nonce missing in timestamp token");
55.305 - }
55.306 - if (replyNonce != null && !replyNonce.equals(nonce)) {
55.307 - throw new IOException("Nonce changed in timestamp token");
55.308 - }
55.309 -
55.310 - // Examine the TSA's certificate (if present)
55.311 - for (SignerInfo si: tsToken.getSignerInfos()) {
55.312 - X509Certificate cert = si.getCertificate(tsToken);
55.313 - if (cert == null) {
55.314 - // Error, we've already set tsRequestCertificate = true
55.315 - throw new CertificateException(
55.316 - "Certificate not included in timestamp token");
55.317 - } else {
55.318 - if (!cert.getCriticalExtensionOIDs().contains(
55.319 - EXTENDED_KEY_USAGE_OID)) {
55.320 - throw new CertificateException(
55.321 - "Certificate is not valid for timestamping");
55.322 - }
55.323 - List<String> keyPurposes = cert.getExtendedKeyUsage();
55.324 - if (keyPurposes == null ||
55.325 - ! keyPurposes.contains(KP_TIMESTAMPING_OID)) {
55.326 - throw new CertificateException(
55.327 - "Certificate is not valid for timestamping");
55.328 - }
55.329 - }
55.330 - }
55.331 - return tsReply.getEncodedToken();
55.332 - }
55.333 }
56.1 --- a/src/share/classes/sun/security/util/BigInt.java Thu Oct 27 13:54:42 2011 -0700
56.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
56.3 @@ -1,198 +0,0 @@
56.4 -/*
56.5 - * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
56.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
56.7 - *
56.8 - * This code is free software; you can redistribute it and/or modify it
56.9 - * under the terms of the GNU General Public License version 2 only, as
56.10 - * published by the Free Software Foundation. Oracle designates this
56.11 - * particular file as subject to the "Classpath" exception as provided
56.12 - * by Oracle in the LICENSE file that accompanied this code.
56.13 - *
56.14 - * This code is distributed in the hope that it will be useful, but WITHOUT
56.15 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
56.16 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
56.17 - * version 2 for more details (a copy is included in the LICENSE file that
56.18 - * accompanied this code).
56.19 - *
56.20 - * You should have received a copy of the GNU General Public License version
56.21 - * 2 along with this work; if not, write to the Free Software Foundation,
56.22 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
56.23 - *
56.24 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
56.25 - * or visit www.oracle.com if you need additional information or have any
56.26 - * questions.
56.27 - */
56.28 -
56.29 -package sun.security.util;
56.30 -
56.31 -import java.math.BigInteger;
56.32 -
56.33 -
56.34 -/**
56.35 - * A low-overhead arbitrary-precision <em>unsigned</em> integer.
56.36 - * This is intended for use with ASN.1 parsing, and printing of
56.37 - * such parsed values. Convert to "BigInteger" if you need to do
56.38 - * arbitrary precision arithmetic, rather than just represent
56.39 - * the number as a wrapped array of bytes.
56.40 - *
56.41 - * <P><em><b>NOTE:</b> This class may eventually disappear, to
56.42 - * be supplanted by big-endian byte arrays which hold both signed
56.43 - * and unsigned arbitrary-precision integers.</em>
56.44 - *
56.45 - * @author David Brownell
56.46 - */
56.47 -public final class BigInt {
56.48 -
56.49 - // Big endian -- MSB first.
56.50 - private byte[] places;
56.51 -
56.52 - /**
56.53 - * Constructs a "Big" integer from a set of (big-endian) bytes.
56.54 - * Leading zeroes should be stripped off.
56.55 - *
56.56 - * @param data a sequence of bytes, most significant bytes/digits
56.57 - * first. CONSUMED.
56.58 - */
56.59 - public BigInt(byte[] data) { places = data.clone(); }
56.60 -
56.61 - /**
56.62 - * Constructs a "Big" integer from a "BigInteger", which must be
56.63 - * positive (or zero) in value.
56.64 - */
56.65 - public BigInt(BigInteger i) {
56.66 - byte[] temp = i.toByteArray();
56.67 -
56.68 - if ((temp[0] & 0x80) != 0)
56.69 - throw new IllegalArgumentException("negative BigInteger");
56.70 -
56.71 - // XXX we assume exactly _one_ sign byte is used...
56.72 -
56.73 - if (temp[0] != 0)
56.74 - places = temp;
56.75 - else {
56.76 - places = new byte[temp.length - 1];
56.77 - for (int j = 1; j < temp.length; j++)
56.78 - places[j - 1] = temp[j];
56.79 - }
56.80 - }
56.81 -
56.82 - /**
56.83 - * Constructs a "Big" integer from a normal Java integer.
56.84 - *
56.85 - * @param i the java primitive integer
56.86 - */
56.87 - public BigInt(int i) {
56.88 - if (i < (1 << 8)) {
56.89 - places = new byte[1];
56.90 - places[0] = (byte) i;
56.91 - } else if (i < (1 << 16)) {
56.92 - places = new byte[2];
56.93 - places[0] = (byte) (i >> 8);
56.94 - places[1] = (byte) i;
56.95 - } else if (i < (1 << 24)) {
56.96 - places = new byte[3];
56.97 - places[0] = (byte) (i >> 16);
56.98 - places[1] = (byte) (i >> 8);
56.99 - places[2] = (byte) i;
56.100 - } else {
56.101 - places = new byte[4];
56.102 - places[0] = (byte) (i >> 24);
56.103 - places[1] = (byte) (i >> 16);
56.104 - places[2] = (byte) (i >> 8);
56.105 - places[3] = (byte) i;
56.106 - }
56.107 - }
56.108 -
56.109 - /**
56.110 - * Converts the "big" integer to a java primitive integer.
56.111 - *
56.112 - * @excpet NumberFormatException if 32 bits is insufficient.
56.113 - */
56.114 - public int toInt() {
56.115 - if (places.length > 4)
56.116 - throw new NumberFormatException("BigInt.toLong, too big");
56.117 - int retval = 0, i = 0;
56.118 - for (; i < places.length; i++)
56.119 - retval = (retval << 8) + ((int)places[i] & 0xff);
56.120 - return retval;
56.121 - }
56.122 -
56.123 - /**
56.124 - * Returns a hexadecimal printed representation. The value is
56.125 - * formatted to fit on lines of at least 75 characters, with
56.126 - * embedded newlines. Words are separated for readability,
56.127 - * with eight words (32 bytes) per line.
56.128 - */
56.129 - public String toString() { return hexify(); }
56.130 -
56.131 - /**
56.132 - * Returns a BigInteger value which supports many arithmetic
56.133 - * operations. Assumes negative values will never occur.
56.134 - */
56.135 - public BigInteger toBigInteger()
56.136 - { return new BigInteger(1, places); }
56.137 -
56.138 - /**
56.139 - * Returns the data as a byte array. The most significant bit
56.140 - * of the array is bit zero (as in <code>java.math.BigInteger</code>).
56.141 - */
56.142 - public byte[] toByteArray() { return places.clone(); }
56.143 -
56.144 - private static final String digits = "0123456789abcdef";
56.145 - private String hexify() {
56.146 - if (places.length == 0)
56.147 - return " 0 ";
56.148 -
56.149 - StringBuffer buf = new StringBuffer(places.length * 2);
56.150 - buf.append(" "); // four spaces
56.151 - for (int i = 0; i < places.length; i++) {
56.152 - buf.append(digits.charAt((places[i] >> 4) & 0x0f));
56.153 - buf.append(digits.charAt(places[i] & 0x0f));
56.154 - if (((i + 1) % 32) == 0) {
56.155 - if ((i + 1) != places.length)
56.156 - buf.append("\n "); // line after four words
56.157 - } else if (((i + 1) % 4) == 0)
56.158 - buf.append(' '); // space between words
56.159 - }
56.160 - return buf.toString();
56.161 - }
56.162 -
56.163 - /**
56.164 - * Returns true iff the parameter is a numerically equivalent
56.165 - * BigInt.
56.166 - *
56.167 - * @param other the object being compared with this one.
56.168 - */
56.169 - public boolean equals(Object other) {
56.170 - if (other instanceof BigInt)
56.171 - return equals((BigInt) other);
56.172 - return false;
56.173 - }
56.174 -
56.175 - /**
56.176 - * Returns true iff the parameter is numerically equivalent.
56.177 - *
56.178 - * @param other the BigInt being compared with this one.
56.179 - */
56.180 - public boolean equals(BigInt other) {
56.181 - if (this == other)
56.182 - return true;
56.183 -
56.184 - byte[] otherPlaces = other.toByteArray();
56.185 - if (places.length != otherPlaces.length)
56.186 - return false;
56.187 - for (int i = 0; i < places.length; i++)
56.188 - if (places[i] != otherPlaces[i])
56.189 - return false;
56.190 - return true;
56.191 - }
56.192 -
56.193 - /**
56.194 - * Returns a hashcode for this BigInt.
56.195 - *
56.196 - * @return a hashcode for this BigInt.
56.197 - */
56.198 - public int hashCode() {
56.199 - return hexify().hashCode();
56.200 - }
56.201 -}
57.1 --- a/src/share/classes/sun/security/util/Cache.java Thu Oct 27 13:54:42 2011 -0700
57.2 +++ b/src/share/classes/sun/security/util/Cache.java Fri Oct 28 17:49:02 2011 -0700
57.3 @@ -43,7 +43,7 @@
57.4 *
57.5 * . optional lifetime, specified in seconds.
57.6 *
57.7 - * . save for concurrent use by multiple threads
57.8 + * . safe for concurrent use by multiple threads
57.9 *
57.10 * . values are held by either standard references or via SoftReferences.
57.11 * SoftReferences have the advantage that they are automatically cleared
57.12 @@ -69,7 +69,7 @@
57.13 *
57.14 * @author Andreas Sterbenz
57.15 */
57.16 -public abstract class Cache {
57.17 +public abstract class Cache<K,V> {
57.18
57.19 protected Cache() {
57.20 // empty
57.21 @@ -88,12 +88,12 @@
57.22 /**
57.23 * Add an entry to the cache.
57.24 */
57.25 - public abstract void put(Object key, Object value);
57.26 + public abstract void put(K key, V value);
57.27
57.28 /**
57.29 * Get a value from the cache.
57.30 */
57.31 - public abstract Object get(Object key);
57.32 + public abstract V get(Object key);
57.33
57.34 /**
57.35 * Remove an entry from the cache.
57.36 @@ -113,14 +113,14 @@
57.37 /**
57.38 * accept a visitor
57.39 */
57.40 - public abstract void accept(CacheVisitor visitor);
57.41 + public abstract void accept(CacheVisitor<K,V> visitor);
57.42
57.43 /**
57.44 * Return a new memory cache with the specified maximum size, unlimited
57.45 * lifetime for entries, with the values held by SoftReferences.
57.46 */
57.47 - public static Cache newSoftMemoryCache(int size) {
57.48 - return new MemoryCache(true, size);
57.49 + public static <K,V> Cache<K,V> newSoftMemoryCache(int size) {
57.50 + return new MemoryCache<>(true, size);
57.51 }
57.52
57.53 /**
57.54 @@ -128,23 +128,24 @@
57.55 * specified maximum lifetime (in seconds), with the values held
57.56 * by SoftReferences.
57.57 */
57.58 - public static Cache newSoftMemoryCache(int size, int timeout) {
57.59 - return new MemoryCache(true, size, timeout);
57.60 + public static <K,V> Cache<K,V> newSoftMemoryCache(int size, int timeout) {
57.61 + return new MemoryCache<>(true, size, timeout);
57.62 }
57.63
57.64 /**
57.65 * Return a new memory cache with the specified maximum size, unlimited
57.66 * lifetime for entries, with the values held by standard references.
57.67 */
57.68 - public static Cache newHardMemoryCache(int size) {
57.69 - return new MemoryCache(false, size);
57.70 + public static <K,V> Cache<K,V> newHardMemoryCache(int size) {
57.71 + return new MemoryCache<>(false, size);
57.72 }
57.73
57.74 /**
57.75 * Return a dummy cache that does nothing.
57.76 */
57.77 - public static Cache newNullCache() {
57.78 - return NullCache.INSTANCE;
57.79 + @SuppressWarnings("unchecked")
57.80 + public static <K,V> Cache<K,V> newNullCache() {
57.81 + return (Cache<K,V>) NullCache.INSTANCE;
57.82 }
57.83
57.84 /**
57.85 @@ -152,8 +153,8 @@
57.86 * specified maximum lifetime (in seconds), with the values held
57.87 * by standard references.
57.88 */
57.89 - public static Cache newHardMemoryCache(int size, int timeout) {
57.90 - return new MemoryCache(false, size, timeout);
57.91 + public static <K,V> Cache<K,V> newHardMemoryCache(int size, int timeout) {
57.92 + return new MemoryCache<>(false, size, timeout);
57.93 }
57.94
57.95 /**
57.96 @@ -193,15 +194,15 @@
57.97 }
57.98 }
57.99
57.100 - public interface CacheVisitor {
57.101 - public void visit(Map<Object, Object> map);
57.102 + public interface CacheVisitor<K,V> {
57.103 + public void visit(Map<K,V> map);
57.104 }
57.105
57.106 }
57.107
57.108 -class NullCache extends Cache {
57.109 +class NullCache<K,V> extends Cache<K,V> {
57.110
57.111 - final static Cache INSTANCE = new NullCache();
57.112 + final static Cache<Object,Object> INSTANCE = new NullCache<>();
57.113
57.114 private NullCache() {
57.115 // empty
57.116 @@ -215,11 +216,11 @@
57.117 // empty
57.118 }
57.119
57.120 - public void put(Object key, Object value) {
57.121 + public void put(K key, V value) {
57.122 // empty
57.123 }
57.124
57.125 - public Object get(Object key) {
57.126 + public V get(Object key) {
57.127 return null;
57.128 }
57.129
57.130 @@ -235,23 +236,26 @@
57.131 // empty
57.132 }
57.133
57.134 - public void accept(CacheVisitor visitor) {
57.135 + public void accept(CacheVisitor<K,V> visitor) {
57.136 // empty
57.137 }
57.138
57.139 }
57.140
57.141 -class MemoryCache extends Cache {
57.142 +class MemoryCache<K,V> extends Cache<K,V> {
57.143
57.144 private final static float LOAD_FACTOR = 0.75f;
57.145
57.146 // XXXX
57.147 private final static boolean DEBUG = false;
57.148
57.149 - private final Map<Object, CacheEntry> cacheMap;
57.150 + private final Map<K, CacheEntry<K,V>> cacheMap;
57.151 private int maxSize;
57.152 private long lifetime;
57.153 - private final ReferenceQueue<Object> queue;
57.154 +
57.155 + // ReferenceQueue is of type V instead of Cache<K,V>
57.156 + // to allow SoftCacheEntry to extend SoftReference<V>
57.157 + private final ReferenceQueue<V> queue;
57.158
57.159 public MemoryCache(boolean soft, int maxSize) {
57.160 this(soft, maxSize, 0);
57.161 @@ -260,10 +264,13 @@
57.162 public MemoryCache(boolean soft, int maxSize, int lifetime) {
57.163 this.maxSize = maxSize;
57.164 this.lifetime = lifetime * 1000;
57.165 - this.queue = soft ? new ReferenceQueue<Object>() : null;
57.166 + if (soft)
57.167 + this.queue = new ReferenceQueue<>();
57.168 + else
57.169 + this.queue = null;
57.170 +
57.171 int buckets = (int)(maxSize / LOAD_FACTOR) + 1;
57.172 - cacheMap = new LinkedHashMap<Object, CacheEntry>(buckets,
57.173 - LOAD_FACTOR, true);
57.174 + cacheMap = new LinkedHashMap<>(buckets, LOAD_FACTOR, true);
57.175 }
57.176
57.177 /**
57.178 @@ -279,16 +286,17 @@
57.179 }
57.180 int startSize = cacheMap.size();
57.181 while (true) {
57.182 - CacheEntry entry = (CacheEntry)queue.poll();
57.183 + @SuppressWarnings("unchecked")
57.184 + CacheEntry<K,V> entry = (CacheEntry<K,V>)queue.poll();
57.185 if (entry == null) {
57.186 break;
57.187 }
57.188 - Object key = entry.getKey();
57.189 + K key = entry.getKey();
57.190 if (key == null) {
57.191 // key is null, entry has already been removed
57.192 continue;
57.193 }
57.194 - CacheEntry currentEntry = cacheMap.remove(key);
57.195 + CacheEntry<K,V> currentEntry = cacheMap.remove(key);
57.196 // check if the entry in the map corresponds to the expired
57.197 // entry. If not, readd the entry
57.198 if ((currentEntry != null) && (entry != currentEntry)) {
57.199 @@ -314,9 +322,9 @@
57.200 }
57.201 int cnt = 0;
57.202 long time = System.currentTimeMillis();
57.203 - for (Iterator<CacheEntry> t = cacheMap.values().iterator();
57.204 + for (Iterator<CacheEntry<K,V>> t = cacheMap.values().iterator();
57.205 t.hasNext(); ) {
57.206 - CacheEntry entry = t.next();
57.207 + CacheEntry<K,V> entry = t.next();
57.208 if (entry.isValid(time) == false) {
57.209 t.remove();
57.210 cnt++;
57.211 @@ -339,7 +347,7 @@
57.212 if (queue != null) {
57.213 // if this is a SoftReference cache, first invalidate() all
57.214 // entries so that GC does not have to enqueue them
57.215 - for (CacheEntry entry : cacheMap.values()) {
57.216 + for (CacheEntry<K,V> entry : cacheMap.values()) {
57.217 entry.invalidate();
57.218 }
57.219 while (queue.poll() != null) {
57.220 @@ -349,12 +357,12 @@
57.221 cacheMap.clear();
57.222 }
57.223
57.224 - public synchronized void put(Object key, Object value) {
57.225 + public synchronized void put(K key, V value) {
57.226 emptyQueue();
57.227 long expirationTime = (lifetime == 0) ? 0 :
57.228 System.currentTimeMillis() + lifetime;
57.229 - CacheEntry newEntry = newEntry(key, value, expirationTime, queue);
57.230 - CacheEntry oldEntry = cacheMap.put(key, newEntry);
57.231 + CacheEntry<K,V> newEntry = newEntry(key, value, expirationTime, queue);
57.232 + CacheEntry<K,V> oldEntry = cacheMap.put(key, newEntry);
57.233 if (oldEntry != null) {
57.234 oldEntry.invalidate();
57.235 return;
57.236 @@ -362,8 +370,8 @@
57.237 if (maxSize > 0 && cacheMap.size() > maxSize) {
57.238 expungeExpiredEntries();
57.239 if (cacheMap.size() > maxSize) { // still too large?
57.240 - Iterator<CacheEntry> t = cacheMap.values().iterator();
57.241 - CacheEntry lruEntry = t.next();
57.242 + Iterator<CacheEntry<K,V>> t = cacheMap.values().iterator();
57.243 + CacheEntry<K,V> lruEntry = t.next();
57.244 if (DEBUG) {
57.245 System.out.println("** Overflow removal "
57.246 + lruEntry.getKey() + " | " + lruEntry.getValue());
57.247 @@ -374,9 +382,9 @@
57.248 }
57.249 }
57.250
57.251 - public synchronized Object get(Object key) {
57.252 + public synchronized V get(Object key) {
57.253 emptyQueue();
57.254 - CacheEntry entry = cacheMap.get(key);
57.255 + CacheEntry<K,V> entry = cacheMap.get(key);
57.256 if (entry == null) {
57.257 return null;
57.258 }
57.259 @@ -393,7 +401,7 @@
57.260
57.261 public synchronized void remove(Object key) {
57.262 emptyQueue();
57.263 - CacheEntry entry = cacheMap.remove(key);
57.264 + CacheEntry<K,V> entry = cacheMap.remove(key);
57.265 if (entry != null) {
57.266 entry.invalidate();
57.267 }
57.268 @@ -402,9 +410,9 @@
57.269 public synchronized void setCapacity(int size) {
57.270 expungeExpiredEntries();
57.271 if (size > 0 && cacheMap.size() > size) {
57.272 - Iterator<CacheEntry> t = cacheMap.values().iterator();
57.273 + Iterator<CacheEntry<K,V>> t = cacheMap.values().iterator();
57.274 for (int i = cacheMap.size() - size; i > 0; i--) {
57.275 - CacheEntry lruEntry = t.next();
57.276 + CacheEntry<K,V> lruEntry = t.next();
57.277 if (DEBUG) {
57.278 System.out.println("** capacity reset removal "
57.279 + lruEntry.getKey() + " | " + lruEntry.getValue());
57.280 @@ -431,60 +439,61 @@
57.281 }
57.282
57.283 // it is a heavyweight method.
57.284 - public synchronized void accept(CacheVisitor visitor) {
57.285 + public synchronized void accept(CacheVisitor<K,V> visitor) {
57.286 expungeExpiredEntries();
57.287 - Map<Object, Object> cached = getCachedEntries();
57.288 + Map<K,V> cached = getCachedEntries();
57.289
57.290 visitor.visit(cached);
57.291 }
57.292
57.293 - private Map<Object, Object> getCachedEntries() {
57.294 - Map<Object,Object> kvmap = new HashMap<Object,Object>(cacheMap.size());
57.295 + private Map<K,V> getCachedEntries() {
57.296 + Map<K,V> kvmap = new HashMap<>(cacheMap.size());
57.297
57.298 - for (CacheEntry entry : cacheMap.values()) {
57.299 + for (CacheEntry<K,V> entry : cacheMap.values()) {
57.300 kvmap.put(entry.getKey(), entry.getValue());
57.301 }
57.302
57.303 return kvmap;
57.304 }
57.305
57.306 - protected CacheEntry newEntry(Object key, Object value,
57.307 - long expirationTime, ReferenceQueue<Object> queue) {
57.308 + protected CacheEntry<K,V> newEntry(K key, V value,
57.309 + long expirationTime, ReferenceQueue<V> queue) {
57.310 if (queue != null) {
57.311 - return new SoftCacheEntry(key, value, expirationTime, queue);
57.312 + return new SoftCacheEntry<>(key, value, expirationTime, queue);
57.313 } else {
57.314 - return new HardCacheEntry(key, value, expirationTime);
57.315 + return new HardCacheEntry<>(key, value, expirationTime);
57.316 }
57.317 }
57.318
57.319 - private static interface CacheEntry {
57.320 + private static interface CacheEntry<K,V> {
57.321
57.322 boolean isValid(long currentTime);
57.323
57.324 void invalidate();
57.325
57.326 - Object getKey();
57.327 + K getKey();
57.328
57.329 - Object getValue();
57.330 + V getValue();
57.331
57.332 }
57.333
57.334 - private static class HardCacheEntry implements CacheEntry {
57.335 + private static class HardCacheEntry<K,V> implements CacheEntry<K,V> {
57.336
57.337 - private Object key, value;
57.338 + private K key;
57.339 + private V value;
57.340 private long expirationTime;
57.341
57.342 - HardCacheEntry(Object key, Object value, long expirationTime) {
57.343 + HardCacheEntry(K key, V value, long expirationTime) {
57.344 this.key = key;
57.345 this.value = value;
57.346 this.expirationTime = expirationTime;
57.347 }
57.348
57.349 - public Object getKey() {
57.350 + public K getKey() {
57.351 return key;
57.352 }
57.353
57.354 - public Object getValue() {
57.355 + public V getValue() {
57.356 return value;
57.357 }
57.358
57.359 @@ -503,24 +512,25 @@
57.360 }
57.361 }
57.362
57.363 - private static class SoftCacheEntry
57.364 - extends SoftReference<Object> implements CacheEntry {
57.365 + private static class SoftCacheEntry<K,V>
57.366 + extends SoftReference<V>
57.367 + implements CacheEntry<K,V> {
57.368
57.369 - private Object key;
57.370 + private K key;
57.371 private long expirationTime;
57.372
57.373 - SoftCacheEntry(Object key, Object value, long expirationTime,
57.374 - ReferenceQueue<Object> queue) {
57.375 + SoftCacheEntry(K key, V value, long expirationTime,
57.376 + ReferenceQueue<V> queue) {
57.377 super(value, queue);
57.378 this.key = key;
57.379 this.expirationTime = expirationTime;
57.380 }
57.381
57.382 - public Object getKey() {
57.383 + public K getKey() {
57.384 return key;
57.385 }
57.386
57.387 - public Object getValue() {
57.388 + public V getValue() {
57.389 return get();
57.390 }
57.391
58.1 --- a/src/share/classes/sun/security/util/Debug.java Thu Oct 27 13:54:42 2011 -0700
58.2 +++ b/src/share/classes/sun/security/util/Debug.java Fri Oct 28 17:49:02 2011 -0700
58.3 @@ -1,5 +1,5 @@
58.4 /*
58.5 - * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
58.6 + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
58.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
58.8 *
58.9 * This code is free software; you can redistribute it and/or modify it
58.10 @@ -80,6 +80,7 @@
58.11 System.err.println("policy loading and granting");
58.12 System.err.println("provider security provider debugging");
58.13 System.err.println("scl permissions SecureClassLoader assigns");
58.14 + System.err.println("ts timestamping");
58.15 System.err.println();
58.16 System.err.println("The following can be used with access:");
58.17 System.err.println();
59.1 --- a/src/share/classes/sun/security/util/PathList.java Thu Oct 27 13:54:42 2011 -0700
59.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
59.3 @@ -1,111 +0,0 @@
59.4 -/*
59.5 - * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
59.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
59.7 - *
59.8 - * This code is free software; you can redistribute it and/or modify it
59.9 - * under the terms of the GNU General Public License version 2 only, as
59.10 - * published by the Free Software Foundation. Oracle designates this
59.11 - * particular file as subject to the "Classpath" exception as provided
59.12 - * by Oracle in the LICENSE file that accompanied this code.
