1.1 --- a/make/java/java/FILES_java.gmk Thu Feb 23 12:03:21 2012 -0800
1.2 +++ b/make/java/java/FILES_java.gmk Fri Feb 24 18:24:03 2012 -0800
1.3 @@ -474,6 +474,7 @@
1.4 sun/misc/MessageUtils.java \
1.5 sun/misc/GC.java \
1.6 sun/misc/Service.java \
1.7 + sun/misc/JavaAWTAccess.java \
1.8 sun/misc/JavaLangAccess.java \
1.9 sun/misc/JavaIOAccess.java \
1.10 sun/misc/JavaIOFileDescriptorAccess.java \
2.1 --- a/src/share/classes/com/sun/jndi/dns/DnsClient.java Thu Feb 23 12:03:21 2012 -0800
2.2 +++ b/src/share/classes/com/sun/jndi/dns/DnsClient.java Fri Feb 24 18:24:03 2012 -0800
2.3 @@ -1,5 +1,5 @@
2.4 /*
2.5 - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
2.6 + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
2.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
2.8 *
2.9 * This code is free software; you can redistribute it and/or modify it
2.10 @@ -622,11 +622,7 @@
2.11
2.12 //-------------------------------------------------------------------------
2.13
2.14 - private static boolean debug = false;
2.15 -
2.16 - public static void setDebug(boolean flag) {
2.17 - debug = flag;
2.18 - }
2.19 + private static final boolean debug = false;
2.20
2.21 private static void dprint(String mess) {
2.22 if (debug) {
3.1 --- a/src/share/classes/com/sun/media/sound/DirectAudioDevice.java Thu Feb 23 12:03:21 2012 -0800
3.2 +++ b/src/share/classes/com/sun/media/sound/DirectAudioDevice.java Fri Feb 24 18:24:03 2012 -0800
3.3 @@ -736,7 +736,7 @@
3.4 if (off < 0) {
3.5 throw new ArrayIndexOutOfBoundsException(off);
3.6 }
3.7 - if (off + len > b.length) {
3.8 + if ((long)off + (long)len > (long)b.length) {
3.9 throw new ArrayIndexOutOfBoundsException(b.length);
3.10 }
3.11
3.12 @@ -964,7 +964,7 @@
3.13 if (off < 0) {
3.14 throw new ArrayIndexOutOfBoundsException(off);
3.15 }
3.16 - if (off + len > b.length) {
3.17 + if ((long)off + (long)len > (long)b.length) {
3.18 throw new ArrayIndexOutOfBoundsException(b.length);
3.19 }
3.20 if (!isActive() && doIO) {
4.1 --- a/