59.13 - *
59.14 - * This code is distributed in the hope that it will be useful, but WITHOUT
59.15 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
59.16 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
59.17 - * version 2 for more details (a copy is included in the LICENSE file that
59.18 - * accompanied this code).
59.19 - *
59.20 - * You should have received a copy of the GNU General Public License version
59.21 - * 2 along with this work; if not, write to the Free Software Foundation,
59.22 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
59.23 - *
59.24 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
59.25 - * or visit www.oracle.com if you need additional information or have any
59.26 - * questions.
59.27 - */
59.28 -
59.29 -package sun.security.util;
59.30 -
59.31 -import java.io.File;
59.32 -import java.io.IOException;
59.33 -import java.lang.String;
59.34 -import java.util.StringTokenizer;
59.35 -import java.net.URL;
59.36 -import java.net.URLClassLoader;
59.37 -import java.net.MalformedURLException;
59.38 -
59.39 -/**
59.40 - * A utility class for handle path list
59.41 - *
59.42 - */
59.43 -public class PathList {
59.44 - /**
59.45 - * Utility method for appending path from pathFrom to pathTo.
59.46 - *
59.47 - * @param pathTo the target path
59.48 - * @param pathSource the path to be appended to pathTo
59.49 - * @return the resulting path
59.50 - */
59.51 - public static String appendPath(String pathTo, String pathFrom) {
59.52 - if (pathTo == null || pathTo.length() == 0) {
59.53 - return pathFrom;
59.54 - } else if (pathFrom == null || pathFrom.length() == 0) {
59.55 - return pathTo;
59.56 - } else {
59.57 - return pathTo + File.pathSeparator + pathFrom;
59.58 - }
59.59 - }
59.60 -
59.61 - /**
59.62 - * Utility method for converting a search path string to an array
59.63 - * of directory and JAR file URLs.
59.64 - *
59.65 - * @param path the search path string
59.66 - * @return the resulting array of directory and JAR file URLs
59.67 - */
59.68 - public static URL[] pathToURLs(String path) {
59.69 - StringTokenizer st = new StringTokenizer(path, File.pathSeparator);
59.70 - URL[] urls = new URL[st.countTokens()];
59.71 - int count = 0;
59.72 - while (st.hasMoreTokens()) {
59.73 - URL url = fileToURL(new File(st.nextToken()));
59.74 - if (url != null) {
59.75 - urls[count++] = url;
59.76 - }
59.77 - }
59.78 - if (urls.length != count) {
59.79 - URL[] tmp = new URL[count];
59.80 - System.arraycopy(urls, 0, tmp, 0, count);
59.81 - urls = tmp;
59.82 - }
59.83 - return urls;
59.84 - }
59.85 -
59.86 - /**
59.87 - * Returns the directory or JAR file URL corresponding to the specified
59.88 - * local file name.
59.89 - *
59.90 - * @param file the File object
59.91 - * @return the resulting directory or JAR file URL, or null if unknown
59.92 - */
59.93 - private static URL fileToURL(File file) {
59.94 - String name;
59.95 - try {
59.96 - name = file.getCanonicalPath();
59.97 - } catch (IOException e) {
59.98 - name = file.getAbsolutePath();
59.99 - }
59.100 - name = name.replace(File.separatorChar, '/');
59.101 - if (!name.startsWith("/")) {
59.102 - name = "/" + name;
59.103 - }
59.104 - // If the file does not exist, then assume that it's a directory
59.105 - if (!file.isFile()) {
59.106 - name = name + "/";
59.107 - }
59.108 - try {
59.109 - return new URL("file", "", name);
59.110 - } catch (MalformedURLException e) {
59.111 - throw new IllegalArgumentException("file");
59.112 - }
59.113 - }
59.114 -}
60.1 --- a/src/share/classes/sun/security/util/SignatureFileVerifier.java Thu Oct 27 13:54:42 2011 -0700
60.2 +++ b/src/share/classes/sun/security/util/SignatureFileVerifier.java Fri Oct 28 17:49:02 2011 -0700
60.3 @@ -35,7 +35,6 @@
60.4 import java.util.jar.*;
60.5
60.6 import sun.security.pkcs.*;
60.7 -import sun.security.timestamp.TimestampToken;
60.8 import sun.misc.BASE64Decoder;
60.9
60.10 import sun.security.jca.Providers;
60.11 @@ -485,7 +484,7 @@
60.12 signers = new ArrayList<CodeSigner>();
60.13 }
60.14 // Append the new code signer
60.15 - signers.add(new CodeSigner(certChain, getTimestamp(info)));
60.16 + signers.add(new CodeSigner(certChain, info.getTimestamp()));
60.17
60.18 if (debug != null) {
60.19 debug.println("Signature Block Certificate: " +
60.20 @@ -500,62 +499,6 @@
60.21 }
60.22 }
60.23
60.24 - /*
60.25 - * Examines a signature timestamp token to generate a timestamp object.
60.26 - *
60.27 - * Examines the signer's unsigned attributes for a
60.28 - * <tt>signatureTimestampToken</tt> attribute. If present,
60.29 - * then it is parsed to extract the date and time at which the
60.30 - * timestamp was generated.
60.31 - *
60.32 - * @param info A signer information element of a PKCS 7 block.
60.33 - *
60.34 - * @return A timestamp token or null if none is present.
60.35 - * @throws IOException if an error is encountered while parsing the
60.36 - * PKCS7 data.
60.37 - * @throws NoSuchAlgorithmException if an error is encountered while
60.38 - * verifying the PKCS7 object.
60.39 - * @throws SignatureException if an error is encountered while
60.40 - * verifying the PKCS7 object.
60.41 - * @throws CertificateException if an error is encountered while generating
60.42 - * the TSA's certpath.
60.43 - */
60.44 - private Timestamp getTimestamp(SignerInfo info)
60.45 - throws IOException, NoSuchAlgorithmException, SignatureException,
60.46 - CertificateException {
60.47 -
60.48 - Timestamp timestamp = null;
60.49 -
60.50 - // Extract the signer's unsigned attributes
60.51 - PKCS9Attributes unsignedAttrs = info.getUnauthenticatedAttributes();
60.52 - if (unsignedAttrs != null) {
60.53 - PKCS9Attribute timestampTokenAttr =
60.54 - unsignedAttrs.getAttribute("signatureTimestampToken");
60.55 - if (timestampTokenAttr != null) {
60.56 - PKCS7 timestampToken =
60.57 - new PKCS7((byte[])timestampTokenAttr.getValue());
60.58 - // Extract the content (an encoded timestamp token info)
60.59 - byte[] encodedTimestampTokenInfo =
60.60 - timestampToken.getContentInfo().getData();
60.61 - // Extract the signer (the Timestamping Authority)
60.62 - // while verifying the content
60.63 - SignerInfo[] tsa =
60.64 - timestampToken.verify(encodedTimestampTokenInfo);
60.65 - // Expect only one signer
60.66 - ArrayList<X509Certificate> chain =
60.67 - tsa[0].getCertificateChain(timestampToken);
60.68 - CertPath tsaChain = certificateFactory.generateCertPath(chain);
60.69 - // Create a timestamp token info object
60.70 - TimestampToken timestampTokenInfo =
60.71 - new TimestampToken(encodedTimestampTokenInfo);
60.72 - // Create a timestamp object
60.73 - timestamp =
60.74 - new Timestamp(timestampTokenInfo.getDate(), tsaChain);
60.75 - }
60.76 - }
60.77 - return timestamp;
60.78 - }
60.79 -
60.80 // for the toHex function
60.81 private static final char[] hexc =
60.82 {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
61.1 --- a/src/share/classes/sun/security/x509/CertAndKeyGen.java Thu Oct 27 13:54:42 2011 -0700
61.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
61.3 @@ -1,301 +0,0 @@
61.4 -/*
61.5 - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
61.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
61.7 - *
61.8 - * This code is free software; you can redistribute it and/or modify it
61.9 - * under the terms of the GNU General Public License version 2 only, as
61.10 - * published by the Free Software Foundation. Oracle designates this
61.11 - * particular file as subject to the "Classpath" exception as provided
61.12 - * by Oracle in the LICENSE file that accompanied this code.
61.13 - *
61.14 - * This code is distributed in the hope that it will be useful, but WITHOUT
61.15 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
61.16 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
61.17 - * version 2 for more details (a copy is included in the LICENSE file that
61.18 - * accompanied this code).
61.19 - *
61.20 - * You should have received a copy of the GNU General Public License version
61.21 - * 2 along with this work; if not, write to the Free Software Foundation,
61.22 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
61.23 - *
61.24 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
61.25 - * or visit www.oracle.com if you need additional information or have any
61.26 - * questions.
61.27 - */
61.28 -
61.29 -package sun.security.x509;
61.30 -
61.31 -import java.io.IOException;
61.32 -import java.security.cert.X509Certificate;
61.33 -import java.security.cert.CertificateException;
61.34 -import java.security.cert.CertificateEncodingException;
61.35 -import java.security.*;
61.36 -import java.util.Date;
61.37 -
61.38 -import sun.security.pkcs.PKCS10;
61.39 -
61.40 -
61.41 -/**
61.42 - * Generate a pair of keys, and provide access to them. This class is
61.43 - * provided primarily for ease of use.
61.44 - *
61.45 - * <P>This provides some simple certificate management functionality.
61.46 - * Specifically, it allows you to create self-signed X.509 certificates
61.47 - * as well as PKCS 10 based certificate signing requests.
61.48 - *
61.49 - * <P>Keys for some public key signature algorithms have algorithm
61.50 - * parameters, such as DSS/DSA. Some sites' Certificate Authorities
61.51 - * adopt fixed algorithm parameters, which speeds up some operations
61.52 - * including key generation and signing. <em>At this time, this interface
61.53 - * does not provide a way to provide such algorithm parameters, e.g.
61.54 - * by providing the CA certificate which includes those parameters.</em>
61.55 - *
61.56 - * <P>Also, note that at this time only signature-capable keys may be
61.57 - * acquired through this interface. Diffie-Hellman keys, used for secure
61.58 - * key exchange, may be supported later.
61.59 - *
61.60 - * @author David Brownell
61.61 - * @author Hemma Prafullchandra
61.62 - * @see PKCS10
61.63 - * @see X509CertImpl
61.64 - */
61.65 -public final class CertAndKeyGen {
61.66 - /**
61.67 - * Creates a CertAndKeyGen object for a particular key type
61.68 - * and signature algorithm.
61.69 - *
61.70 - * @param keyType type of key, e.g. "RSA", "DSA"
61.71 - * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA",
61.72 - * "MD2WithRSA", "SHAwithDSA".
61.73 - * @exception NoSuchAlgorithmException on unrecognized algorithms.
61.74 - */
61.75 - public CertAndKeyGen (String keyType, String sigAlg)
61.76 - throws NoSuchAlgorithmException
61.77 - {
61.78 - keyGen = KeyPairGenerator.getInstance(keyType);
61.79 - this.sigAlg = sigAlg;
61.80 - }
61.81 -
61.82 - /**
61.83 - * Creates a CertAndKeyGen object for a particular key type,
61.84 - * signature algorithm, and provider.
61.85 - *
61.86 - * @param keyType type of key, e.g. "RSA", "DSA"
61.87 - * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA",
61.88 - * "MD2WithRSA", "SHAwithDSA".
61.89 - * @param providerName name of the provider
61.90 - * @exception NoSuchAlgorithmException on unrecognized algorithms.
61.91 - * @exception NoSuchProviderException on unrecognized providers.
61.92 - */
61.93 - public CertAndKeyGen (String keyType, String sigAlg, String providerName)
61.94 - throws NoSuchAlgorithmException, NoSuchProviderException
61.95 - {
61.96 - if (providerName == null) {
61.97 - keyGen = KeyPairGenerator.getInstance(keyType);
61.98 - } else {
61.99 - try {
61.100 - keyGen = KeyPairGenerator.getInstance(keyType, providerName);
61.101 - } catch (Exception e) {
61.102 - // try first available provider instead
61.103 - keyGen = KeyPairGenerator.getInstance(keyType);
61.104 - }
61.105 - }
61.106 - this.sigAlg = sigAlg;
61.107 - }
61.108 -
61.109 - /**
61.110 - * Sets the source of random numbers used when generating keys.
61.111 - * If you do not provide one, a system default facility is used.
61.112 - * You may wish to provide your own source of random numbers
61.113 - * to get a reproducible sequence of keys and signatures, or
61.114 - * because you may be able to take advantage of strong sources
61.115 - * of randomness/entropy in your environment.
61.116 - */
61.117 - public void setRandom (SecureRandom generator)
61.118 - {
61.119 - prng = generator;
61.120 - }
61.121 -
61.122 - // want "public void generate (X509Certificate)" ... inherit DSA/D-H param
61.123 -
61.124 - /**
61.125 - * Generates a random public/private key pair, with a given key
61.126 - * size. Different algorithms provide different degrees of security
61.127 - * for the same key size, because of the "work factor" involved in
61.128 - * brute force attacks. As computers become faster, it becomes
61.129 - * easier to perform such attacks. Small keys are to be avoided.
61.130 - *
61.131 - * <P>Note that not all values of "keyBits" are valid for all
61.132 - * algorithms, and not all public key algorithms are currently
61.133 - * supported for use in X.509 certificates. If the algorithm
61.134 - * you specified does not produce X.509 compatible keys, an
61.135 - * invalid key exception is thrown.
61.136 - *
61.137 - * @param keyBits the number of bits in the keys.
61.138 - * @exception InvalidKeyException if the environment does not
61.139 - * provide X.509 public keys for this signature algorithm.
61.140 - */
61.141 - public void generate (int keyBits)
61.142 - throws InvalidKeyException
61.143 - {
61.144 - KeyPair pair;
61.145 -
61.146 - try {
61.147 - if (prng == null) {
61.148 - prng = new SecureRandom();
61.149 - }
61.150 - keyGen.initialize(keyBits, prng);
61.151 - pair = keyGen.generateKeyPair();
61.152 -
61.153 - } catch (Exception e) {
61.154 - throw new IllegalArgumentException(e.getMessage());
61.155 - }
61.156 -
61.157 - publicKey = pair.getPublic();
61.158 - privateKey = pair.getPrivate();
61.159 - }
61.160 -
61.161 -
61.162 - /**
61.163 - * Returns the public key of the generated key pair if it is of type
61.164 - * <code>X509Key</code>, or null if the public key is of a different type.
61.165 - *
61.166 - * XXX Note: This behaviour is needed for backwards compatibility.
61.167 - * What this method really should return is the public key of the
61.168 - * generated key pair, regardless of whether or not it is an instance of
61.169 - * <code>X509Key</code>. Accordingly, the return type of this method
61.170 - * should be <code>PublicKey</code>.
61.171 - */
61.172 - public X509Key getPublicKey()
61.173 - {
61.174 - if (!(publicKey instanceof X509Key)) {
61.175 - return null;
61.176 - }
61.177 - return (X509Key)publicKey;
61.178 - }
61.179 -
61.180 -
61.181 - /**
61.182 - * Returns the private key of the generated key pair.
61.183 - *
61.184 - * <P><STRONG><em>Be extremely careful when handling private keys.
61.185 - * When private keys are not kept secret, they lose their ability
61.186 - * to securely authenticate specific entities ... that is a huge
61.187 - * security risk!</em></STRONG>
61.188 - */
61.189 - public PrivateKey getPrivateKey ()
61.190 - {
61.191 - return privateKey;
61.192 - }
61.193 -
61.194 -
61.195 - /**
61.196 - * Returns a self-signed X.509v3 certificate for the public key.
61.197 - * The certificate is immediately valid. No extensions.
61.198 - *
61.199 - * <P>Such certificates normally are used to identify a "Certificate
61.200 - * Authority" (CA). Accordingly, they will not always be accepted by
61.201 - * other parties. However, such certificates are also useful when
61.202 - * you are bootstrapping your security infrastructure, or deploying
61.203 - * system prototypes.
61.204 - *
61.205 - * @param myname X.500 name of the subject (who is also the issuer)
61.206 - * @param firstDate the issue time of the certificate
61.207 - * @param validity how long the certificate should be valid, in seconds
61.208 - * @exception CertificateException on certificate handling errors.
61.209 - * @exception InvalidKeyException on key handling errors.
61.210 - * @exception SignatureException on signature handling errors.
61.211 - * @exception NoSuchAlgorithmException on unrecognized algorithms.
61.212 - * @exception NoSuchProviderException on unrecognized providers.
61.213 - */
61.214 - public X509Certificate getSelfCertificate (
61.215 - X500Name myname, Date firstDate, long validity)
61.216 - throws CertificateException, InvalidKeyException, SignatureException,
61.217 - NoSuchAlgorithmException, NoSuchProviderException
61.218 - {
61.219 - X509CertImpl cert;
61.220 - Date lastDate;
61.221 -
61.222 - try {
61.223 - lastDate = new Date ();
61.224 - lastDate.setTime (firstDate.getTime () + validity * 1000);
61.225 -
61.226 - CertificateValidity interval =
61.227 - new CertificateValidity(firstDate,lastDate);
61.228 -
61.229 - X509CertInfo info = new X509CertInfo();
61.230 - // Add all mandatory attributes
61.231 - info.set(X509CertInfo.VERSION,
61.232 - new CertificateVersion(CertificateVersion.V3));
61.233 - info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
61.234 - new java.util.Random().nextInt() & 0x7fffffff));
61.235 - AlgorithmId algID = AlgorithmId.get(sigAlg);
61.236 - info.set(X509CertInfo.ALGORITHM_ID,
61.237 - new CertificateAlgorithmId(algID));
61.238 - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname));
61.239 - info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
61.240 - info.set(X509CertInfo.VALIDITY, interval);
61.241 - info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
61.242 -
61.243 - cert = new X509CertImpl(info);
61.244 - cert.sign(privateKey, this.sigAlg);
61.245 -
61.246 - return (X509Certificate)cert;
61.247 -
61.248 - } catch (IOException e) {
61.249 - throw new CertificateEncodingException("getSelfCert: " +
61.250 - e.getMessage());
61.251 - }
61.252 - }
61.253 -
61.254 - // Keep the old method
61.255 - public X509Certificate getSelfCertificate (X500Name myname, long validity)
61.256 - throws CertificateException, InvalidKeyException, SignatureException,
61.257 - NoSuchAlgorithmException, NoSuchProviderException
61.258 - {
61.259 - return getSelfCertificate(myname, new Date(), validity);
61.260 - }
61.261 -
61.262 - /**
61.263 - * Returns a PKCS #10 certificate request. The caller uses either
61.264 - * <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code>
61.265 - * operations on the result, to get the request in an appropriate
61.266 - * transmission format.
61.267 - *
61.268 - * <P>PKCS #10 certificate requests are sent, along with some proof
61.269 - * of identity, to Certificate Authorities (CAs) which then issue
61.270 - * X.509 public key certificates.
61.271 - *
61.272 - * @param myname X.500 name of the subject
61.273 - * @exception InvalidKeyException on key handling errors.
61.274 - * @exception SignatureException on signature handling errors.
61.275 - */
61.276 - public PKCS10 getCertRequest (X500Name myname)
61.277 - throws InvalidKeyException, SignatureException
61.278 - {
61.279 - PKCS10 req = new PKCS10 (publicKey);
61.280 -
61.281 - try {
61.282 - Signature signature = Signature.getInstance(sigAlg);
61.283 - signature.initSign (privateKey);
61.284 - req.encodeAndSign(myname, signature);
61.285 -
61.286 - } catch (CertificateException e) {
61.287 - throw new SignatureException (sigAlg + " CertificateException");
61.288 -
61.289 - } catch (IOException e) {
61.290 - throw new SignatureException (sigAlg + " IOException");
61.291 -
61.292 - } catch (NoSuchAlgorithmException e) {
61.293 - // "can't happen"
61.294 - throw new SignatureException (sigAlg + " unavailable?");
61.295 - }
61.296 - return req;
61.297 - }
61.298 -
61.299 - private SecureRandom prng;
61.300 - private String sigAlg;
61.301 - private KeyPairGenerator keyGen;
61.302 - private PublicKey publicKey;
61.303 - private PrivateKey privateKey;
61.304 -}
62.1 --- a/src/share/classes/sun/util/resources/TimeZoneNames.java Thu Oct 27 13:54:42 2011 -0700
62.2 +++ b/src/share/classes/sun/util/resources/TimeZoneNames.java Fri Oct 28 17:49:02 2011 -0700
62.3 @@ -103,6 +103,8 @@
62.4 "Eastern Daylight Time", "EDT"};
62.5 String EST_NSW[] = new String[] {"Eastern Standard Time (New South Wales)", "EST",
62.6 "Eastern Summer Time (New South Wales)", "EST"};
62.7 + String FET[] = new String[] {"Further-eastern European Time", "FET",
62.8 + "Further-eastern European Summer Time", "FEST"};
62.9 String GHMT[] = new String[] {"Ghana Mean Time", "GMT",
62.10 "Ghana Summer Time", "GHST"};
62.11 String GAMBIER[] = new String[] {"Gambier Time", "GAMT",
62.12 @@ -186,7 +188,7 @@
62.13 String SAMOA[] = new String[] {"Samoa Standard Time", "SST",
62.14 "Samoa Daylight Time", "SDT"};
62.15 String WST_SAMOA[] = new String[] {"West Samoa Time", "WST",
62.16 - "West Samoa Summer Time", "WSST"};
62.17 + "West Samoa Daylight Time", "WSDT"};
62.18 String ChST[] = new String[] {"Chamorro Standard Time", "ChST",
62.19 "Chamorro Daylight Time", "ChDT"};
62.20 String VICTORIA[] = new String[] {"Eastern Standard Time (Victoria)", "EST",
62.21 @@ -511,6 +513,7 @@
62.22 "Tajikistan Summer Time", "TJST"}},
62.23 {"Asia/Gaza", EET},
62.24 {"Asia/Harbin", CTT},
62.25 + {"Asia/Hebron", EET},
62.26 {"Asia/Ho_Chi_Minh", ICT},
62.27 {"Asia/Hong_Kong", HKT},
62.28 {"Asia/Hovd", new String[] {"Hovd Time", "HOVT",
62.29 @@ -674,9 +677,8 @@
62.30 {"Europe/Isle_of_Man", GMTBST},
62.31 {"Europe/Istanbul", EET},
62.32 {"Europe/Jersey", GMTBST},
62.33 - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
62.34 - "Kaliningrad Summer Time", "KALST"}},
62.35 - {"Europe/Kiev", EET},
62.36 + {"Europe/Kaliningrad", FET},
62.37 + {"Europe/Kiev", FET},
62.38 {"Europe/Lisbon", WET},
62.39 {"Europe/Ljubljana", CET},
62.40 {"Europe/London", GMTBST},
62.41 @@ -684,7 +686,7 @@
62.42 {"Europe/Madrid", CET},
62.43 {"Europe/Malta", CET},
62.44 {"Europe/Mariehamn", EET},
62.45 - {"Europe/Minsk", EET},
62.46 + {"Europe/Minsk", FET},
62.47 {"Europe/Monaco", CET},
62.48 {"Europe/Moscow", MSK},
62.49 {"Europe/Nicosia", EET},
62.50 @@ -697,14 +699,14 @@
62.51 "Samara Summer Time", "SAMST"}},
62.52 {"Europe/San_Marino", CET},
62.53 {"Europe/Sarajevo", CET},
62.54 - {"Europe/Simferopol", EET},
62.55 + {"Europe/Simferopol", FET},
62.56 {"Europe/Skopje", CET},
62.57 {"Europe/Sofia", EET},
62.58 {"Europe/Stockholm", CET},
62.59 {"Europe/Tallinn", EET},
62.60 {"Europe/Tirane", CET},
62.61 {"Europe/Tiraspol", EET},
62.62 - {"Europe/Uzhgorod", EET},
62.63 + {"Europe/Uzhgorod", FET},
62.64 {"Europe/Vaduz", CET},
62.65 {"Europe/Vatican", CET},
62.66 {"Europe/Vienna", CET},
62.67 @@ -713,7 +715,7 @@
62.68 "Volgograd Summer Time", "VOLST"}},
62.69 {"Europe/Warsaw", CET},
62.70 {"Europe/Zagreb", CET},
62.71 - {"Europe/Zaporozhye", EET},
62.72 + {"Europe/Zaporozhye", FET},
62.73 {"Europe/Zurich", CET},
62.74 {"GB", GMTBST},
62.75 {"GB-Eire", GMTBST},
63.1 --- a/src/share/classes/sun/util/resources/TimeZoneNames_de.java Thu Oct 27 13:54:42 2011 -0700
63.2 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_de.java Fri Oct 28 17:49:02 2011 -0700
63.3 @@ -103,6 +103,8 @@
63.4 "\u00d6stliche Sommerzeit", "EDT"};
63.5 String EST_NSW[] = new String[] {"\u00d6stliche Normalzeit (New South Wales)", "EST",
63.6 "\u00d6stliche Sommerzeit (New South Wales)", "EST"};
63.7 + String FET[] = new String[] {"Further-eastern European Time", "FET",
63.8 + "Further-eastern European Summer Time", "FEST"};
63.9 String GHMT[] = new String[] {"Ghanaische Normalzeit", "GMT",
63.10 "Ghanaische Sommerzeit", "GHST"};
63.11 String GAMBIER[] = new String[] {"Gambier Zeit", "GAMT",
63.12 @@ -186,7 +188,7 @@
63.13 String SAMOA[] = new String[] {"Samoa Normalzeit", "SST",
63.14 "Samoa Sommerzeit", "SDT"};
63.15 String WST_SAMOA[] = new String[] {"West Samoa Zeit", "WST",
63.16 - "West Samoa Sommerzeit", "WSST"};
63.17 + "West Samoa Sommerzeit", "WSDT"};
63.18 String ChST[] = new String[] {"Chamorro Normalzeit", "ChST",
63.19 "Chamorro Sommerzeit", "ChDT"};
63.20 String VICTORIA[] = new String[] {"\u00d6stliche Normalzeit (Victoria)", "EST",
63.21 @@ -511,6 +513,7 @@
63.22 "Tadschikische Sommerzeit", "TJST"}},
63.23 {"Asia/Gaza", EET},
63.24 {"Asia/Harbin", CTT},
63.25 + {"Asia/Hebron", EET},
63.26 {"Asia/Ho_Chi_Minh", ICT},
63.27 {"Asia/Hong_Kong", HKT},
63.28 {"Asia/Hovd", new String[] {"Hovd Zeit", "HOVT",
63.29 @@ -674,9 +677,8 @@
63.30 {"Europe/Isle_of_Man", GMTBST},
63.31 {"Europe/Istanbul", EET},
63.32 {"Europe/Jersey", GMTBST},
63.33 - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
63.34 - "Kaliningrad Summer Time", "KALST"}},
63.35 - {"Europe/Kiev", EET},
63.36 + {"Europe/Kaliningrad", FET},
63.37 + {"Europe/Kiev", FET},
63.38 {"Europe/Lisbon", WET},
63.39 {"Europe/Ljubljana", CET},
63.40 {"Europe/London", GMTBST},
63.41 @@ -684,7 +686,7 @@
63.42 {"Europe/Madrid", CET},
63.43 {"Europe/Malta", CET},
63.44 {"Europe/Mariehamn", EET},
63.45 - {"Europe/Minsk", EET},
63.46 + {"Europe/Minsk", FET},
63.47 {"Europe/Monaco", CET},
63.48 {"Europe/Moscow", MSK},
63.49 {"Europe/Nicosia", EET},
63.50 @@ -697,14 +699,14 @@
63.51 "Samarische Sommerzeit", "SAMST"}},
63.52 {"Europe/San_Marino", CET},
63.53 {"Europe/Sarajevo", CET},
63.54 - {"Europe/Simferopol", EET},
63.55 + {"Europe/Simferopol", FET},
63.56 {"Europe/Skopje", CET},
63.57 {"Europe/Sofia", EET},
63.58 {"Europe/Stockholm", CET},
63.59 {"Europe/Tallinn", EET},
63.60 {"Europe/Tirane", CET},
63.61 {"Europe/Tiraspol", EET},
63.62 - {"Europe/Uzhgorod", EET},
63.63 + {"Europe/Uzhgorod", FET},
63.64 {"Europe/Vaduz", CET},
63.65 {"Europe/Vatican", CET},
63.66 {"Europe/Vienna", CET},
63.67 @@ -713,7 +715,7 @@
63.68 "Wolgograder Sommerzeit", "VOLST"}},
63.69 {"Europe/Warsaw", CET},
63.70 {"Europe/Zagreb", CET},
63.71 - {"Europe/Zaporozhye", EET},
63.72 + {"Europe/Zaporozhye", FET},
63.73 {"Europe/Zurich", CET},
63.74 {"GB", GMTBST},
63.75 {"GB-Eire", GMTBST},
64.1 --- a/src/share/classes/sun/util/resources/TimeZoneNames_es.java Thu Oct 27 13:54:42 2011 -0700
64.2 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_es.java Fri Oct 28 17:49:02 2011 -0700
64.3 @@ -103,6 +103,8 @@
64.4 "Hora de verano Oriental", "EDT"};
64.5 String EST_NSW[] = new String[] {"Hora est\u00e1ndar Oriental (Nueva Gales del Sur)", "EST",
64.6 "Hora de verano Oriental (Nueva Gales del Sur)", "EST"};
64.7 + String FET[] = new String[] {"Further-eastern European Time", "FET",
64.8 + "Further-eastern European Summer Time", "FEST"};
64.9 String GHMT[] = new String[] {"Hora central de Ghana", "GMT",
64.10 "Hora de verano de Ghana", "GHST"};
64.11 String GAMBIER[] = new String[] {"Hora de Gambier", "GAMT",
64.12 @@ -186,7 +188,7 @@
64.13 String SAMOA[] = new String[] {"Hora est\u00e1ndar de Samoa", "SST",
64.14 "Hora de verano de Samoa", "SDT"};
64.15 String WST_SAMOA[] = new String[] {"Hora de Samoa Occidental", "WST",
64.16 - "Hora de verano de Samoa Occidental", "WSST"};
64.17 + "Hora de verano de Samoa Occidental", "WSDT"};
64.18 String ChST[] = new String[] {"Hora est\u00e1ndar de Chamorro", "ChST",
64.19 "Hora de verano de Chamorro", "ChDT"};
64.20 String VICTORIA[] = new String[] {"Hora est\u00e1ndar del Este (Victoria)", "EST",
64.21 @@ -511,6 +513,7 @@
64.22 "Hora de verano de Tajikist\u00e1n", "TJST"}},
64.23 {"Asia/Gaza", EET},
64.24 {"Asia/Harbin", CTT},
64.25 + {"Asia/Hebron", EET},
64.26 {"Asia/Ho_Chi_Minh", ICT},
64.27 {"Asia/Hong_Kong", HKT},
64.28 {"Asia/Hovd", new String[] {"Hora de Hovd", "HOVT",
64.29 @@ -674,9 +677,8 @@
64.30 {"Europe/Isle_of_Man", GMTBST},
64.31 {"Europe/Istanbul", EET},
64.32 {"Europe/Jersey", GMTBST},
64.33 - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
64.34 - "Kaliningrad Summer Time", "KALST"}},
64.35 - {"Europe/Kiev", EET},
64.36 + {"Europe/Kaliningrad", FET},
64.37 + {"Europe/Kiev", FET},
64.38 {"Europe/Lisbon", WET},
64.39 {"Europe/Ljubljana", CET},
64.40 {"Europe/London", GMTBST},
64.41 @@ -684,7 +686,7 @@
64.42 {"Europe/Madrid", CET},
64.43 {"Europe/Malta", CET},
64.44 {"Europe/Mariehamn", EET},
64.45 - {"Europe/Minsk", EET},
64.46 + {"Europe/Minsk", FET},
64.47 {"Europe/Monaco", CET},
64.48 {"Europe/Moscow", MSK},
64.49 {"Europe/Nicosia", EET},
64.50 @@ -697,14 +699,14 @@
64.51 "Hora de verano de Samara", "SAMST"}},
64.52 {"Europe/San_Marino", CET},
64.53 {"Europe/Sarajevo", CET},
64.54 - {"Europe/Simferopol", EET},
64.55 + {"Europe/Simferopol", FET},
64.56 {"Europe/Skopje", CET},
64.57 {"Europe/Sofia", EET},
64.58 {"Europe/Stockholm", CET},
64.59 {"Europe/Tallinn", EET},
64.60 {"Europe/Tirane", CET},
64.61 {"Europe/Tiraspol", EET},
64.62 - {"Europe/Uzhgorod", EET},
64.63 + {"Europe/Uzhgorod", FET},
64.64 {"Europe/Vaduz", CET},
64.65 {"Europe/Vatican", CET},
64.66 {"Europe/Vienna", CET},
64.67 @@ -713,7 +715,7 @@
64.68 "Hora de verano de Volgogrado", "VOLST"}},
64.69 {"Europe/Warsaw", CET},
64.70 {"Europe/Zagreb", CET},
64.71 - {"Europe/Zaporozhye", EET},
64.72 + {"Europe/Zaporozhye", FET},
64.73 {"Europe/Zurich", CET},
64.74 {"GB", GMTBST},
64.75 {"GB-Eire", GMTBST},
65.1 --- a/src/share/classes/sun/util/resources/TimeZoneNames_fr.java Thu Oct 27 13:54:42 2011 -0700
65.2 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_fr.java Fri Oct 28 17:49:02 2011 -0700
65.3 @@ -103,6 +103,8 @@
65.4 "Heure avanc\u00e9e de l'Est", "EDT"} ;
65.5 String EST_NSW[] = new String[] {"Heure normale de l'Est (Nouvelle-Galles du Sud)", "EST",
65.6 "Heure d'\u00e9t\u00e9 de l'Est (Nouvelle-Galles du Sud)", "EST"} ;
65.7 + String FET[] = new String[] {"Further-eastern European Time", "FET",
65.8 + "Further-eastern European Summer Time", "FEST"};
65.9 String GHMT[] = new String[] {"Heure du Ghana", "GMT",
65.10 "Heure d'\u00e9t\u00e9 du Ghana", "GHST"};
65.11 String GAMBIER[] = new String[] {"Heure de Gambi", "GAMT",
65.12 @@ -186,7 +188,7 @@
65.13 String SAMOA[] = new String[] {"Heure standard de Samoa", "SST",
65.14 "Heure avanc\u00e9e de Samoa", "SDT"};
65.15 String WST_SAMOA[] = new String[] {"Heure des Samoas occidentales", "WST",
65.16 - "Heure d'\u00e9t\u00e9 des Samoas occidentales", "WSST"} ;
65.17 + "Heure d'\u00e9t\u00e9 des Samoas occidentales", "WSDT"} ;
65.18 String ChST[] = new String[] {"Heure normale des \u00eeles Mariannes", "ChST",
65.19 "Heure d'\u00e9t\u00e9 des \u00eeles Mariannes", "ChDT"};
65.20 String VICTORIA[] = new String[] {"Heure standard d'Australie orientale (Victoria)", "EST",
65.21 @@ -511,6 +513,7 @@
65.22 "Heure d'\u00e9t\u00e9 du Tadjikistan", "TJST"}},
65.23 {"Asia/Gaza", EET},
65.24 {"Asia/Harbin", CTT},
65.25 + {"Asia/Hebron", EET},
65.26 {"Asia/Ho_Chi_Minh", ICT},
65.27 {"Asia/Hong_Kong", HKT},
65.28 {"Asia/Hovd", new String[] {"Heure de Hovd", "HOVT",
65.29 @@ -674,9 +677,8 @@
65.30 {"Europe/Isle_of_Man", GMTBST},
65.31 {"Europe/Istanbul", EET},
65.32 {"Europe/Jersey", GMTBST},
65.33 - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
65.34 - "Kaliningrad Summer Time", "KALST"}},
65.35 - {"Europe/Kiev", EET},
65.36 + {"Europe/Kaliningrad", FET},
65.37 + {"Europe/Kiev", FET},
65.38 {"Europe/Lisbon", WET},
65.39 {"Europe/Ljubljana", CET},
65.40 {"Europe/London", GMTBST},
65.41 @@ -684,7 +686,7 @@
65.42 {"Europe/Madrid", CET},
65.43 {"Europe/Malta", CET},
65.44 {"Europe/Mariehamn", EET},
65.45 - {"Europe/Minsk", EET},
65.46 + {"Europe/Minsk", FET},
65.47 {"Europe/Monaco", CET},
65.48 {"Europe/Moscow", MSK},
65.49 {"Europe/Nicosia", EET},
65.50 @@ -697,14 +699,14 @@
65.51 "Heure d'\u00e9t\u00e9 de Samara", "SAMST"}},
65.52 {"Europe/San_Marino", CET},
65.53 {"Europe/Sarajevo", CET},
65.54 - {"Europe/Simferopol", EET},
65.55 + {"Europe/Simferopol", FET},
65.56 {"Europe/Skopje", CET},
65.57 {"Europe/Sofia", EET},
65.58 {"Europe/Stockholm", CET},
65.59 {"Europe/Tallinn", EET},
65.60 {"Europe/Tirane", CET},
65.61 {"Europe/Tiraspol", EET},
65.62 - {"Europe/Uzhgorod", EET},
65.63 + {"Europe/Uzhgorod", FET},
65.64 {"Europe/Vaduz", CET},
65.65 {"Europe/Vatican", CET},
65.66 {"Europe/Vienna", CET},
65.67 @@ -713,7 +715,7 @@
65.68 "Heure d'\u00e9t\u00e9 de Volgograd", "VOLST"}},
65.69 {"Europe/Warsaw", CET},
65.70 {"Europe/Zagreb", CET},
65.71 - {"Europe/Zaporozhye", EET},
65.72 + {"Europe/Zaporozhye", FET},
65.73 {"Europe/Zurich", CET},
65.74 {"GB", GMTBST},
65.75 {"GB-Eire", GMTBST},
66.1 --- a/src/share/classes/sun/util/resources/TimeZoneNames_it.java Thu Oct 27 13:54:42 2011 -0700
66.2 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_it.java Fri Oct 28 17:49:02 2011 -0700
66.3 @@ -103,6 +103,8 @@
66.4 "Ora legale USA orientale", "EDT"};
66.5 String EST_NSW[] = new String[] {"Ora solare dell'Australia orientale (Nuovo Galles del Sud)", "EST",
66.6 "Ora estiva dell'Australia orientale (Nuovo Galles del Sud)", "EST"};
66.7 + String FET[] = new String[] {"Further-eastern European Time", "FET",
66.8 + "Further-eastern European Summer Time", "FEST"};
66.9 String GHMT[] = new String[] {"Ora media del Ghana", "GMT",
66.10 "Ora legale del Ghana", "GHST"};
66.11 String GAMBIER[] = new String[] {"Ora di Gambier", "GAMT",
66.12 @@ -186,7 +188,7 @@
66.13 String SAMOA[] = new String[] {"Ora standard di Samoa", "SST",
66.14 "Ora legale di Samoa", "SDT"};
66.15 String WST_SAMOA[] = new String[] {"Ora di Samoa", "WST",
66.16 - "Ora estiva di Samoa", "WSST"};
66.17 + "Ora estiva di Samoa", "WSDT"};
66.18 String ChST[] = new String[] {"Ora standard di Chamorro", "ChST",
66.19 "Ora legale di Chamorro", "ChDT"};
66.20 String VICTORIA[] = new String[] {"Ora orientale standard (Victoria)", "EST",
66.21 @@ -511,6 +513,7 @@
66.22 "Ora estiva del Tagikistan", "TJST"}},
66.23 {"Asia/Gaza", EET},
66.24 {"Asia/Harbin", CTT},
66.25 + {"Asia/Hebron", EET},
66.26 {"Asia/Ho_Chi_Minh", ICT},
66.27 {"Asia/Hong_Kong", HKT},
66.28 {"Asia/Hovd", new String[] {"Ora di Hovd", "HOVT",
66.29 @@ -674,9 +677,8 @@
66.30 {"Europe/Isle_of_Man", GMTBST},
66.31 {"Europe/Istanbul", EET},
66.32 {"Europe/Jersey", GMTBST},
66.33 - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
66.34 - "Kaliningrad Summer Time", "KALST"}},
66.35 - {"Europe/Kiev", EET},
66.36 + {"Europe/Kaliningrad", FET},
66.37 + {"Europe/Kiev", FET},
66.38 {"Europe/Lisbon", WET},
66.39 {"Europe/Ljubljana", CET},
66.40 {"Europe/London", GMTBST},
66.41 @@ -684,7 +686,7 @@
66.42 {"Europe/Madrid", CET},
66.43 {"Europe/Malta", CET},
66.44 {"Europe/Mariehamn", EET},
66.45 - {"Europe/Minsk", EET},
66.46 + {"Europe/Minsk", FET},
66.47 {"Europe/Monaco", CET},
66.48 {"Europe/Moscow", MSK},
66.49 {"Europe/Nicosia", EET},
66.50 @@ -697,14 +699,14 @@
66.51 "Ora estiva di Samara", "SAMST"}},
66.52 {"Europe/San_Marino", CET},
66.53 {"Europe/Sarajevo", CET},
66.54 - {"Europe/Simferopol", EET},
66.55 + {"Europe/Simferopol", FET},
66.56 {"Europe/Skopje", CET},
66.57 {"Europe/Sofia", EET},
66.58 {"Europe/Stockholm", CET},
66.59 {"Europe/Tallinn", EET},
66.60 {"Europe/Tirane", CET},
66.61 {"Europe/Tiraspol", EET},
66.62 - {"Europe/Uzhgorod", EET},
66.63 + {"Europe/Uzhgorod", FET},
66.64 {"Europe/Vaduz", CET},
66.65 {"Europe/Vatican", CET},
66.66 {"Europe/Vienna", CET},
66.67 @@ -713,7 +715,7 @@
66.68 "Ora estiva di Volgograd", "VOLST"}},
66.69 {"Europe/Warsaw", CET},
66.70 {"Europe/Zagreb", CET},
66.71 - {"Europe/Zaporozhye", EET},
66.72 + {"Europe/Zaporozhye", FET},
66.73 {"Europe/Zurich", CET},
66.74 {"GB", GMTBST},
66.75 {"GB-Eire", GMTBST},
67.1 --- a/src/share/classes/sun/util/resources/TimeZoneNames_ja.java Thu Oct 27 13:54:42 2011 -0700
67.2 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_ja.java Fri Oct 28 17:49:02 2011 -0700
67.3 @@ -103,6 +103,8 @@
67.4 "\u6771\u90e8\u590f\u6642\u9593", "EDT"};
67.5 String EST_NSW[] = new String[] {"\u6771\u90e8\u6a19\u6e96\u6642 (\u30cb\u30e5\u30fc\u30b5\u30a6\u30b9\u30a6\u30a7\u30fc\u30eb\u30ba)", "EST",
67.6 "\u6771\u90e8\u590f\u6642\u9593 (\u30cb\u30e5\u30fc\u30b5\u30a6\u30b9\u30a6\u30a7\u30fc\u30eb\u30ba)", "EST"};
67.7 + String FET[] = new String[] {"Further-eastern European Time", "FET",
67.8 + "Further-eastern European Summer Time", "FEST"};
67.9 String GHMT[] = new String[] {"\u30ac\u30fc\u30ca\u6a19\u6e96\u6642", "GMT",
67.10 "\u30ac\u30fc\u30ca\u590f\u6642\u9593", "GHST"};
67.11 String GAMBIER[] = new String[] {"\u30ac\u30f3\u30d3\u30a2\u6642\u9593", "GAMT",
67.12 @@ -186,7 +188,7 @@
67.13 String SAMOA[] = new String[] {"\u30b5\u30e2\u30a2\u6a19\u6e96\u6642", "SST",
67.14 "\u30b5\u30e2\u30a2\u590f\u6642\u9593", "SDT"};
67.15 String WST_SAMOA[] = new String[] {"\u897f\u30b5\u30e2\u30a2\u6642\u9593", "WST",
67.16 - "\u897f\u30b5\u30e2\u30a2\u590f\u6642\u9593", "WSST"};
67.17 + "\u897f\u30b5\u30e2\u30a2\u590f\u6642\u9593", "WSDT"};
67.18 String ChST[] = new String[] {"\u30b0\u30a2\u30e0\u6a19\u6e96\u6642", "ChST",
67.19 "\u30b0\u30a2\u30e0\u590f\u6642\u9593", "ChDT"};
67.20 String VICTORIA[] = new String[] {"\u6771\u90e8\u6a19\u6e96\u6642 (\u30d3\u30af\u30c8\u30ea\u30a2)", "EST",
67.21 @@ -511,6 +513,7 @@
67.22 "\u30bf\u30b8\u30ad\u30b9\u30bf\u30f3\u590f\u6642\u9593", "TJST"}},
67.23 {"Asia/Gaza", EET},
67.24 {"Asia/Harbin", CTT},
67.25 + {"Asia/Hebron", EET},
67.26 {"Asia/Ho_Chi_Minh", ICT},
67.27 {"Asia/Hong_Kong", HKT},
67.28 {"Asia/Hovd", new String[] {"\u30db\u30d6\u30c9\u6642\u9593", "HOVT",
67.29 @@ -674,9 +677,8 @@
67.30 {"Europe/Isle_of_Man", GMTBST},
67.31 {"Europe/Istanbul", EET},
67.32 {"Europe/Jersey", GMTBST},
67.33 - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
67.34 - "Kaliningrad Summer Time", "KALST"}},
67.35 - {"Europe/Kiev", EET},
67.36 + {"Europe/Kaliningrad", FET},
67.37 + {"Europe/Kiev", FET},
67.38 {"Europe/Lisbon", WET},
67.39 {"Europe/Ljubljana", CET},
67.40 {"Europe/London", GMTBST},
67.41 @@ -684,7 +686,7 @@
67.42 {"Europe/Madrid", CET},
67.43 {"Europe/Malta", CET},
67.44 {"Europe/Mariehamn", EET},
67.45 - {"Europe/Minsk", EET},
67.46 + {"Europe/Minsk", FET},
67.47 {"Europe/Monaco", CET},
67.48 {"Europe/Moscow", MSK},
67.49 {"Europe/Nicosia", EET},
67.50 @@ -697,14 +699,14 @@
67.51 "\u30b5\u30de\u30e9\u590f\u6642\u9593", "SAMST"}},
67.52 {"Europe/San_Marino", CET},
67.53 {"Europe/Sarajevo", CET},
67.54 - {"Europe/Simferopol", EET},
67.55 + {"Europe/Simferopol", FET},
67.56 {"Europe/Skopje", CET},
67.57 {"Europe/Sofia", EET},
67.58 {"Europe/Stockholm", CET},
67.59 {"Europe/Tallinn", EET},
67.60 {"Europe/Tirane", CET},
67.61 {"Europe/Tiraspol", EET},
67.62 - {"Europe/Uzhgorod", EET},
67.63 + {"Europe/Uzhgorod", FET},
67.64 {"Europe/Vaduz", CET},
67.65 {"Europe/Vatican", CET},
67.66 {"Europe/Vienna", CET},
67.67 @@ -713,7 +715,7 @@
67.68 "\u30dc\u30eb\u30b4\u30b0\u30e9\u30fc\u30c9\u590f\u6642\u9593", "VOLST"}},
67.69 {"Europe/Warsaw", CET},
67.70 {"Europe/Zagreb", CET},
67.71 - {"Europe/Zaporozhye", EET},
67.72 + {"Europe/Zaporozhye", FET},
67.73 {"Europe/Zurich", CET},
67.74 {"GB", GMTBST},
67.75 {"GB-Eire", GMTBST},
68.1 --- a/src/share/classes/sun/util/resources/TimeZoneNames_ko.java Thu Oct 27 13:54:42 2011 -0700
68.2 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_ko.java Fri Oct 28 17:49:02 2011 -0700
68.3 @@ -103,6 +103,8 @@
68.4 "\ub3d9\ubd80 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "EDT"};
68.5 String EST_NSW[] = new String[] {"\ub3d9\ubd80 \ud45c\uc900\uc2dc(\ub274 \uc0ac\uc6b0\uc2a4 \uc6e8\uc77c\uc988)", "EST",
68.6 "\ub3d9\ubd80 \uc77c\uad11\uc808\uc57d\uc2dc\uac04(\ub274 \uc0ac\uc6b0\uc2a4 \uc6e8\uc77c\uc988)", "EST"};
68.7 + String FET[] = new String[] {"Further-eastern European Time", "FET",
68.8 + "Further-eastern European Summer Time", "FEST"};
68.9 String GHMT[] = new String[] {"\uac00\ub098 \ud45c\uc900\uc2dc", "GMT",
68.10 "\uac00\ub098 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "GHST"};
68.11 String GAMBIER[] = new String[] {"\uac10\ube44\uc544 \uc2dc\uac04", "GAMT",
68.12 @@ -186,7 +188,7 @@
68.13 String SAMOA[] = new String[] {"\uc0ac\ubaa8\uc544 \ud45c\uc900\uc2dc", "SST",
68.14 "\uc0ac\ubaa8\uc544 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "SDT"};
68.15 String WST_SAMOA[] = new String[] {"\uc11c\uc0ac\ubaa8\uc544 \uc2dc\uac04", "WST",
68.16 - "\uc11c\uc0ac\ubaa8\uc544 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "WSST"};
68.17 + "\uc11c\uc0ac\ubaa8\uc544 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "WSDT"};
68.18 String ChST[] = new String[] {"\ucc28\ubaa8\ub85c \ud45c\uc900\uc2dc", "ChST",
68.19 "\ucc28\ubaa8\ub85c \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "ChDT"};
68.20 String VICTORIA[] = new String[] {"\ub3d9\ubd80 \ud45c\uc900\uc2dc(\ube45\ud1a0\ub9ac\uc544)", "EST",
68.21 @@ -511,6 +513,7 @@
68.22 "\ud0c0\uc9c0\ud0a4\uc2a4\ud0c4 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "TJST"}},
68.23 {"Asia/Gaza", EET},
68.24 {"Asia/Harbin", CTT},
68.25 + {"Asia/Hebron", EET},
68.26 {"Asia/Ho_Chi_Minh", ICT},
68.27 {"Asia/Hong_Kong", HKT},
68.28 {"Asia/Hovd", new String[] {"Hovd \uc2dc\uac04", "HOVT",
68.29 @@ -674,9 +677,8 @@
68.30 {"Europe/Isle_of_Man", GMTBST},
68.31 {"Europe/Istanbul", EET},
68.32 {"Europe/Jersey", GMTBST},
68.33 - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
68.34 - "Kaliningrad Summer Time", "KALST"}},
68.35 - {"Europe/Kiev", EET},
68.36 + {"Europe/Kaliningrad", FET},
68.37 + {"Europe/Kiev", FET},
68.38 {"Europe/Lisbon", WET},
68.39 {"Europe/Ljubljana", CET},
68.40 {"Europe/London", GMTBST},
68.41 @@ -684,7 +686,7 @@
68.42 {"Europe/Madrid", CET},
68.43 {"Europe/Malta", CET},
68.44 {"Europe/Mariehamn", EET},
68.45 - {"Europe/Minsk", EET},
68.46 + {"Europe/Minsk", FET},
68.47 {"Europe/Monaco", CET},
68.48 {"Europe/Moscow", MSK},
68.49 {"Europe/Nicosia", EET},
68.50 @@ -697,14 +699,14 @@
68.51 "\uc0ac\ub9c8\ub77c \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "SAMST"}},
68.52 {"Europe/San_Marino", CET},
68.53 {"Europe/Sarajevo", CET},
68.54 - {"Europe/Simferopol", EET},
68.55 + {"Europe/Simferopol", FET},
68.56 {"Europe/Skopje", CET},
68.57 {"Europe/Sofia", EET},
68.58 {"Europe/Stockholm", CET},
68.59 {"Europe/Tallinn", EET},
68.60 {"Europe/Tirane", CET},
68.61 {"Europe/Tiraspol", EET},
68.62 - {"Europe/Uzhgorod", EET},
68.63 + {"Europe/Uzhgorod", FET},
68.64 {"Europe/Vaduz", CET},
68.65 {"Europe/Vatican", CET},
68.66 {"Europe/Vienna", CET},
68.67 @@ -713,7 +715,7 @@
68.68 "\ubcfc\uace0\uadf8\ub77c\ub4dc \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "VOLST"}},
68.69 {"Europe/Warsaw", CET},
68.70 {"Europe/Zagreb", CET},
68.71 - {"Europe/Zaporozhye", EET},
68.72 + {"Europe/Zaporozhye", FET},
68.73 {"Europe/Zurich", CET},
68.74 {"GB", GMTBST},
68.75 {"GB-Eire", GMTBST},
69.1 --- a/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java Thu Oct 27 13:54:42 2011 -0700
69.2 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java Fri Oct 28 17:49:02 2011 -0700
69.3 @@ -101,6 +101,8 @@
69.4 "Hor\u00e1rio de luz natural oriental", "EDT"};
69.5 String EST_NSW[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o oriental (Nova Gales do Sul)", "EST",
69.6 "Fuso hor\u00e1rio de ver\u00e3o oriental (Nova Gales do Sul)", "EST"};
69.7 + String FET[] = new String[] {"Further-eastern European Time", "FET",
69.8 + "Further-eastern European Summer Time", "FEST"};
69.9 String GHMT[] = new String[] {"Fuso hor\u00e1rio do meridiano de Gana", "GMT",
69.10 "Fuso hor\u00e1rio de ver\u00e3o de Gana", "GHST"};
69.11 String GAMBIER[] = new String[] {"Fuso hor\u00e1rio de Gambier", "GAMT",
69.12 @@ -184,7 +186,7 @@
69.13 String SAMOA[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o de Samoa", "SST",
69.14 "Hor\u00e1rio de luz natural de Samoa", "SDT"};
69.15 String WST_SAMOA[] = new String[] {"Fuso hor\u00e1rio de Samoa Ocidental", "WST",
69.16 - "Fuso hor\u00e1rio de ver\u00e3o de Samoa Ocidental", "WSST"};
69.17 + "Fuso hor\u00e1rio de ver\u00e3o de Samoa Ocidental", "WSDT"};
69.18 String ChST[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o de Chamorro", "ChST",
69.19 "Hor\u00e1rio de luz natural de Chamorro", "ChDT"};
69.20 String VICTORIA[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o oriental (Victoria)", "EST",
69.21 @@ -511,6 +513,7 @@
69.22 "Fuso hor\u00e1rio de ver\u00e3o do Tadjiquist\u00e3o", "TJST"}},
69.23 {"Asia/Gaza", EET},
69.24 {"Asia/Harbin", CTT},
69.25 + {"Asia/Hebron", EET},
69.26 {"Asia/Ho_Chi_Minh", ICT},
69.27 {"Asia/Hong_Kong", HKT},
69.28 {"Asia/Hovd", new String[] {"Fuso hor\u00e1rio de Hovd", "HOVT",
69.29 @@ -674,9 +677,8 @@
69.30 {"Europe/Isle_of_Man", GMTBST},
69.31 {"Europe/Istanbul", EET},
69.32 {"Europe/Jersey", GMTBST},
69.33 - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
69.34 - "Kaliningrad Summer Time", "KALST"}},
69.35 - {"Europe/Kiev", EET},
69.36 + {"Europe/Kaliningrad", FET},
69.37 + {"Europe/Kiev", FET},
69.38 {"Europe/Lisbon", WET},
69.39 {"Europe/Ljubljana", CET},
69.40 {"Europe/London", GMTBST},
69.41 @@ -684,7 +686,7 @@
69.42 {"Europe/Madrid", CET},
69.43 {"Europe/Malta", CET},
69.44 {"Europe/Mariehamn", EET},
69.45 - {"Europe/Minsk", EET},
69.46 + {"Europe/Minsk", FET},
69.47 {"Europe/Monaco", CET},
69.48 {"Europe/Moscow", MSK},
69.49 {"Europe/Nicosia", EET},
69.50 @@ -697,14 +699,14 @@
69.51 "Fuso hor\u00e1rio de ver\u00e3o de Samara", "SAMST"}},
69.52 {"Europe/San_Marino", CET},
69.53 {"Europe/Sarajevo", CET},
69.54 - {"Europe/Simferopol", EET},
69.55 + {"Europe/Simferopol", FET},
69.56 {"Europe/Skopje", CET},
69.57 {"Europe/Sofia", EET},
69.58 {"Europe/Stockholm", CET},
69.59 {"Europe/Tallinn", EET},
69.60 {"Europe/Tirane", CET},
69.61 {"Europe/Tiraspol", EET},
69.62 - {"Europe/Uzhgorod", EET},
69.63 + {"Europe/Uzhgorod", FET},
69.64 {"Europe/Vaduz", CET},
69.65 {"Europe/Vatican", CET},
69.66 {"Europe/Vienna", CET},
69.67 @@ -713,7 +715,7 @@
69.68 "Fuso hor\u00e1rio de ver\u00e3o de Volgogrado", "VOLST"}},
69.69 {"Europe/Warsaw", CET},
69.70 {"Europe/Zagreb", CET},
69.71 - {"Europe/Zaporozhye", EET},
69.72 + {"Europe/Zaporozhye", FET},
69.73 {"Europe/Zurich", CET},
69.74 {"GB", GMTBST},
69.75 {"GB-Eire", GMTBST},
70.1 --- a/src/share/classes/sun/util/resources/TimeZoneNames_sv.java Thu Oct 27 13:54:42 2011 -0700
70.2 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_sv.java Fri Oct 28 17:49:02 2011 -0700
70.3 @@ -103,6 +103,8 @@
70.4 "Eastern, sommartid", "EDT"};
70.5 String EST_NSW[] = new String[] {"Eastern, normaltid (Nya Sydwales)", "EST",
70.6 "Eastern, sommartid (Nya Sydwales)", "EST"};
70.7 + String FET[] = new String[] {"Further-eastern European Time", "FET",
70.8 + "Further-eastern European Summer Time", "FEST"};
70.9 String GHMT[] = new String[] {"Ghana, normaltid", "GMT",
70.10 "Ghana, sommartid", "GHST"};
70.11 String GAMBIER[] = new String[] {"Gambier, normaltid", "GAMT",
70.12 @@ -186,7 +188,7 @@
70.13 String SAMOA[] = new String[] {"Samoa, normaltid", "SST",
70.14 "Samoa, sommartid", "SDT"};
70.15 String WST_SAMOA[] = new String[] {"V\u00e4stsamoansk tid", "WST",
70.16 - "V\u00e4stsamoansk sommartid", "WSST"};
70.17 + "V\u00e4stsamoansk sommartid", "WSDT"};
70.18 String ChST[] = new String[] {"Chamorro, normaltid", "ChST",
70.19 "Chamorro, sommartid", "ChDT"};
70.20 String VICTORIA[] = new String[] {"\u00d6stlig normaltid (Victoria)", "EST",
70.21 @@ -511,6 +513,7 @@
70.22 "Tadzjikistan, sommartid", "TJST"}},
70.23 {"Asia/Gaza", EET},
70.24 {"Asia/Harbin", CTT},
70.25 + {"Asia/Hebron", EET},
70.26 {"Asia/Ho_Chi_Minh", ICT},
70.27 {"Asia/Hong_Kong", HKT},
70.28 {"Asia/Hovd", new String[] {"Hovd, normaltid", "HOVT",
70.29 @@ -674,9 +677,8 @@
70.30 {"Europe/Isle_of_Man", GMTBST},
70.31 {"Europe/Istanbul", EET},
70.32 {"Europe/Jersey", GMTBST},
70.33 - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
70.34 - "Kaliningrad Summer Time", "KALST"}},
70.35 - {"Europe/Kiev", EET},
70.36 + {"Europe/Kaliningrad", FET},
70.37 + {"Europe/Kiev", FET},
70.38 {"Europe/Lisbon", WET},
70.39 {"Europe/Ljubljana", CET},
70.40 {"Europe/London", GMTBST},
70.41 @@ -684,7 +686,7 @@
70.42 {"Europe/Madrid", CET},
70.43 {"Europe/Malta", CET},
70.44 {"Europe/Mariehamn", EET},
70.45 - {"Europe/Minsk", EET},
70.46 + {"Europe/Minsk", FET},
70.47 {"Europe/Monaco", CET},
70.48 {"Europe/Moscow", MSK},
70.49 {"Europe/Nicosia", EET},
70.50 @@ -697,14 +699,14 @@
70.51 "Samara, sommartid", "SAMST"}},
70.52 {"Europe/San_Marino", CET},
70.53 {"Europe/Sarajevo", CET},
70.54 - {"Europe/Simferopol", EET},
70.55 + {"Europe/Simferopol", FET},
70.56 {"Europe/Skopje", CET},
70.57 {"Europe/Sofia", EET},
70.58 {"Europe/Stockholm", CET},
70.59 {"Europe/Tallinn", EET},
70.60 {"Europe/Tirane", CET},
70.61 {"Europe/Tiraspol", EET},
70.62 - {"Europe/Uzhgorod", EET},
70.63 + {"Europe/Uzhgorod", FET},
70.64 {"Europe/Vaduz", CET},
70.65 {"Europe/Vatican", CET},
70.66 {"Europe/Vienna", CET},
70.67 @@ -713,7 +715,7 @@
70.68 "Volgograd, sommartid", "VOLST"}},
70.69 {"Europe/Warsaw", CET},
70.70 {"Europe/Zagreb", CET},
70.71 - {"Europe/Zaporozhye", EET},
70.72 + {"Europe/Zaporozhye", FET},
70.73 {"Europe/Zurich", CET},
70.74 {"GB", GMTBST},
70.75 {"GB-Eire", GMTBST},
71.1 --- a/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java Thu Oct 27 13:54:42 2011 -0700
71.2 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java Fri Oct 28 17:49:02 2011 -0700
71.3 @@ -103,6 +103,8 @@
71.4 "\u4e1c\u90e8\u590f\u4ee4\u65f6", "EDT"};
71.5 String EST_NSW[] = new String[] {"\u4e1c\u90e8\u6807\u51c6\u65f6\u95f4\uff08\u65b0\u5357\u5a01\u5c14\u65af\uff09", "EST",
71.6 "\u4e1c\u90e8\u590f\u4ee4\u65f6\uff08\u65b0\u5357\u5a01\u5c14\u65af\uff09", "EST"};
71.7 + String FET[] = new String[] {"Further-eastern European Time", "FET",
71.8 + "Further-eastern European Summer Time", "FEST"};
71.9 String GHMT[] = new String[] {"\u52a0\u7eb3\u65f6\u95f4", "GMT",
71.10 "\u52a0\u7eb3\u590f\u4ee4\u65f6", "GHST"};
71.11 String GAMBIER[] = new String[] {"\u5188\u6bd4\u4e9a\u65f6\u95f4", "GAMT",
71.12 @@ -186,7 +188,7 @@
71.13 String SAMOA[] = new String[] {"\u8428\u6469\u4e9a\u7fa4\u5c9b\u6807\u51c6\u65f6\u95f4", "SST",
71.14 "\u8428\u6469\u4e9a\u7fa4\u5c9b\u590f\u4ee4\u65f6", "SDT"};
71.15 String WST_SAMOA[] = new String[] {"\u897f\u8428\u6469\u4e9a\u65f6\u95f4", "WST",
71.16 - "\u897f\u8428\u6469\u4e9a\u590f\u4ee4\u65f6", "WSST"};
71.17 + "\u897f\u8428\u6469\u4e9a\u590f\u4ee4\u65f6", "WSDT"};
71.18 String ChST[] = new String[] {"Chamorro \u6807\u51c6\u65f6\u95f4", "ChST",
71.19 "Chamorro \u590f\u4ee4\u65f6", "ChDT"};
71.20 String VICTORIA[] = new String[] {"\u4e1c\u90e8\u6807\u51c6\u65f6\u95f4\uff08\u7ef4\u591a\u5229\u4e9a\uff09", "EST",
71.21 @@ -511,6 +513,7 @@
71.22 "\u5854\u5409\u514b\u65af\u5766\u590f\u4ee4\u65f6", "TJST"}},
71.23 {"Asia/Gaza", EET},
71.24 {"Asia/Harbin", CTT},
71.25 + {"Asia/Hebron", EET},
71.26 {"Asia/Ho_Chi_Minh", ICT},
71.27 {"Asia/Hong_Kong", HKT},
71.28 {"Asia/Hovd", new String[] {"\u79d1\u5e03\u591a\u65f6\u95f4", "HOVT",
71.29 @@ -674,9 +677,8 @@
71.30 {"Europe/Isle_of_Man", GMTBST},
71.31 {"Europe/Istanbul", EET},
71.32 {"Europe/Jersey", GMTBST},
71.33 - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
71.34 - "Kaliningrad Summer Time", "KALST"}},
71.35 - {"Europe/Kiev", EET},
71.36 + {"Europe/Kaliningrad", FET},
71.37 + {"Europe/Kiev", FET},
71.38 {"Europe/Lisbon", WET},
71.39 {"Europe/Ljubljana", CET},
71.40 {"Europe/London", GMTBST},
71.41 @@ -684,7 +686,7 @@
71.42 {"Europe/Madrid", CET},
71.43 {"Europe/Malta", CET},
71.44 {"Europe/Mariehamn", EET},
71.45 - {"Europe/Minsk", EET},
71.46 + {"Europe/Minsk", FET},
71.47 {"Europe/Monaco", CET},
71.48 {"Europe/Moscow", MSK},
71.49 {"Europe/Nicosia", EET},
71.50 @@ -697,14 +699,14 @@
71.51 "\u6c99\u9a6c\u62c9\u590f\u4ee4\u65f6", "SAMST"}},
71.52 {"Europe/San_Marino", CET},
71.53 {"Europe/Sarajevo", CET},
71.54 - {"Europe/Simferopol", EET},
71.55 + {"Europe/Simferopol", FET},
71.56 {"Europe/Skopje", CET},
71.57 {"Europe/Sofia", EET},
71.58 {"Europe/Stockholm", CET},
71.59 {"Europe/Tallinn", EET},
71.60 {"Europe/Tirane", CET},
71.61 {"Europe/Tiraspol", EET},
71.62 - {"Europe/Uzhgorod", EET},
71.63 + {"Europe/Uzhgorod", FET},
71.64 {"Europe/Vaduz", CET},
71.65 {"Europe/Vatican", CET},
71.66 {"Europe/Vienna", CET},
71.67 @@ -713,7 +715,7 @@
71.68 "\u4f0f\u5c14\u52a0\u683c\u52d2\u590f\u4ee4\u65f6", "VOLST"}},
71.69 {"Europe/Warsaw", CET},
71.70 {"Europe/Zagreb", CET},
71.71 - {"Europe/Zaporozhye", EET},
71.72 + {"Europe/Zaporozhye", FET},
71.73 {"Europe/Zurich", CET},
71.74 {"GB", GMTBST},
71.75 {"GB-Eire", GMTBST},
72.1 --- a/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java Thu Oct 27 13:54:42 2011 -0700
72.2 +++ b/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java Fri Oct 28 17:49:02 2011 -0700
72.3 @@ -103,6 +103,8 @@
72.4 "\u6771\u65b9\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "EDT"};
72.5 String EST_NSW[] = new String[] {"\u6771\u65b9\u6a19\u6e96\u6642\u9593 (\u65b0\u5357\u5a01\u723e\u65af)", "EST",
72.6 "\u6771\u65b9\u590f\u4ee4\u6642\u9593 (\u65b0\u5357\u5a01\u723e\u65af)", "EST"};
72.7 + String FET[] = new String[] {"Further-eastern European Time", "FET",
72.8 + "Further-eastern European Summer Time", "FEST"};
72.9 String GHMT[] = new String[] {"\u8fe6\u7d0d\u5e73\u5747\u6642\u9593", "GMT",
72.10 "\u8fe6\u7d0d\u590f\u4ee4\u6642\u9593", "GHST"};
72.11 String GAMBIER[] = new String[] {"\u7518\u6bd4\u723e\u6642\u9593", "GAMT",
72.12 @@ -186,7 +188,7 @@
72.13 String SAMOA[] = new String[] {"\u85a9\u6469\u4e9e\u6a19\u6e96\u6642\u9593", "SST",
72.14 "\u85a9\u6469\u4e9e\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "SDT"};
72.15 String WST_SAMOA[] = new String[] {"\u897f\u85a9\u6469\u4e9e\u6642\u9593", "WST",
72.16 - "\u897f\u85a9\u6469\u4e9e\u590f\u4ee4\u6642\u9593", "WSST"};
72.17 + "\u897f\u85a9\u6469\u4e9e\u590f\u4ee4\u6642\u9593", "WSDT"};
72.18 String ChST[] = new String[] {"\u67e5\u83ab\u6d1b\u6a19\u6e96\u6642\u9593", "ChST",
72.19 "\u67e5\u83ab\u6d1b\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "ChDT"};
72.20 String VICTORIA[] = new String[] {"\u6771\u90e8\u6a19\u6e96\u6642\u9593 (\u7dad\u591a\u5229\u4e9e\u90a6)", "EST",
72.21 @@ -511,6 +513,7 @@
72.22 "\u5854\u5409\u514b\u590f\u4ee4\u6642\u9593", "TJST"}},
72.23 {"Asia/Gaza", EET},
72.24 {"Asia/Harbin", CTT},
72.25 + {"Asia/Hebron", EET},
72.26 {"Asia/Ho_Chi_Minh", ICT},
72.27 {"Asia/Hong_Kong", HKT},
72.28 {"Asia/Hovd", new String[] {"\u4faf\u5fb7 (Hovd) \u6642\u9593", "HOVT",
72.29 @@ -675,9 +678,8 @@
72.30 {"Europe/Isle_of_Man", GMTBST},
72.31 {"Europe/Istanbul", EET},
72.32 {"Europe/Jersey", GMTBST},
72.33 - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT",
72.34 - "Kaliningrad Summer Time", "KALST"}},
72.35 - {"Europe/Kiev", EET},
72.36 + {"Europe/Kaliningrad", FET},
72.37 + {"Europe/Kiev", FET},
72.38 {"Europe/Lisbon", WET},
72.39 {"Europe/Ljubljana", CET},
72.40 {"Europe/London", GMTBST},
72.41 @@ -685,7 +687,7 @@
72.42 {"Europe/Madrid", CET},
72.43 {"Europe/Malta", CET},
72.44 {"Europe/Mariehamn", EET},
72.45 - {"Europe/Minsk", EET},
72.46 + {"Europe/Minsk", FET},
72.47 {"Europe/Monaco", CET},
72.48 {"Europe/Moscow", MSK},
72.49 {"Europe/Nicosia", EET},
72.50 @@ -698,14 +700,14 @@
72.51 "\u6c99\u99ac\u62c9\u590f\u4ee4\u6642\u9593", "SAMST"}},
72.52 {"Europe/San_Marino", CET},
72.53 {"Europe/Sarajevo", CET},
72.54 - {"Europe/Simferopol", EET},
72.55 + {"Europe/Simferopol", FET},
72.56 {"Europe/Skopje", CET},
72.57 {"Europe/Sofia", EET},
72.58 {"Europe/Stockholm", CET},
72.59 {"Europe/Tallinn", EET},
72.60 {"Europe/Tirane", CET},
72.61 {"Europe/Tiraspol", EET},
72.62 - {"Europe/Uzhgorod", EET},
72.63 + {"Europe/Uzhgorod", FET},
72.64 {"Europe/Vaduz", CET},
72.65 {"Europe/Vatican", CET},
72.66 {"Europe/Vienna", CET},
72.67 @@ -714,7 +716,7 @@
72.68 "\u4f0f\u723e\u52a0\u683c\u52d2\u590f\u4ee4\u6642\u9593", "VOLST"}},
72.69 {"Europe/Warsaw", CET},
72.70 {"Europe/Zagreb", CET},
72.71 - {"Europe/Zaporozhye", EET},
72.72 + {"Europe/Zaporozhye", FET},
72.73 {"Europe/Zurich", CET},
72.74 {"GB", GMTBST},
72.75 {"GB-Eire", GMTBST},
73.1 --- a/src/share/lib/security/sunpkcs11-solaris.cfg Thu Oct 27 13:54:42 2011 -0700
73.2 +++ b/src/share/lib/security/sunpkcs11-solaris.cfg Fri Oct 28 17:49:02 2011 -0700
73.3 @@ -11,6 +11,9 @@
73.4
73.5 handleStartupErrors = ignoreAll
73.6
73.7 +# Use the X9.63 encoding for EC points (do not wrap in an ASN.1 OctetString).
73.8 +useEcX963Encoding = true
73.9 +
73.10 attributes = compatibility
73.11
73.12 disabledMechanisms = {
74.1 --- a/src/share/native/java/io/ObjectInputStream.c Thu Oct 27 13:54:42 2011 -0700
74.2 +++ b/src/share/native/java/io/ObjectInputStream.c Fri Oct 28 17:49:02 2011 -0700
74.3 @@ -173,16 +173,3 @@
74.4 (*env)->ReleasePrimitiveArrayCritical(env, dst, doubles, 0);
74.5 }
74.6
74.7 -/*
74.8 - * Class: java_io_ObjectInputStream
74.9 - * Method: latestUserDefinedLoader
74.10 - * Signature: ()Ljava/lang/ClassLoader;
74.11 - *
74.12 - * Returns the first non-null class loader up the execution stack, or null
74.13 - * if only code from the null class loader is on the stack.
74.14 - */
74.15 -JNIEXPORT jobject JNICALL
74.16 -Java_java_io_ObjectInputStream_latestUserDefinedLoader(JNIEnv *env, jclass cls)
74.17 -{
74.18 - return JVM_LatestUserDefinedLoader(env);
74.19 -}
75.1 --- a/src/share/native/sun/misc/VM.c Thu Oct 27 13:54:42 2011 -0700
75.2 +++ b/src/share/native/sun/misc/VM.c Fri Oct 28 17:49:02 2011 -0700
75.3 @@ -111,6 +111,11 @@
75.4 get_thread_state_info(env, JAVA_THREAD_STATE_TERMINATED, values, names);
75.5 }
75.6
75.7 +JNIEXPORT jobject JNICALL
75.8 +Java_sun_misc_VM_latestUserDefinedLoader(JNIEnv *env, jclass cls) {
75.9 + return JVM_LatestUserDefinedLoader(env);
75.10 +}
75.11 +
75.12 typedef void (JNICALL *GetJvmVersionInfo_fp)(JNIEnv*, jvm_version_info*, size_t);
75.13
75.14 JNIEXPORT void JNICALL
76.1 --- a/src/share/native/sun/rmi/server/MarshalInputStream.c Thu Oct 27 13:54:42 2011 -0700
76.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
76.3 @@ -1,44 +0,0 @@
76.4 -/*
76.5 - * Copyright (c) 2000, Oracle and/or its affiliates. All rights reserved.
76.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
76.7 - *
76.8 - * This code is free software; you can redistribute it and/or modify it
76.9 - * under the terms of the GNU General Public License version 2 only, as
76.10 - * published by the Free Software Foundation. Oracle designates this
76.11 - * particular file as subject to the "Classpath" exception as provided
76.12 - * by Oracle in the LICENSE file that accompanied this code.
76.13 - *
76.14 - * This code is distributed in the hope that it will be useful, but WITHOUT
76.15 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
76.16 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
76.17 - * version 2 for more details (a copy is included in the LICENSE file that
76.18 - * accompanied this code).
76.19 - *
76.20 - * You should have received a copy of the GNU General Public License version
76.21 - * 2 along with this work; if not, write to the Free Software Foundation,
76.22 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
76.23 - *
76.24 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
76.25 - * or visit www.oracle.com if you need additional information or have any
76.26 - * questions.
76.27 - */
76.28 -
76.29 -#include "jni.h"
76.30 -#include "jvm.h"
76.31 -#include "jni_util.h"
76.32 -
76.33 -#include "sun_rmi_server_MarshalInputStream.h"
76.34 -
76.35 -/*
76.36 - * Class: sun_rmi_server_MarshalInputStream
76.37 - * Method: latestUserDefinedLoader
76.38 - * Signature: ()Ljava/lang/ClassLoader;
76.39 - *
76.40 - * Returns the first non-null class loader up the execution stack, or null
76.41 - * if only code from the null class loader is on the stack.
76.42 - */
76.43 -JNIEXPORT jobject JNICALL
76.44 -Java_sun_rmi_server_MarshalInputStream_latestUserDefinedLoader(JNIEnv *env, jclass cls)
76.45 -{
76.46 - return JVM_LatestUserDefinedLoader(env);
76.47 -}
77.1 --- a/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c Thu Oct 27 13:54:42 2011 -0700
77.2 +++ b/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c Fri Oct 28 17:49:02 2011 -0700
77.3 @@ -273,7 +273,7 @@
77.4 /* allocate memory for CK_VERSION pointer */
77.5 ckpVersion = (CK_VERSION_PTR) malloc(sizeof(CK_VERSION));
77.6 if (ckpVersion == NULL) {
77.7 - JNU_ThrowOutOfMemoryError(env, 0);
77.8 + throwOutOfMemoryError(env, 0);
77.9 return NULL;
77.10 }
77.11 ckpVersion->major = jByteToCKByte(jMajor);
77.12 @@ -326,7 +326,7 @@
77.13 /* allocate memory for CK_DATE pointer */
77.14 ckpDate = (CK_DATE *) malloc(sizeof(CK_DATE));
77.15 if (ckpDate == NULL) {
77.16 - JNU_ThrowOutOfMemoryError(env, 0);
77.17 + throwOutOfMemoryError(env, 0);
77.18 return NULL;
77.19 }
77.20
77.21 @@ -340,7 +340,7 @@
77.22 jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar));
77.23 if (jTempChars == NULL) {
77.24 free(ckpDate);
77.25 - JNU_ThrowOutOfMemoryError(env, 0);
77.26 + throwOutOfMemoryError(env, 0);
77.27 return NULL;
77.28 }
77.29 (*env)->GetCharArrayRegion(env, jYear, 0, ckLength, jTempChars);
77.30 @@ -364,7 +364,7 @@
77.31 jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar));
77.32 if (jTempChars == NULL) {
77.33 free(ckpDate);
77.34 - JNU_ThrowOutOfMemoryError(env, 0);
77.35 + throwOutOfMemoryError(env, 0);
77.36 return NULL;
77.37 }
77.38 (*env)->GetCharArrayRegion(env, jMonth, 0, ckLength, jTempChars);
77.39 @@ -388,7 +388,7 @@
77.40 jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar));
77.41 if (jTempChars == NULL) {
77.42 free(ckpDate);
77.43 - JNU_ThrowOutOfMemoryError(env, 0);
77.44 + throwOutOfMemoryError(env, 0);
77.45 return NULL;
77.46 }
77.47 (*env)->GetCharArrayRegion(env, jDay, 0, ckLength, jTempChars);
77.48 @@ -558,7 +558,7 @@
77.49 if (ckParam.pulOutputLen == NULL) {
77.50 free(ckParam.pSeed);
77.51 free(ckParam.pLabel);
77.52 - JNU_ThrowOutOfMemoryError(env, 0);
77.53 + throwOutOfMemoryError(env, 0);
77.54 return ckParam;
77.55 }
77.56 jByteArrayToCKByteArray(env, jOutput, &(ckParam.pOutput), ckParam.pulOutputLen);
77.57 @@ -665,7 +665,7 @@
77.58 if (ckParam.pReturnedKeyMaterial == NULL) {
77.59 free(ckParam.RandomInfo.pClientRandom);
77.60 free(ckParam.RandomInfo.pServerRandom);
77.61 - JNU_ThrowOutOfMemoryError(env, 0);
77.62 + throwOutOfMemoryError(env, 0);
77.63 return ckParam;
77.64 }
77.65
77.66 @@ -1013,7 +1013,7 @@
77.67
77.68 ckpParam = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR) malloc(sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS));
77.69 if (ckpParam == NULL) {
77.70 - JNU_ThrowOutOfMemoryError(env, 0);
77.71 + throwOutOfMemoryError(env, 0);
77.72 return;
77.73 }
77.74
77.75 @@ -1040,7 +1040,7 @@
77.76
77.77 ckpParam = (CK_SSL3_KEY_MAT_PARAMS_PTR) malloc(sizeof(CK_SSL3_KEY_MAT_PARAMS));
77.78 if (ckpParam == NULL) {
77.79 - JNU_ThrowOutOfMemoryError(env, 0);
77.80 + throwOutOfMemoryError(env, 0);
77.81 return;
77.82 }
77.83
77.84 @@ -1067,7 +1067,7 @@
77.85
77.86 ckpParam = (CK_TLS_PRF_PARAMS_PTR) malloc(sizeof(CK_TLS_PRF_PARAMS));
77.87 if (ckpParam == NULL) {
77.88 - JNU_ThrowOutOfMemoryError(env, 0);
77.89 + throwOutOfMemoryError(env, 0);
77.90 return;
77.91 }
77.92
77.93 @@ -1094,7 +1094,7 @@
77.94
77.95 ckpParam = (CK_AES_CTR_PARAMS_PTR) malloc(sizeof(CK_AES_CTR_PARAMS));
77.96 if (ckpParam == NULL) {
77.97 - JNU_ThrowOutOfMemoryError(env, 0);
77.98 + throwOutOfMemoryError(env, 0);
77.99 return;
77.100 }
77.101
77.102 @@ -1121,7 +1121,7 @@
77.103
77.104 ckpParam = (CK_RSA_PKCS_OAEP_PARAMS_PTR) malloc(sizeof(CK_RSA_PKCS_OAEP_PARAMS));
77.105 if (ckpParam == NULL) {
77.106 - JNU_ThrowOutOfMemoryError(env, 0);
77.107 + throwOutOfMemoryError(env, 0);
77.108 return;
77.109 }
77.110
77.111 @@ -1148,7 +1148,7 @@
77.112
77.113 ckpParam = (CK_PBE_PARAMS_PTR) malloc(sizeof(CK_PBE_PARAMS));
77.114 if (ckpParam == NULL) {
77.115 - JNU_ThrowOutOfMemoryError(env, 0);
77.116 + throwOutOfMemoryError(env, 0);
77.117 return;
77.118 }
77.119
77.120 @@ -1175,7 +1175,7 @@
77.121
77.122 ckpParam = (CK_PKCS5_PBKD2_PARAMS_PTR) malloc(sizeof(CK_PKCS5_PBKD2_PARAMS));
77.123 if (ckpParam == NULL) {
77.124 - JNU_ThrowOutOfMemoryError(env, 0);
77.125 + throwOutOfMemoryError(env, 0);
77.126 return;
77.127 }
77.128
77.129 @@ -1202,7 +1202,7 @@
77.130
77.131 ckpParam = (CK_RSA_PKCS_PSS_PARAMS_PTR) malloc(sizeof(CK_RSA_PKCS_PSS_PARAMS));
77.132 if (ckpParam == NULL) {
77.133 - JNU_ThrowOutOfMemoryError(env, 0);
77.134 + throwOutOfMemoryError(env, 0);
77.135 return;
77.136 }
77.137
77.138 @@ -1229,7 +1229,7 @@
77.139
77.140 ckpParam = (CK_ECDH1_DERIVE_PARAMS_PTR) malloc(sizeof(CK_ECDH1_DERIVE_PARAMS));
77.141 if (ckpParam == NULL) {
77.142 - JNU_ThrowOutOfMemoryError(env, 0);
77.143 + throwOutOfMemoryError(env, 0);
77.144 return;
77.145 }
77.146
77.147 @@ -1256,7 +1256,7 @@
77.148
77.149 ckpParam = (CK_ECDH2_DERIVE_PARAMS_PTR) malloc(sizeof(CK_ECDH2_DERIVE_PARAMS));
77.150 if (ckpParam == NULL) {
77.151 - JNU_ThrowOutOfMemoryError(env, 0);
77.152 + throwOutOfMemoryError(env, 0);
77.153 return;
77.154 }
77.155
77.156 @@ -1283,7 +1283,7 @@
77.157
77.158 ckpParam = (CK_X9_42_DH1_DERIVE_PARAMS_PTR) malloc(sizeof(CK_X9_42_DH1_DERIVE_PARAMS));
77.159 if (ckpParam == NULL) {
77.160 - JNU_ThrowOutOfMemoryError(env, 0);
77.161 + throwOutOfMemoryError(env, 0);
77.162 return;
77.163 }
77.164
77.165 @@ -1310,7 +1310,7 @@
77.166
77.167 ckpParam = (CK_X9_42_DH2_DERIVE_PARAMS_PTR) malloc(sizeof(CK_X9_42_DH2_DERIVE_PARAMS));
77.168 if (ckpParam == NULL) {
77.169 - JNU_ThrowOutOfMemoryError(env, 0);
77.170 + throwOutOfMemoryError(env, 0);
77.171 return;
77.172 }
77.173
78.1 --- a/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c Thu Oct 27 13:54:42 2011 -0700
78.2 +++ b/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c Fri Oct 28 17:49:02 2011 -0700
78.3 @@ -131,7 +131,7 @@
78.4 /* always use single part op, even for large data */
78.5 bufP = (CK_BYTE_PTR) malloc((size_t)jInLen);
78.6 if (bufP == NULL) {
78.7 - JNU_ThrowOutOfMemoryError(env, 0);
78.8 + throwOutOfMemoryError(env, 0);
78.9 return 0;
78.10 }
78.11 }
78.12 @@ -190,7 +190,7 @@
78.13 bufLen = min(MAX_HEAP_BUFFER_LEN, jInLen);
78.14 bufP = (CK_BYTE_PTR) malloc((size_t)bufLen);
78.15 if (bufP == NULL) {
78.16 - JNU_ThrowOutOfMemoryError(env, 0);
78.17 + throwOutOfMemoryError(env, 0);
78.18 return;
78.19 }
78.20 }
79.1 --- a/src/share/native/sun/security/pkcs11/wrapper/p11_dual.c Thu Oct 27 13:54:42 2011 -0700
79.2 +++ b/src/share/native/sun/security/pkcs11/wrapper/p11_dual.c Fri Oct 28 17:49:02 2011 -0700
79.3 @@ -92,7 +92,7 @@
79.4 ckpEncryptedPart = (CK_BYTE_PTR) malloc(ckEncryptedPartLength * sizeof(CK_BYTE));
79.5 if (ckpEncryptedPart == NULL) {
79.6 free(ckpPart);
79.7 - JNU_ThrowOutOfMemoryError(env, 0);
79.8 + throwOutOfMemoryError(env, 0);
79.9 return NULL;
79.10 }
79.11
79.12 @@ -144,7 +144,7 @@
79.13 ckpPart = (CK_BYTE_PTR) malloc(ckPartLength * sizeof(CK_BYTE));
79.14 if (ckpPart == NULL) {
79.15 free(ckpEncryptedPart);
79.16 - JNU_ThrowOutOfMemoryError(env, 0);
79.17 + throwOutOfMemoryError(env, 0);
79.18 return NULL;
79.19 }
79.20
79.21 @@ -196,7 +196,7 @@
79.22 ckpEncryptedPart = (CK_BYTE_PTR) malloc(ckEncryptedPartLength * sizeof(CK_BYTE));
79.23 if (ckpEncryptedPart == NULL) {
79.24 free(ckpPart);
79.25 - JNU_ThrowOutOfMemoryError(env, 0);
79.26 + throwOutOfMemoryError(env, 0);
79.27 return NULL;
79.28 }
79.29
79.30 @@ -248,7 +248,7 @@
79.31 ckpPart = (CK_BYTE_PTR) malloc(ckPartLength * sizeof(CK_BYTE));
79.32 if (ckpPart == NULL) {
79.33 free(ckpEncryptedPart);
79.34 - JNU_ThrowOutOfMemoryError(env, 0);
79.35 + throwOutOfMemoryError(env, 0);
79.36 return NULL;
79.37 }
79.38
80.1 --- a/src/share/native/sun/security/pkcs11/wrapper/p11_general.c Thu Oct 27 13:54:42 2011 -0700
80.2 +++ b/src/share/native/sun/security/pkcs11/wrapper/p11_general.c Fri Oct 28 17:49:02 2011 -0700
80.3 @@ -71,7 +71,10 @@
80.4 jclass jByteArrayClass;
80.5 jclass jLongClass;
80.6
80.7 +JavaVM* jvm = NULL;
80.8 +
80.9 JNIEXPORT jint JNICALL JNI_OnLoad(JavaVM *vm, void *reserved) {
80.10 + jvm = vm;
80.11 return JNI_VERSION_1_4;
80.12 }
80.13
80.14 @@ -351,7 +354,7 @@
80.15
80.16 ckpSlotList = (CK_SLOT_ID_PTR) malloc(ckTokenNumber * sizeof(CK_SLOT_ID));
80.17 if (ckpSlotList == NULL) {
80.18 - JNU_ThrowOutOfMemoryError(env, 0);
80.19 + throwOutOfMemoryError(env, 0);
80.20 return NULL;
80.21 }
80.22
80.23 @@ -652,7 +655,7 @@
80.24 ckpMechanismList = (CK_MECHANISM_TYPE_PTR)
80.25 malloc(ckMechanismNumber * sizeof(CK_MECHANISM_TYPE));
80.26 if (ckpMechanismList == NULL) {
80.27 - JNU_ThrowOutOfMemoryError(env, 0);
80.28 + throwOutOfMemoryError(env, 0);
80.29 return NULL;
80.30 }
80.31
81.1 --- a/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c Thu Oct 27 13:54:42 2011 -0700
81.2 +++ b/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c Fri Oct 28 17:49:02 2011 -0700
81.3 @@ -165,7 +165,7 @@
81.4 if (ckMechanism.pParameter != NULL_PTR) {
81.5 free(ckMechanism.pParameter);
81.6 }
81.7 - JNU_ThrowOutOfMemoryError(env, 0);
81.8 + throwOutOfMemoryError(env, 0);
81.9 return NULL;
81.10 }
81.11 ckpPublicKeyHandle = ckpKeyHandles; /* first element of array is Public Key */
81.12 @@ -253,7 +253,7 @@
81.13 if (ckMechanism.pParameter != NULL_PTR) {
81.14 free(ckMechanism.pParameter);
81.15 }
81.16 - JNU_ThrowOutOfMemoryError(env, 0);
81.17 + throwOutOfMemoryError(env, 0);
81.18 return NULL;
81.19 }
81.20
82.1 --- a/src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c Thu Oct 27 13:54:42 2011 -0700
82.2 +++ b/src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c Fri Oct 28 17:49:02 2011 -0700
82.3 @@ -92,7 +92,7 @@
82.4 /* convert the Java InitArgs object to a pointer to a CK_C_INITIALIZE_ARGS structure */
82.5 ckpInitArgs = (CK_C_INITIALIZE_ARGS_PTR) malloc(sizeof(CK_C_INITIALIZE_ARGS));
82.6 if (ckpInitArgs == NULL) {
82.7 - JNU_ThrowOutOfMemoryError(env, 0);
82.8 + throwOutOfMemoryError(env, 0);
82.9 return NULL_PTR;
82.10 }
82.11
82.12 @@ -141,7 +141,7 @@
82.13 ckpGlobalInitArgs = (CK_C_INITIALIZE_ARGS_PTR) malloc(sizeof(CK_C_INITIALIZE_ARGS));
82.14 if (ckpGlobalInitArgs == NULL) {
82.15 free(ckpInitArgs);
82.16 - JNU_ThrowOutOfMemoryError(env, 0);
82.17 + throwOutOfMemoryError(env, 0);
82.18 return NULL_PTR;
82.19 }
82.20
82.21 @@ -178,9 +178,8 @@
82.22 */
82.23 CK_RV callJCreateMutex(CK_VOID_PTR_PTR ppMutex)
82.24 {
82.25 - JavaVM *jvm;
82.26 + extern JavaVM *jvm;
82.27 JNIEnv *env;
82.28 - jsize actualNumberVMs;
82.29 jint returnValue;
82.30 jthrowable pkcs11Exception;
82.31 jclass pkcs11ExceptionClass;
82.32 @@ -196,8 +195,7 @@
82.33
82.34
82.35 /* Get the currently running Java VM */
82.36 - returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs);
82.37 - if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ;} /* there is no VM running */
82.38 + if (jvm == NULL) { return rv ;} /* there is no VM running */
82.39
82.40 /* Determine, if current thread is already attached */
82.41 returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2);
82.42 @@ -273,9 +271,8 @@
82.43 */
82.44 CK_RV callJDestroyMutex(CK_VOID_PTR pMutex)
82.45 {
82.46 - JavaVM *jvm;
82.47 + extern JavaVM *jvm;
82.48 JNIEnv *env;
82.49 - jsize actualNumberVMs;
82.50 jint returnValue;
82.51 jthrowable pkcs11Exception;
82.52 jclass pkcs11ExceptionClass;
82.53 @@ -291,8 +288,7 @@
82.54
82.55
82.56 /* Get the currently running Java VM */
82.57 - returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs);
82.58 - if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ; } /* there is no VM running */
82.59 + if (jvm == NULL) { return rv ; } /* there is no VM running */
82.60
82.61 /* Determine, if current thread is already attached */
82.62 returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2);
82.63 @@ -367,9 +363,8 @@
82.64 */
82.65 CK_RV callJLockMutex(CK_VOID_PTR pMutex)
82.66 {
82.67 - JavaVM *jvm;
82.68 + extern JavaVM *jvm;
82.69 JNIEnv *env;
82.70 - jsize actualNumberVMs;
82.71 jint returnValue;
82.72 jthrowable pkcs11Exception;
82.73 jclass pkcs11ExceptionClass;
82.74 @@ -385,8 +380,7 @@
82.75
82.76
82.77 /* Get the currently running Java VM */
82.78 - returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs);
82.79 - if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ; } /* there is no VM running */
82.80 + if (jvm == NULL) { return rv ; } /* there is no VM running */
82.81
82.82 /* Determine, if current thread is already attached */
82.83 returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2);
82.84 @@ -457,9 +451,8 @@
82.85 */
82.86 CK_RV callJUnlockMutex(CK_VOID_PTR pMutex)
82.87 {
82.88 - JavaVM *jvm;
82.89 + extern JavaVM *jvm;
82.90 JNIEnv *env;
82.91 - jsize actualNumberVMs;
82.92 jint returnValue;
82.93 jthrowable pkcs11Exception;
82.94 jclass pkcs11ExceptionClass;
82.95 @@ -475,8 +468,7 @@
82.96
82.97
82.98 /* Get the currently running Java VM */
82.99 - returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs);
82.100 - if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ; } /* there is no VM running */
82.101 + if (jvm == NULL) { return rv ; } /* there is no VM running */
82.102
82.103 /* Determine, if current thread is already attached */
82.104 returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2);
83.1 --- a/src/share/native/sun/security/pkcs11/wrapper/p11_objmgmt.c Thu Oct 27 13:54:42 2011 -0700
83.2 +++ b/src/share/native/sun/security/pkcs11/wrapper/p11_objmgmt.c Fri Oct 28 17:49:02 2011 -0700
83.3 @@ -258,7 +258,7 @@
83.4 ckpAttributes[i].pValue = (void *) malloc(ckBufferLength);
83.5 if (ckpAttributes[i].pValue == NULL) {
83.6 freeCKAttributeArray(ckpAttributes, i);
83.7 - JNU_ThrowOutOfMemoryError(env, 0);
83.8 + throwOutOfMemoryError(env, 0);
83.9 return;
83.10 }
83.11 ckpAttributes[i].ulValueLen = ckBufferLength;
83.12 @@ -390,7 +390,7 @@
83.13 ckMaxObjectLength = jLongToCKULong(jMaxObjectCount);
83.14 ckpObjectHandleArray = (CK_OBJECT_HANDLE_PTR) malloc(sizeof(CK_OBJECT_HANDLE) * ckMaxObjectLength);
83.15 if (ckpObjectHandleArray == NULL) {
83.16 - JNU_ThrowOutOfMemoryError(env, 0);
83.17 + throwOutOfMemoryError(env, 0);
83.18 return NULL;
83.19 }
83.20
84.1 --- a/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c Thu Oct 27 13:54:42 2011 -0700
84.2 +++ b/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c Fri Oct 28 17:49:02 2011 -0700
84.3 @@ -98,7 +98,7 @@
84.4 if (jNotify != NULL) {
84.5 notifyEncapsulation = (NotifyEncapsulation *) malloc(sizeof(NotifyEncapsulation));
84.6 if (notifyEncapsulation == NULL) {
84.7 - JNU_ThrowOutOfMemoryError(env, 0);
84.8 + throwOutOfMemoryError(env, 0);
84.9 return 0L;
84.10 }
84.11 notifyEncapsulation->jApplicationData = (jApplication != NULL)
84.12 @@ -301,7 +301,7 @@
84.13
84.14 ckpState = (CK_BYTE_PTR) malloc(ckStateLength);
84.15 if (ckpState == NULL) {
84.16 - JNU_ThrowOutOfMemoryError(env, 0);
84.17 + throwOutOfMemoryError(env, 0);
84.18 return NULL;
84.19 }
84.20
84.21 @@ -435,7 +435,7 @@
84.22
84.23 newNode = (NotifyListNode *) malloc(sizeof(NotifyListNode));
84.24 if (newNode == NULL) {
84.25 - JNU_ThrowOutOfMemoryError(env, 0);
84.26 + throwOutOfMemoryError(env, 0);
84.27 return;
84.28 }
84.29 newNode->hSession = hSession;
84.30 @@ -558,9 +558,8 @@
84.31 )
84.32 {
84.33 NotifyEncapsulation *notifyEncapsulation;
84.34 - JavaVM *jvm;
84.35 + extern JavaVM *jvm;
84.36 JNIEnv *env;
84.37 - jsize actualNumberVMs;
84.38 jint returnValue;
84.39 jlong jSessionHandle;
84.40 jlong jEvent;
84.41 @@ -577,8 +576,7 @@
84.42 notifyEncapsulation = (NotifyEncapsulation *) pApplication;
84.43
84.44 /* Get the currently running Java VM */
84.45 - returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs);
84.46 - if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ; } /* there is no VM running */
84.47 + if (jvm == NULL) { return rv ; } /* there is no VM running */
84.48
84.49 /* Determine, if current thread is already attached */
84.50 returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2);
85.1 --- a/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c Thu Oct 27 13:54:42 2011 -0700
85.2 +++ b/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c Fri Oct 28 17:49:02 2011 -0700
85.3 @@ -132,7 +132,7 @@
85.4 ckpSignature = (CK_BYTE_PTR) malloc(ckSignatureLength * sizeof(CK_BYTE));
85.5 if (ckpSignature == NULL) {
85.6 free(ckpData);
85.7 - JNU_ThrowOutOfMemoryError(env, 0);
85.8 + throwOutOfMemoryError(env, 0);
85.9 return NULL;
85.10 }
85.11
85.12 @@ -146,7 +146,7 @@
85.13 ckpSignature = (CK_BYTE_PTR) malloc(256 * sizeof(CK_BYTE));
85.14 if (ckpSignature == NULL) {
85.15 free(ckpData);
85.16 - JNU_ThrowOutOfMemoryError(env, 0);
85.17 + throwOutOfMemoryError(env, 0);
85.18 return NULL;
85.19 }
85.20 rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength);
85.21 @@ -156,7 +156,7 @@
85.22 ckpSignature = (CK_BYTE_PTR) malloc(ckSignatureLength * sizeof(CK_BYTE));
85.23 if (ckpSignature == NULL) {
85.24 free(ckpData);
85.25 - JNU_ThrowOutOfMemoryError(env, 0);
85.26 + throwOutOfMemoryError(env, 0);
85.27 return NULL;
85.28 }
85.29 rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength);
85.30 @@ -210,7 +210,7 @@
85.31 bufLen = min(MAX_HEAP_BUFFER_LEN, jInLen);
85.32 bufP = (CK_BYTE_PTR) malloc((size_t)bufLen);
85.33 if (bufP == NULL) {
85.34 - JNU_ThrowOutOfMemoryError(env, 0);
85.35 + throwOutOfMemoryError(env, 0);
85.36 return;
85.37 }
85.38 }
85.39 @@ -270,7 +270,7 @@
85.40 if (rv == CKR_BUFFER_TOO_SMALL) {
85.41 bufP = (CK_BYTE_PTR) malloc(ckSignatureLength);
85.42 if (bufP == NULL) {
85.43 - JNU_ThrowOutOfMemoryError(env, 0);
85.44 + throwOutOfMemoryError(env, 0);
85.45 return NULL;
85.46 }
85.47 rv = (*ckpFunctions->C_SignFinal)(ckSessionHandle, bufP, &ckSignatureLength);
85.48 @@ -355,7 +355,7 @@
85.49 } else {
85.50 inBufP = (CK_BYTE_PTR) malloc((size_t)jInLen);
85.51 if (inBufP == NULL) {
85.52 - JNU_ThrowOutOfMemoryError(env, 0);
85.53 + throwOutOfMemoryError(env, 0);
85.54 return 0;
85.55 }
85.56 }
85.57 @@ -373,7 +373,7 @@
85.58 if (inBufP != INBUF) {
85.59 free(inBufP);
85.60 }
85.61 - JNU_ThrowOutOfMemoryError(env, 0);
85.62 + throwOutOfMemoryError(env, 0);
85.63 return 0;
85.64 }
85.65 rv = (*ckpFunctions->C_SignRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckSignatureLength);
85.66 @@ -508,7 +508,7 @@
85.67 bufLen = min(MAX_HEAP_BUFFER_LEN, jInLen);
85.68 bufP = (CK_BYTE_PTR) malloc((size_t)bufLen);
85.69 if (bufP == NULL) {
85.70 - JNU_ThrowOutOfMemoryError(env, 0);
85.71 + throwOutOfMemoryError(env, 0);
85.72 return;
85.73 }
85.74 }
85.75 @@ -638,7 +638,7 @@
85.76 } else {
85.77 inBufP = (CK_BYTE_PTR) malloc((size_t)jInLen);
85.78 if (inBufP == NULL) {
85.79 - JNU_ThrowOutOfMemoryError(env, 0);
85.80 + throwOutOfMemoryError(env, 0);
85.81 return 0;
85.82 }
85.83 }
85.84 @@ -656,7 +656,7 @@
85.85 outBufP = (CK_BYTE_PTR) malloc(ckDataLength);
85.86 if (outBufP == NULL) {
85.87 if (inBufP != INBUF) { free(inBufP); }
85.88 - JNU_ThrowOutOfMemoryError(env, 0);
85.89 + throwOutOfMemoryError(env, 0);
85.90 return 0;
85.91 }
85.92 rv = (*ckpFunctions->C_VerifyRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckDataLength);
86.1 --- a/src/share/native/sun/security/pkcs11/wrapper/p11_util.c Thu Oct 27 13:54:42 2011 -0700
86.2 +++ b/src/share/native/sun/security/pkcs11/wrapper/p11_util.c Fri Oct 28 17:49:02 2011 -0700
86.3 @@ -213,28 +213,52 @@
86.4 return jErrorCode ;
86.5 }
86.6
86.7 +
86.8 /*
86.9 - * This function simply throws an IOException
86.10 - *
86.11 - * @param env Used to call JNI funktions and to get the Exception class.
86.12 - * @param message The message string of the Exception object.
86.13 + * Throws a Java Exception by name
86.14 */
86.15 -void throwIOException(JNIEnv *env, const char *message)
86.16 +void throwByName(JNIEnv *env, const char *name, const char *msg)
86.17 {
86.18 - JNU_ThrowByName(env, CLASS_IO_EXCEPTION, message);
86.19 + jclass cls = (*env)->FindClass(env, name);
86.20 +
86.21 + if (cls != 0) /* Otherwise an exception has already been thrown */
86.22 + (*env)->ThrowNew(env, cls, msg);
86.23 +}
86.24 +
86.25 +/*
86.26 + * Throws java.lang.OutOfMemoryError
86.27 + */
86.28 +void throwOutOfMemoryError(JNIEnv *env, const char *msg)
86.29 +{
86.30 + throwByName(env, "java/lang/OutOfMemoryError", msg);
86.31 +}
86.32 +
86.33 +/*
86.34 + * Throws java.lang.NullPointerException
86.35 + */
86.36 +void throwNullPointerException(JNIEnv *env, const char *msg)
86.37 +{
86.38 + throwByName(env, "java/lang/NullPointerException", msg);
86.39 +}
86.40 +
86.41 +/*
86.42 + * Throws java.io.IOException
86.43 + */
86.44 +void throwIOException(JNIEnv *env, const char *msg)
86.45 +{
86.46 + throwByName(env, "java/io/IOException", msg);
86.47 }
86.48
86.49 /*
86.50 * This function simply throws a PKCS#11RuntimeException with the given
86.51 - * string as its message. If the message is NULL, the exception is created
86.52 - * using the default constructor.
86.53 + * string as its message.
86.54 *
86.55 * @param env Used to call JNI funktions and to get the Exception class.
86.56 * @param jmessage The message string of the Exception object.
86.57 */
86.58 void throwPKCS11RuntimeException(JNIEnv *env, const char *message)
86.59 {
86.60 - JNU_ThrowByName(env, CLASS_PKCS11RUNTIMEEXCEPTION, message);
86.61 + throwByName(env, CLASS_PKCS11RUNTIMEEXCEPTION, message);
86.62 }
86.63
86.64 /*
86.65 @@ -318,7 +342,7 @@
86.66 *ckpLength = (*env)->GetArrayLength(env, jArray);
86.67 jpTemp = (jboolean*) malloc((*ckpLength) * sizeof(jboolean));
86.68 if (jpTemp == NULL) {
86.69 - JNU_ThrowOutOfMemoryError(env, 0);
86.70 + throwOutOfMemoryError(env, 0);
86.71 return;
86.72 }
86.73 (*env)->GetBooleanArrayRegion(env, jArray, 0, *ckpLength, jpTemp);
86.74 @@ -330,7 +354,7 @@
86.75 *ckpArray = (CK_BBOOL*) malloc ((*ckpLength) * sizeof(CK_BBOOL));
86.76 if (*ckpArray == NULL) {
86.77 free(jpTemp);
86.78 - JNU_ThrowOutOfMemoryError(env, 0);
86.79 + throwOutOfMemoryError(env, 0);
86.80 return;
86.81 }
86.82 for (i=0; i<(*ckpLength); i++) {
86.83 @@ -360,7 +384,7 @@
86.84 *ckpLength = (*env)->GetArrayLength(env, jArray);
86.85 jpTemp = (jbyte*) malloc((*ckpLength) * sizeof(jbyte));
86.86 if (jpTemp == NULL) {
86.87 - JNU_ThrowOutOfMemoryError(env, 0);
86.88 + throwOutOfMemoryError(env, 0);
86.89 return;
86.90 }
86.91 (*env)->GetByteArrayRegion(env, jArray, 0, *ckpLength, jpTemp);
86.92 @@ -376,7 +400,7 @@
86.93 *ckpArray = (CK_BYTE_PTR) malloc ((*ckpLength) * sizeof(CK_BYTE));
86.94 if (*ckpArray == NULL) {
86.95 free(jpTemp);
86.96 - JNU_ThrowOutOfMemoryError(env, 0);
86.97 + throwOutOfMemoryError(env, 0);
86.98 return;
86.99 }
86.100 for (i=0; i<(*ckpLength); i++) {
86.101 @@ -407,7 +431,7 @@
86.102 *ckpLength = (*env)->GetArrayLength(env, jArray);
86.103 jTemp = (jlong*) malloc((*ckpLength) * sizeof(jlong));
86.104 if (jTemp == NULL) {
86.105 - JNU_ThrowOutOfMemoryError(env, 0);
86.106 + throwOutOfMemoryError(env, 0);
86.107 return;
86.108 }
86.109 (*env)->GetLongArrayRegion(env, jArray, 0, *ckpLength, jTemp);
86.110 @@ -419,7 +443,7 @@
86.111 *ckpArray = (CK_ULONG_PTR) malloc (*ckpLength * sizeof(CK_ULONG));
86.112 if (*ckpArray == NULL) {
86.113 free(jTemp);
86.114 - JNU_ThrowOutOfMemoryError(env, 0);
86.115 + throwOutOfMemoryError(env, 0);
86.116 return;
86.117 }
86.118 for (i=0; i<(*ckpLength); i++) {
86.119 @@ -449,7 +473,7 @@
86.120 *ckpLength = (*env)->GetArrayLength(env, jArray);
86.121 jpTemp = (jchar*) malloc((*ckpLength) * sizeof(jchar));
86.122 if (jpTemp == NULL) {
86.123 - JNU_ThrowOutOfMemoryError(env, 0);
86.124 + throwOutOfMemoryError(env, 0);
86.125 return;
86.126 }
86.127 (*env)->GetCharArrayRegion(env, jArray, 0, *ckpLength, jpTemp);
86.128 @@ -461,7 +485,7 @@
86.129 *ckpArray = (CK_CHAR_PTR) malloc (*ckpLength * sizeof(CK_CHAR));
86.130 if (*ckpArray == NULL) {
86.131 free(jpTemp);
86.132 - JNU_ThrowOutOfMemoryError(env, 0);
86.133 + throwOutOfMemoryError(env, 0);
86.134 return;
86.135 }
86.136 for (i=0; i<(*ckpLength); i++) {
86.137 @@ -491,7 +515,7 @@
86.138 *ckpLength = (*env)->GetArrayLength(env, jArray);
86.139 jTemp = (jchar*) malloc((*ckpLength) * sizeof(jchar));
86.140 if (jTemp == NULL) {
86.141 - JNU_ThrowOutOfMemoryError(env, 0);
86.142 + throwOutOfMemoryError(env, 0);
86.143 return;
86.144 }
86.145 (*env)->GetCharArrayRegion(env, jArray, 0, *ckpLength, jTemp);
86.146 @@ -503,7 +527,7 @@
86.147 *ckpArray = (CK_UTF8CHAR_PTR) malloc (*ckpLength * sizeof(CK_UTF8CHAR));
86.148 if (*ckpArray == NULL) {
86.149 free(jTemp);
86.150 - JNU_ThrowOutOfMemoryError(env, 0);
86.151 + throwOutOfMemoryError(env, 0);
86.152 return;
86.153 }
86.154 for (i=0; i<(*ckpLength); i++) {
86.155 @@ -538,7 +562,7 @@
86.156 *ckpArray = (CK_UTF8CHAR_PTR) malloc((*ckpLength + 1) * sizeof(CK_UTF8CHAR));
86.157 if (*ckpArray == NULL) {
86.158 (*env)->ReleaseStringUTFChars(env, (jstring) jArray, pCharArray);
86.159 - JNU_ThrowOutOfMemoryError(env, 0);
86.160 + throwOutOfMemoryError(env, 0);
86.161 return;
86.162 }
86.163 strcpy((char*)*ckpArray, pCharArray);
86.164 @@ -571,7 +595,7 @@
86.165 *ckpLength = jLongToCKULong(jLength);
86.166 *ckpArray = (CK_ATTRIBUTE_PTR) malloc(*ckpLength * sizeof(CK_ATTRIBUTE));
86.167 if (*ckpArray == NULL) {
86.168 - JNU_ThrowOutOfMemoryError(env, 0);
86.169 + throwOutOfMemoryError(env, 0);
86.170 return;
86.171 }
86.172 TRACE1(", converting %d attibutes", jLength);
86.173 @@ -613,7 +637,7 @@
86.174 } else {
86.175 jpTemp = (jbyte*) malloc((ckLength) * sizeof(jbyte));
86.176 if (jpTemp == NULL) {
86.177 - JNU_ThrowOutOfMemoryError(env, 0);
86.178 + throwOutOfMemoryError(env, 0);
86.179 return NULL;
86.180 }
86.181 for (i=0; i<ckLength; i++) {
86.182 @@ -647,7 +671,7 @@
86.183
86.184 jpTemp = (jlong*) malloc((ckLength) * sizeof(jlong));
86.185 if (jpTemp == NULL) {
86.186 - JNU_ThrowOutOfMemoryError(env, 0);
86.187 + throwOutOfMemoryError(env, 0);
86.188 return NULL;
86.189 }
86.190 for (i=0; i<ckLength; i++) {
86.191 @@ -678,7 +702,7 @@
86.192
86.193 jpTemp = (jchar*) malloc(ckLength * sizeof(jchar));
86.194 if (jpTemp == NULL) {
86.195 - JNU_ThrowOutOfMemoryError(env, 0);
86.196 + throwOutOfMemoryError(env, 0);
86.197 return NULL;
86.198 }
86.199 for (i=0; i<ckLength; i++) {
86.200 @@ -709,7 +733,7 @@
86.201
86.202 jpTemp = (jchar*) malloc(ckLength * sizeof(jchar));
86.203 if (jpTemp == NULL) {
86.204 - JNU_ThrowOutOfMemoryError(env, 0);
86.205 + throwOutOfMemoryError(env, 0);
86.206 return NULL;
86.207 }
86.208 for (i=0; i<ckLength; i++) {
86.209 @@ -812,7 +836,7 @@
86.210 jValue = (*env)->CallBooleanMethod(env, jObject, jValueMethod);
86.211 ckpValue = (CK_BBOOL *) malloc(sizeof(CK_BBOOL));
86.212 if (ckpValue == NULL) {
86.213 - JNU_ThrowOutOfMemoryError(env, 0);
86.214 + throwOutOfMemoryError(env, 0);
86.215 return NULL;
86.216 }
86.217 *ckpValue = jBooleanToCKBBool(jValue);
86.218 @@ -842,7 +866,7 @@
86.219 jValue = (*env)->CallByteMethod(env, jObject, jValueMethod);
86.220 ckpValue = (CK_BYTE_PTR) malloc(sizeof(CK_BYTE));
86.221 if (ckpValue == NULL) {
86.222 - JNU_ThrowOutOfMemoryError(env, 0);
86.223 + throwOutOfMemoryError(env, 0);
86.224 return NULL;
86.225 }
86.226 *ckpValue = jByteToCKByte(jValue);
86.227 @@ -871,7 +895,7 @@
86.228 jValue = (*env)->CallIntMethod(env, jObject, jValueMethod);
86.229 ckpValue = (CK_ULONG *) malloc(sizeof(CK_ULONG));
86.230 if (ckpValue == NULL) {
86.231 - JNU_ThrowOutOfMemoryError(env, 0);
86.232 + throwOutOfMemoryError(env, 0);
86.233 return NULL;
86.234 }
86.235 *ckpValue = jLongToCKLong(jValue);
86.236 @@ -900,7 +924,7 @@
86.237 jValue = (*env)->CallLongMethod(env, jObject, jValueMethod);
86.238 ckpValue = (CK_ULONG *) malloc(sizeof(CK_ULONG));
86.239 if (ckpValue == NULL) {
86.240 - JNU_ThrowOutOfMemoryError(env, 0);
86.241 + throwOutOfMemoryError(env, 0);
86.242 return NULL;
86.243 }
86.244 *ckpValue = jLongToCKULong(jValue);
86.245 @@ -930,7 +954,7 @@
86.246 jValue = (*env)->CallCharMethod(env, jObject, jValueMethod);
86.247 ckpValue = (CK_CHAR_PTR) malloc(sizeof(CK_CHAR));
86.248 if (ckpValue == NULL) {
86.249 - JNU_ThrowOutOfMemoryError(env, 0);
86.250 + throwOutOfMemoryError(env, 0);
86.251 return NULL;
86.252 }
86.253 *ckpValue = jCharToCKChar(jValue);
86.254 @@ -1087,7 +1111,7 @@
86.255 malloc((strlen(exceptionMsgPrefix) + strlen(classNameString) + 1));
86.256 if (exceptionMsg == NULL) {
86.257 (*env)->ReleaseStringUTFChars(env, jClassNameString, classNameString);
86.258 - JNU_ThrowOutOfMemoryError(env, 0);
86.259 + throwOutOfMemoryError(env, 0);
86.260 return;
86.261 }
86.262 strcpy(exceptionMsg, exceptionMsgPrefix);
87.1 --- a/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h Thu Oct 27 13:54:42 2011 -0700
87.2 +++ b/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h Fri Oct 28 17:49:02 2011 -0700
87.3 @@ -228,7 +228,6 @@
87.4 #define CLASS_PKCS11EXCEPTION "sun/security/pkcs11/wrapper/PKCS11Exception"
87.5 #define CLASS_PKCS11RUNTIMEEXCEPTION "sun/security/pkcs11/wrapper/PKCS11RuntimeException"
87.6 #define CLASS_FILE_NOT_FOUND_EXCEPTION "java/io/FileNotFoundException"
87.7 -#define CLASS_IO_EXCEPTION "java/io/IOException"
87.8 #define CLASS_C_INITIALIZE_ARGS "sun/security/pkcs11/wrapper/CK_C_INITIALIZE_ARGS"
87.9 #define CLASS_CREATEMUTEX "sun/security/pkcs11/wrapper/CK_CREATEMUTEX"
87.10 #define CLASS_DESTROYMUTEX "sun/security/pkcs11/wrapper/CK_DESTROYMUTEX"
87.11 @@ -280,6 +279,8 @@
87.12 */
87.13
87.14 jlong ckAssertReturnValueOK(JNIEnv *env, CK_RV returnValue);
87.15 +void throwOutOfMemoryError(JNIEnv *env, const char *message);
87.16 +void throwNullPointerException(JNIEnv *env, const char *message);
87.17 void throwIOException(JNIEnv *env, const char *message);
87.18 void throwPKCS11RuntimeException(JNIEnv *env, const char *message);
87.19 void throwDisconnectedRuntimeException(JNIEnv *env);
88.1 --- a/src/solaris/classes/sun/print/UnixPrintServiceLookup.java Thu Oct 27 13:54:42 2011 -0700
88.2 +++ b/src/solaris/classes/sun/print/UnixPrintServiceLookup.java Fri Oct 28 17:49:02 2011 -0700
88.3 @@ -189,7 +189,7 @@
88.4 if (printServices == null) {
88.5 return new PrintService[0];
88.6 } else {
88.7 - return printServices;
88.8 + return (PrintService[])printServices.clone();
88.9 }
88.10 }
88.11
89.1 --- a/src/solaris/native/sun/nio/fs/genSolarisConstants.c Thu Oct 27 13:54:42 2011 -0700
89.2 +++ b/src/solaris/native/sun/nio/fs/genSolarisConstants.c Fri Oct 28 17:49:02 2011 -0700
89.3 @@ -27,7 +27,7 @@
89.4 #include <errno.h>
89.5 #include <unistd.h>
89.6 #include <sys/acl.h>
89.7 -#include <sys/fcntl.h>
89.8 +#include <fcntl.h>
89.9 #include <sys/stat.h>
89.10
89.11 /**
90.1 --- a/src/solaris/native/sun/nio/fs/genUnixConstants.c Thu Oct 27 13:54:42 2011 -0700
90.2 +++ b/src/solaris/native/sun/nio/fs/genUnixConstants.c Fri Oct 28 17:49:02 2011 -0700
90.3 @@ -26,7 +26,7 @@
90.4 #include <stdio.h>
90.5 #include <errno.h>
90.6 #include <unistd.h>
90.7 -#include <sys/fcntl.h>
90.8 +#include <fcntl.h>
90.9 #include <sys/stat.h>
90.10
90.11 /**
91.1 --- a/src/solaris/native/sun/security/pkcs11/j2secmod_md.c Thu Oct 27 13:54:42 2011 -0700
91.2 +++ b/src/solaris/native/sun/security/pkcs11/j2secmod_md.c Fri Oct 28 17:49:02 2011 -0700
91.3 @@ -40,7 +40,7 @@
91.4 if (fAddress == NULL) {
91.5 char errorMessage[256];
91.6 snprintf(errorMessage, sizeof(errorMessage), "Symbol not found: %s", functionName);
91.7 - JNU_ThrowNullPointerException(env, errorMessage);
91.8 + throwNullPointerException(env, errorMessage);
91.9 return NULL;
91.10 }
91.11 return fAddress;
91.12 @@ -69,7 +69,7 @@
91.13 dprintf2("-handle: %u (0X%X)\n", hModule, hModule);
91.14
91.15 if (hModule == NULL) {
91.16 - JNU_ThrowIOException(env, dlerror());
91.17 + throwIOException(env, dlerror());
91.18 return 0;
91.19 }
91.20
92.1 --- a/src/solaris/native/sun/security/smartcardio/pcsc_md.c Thu Oct 27 13:54:42 2011 -0700
92.2 +++ b/src/solaris/native/sun/security/smartcardio/pcsc_md.c Fri Oct 28 17:49:02 2011 -0700
92.3 @@ -51,12 +51,40 @@
92.4 FPTR_SCardEndTransaction scardEndTransaction;
92.5 FPTR_SCardControl scardControl;
92.6
92.7 +/*
92.8 + * Throws a Java Exception by name
92.9 + */
92.10 +void throwByName(JNIEnv *env, const char *name, const char *msg)
92.11 +{
92.12 + jclass cls = (*env)->FindClass(env, name);
92.13 +
92.14 + if (cls != 0) /* Otherwise an exception has already been thrown */
92.15 + (*env)->ThrowNew(env, cls, msg);
92.16 +}
92.17 +
92.18 +/*
92.19 + * Throws java.lang.NullPointerException
92.20 + */
92.21 +void throwNullPointerException(JNIEnv *env, const char *msg)
92.22 +{
92.23 + throwByName(env, "java/lang/NullPointerException", msg);
92.24 +}
92.25 +
92.26 +/*
92.27 + * Throws java.io.IOException
92.28 + */
92.29 +void throwIOException(JNIEnv *env, const char *msg)
92.30 +{
92.31 + throwByName(env, "java/io/IOException", msg);
92.32 +}
92.33 +
92.34 +
92.35 void *findFunction(JNIEnv *env, void *hModule, char *functionName) {
92.36 void *fAddress = dlsym(hModule, functionName);
92.37 if (fAddress == NULL) {
92.38 char errorMessage[256];
92.39 snprintf(errorMessage, sizeof(errorMessage), "Symbol not found: %s", functionName);
92.40 - JNU_ThrowNullPointerException(env, errorMessage);
92.41 + throwNullPointerException(env, errorMessage);
92.42 return NULL;
92.43 }
92.44 return fAddress;
92.45 @@ -69,7 +97,7 @@
92.46 (*env)->ReleaseStringUTFChars(env, jLibName, libName);
92.47
92.48 if (hModule == NULL) {
92.49 - JNU_ThrowIOException(env, dlerror());
92.50 + throwIOException(env, dlerror());
92.51 return;
92.52 }
92.53 scardEstablishContext = (FPTR_SCardEstablishContext)findFunction(env, hModule, "SCardEstablishContext");
93.1 --- a/src/windows/classes/sun/java2d/d3d/D3DSurfaceData.java Thu Oct 27 13:54:42 2011 -0700
93.2 +++ b/src/windows/classes/sun/java2d/d3d/D3DSurfaceData.java Fri Oct 28 17:49:02 2011 -0700
93.3 @@ -486,7 +486,7 @@
93.4 int dataType = 0;
93.5 int scanStride = width;
93.6
93.7 - if (dcm.getPixelSize() == 24 || dcm.getPixelSize() == 32) {
93.8 + if (dcm.getPixelSize() > 16) {
93.9 dataType = DataBuffer.TYPE_INT;
93.10 } else {
93.11 // 15, 16
94.1 --- a/src/windows/native/sun/security/pkcs11/j2secmod_md.c Thu Oct 27 13:54:42 2011 -0700
94.2 +++ b/src/windows/native/sun/security/pkcs11/j2secmod_md.c Fri Oct 28 17:49:02 2011 -0700
94.3 @@ -37,7 +37,7 @@
94.4 if (fAddress == NULL) {
94.5 char errorMessage[256];
94.6 _snprintf(errorMessage, sizeof(errorMessage), "Symbol not found: %s", functionName);
94.7 - JNU_ThrowNullPointerException(env, errorMessage);
94.8 + throwNullPointerException(env, errorMessage);
94.9 return NULL;
94.10 }
94.11 return fAddress;
94.12 @@ -78,7 +78,7 @@
94.13 NULL
94.14 );
94.15 dprintf1("-error: %s\n", lpMsgBuf);
94.16 - JNU_ThrowIOException(env, (char*)lpMsgBuf);
94.17 + throwIOException(env, (char*)lpMsgBuf);
94.18 LocalFree(lpMsgBuf);
94.19 return 0;
94.20 }
95.1 --- a/test/ProblemList.txt Thu Oct 27 13:54:42 2011 -0700
95.2 +++ b/test/ProblemList.txt Fri Oct 28 17:49:02 2011 -0700
95.3 @@ -377,6 +377,12 @@
95.4 # 7081476
95.5 java/net/InetSocketAddress/B6469803.java generic-all
95.6
95.7 +# 7102670
95.8 +java/net/InetAddress/CheckJNI.java linux-all
95.9 +
95.10 +# failing on vista 32/64 on nightly
95.11 +# 7102702
95.12 +java/net/PortUnreachableException/OneExceptionOnly.java windows-all
95.13 ############################################################################
95.14
95.15 # jdk_io
95.16 @@ -517,9 +523,6 @@
95.17 # 7079203 sun/security/tools/keytool/printssl.sh fails on solaris with timeout
95.18 sun/security/tools/keytool/printssl.sh solaris-all
95.19
95.20 -# 7054637
95.21 -sun/security/tools/jarsigner/ec.sh solaris-all
95.22 -
95.23 # 7081817
95.24 sun/security/provider/certpath/X509CertPath/IllegalCertiticates.java generic-all
95.25
96.1 --- a/test/java/net/DatagramSocket/ChangingAddress.java Thu Oct 27 13:54:42 2011 -0700
96.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
96.3 @@ -1,56 +0,0 @@
96.4 -/*
96.5 - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
96.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
96.7 - *
96.8 - * This code is free software; you can redistribute it and/or modify it
96.9 - * under the terms of the GNU General Public License version 2 only, as
96.10 - * published by the Free Software Foundation.
96.11 - *
96.12 - * This code is distributed in the hope that it will be useful, but WITHOUT
96.13 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
96.14 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
96.15 - * version 2 for more details (a copy is included in the LICENSE file that
96.16 - * accompanied this code).
96.17 - *
96.18 - * You should have received a copy of the GNU General Public License version
96.19 - * 2 along with this work; if not, write to the Free Software Foundation,
96.20 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
96.21 - *
96.22 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
96.23 - * or visit www.oracle.com if you need additional information or have any
96.24 - * questions.
96.25 - */
96.26 -
96.27 -/* @test
96.28 - * @bug 7084030
96.29 - * @summary Tests that DatagramSocket.getLocalAddress returns the right local
96.30 - * address after connect/disconnect.
96.31 - */
96.32 -import java.net.*;
96.33 -
96.34 -public class ChangingAddress {
96.35 -
96.36 - static void check(DatagramSocket ds, InetAddress expected) {
96.37 - InetAddress actual = ds.getLocalAddress();
96.38 - if (!expected.equals(actual)) {
96.39 - throw new RuntimeException("Expected:"+expected+" Actual"+
96.40 - actual);
96.41 - }
96.42 - }
96.43 -
96.44 - public static void main(String[] args) throws Exception {
96.45 - InetAddress lh = InetAddress.getLocalHost();
96.46 - SocketAddress remote = new InetSocketAddress(lh, 1234);
96.47 - InetAddress wildcard = InetAddress.getByAddress
96.48 - ("localhost", new byte[]{0,0,0,0});
96.49 - try (DatagramSocket ds = new DatagramSocket()) {
96.50 - check(ds, wildcard);
96.51 -
96.52 - ds.connect(remote);
96.53 - check(ds, lh);
96.54 -
96.55 - ds.disconnect();
96.56 - check(ds, wildcard);
96.57 - }
96.58 - }
96.59 -}
97.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
97.2 +++ b/test/java/util/Collections/CheckedQueue.java Fri Oct 28 17:49:02 2011 -0700
97.3 @@ -0,0 +1,190 @@
97.4 +/*
97.5 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
97.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
97.7 + *
97.8 + * This code is free software; you can redistribute it and/or modify it
97.9 + * under the terms of the GNU General Public License version 2 only, as
97.10 + * published by the Free Software Foundation.
97.11 + *
97.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
97.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
97.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
97.15 + * version 2 for more details (a copy is included in the LICENSE file that
97.16 + * accompanied this code).
97.17 + *
97.18 + * You should have received a copy of the GNU General Public License version
97.19 + * 2 along with this work; if not, write to the Free Software Foundation,
97.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
97.21 + *
97.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
97.23 + * or visit www.oracle.com if you need additional information or have any
97.24 + * questions.
97.25 + */
97.26 +
97.27 +/*
97.28 + * @test
97.29 + * @bug 5020931
97.30 + * @summary Unit test for Collections.checkedQueue
97.31 + */
97.32 +
97.33 +import java.lang.reflect.Method;
97.34 +import java.util.Collections;
97.35 +import java.util.Iterator;
97.36 +import java.util.Queue;
97.37 +import java.util.concurrent.ArrayBlockingQueue;
97.38 +
97.39 +public class CheckedQueue {
97.40 + static int status = 0;
97.41 +
97.42 + public static void main(String[] args) throws Exception {
97.43 + new CheckedQueue();
97.44 + }
97.45 +
97.46 + public CheckedQueue() throws Exception {
97.47 + run();
97.48 + }
97.49 +
97.50 + private void run() throws Exception {
97.51 + Method[] methods = this.getClass().getDeclaredMethods();
97.52 +
97.53 + for (int i = 0; i < methods.length; i++) {
97.54 + Method method = methods[i];
97.55 + String methodName = method.getName();
97.56 +
97.57 + if (methodName.startsWith("test")) {
97.58 + try {
97.59 + Object obj = method.invoke(this, new Object[0]);
97.60 + } catch(Exception e) {
97.61 + throw new Exception(this.getClass().getName() + "." +
97.62 + methodName + " test failed, test exception "
97.63 + + "follows\n" + e.getCause());
97.64 + }
97.65 + }
97.66 + }
97.67 + }
97.68 +
97.69 + /**
97.70 + * This test adds items to a queue.
97.71 + */
97.72 + private void test00() {
97.73 + int arrayLength = 10;
97.74 + ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(arrayLength);
97.75 +
97.76 + for (int i = 0; i < arrayLength; i++) {
97.77 + abq.add(new String(Integer.toString(i)));
97.78 + }
97.79 + }
97.80 +
97.81 + /**
97.82 + * This test tests the CheckedQueue.add method. It creates a queue of
97.83 + * {@code String}s gets the checked queue, and attempt to add an Integer to
97.84 + * the checked queue.
97.85 + */
97.86 + private void test01() throws Exception {
97.87 + int arrayLength = 10;
97.88 + ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(arrayLength + 1);
97.89 +
97.90 + for (int i = 0; i < arrayLength; i++) {
97.91 + abq.add(new String(Integer.toString(i)));
97.92 + }
97.93 +
97.94 + Queue q = Collections.checkedQueue(abq, String.class);
97.95 +
97.96 + try {
97.97 + q.add(new Integer(0));
97.98 + throw new Exception(this.getClass().getName() + "." + "test01 test"
97.99 + + " failed, should throw ClassCastException.");
97.100 + } catch(ClassCastException cce) {
97.101 + // Do nothing.
97.102 + }
97.103 + }
97.104 +
97.105 + /**
97.106 + * This test tests the CheckedQueue.add method. It creates a queue of one
97.107 + * {@code String}, gets the checked queue, and attempt to add an Integer to
97.108 + * the checked queue.
97.109 + */
97.110 + private void test02() throws Exception {
97.111 + ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(1);
97.112 + Queue q = Collections.checkedQueue(abq, String.class);
97.113 +
97.114 + try {
97.115 + q.add(new Integer(0));
97.116 + throw new Exception(this.getClass().getName() + "." + "test02 test"
97.117 + + " failed, should throw ClassCastException.");
97.118 + } catch(ClassCastException e) {
97.119 + // Do nothing.
97.120 + }
97.121 + }
97.122 +
97.123 + /**
97.124 + * This test tests the Collections.checkedQueue method call for nulls in
97.125 + * each and both of the parameters.
97.126 + */
97.127 + private void test03() throws Exception {
97.128 + ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(1);
97.129 + Queue q;
97.130 +
97.131 + try {
97.132 + q = Collections.checkedQueue(null, String.class);
97.133 + throw new Exception(this.getClass().getName() + "." + "test03 test"
97.134 + + " failed, should throw NullPointerException.");
97.135 + } catch(NullPointerException npe) {
97.136 + // Do nothing
97.137 + }
97.138 +
97.139 + try {
97.140 + q = Collections.checkedQueue(abq, null);
97.141 + throw new Exception(this.getClass().getName() + "." + "test03 test"
97.142 + + " failed, should throw NullPointerException.");
97.143 + } catch(Exception e) {
97.144 + // Do nothing
97.145 + }
97.146 +
97.147 + try {
97.148 + q = Collections.checkedQueue(null, null);
97.149 + throw new Exception(this.getClass().getName() + "." + "test03 test"
97.150 + + " failed, should throw NullPointerException.");
97.151 + } catch(Exception e) {
97.152 + // Do nothing
97.153 + }
97.154 + }
97.155 +
97.156 + /**
97.157 + * This test tests the CheckedQueue.offer method.
97.158 + */
97.159 + private void test04() throws Exception {
97.160 + ArrayBlockingQueue<String> abq = new ArrayBlockingQueue(1);
97.161 + Queue q = Collections.checkedQueue(abq, String.class);
97.162 +
97.163 + try {
97.164 + q.offer(null);
97.165 + throw new Exception(this.getClass().getName() + "." + "test04 test"
97.166 + + " failed, should throw NullPointerException.");
97.167 + } catch (NullPointerException npe) {
97.168 + // Do nothing
97.169 + }
97.170 +
97.171 + try {
97.172 + q.offer(new Integer(0));
97.173 + throw new Exception(this.getClass().getName() + "." + "test04 test"
97.174 + + " failed, should throw ClassCastException.");
97.175 + } catch (ClassCastException cce) {
97.176 + // Do nothing
97.177 + }
97.178 +
97.179 + q.offer(new String("0"));
97.180 +
97.181 + try {
97.182 + q.offer(new String("1"));
97.183 + throw new Exception(this.getClass().getName() + "." + "test04 test"
97.184 + + " failed, should throw IllegalStateException.");
97.185 + } catch(IllegalStateException ise) {
97.186 + // Do nothing
97.187 + }
97.188 + }
97.189 +
97.190 + private void test05() {
97.191 +
97.192 + }
97.193 +}
98.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
98.2 +++ b/test/sun/java2d/DirectX/DrawBitmaskToSurfaceTest.java Fri Oct 28 17:49:02 2011 -0700
98.3 @@ -0,0 +1,104 @@
98.4 +/*
98.5 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
98.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
98.7 + *
98.8 + * This code is free software; you can redistribute it and/or modify it
98.9 + * under the terms of the GNU General Public License version 2 only, as
98.10 + * published by the Free Software Foundation.
98.11 + *
98.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
98.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
98.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
98.15 + * version 2 for more details (a copy is included in the LICENSE file that
98.16 + * accompanied this code).
98.17 + *
98.18 + * You should have received a copy of the GNU General Public License version
98.19 + * 2 along with this work; if not, write to the Free Software Foundation,
98.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
98.21 + *
98.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
98.23 + * or visit www.oracle.com if you need additional information or have any
98.24 + * questions.
98.25 + */
98.26 +
98.27 +/*
98.28 + * @test
98.29 + * @bug 6997116
98.30 + * @summary Test verifies that rendering of images with bitmap transparency
98.31 + * to a D3D surface does not cause an ClassCastException.
98.32 + *
98.33 + * @run main/othervm -Dsun.java2d.d3d=True DrawBitmaskToSurfaceTest
98.34 + */
98.35 +
98.36 +import java.awt.Graphics;
98.37 +import java.awt.Image;
98.38 +import java.awt.image.BufferedImage;
98.39 +import java.awt.image.IndexColorModel;
98.40 +import java.util.concurrent.CountDownLatch;
98.41 +import javax.swing.JFrame;
98.42 +
98.43 +public class DrawBitmaskToSurfaceTest extends JFrame {
98.44 +
98.45 + private final Image src;
98.46 + private static java.util.concurrent.CountDownLatch latch = null;
98.47 + private static Throwable theError = null;
98.48 +
98.49 + public DrawBitmaskToSurfaceTest() {
98.50 + src = createTestImage();
98.51 + }
98.52 +
98.53 + private static Image createTestImage() {
98.54 + byte[] r = new byte[]{(byte)0x00, (byte)0x80, (byte)0xff, (byte)0xff};
98.55 + byte[] g = new byte[]{(byte)0x00, (byte)0x80, (byte)0xff, (byte)0x00};
98.56 + byte[] b = new byte[]{(byte)0x00, (byte)0x80, (byte)0xff, (byte)0x00};
98.57 +
98.58 + IndexColorModel icm = new IndexColorModel(2, 4, r, g, b, 3);
98.59 +
98.60 + BufferedImage img = new BufferedImage(100, 100,
98.61 + BufferedImage.TYPE_BYTE_INDEXED,
98.62 + icm);
98.63 + return img;
98.64 + }
98.65 +
98.66 + @Override
98.67 + public void paint(final Graphics g) {
98.68 + try {
98.69 + System.err.println("paint frame....");
98.70 + g.drawImage(src, 30, 30, this);
98.71 + } catch (Throwable e) {
98.72 + theError = e;
98.73 + } finally {
98.74 + if (latch != null) {
98.75 + latch.countDown();
98.76 + }
98.77 + }
98.78 + }
98.79 +
98.80 + public static void main(final String[] args) throws Exception {
98.81 + final JFrame frame = new DrawBitmaskToSurfaceTest();
98.82 + frame.setBounds(10, 350, 200, 200);
98.83 + frame.setVisible(true);
98.84 +
98.85 + Thread.sleep(2000);
98.86 +
98.87 + System.err.println("Change frame bounds...");
98.88 + latch = new CountDownLatch(1);
98.89 + frame.setBounds(10, 350, 90, 90);
98.90 + frame.repaint();
98.91 +
98.92 + try {
98.93 + if (latch.getCount() > 0) {
98.94 + latch.await();
98.95 + }
98.96 + } catch (InterruptedException e) {
98.97 + }
98.98 +
98.99 + frame.dispose();
98.100 +
98.101 + if (theError != null) {
98.102 + throw new RuntimeException("Test failed.", theError);
98.103 + }
98.104 +
98.105 + System.err.println("Test passed");
98.106 + }
98.107 +}
99.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
99.2 +++ b/test/sun/security/provider/X509Factory/BigCRL.java Fri Oct 28 17:49:02 2011 -0700
99.3 @@ -0,0 +1,87 @@
99.4 +/*
99.5 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
99.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
99.7 + *
99.8 + * This code is free software; you can redistribute it and/or modify it
99.9 + * under the terms of the GNU General Public License version 2 only, as
99.10 + * published by the Free Software Foundation.
99.11 + *
99.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
99.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
99.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
99.15 + * version 2 for more details (a copy is included in the LICENSE file that
99.16 + * accompanied this code).
99.17 + *
99.18 + * You should have received a copy of the GNU General Public License version
99.19 + * 2 along with this work; if not, write to the Free Software Foundation,
99.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
99.21 + *
99.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
99.23 + * or visit www.oracle.com if you need additional information or have any
99.24 + * questions.
99.25 + */
99.26 +
99.27 +/*
99.28 + * @test
99.29 + * @bug 7099399
99.30 + * @summary cannot deal with CRL file larger than 16MB
99.31 + * @run main/othervm -Xmx1024m BigCRL
99.32 + */
99.33 +
99.34 +import java.io.FileInputStream;
99.35 +import java.math.BigInteger;
99.36 +import java.security.KeyStore;
99.37 +import java.security.cert.Certificate;
99.38 +import java.security.PrivateKey;
99.39 +import java.security.cert.X509CRLEntry;
99.40 +import java.util.Arrays;
99.41 +import java.util.Date;
99.42 +import sun.security.x509.*;
99.43 +import java.security.cert.CertificateFactory;
99.44 +import java.io.ByteArrayInputStream;
99.45 +
99.46 +public class BigCRL {
99.47 +
99.48 + public static void main(String[] args) throws Exception {
99.49 + int n = 500000;
99.50 + String ks = System.getProperty("test.src", ".")
99.51 + + "/../../ssl/etc/keystore";
99.52 + String pass = "passphrase";
99.53 + String alias = "dummy";
99.54 +
99.55 + KeyStore keyStore = KeyStore.getInstance("JKS");
99.56 + keyStore.load(new FileInputStream(ks), pass.toCharArray());
99.57 + Certificate signerCert = keyStore.getCertificate(alias);
99.58 + byte[] encoded = signerCert.getEncoded();
99.59 + X509CertImpl signerCertImpl = new X509CertImpl(encoded);
99.60 + X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
99.61 + X509CertImpl.NAME + "." + X509CertImpl.INFO);
99.62 + X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
99.63 + + CertificateSubjectName.DN_NAME);
99.64 +
99.65 + Date date = new Date();
99.66 + PrivateKey privateKey = (PrivateKey)
99.67 + keyStore.getKey(alias, pass.toCharArray());
99.68 + String sigAlgName = signerCertImpl.getSigAlgOID();
99.69 +
99.70 + X509CRLEntry[] badCerts = new X509CRLEntry[n];
99.71 + CRLExtensions ext = new CRLExtensions();
99.72 + ext.set("Reason", new CRLReasonCodeExtension(1));
99.73 + for (int i = 0; i < n; i++) {
99.74 + badCerts[i] = new X509CRLEntryImpl(
99.75 + BigInteger.valueOf(i), date, ext);
99.76 + }
99.77 + X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts);
99.78 + crl.sign(privateKey, sigAlgName);
99.79 + byte[] data = crl.getEncodedInternal();
99.80 +
99.81 + // Make sure the CRL is big enough
99.82 + if ((data[1]&0xff) != 0x84) {
99.83 + throw new Exception("The file should be big enough?");
99.84 + }
99.85 +
99.86 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
99.87 + cf.generateCRL(new ByteArrayInputStream(data));
99.88 + }
99.89 +}
99.90 +
100.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
100.2 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java Fri Oct 28 17:49:02 2011 -0700
100.3 @@ -0,0 +1,479 @@
100.4 +/*
100.5 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
100.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
100.7 + *
100.8 + * This code is free software; you can redistribute it and/or modify it
100.9 + * under the terms of the GNU General Public License version 2 only, as
100.10 + * published by the Free Software Foundation.
100.11 + *
100.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
100.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
100.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
100.15 + * version 2 for more details (a copy is included in the LICENSE file that
100.16 + * accompanied this code).
100.17 + *
100.18 + * You should have received a copy of the GNU General Public License version
100.19 + * 2 along with this work; if not, write to the Free Software Foundation,
100.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
100.21 + *
100.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
100.23 + * or visit www.oracle.com if you need additional information or have any
100.24 + * questions.
100.25 + */
100.26 +
100.27 +/*
100.28 + * @test
100.29 + * @bug 7031830
100.30 + * @summary bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine
100.31 + * @run main/othervm SSLEngineBadBufferArrayAccess
100.32 + *
100.33 + * SunJSSE does not support dynamic system properties, no way to re-use
100.34 + * system properties in samevm/agentvm mode.
100.35 + */
100.36 +
100.37 +/**
100.38 + * A SSLSocket/SSLEngine interop test case. This is not the way to
100.39 + * code SSLEngine-based servers, but works for what we need to do here,
100.40 + * which is to make sure that SSLEngine/SSLSockets can talk to each other.
100.41 + * SSLEngines can use direct or indirect buffers, and different code
100.42 + * is used to get at the buffer contents internally, so we test that here.
100.43 + *
100.44 + * The test creates one SSLSocket (client) and one SSLEngine (server).
100.45 + * The SSLSocket talks to a raw ServerSocket, and the server code
100.46 + * does the translation between byte [] and ByteBuffers that the SSLEngine
100.47 + * can use. The "transport" layer consists of a Socket Input/OutputStream
100.48 + * and two byte buffers for the SSLEngines: think of them
100.49 + * as directly connected pipes.
100.50 + *
100.51 + * Again, this is a *very* simple example: real code will be much more
100.52 + * involved. For example, different threading and I/O models could be
100.53 + * used, transport mechanisms could close unexpectedly, and so on.
100.54 + *
100.55 + * When this application runs, notice that several messages
100.56 + * (wrap/unwrap) pass before any application data is consumed or
100.57 + * produced. (For more information, please see the SSL/TLS
100.58 + * specifications.) There may several steps for a successful handshake,
100.59 + * so it's typical to see the following series of operations:
100.60 + *
100.61 + * client server message
100.62 + * ====== ====== =======
100.63 + * write() ... ClientHello
100.64 + * ... unwrap() ClientHello
100.65 + * ... wrap() ServerHello/Certificate
100.66 + * read() ... ServerHello/Certificate
100.67 + * write() ... ClientKeyExchange
100.68 + * write() ... ChangeCipherSpec
100.69 + * write() ... Finished
100.70 + * ... unwrap() ClientKeyExchange
100.71 + * ... unwrap() ChangeCipherSpec
100.72 + * ... unwrap() Finished
100.73 + * ... wrap() ChangeCipherSpec
100.74 + * ... wrap() Finished
100.75 + * read() ... ChangeCipherSpec
100.76 + * read() ... Finished
100.77 + *
100.78 + * This particular bug had a problem where byte buffers backed by an
100.79 + * array didn't offset correctly, and we got bad MAC errors.
100.80 + */
100.81 +import javax.net.ssl.*;
100.82 +import javax.net.ssl.SSLEngineResult.*;
100.83 +import java.io.*;
100.84 +import java.net.*;
100.85 +import java.security.*;
100.86 +import java.nio.*;
100.87 +
100.88 +public class SSLEngineBadBufferArrayAccess {
100.89 +
100.90 + /*
100.91 + * Enables logging of the SSL/TLS operations.
100.92 + */
100.93 + private static boolean logging = true;
100.94 +
100.95 + /*
100.96 + * Enables the JSSE system debugging system property:
100.97 + *
100.98 + * -Djavax.net.debug=all
100.99 + *
100.100 + * This gives a lot of low-level information about operations underway,
100.101 + * including specific handshake messages, and might be best examined
100.102 + * after gaining some familiarity with this application.
100.103 + */
100.104 + private static boolean debug = false;
100.105 + private SSLContext sslc;
100.106 + private SSLEngine serverEngine; // server-side SSLEngine
100.107 + private SSLSocket sslSocket; // client-side socket
100.108 + private ServerSocket serverSocket; // server-side Socket, generates the...
100.109 + private Socket socket; // server-side socket that will read
100.110 +
100.111 + private final byte[] serverMsg = "Hi there Client, I'm a Server".getBytes();
100.112 + private final byte[] clientMsg = "Hello Server, I'm a Client".getBytes();
100.113 +
100.114 + private ByteBuffer serverOut; // write side of serverEngine
100.115 + private ByteBuffer serverIn; // read side of serverEngine
100.116 +
100.117 + private volatile Exception clientException;
100.118 + private volatile Exception serverException;
100.119 +
100.120 + /*
100.121 + * For data transport, this example uses local ByteBuffers.
100.122 + */
100.123 + private ByteBuffer cTOs; // "reliable" transport client->server
100.124 + private ByteBuffer sTOc; // "reliable" transport server->client
100.125 +
100.126 + /*
100.127 + * The following is to set up the keystores/trust material.
100.128 + */
100.129 + private static final String pathToStores = "../../../../../../../etc/";
100.130 + private static final String keyStoreFile = "keystore";
100.131 + private static final String trustStoreFile = "truststore";
100.132 + private static final String passwd = "passphrase";
100.133 + private static String keyFilename =
100.134 + System.getProperty("test.src", ".") + "/" + pathToStores
100.135 + + "/" + keyStoreFile;
100.136 + private static String trustFilename =
100.137 + System.getProperty("test.src", ".") + "/" + pathToStores
100.138 + + "/" + trustStoreFile;
100.139 +
100.140 + /*
100.141 + * Main entry point for this test.
100.142 + */
100.143 + public static void main(String args[]) throws Exception {
100.144 + if (debug) {
100.145 + System.setProperty("javax.net.debug", "all");
100.146 + }
100.147 +
100.148 + String [] protocols = new String [] {
100.149 + "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" };
100.150 +
100.151 + for (String protocol : protocols) {
100.152 + log("Testing " + protocol);
100.153 + /*
100.154 + * Run the tests with direct and indirect buffers.
100.155 + */
100.156 + SSLEngineBadBufferArrayAccess test =
100.157 + new SSLEngineBadBufferArrayAccess(protocol);
100.158 + test.runTest(true);
100.159 + test.runTest(false);
100.160 + }
100.161 +
100.162 + System.out.println("Test Passed.");
100.163 + }
100.164 +
100.165 + /*
100.166 + * Create an initialized SSLContext to use for these tests.
100.167 + */
100.168 + public SSLEngineBadBufferArrayAccess(String protocol) throws Exception {
100.169 +
100.170 + KeyStore ks = KeyStore.getInstance("JKS");
100.171 + KeyStore ts = KeyStore.getInstance("JKS");
100.172 +
100.173 + char[] passphrase = "passphrase".toCharArray();
100.174 +
100.175 + ks.load(new FileInputStream(keyFilename), passphrase);
100.176 + ts.load(new FileInputStream(trustFilename), passphrase);
100.177 +
100.178 + KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
100.179 + kmf.init(ks, passphrase);
100.180 +
100.181 + TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
100.182 + tmf.init(ts);
100.183 +
100.184 + SSLContext sslCtx = SSLContext.getInstance(protocol);
100.185 +
100.186 + sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
100.187 +
100.188 + sslc = sslCtx;
100.189 + }
100.190 +
100.191 + /*
100.192 + * Run the test.
100.193 + *
100.194 + * Sit in a tight loop, with the server engine calling wrap/unwrap
100.195 + * regardless of whether data is available or not. We do this until
100.196 + * we get the application data. Then we shutdown and go to the next one.
100.197 + *
100.198 + * The main loop handles all of the I/O phases of the SSLEngine's
100.199 + * lifetime:
100.200 + *
100.201 + * initial handshaking
100.202 + * application data transfer
100.203 + * engine closing
100.204 + *
100.205 + * One could easily separate these phases into separate
100.206 + * sections of code.
100.207 + */
100.208 + private void runTest(boolean direct) throws Exception {
100.209 + boolean serverClose = direct;
100.210 +
100.211 + serverSocket = new ServerSocket(0);
100.212 + int port = serverSocket.getLocalPort();
100.213 + Thread thread = createClientThread(port, serverClose);
100.214 +
100.215 + socket = serverSocket.accept();
100.216 + socket.setSoTimeout(500);
100.217 + serverSocket.close();
100.218 +
100.219 + createSSLEngine();
100.220 + createBuffers(direct);
100.221 +
100.222 + try {
100.223 + boolean closed = false;
100.224 +
100.225 + InputStream is = socket.getInputStream();
100.226 + OutputStream os = socket.getOutputStream();
100.227 +
100.228 + SSLEngineResult serverResult; // results from last operation
100.229 +
100.230 + /*
100.231 + * Examining the SSLEngineResults could be much more involved,
100.232 + * and may alter the overall flow of the application.
100.233 + *
100.234 + * For example, if we received a BUFFER_OVERFLOW when trying
100.235 + * to write to the output pipe, we could reallocate a larger
100.236 + * pipe, but instead we wait for the peer to drain it.
100.237 + */
100.238 + byte[] inbound = new byte[8192];
100.239 + byte[] outbound = new byte[8192];
100.240 +
100.241 + while (!isEngineClosed(serverEngine)) {
100.242 + int len = 0;
100.243 +
100.244 + // Inbound data
100.245 + log("================");
100.246 +
100.247 + // Read from the Client side.
100.248 + try {
100.249 + len = is.read(inbound);
100.250 + if (len == -1) {
100.251 + throw new Exception("Unexpected EOF");
100.252 + }
100.253 + cTOs.put(inbound, 0, len);
100.254 + } catch (SocketTimeoutException ste) {
100.255 + // swallow. Nothing yet, probably waiting on us.
100.256 + }
100.257 +
100.258 + cTOs.flip();
100.259 +
100.260 + serverResult = serverEngine.unwrap(cTOs, serverIn);
100.261 + log("server unwrap: ", serverResult);
100.262 + runDelegatedTasks(serverResult, serverEngine);
100.263 + cTOs.compact();
100.264 +
100.265 + // Outbound data
100.266 + log("----");
100.267 +
100.268 + serverResult = serverEngine.wrap(serverOut, sTOc);
100.269 + log("server wrap: ", serverResult);
100.270 + runDelegatedTasks(serverResult, serverEngine);
100.271 +
100.272 + sTOc.flip();
100.273 +
100.274 + if ((len = sTOc.remaining()) != 0) {
100.275 + sTOc.get(outbound, 0, len);
100.276 + os.write(outbound, 0, len);
100.277 + // Give the other side a chance to process
100.278 + }
100.279 +
100.280 + sTOc.compact();
100.281 +
100.282 + if (!closed && (serverOut.remaining() == 0)) {
100.283 + closed = true;
100.284 +
100.285 + /*
100.286 + * We'll alternate initiatating the shutdown.
100.287 + * When the server initiates, it will take one more
100.288 + * loop, but tests the orderly shutdown.
100.289 + */
100.290 + if (serverClose) {
100.291 + serverEngine.closeOutbound();
100.292 + }
100.293 + serverIn.flip();
100.294 +
100.295 + /*
100.296 + * A sanity check to ensure we got what was sent.
100.297 + */
100.298 + if (serverIn.remaining() != clientMsg.length) {
100.299 + throw new Exception("Client: Data length error");
100.300 + }
100.301 +
100.302 + for (int i = 0; i < clientMsg.length; i++) {
100.303 + if (clientMsg[i] != serverIn.get()) {
100.304 + throw new Exception("Client: Data content error");
100.305 + }
100.306 + }
100.307 + serverIn.compact();
100.308 + }
100.309 + }
100.310 + return;
100.311 + } catch (Exception e) {
100.312 + serverException = e;
100.313 + } finally {
100.314 + socket.close();
100.315 +
100.316 + // Wait for the client to join up with us.
100.317 + thread.join();
100.318 + if (serverException != null) {
100.319 + throw serverException;
100.320 + }
100.321 + if (clientException != null) {
100.322 + throw clientException;
100.323 + }
100.324 + }
100.325 + }
100.326 +
100.327 + /*
100.328 + * Create a client thread which does simple SSLSocket operations.
100.329 + * We'll write and read one data packet.
100.330 + */
100.331 + private Thread createClientThread(final int port,
100.332 + final boolean serverClose) throws Exception {
100.333 +
100.334 + Thread t = new Thread("ClientThread") {
100.335 +
100.336 + @Override
100.337 + public void run() {
100.338 + try {
100.339 + Thread.sleep(1000); // Give server time to finish setup.
100.340 +
100.341 + sslSocket = (SSLSocket) sslc.getSocketFactory().
100.342 + createSocket("localhost", port);
100.343 + OutputStream os = sslSocket.getOutputStream();
100.344 + InputStream is = sslSocket.getInputStream();
100.345 +
100.346 + // write(byte[]) goes in one shot.
100.347 + os.write(clientMsg);
100.348 +
100.349 + byte[] inbound = new byte[2048];
100.350 + int pos = 0;
100.351 +
100.352 + int len;
100.353 +done:
100.354 + while ((len = is.read(inbound, pos, 2048 - pos)) != -1) {
100.355 + pos += len;
100.356 + // Let the client do the closing.
100.357 + if ((pos == serverMsg.length) && !serverClose) {
100.358 + sslSocket.close();
100.359 + break done;
100.360 + }
100.361 + }
100.362 +
100.363 + if (pos != serverMsg.length) {
100.364 + throw new Exception("Client: Data length error");
100.365 + }
100.366 +
100.367 + for (int i = 0; i < serverMsg.length; i++) {
100.368 + if (inbound[i] != serverMsg[i]) {
100.369 + throw new Exception("Client: Data content error");
100.370 + }
100.371 + }
100.372 + } catch (Exception e) {
100.373 + clientException = e;
100.374 + }
100.375 + }
100.376 + };
100.377 + t.start();
100.378 + return t;
100.379 + }
100.380 +
100.381 + /*
100.382 + * Using the SSLContext created during object creation,
100.383 + * create/configure the SSLEngines we'll use for this test.
100.384 + */
100.385 + private void createSSLEngine() throws Exception {
100.386 + /*
100.387 + * Configure the serverEngine to act as a server in the SSL/TLS
100.388 + * handshake.
100.389 + */
100.390 + serverEngine = sslc.createSSLEngine();
100.391 + serverEngine.setUseClientMode(false);
100.392 + serverEngine.getNeedClientAuth();
100.393 + }
100.394 +
100.395 + /*
100.396 + * Create and size the buffers appropriately.
100.397 + */
100.398 + private void createBuffers(boolean direct) {
100.399 +
100.400 + SSLSession session = serverEngine.getSession();
100.401 + int appBufferMax = session.getApplicationBufferSize();
100.402 + int netBufferMax = session.getPacketBufferSize();
100.403 +
100.404 + /*
100.405 + * We'll make the input buffers a bit bigger than the max needed
100.406 + * size, so that unwrap()s following a successful data transfer
100.407 + * won't generate BUFFER_OVERFLOWS.
100.408 + *
100.409 + * We'll use a mix of direct and indirect ByteBuffers for
100.410 + * tutorial purposes only. In reality, only use direct
100.411 + * ByteBuffers when they give a clear performance enhancement.
100.412 + */
100.413 + if (direct) {
100.414 + serverIn = ByteBuffer.allocateDirect(appBufferMax + 50);
100.415 + cTOs = ByteBuffer.allocateDirect(netBufferMax);
100.416 + sTOc = ByteBuffer.allocateDirect(netBufferMax);
100.417 + } else {
100.418 + serverIn = ByteBuffer.allocate(appBufferMax + 50);
100.419 + cTOs = ByteBuffer.allocate(netBufferMax);
100.420 + sTOc = ByteBuffer.allocate(netBufferMax);
100.421 + }
100.422 +
100.423 + serverOut = ByteBuffer.wrap(serverMsg);
100.424 + }
100.425 +
100.426 + /*
100.427 + * If the result indicates that we have outstanding tasks to do,
100.428 + * go ahead and run them in this thread.
100.429 + */
100.430 + private static void runDelegatedTasks(SSLEngineResult result,
100.431 + SSLEngine engine) throws Exception {
100.432 +
100.433 + if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
100.434 + Runnable runnable;
100.435 + while ((runnable = engine.getDelegatedTask()) != null) {
100.436 + log("\trunning delegated task...");
100.437 + runnable.run();
100.438 + }
100.439 + HandshakeStatus hsStatus = engine.getHandshakeStatus();
100.440 + if (hsStatus == HandshakeStatus.NEED_TASK) {
100.441 + throw new Exception(
100.442 + "handshake shouldn't need additional tasks");
100.443 + }
100.444 + log("\tnew HandshakeStatus: " + hsStatus);
100.445 + }
100.446 + }
100.447 +
100.448 + private static boolean isEngineClosed(SSLEngine engine) {
100.449 + return (engine.isOutboundDone() && engine.isInboundDone());
100.450 + }
100.451 +
100.452 + /*
100.453 + * Logging code
100.454 + */
100.455 + private static boolean resultOnce = true;
100.456 +
100.457 + private static void log(String str, SSLEngineResult result) {
100.458 + if (!logging) {
100.459 + return;
100.460 + }
100.461 + if (resultOnce) {
100.462 + resultOnce = false;
100.463 + System.out.println("The format of the SSLEngineResult is: \n"
100.464 + + "\t\"getStatus() / getHandshakeStatus()\" +\n"
100.465 + + "\t\"bytesConsumed() / bytesProduced()\"\n");
100.466 + }
100.467 + HandshakeStatus hsStatus = result.getHandshakeStatus();
100.468 + log(str
100.469 + + result.getStatus() + "/" + hsStatus + ", "
100.470 + + result.bytesConsumed() + "/" + result.bytesProduced()
100.471 + + " bytes");
100.472 + if (hsStatus == HandshakeStatus.FINISHED) {
100.473 + log("\t...ready for application data");
100.474 + }
100.475 + }
100.476 +
100.477 + private static void log(String str) {
100.478 + if (logging) {
100.479 + System.out.println(str);
100.480 + }
100.481 + }
100.482 +}
101.1 --- a/test/sun/security/util/BigInt/BigIntEqualsHashCode.java Thu Oct 27 13:54:42 2011 -0700
101.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
101.3 @@ -1,46 +0,0 @@
101.4 -/*
101.5 - * Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved.
101.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
101.7 - *
101.8 - * This code is free software; you can redistribute it and/or modify it
101.9 - * under the terms of the GNU General Public License version 2 only, as
101.10 - * published by the Free Software Foundation.
101.11 - *
101.12 - * This code is distributed in the hope that it will be useful, but WITHOUT
101.13 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
101.14 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
101.15 - * version 2 for more details (a copy is included in the LICENSE file that
101.16 - * accompanied this code).
101.17 - *
101.18 - * You should have received a copy of the GNU General Public License version
101.19 - * 2 along with this work; if not, write to the Free Software Foundation,
101.20 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
101.21 - *
101.22 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
101.23 - * or visit www.oracle.com if you need additional information or have any
101.24 - * questions.
101.25 - */
101.26 -
101.27 -/*
101.28 - * @test
101.29 - * @author Gary Ellison
101.30 - * @bug 4170635
101.31 - * @summary Verify equals()/hashCode() contract honored
101.32 - */
101.33 -
101.34 -import java.io.*;
101.35 -import sun.security.util.*;
101.36 -
101.37 -
101.38 -public class BigIntEqualsHashCode {
101.39 - public static void main(String[] args) throws Exception {
101.40 - BigInt bi1 = new BigInt(12345678);
101.41 - BigInt bi2 = new BigInt(12345678);
101.42 -
101.43 - if ( (bi1.equals(bi2)) == (bi1.hashCode()==bi2.hashCode()) )
101.44 - System.out.println("PASSED");
101.45 - else
101.46 - throw new Exception ("FAILED equals()/hashCode() contract");
101.47 -
101.48 - }
101.49 -}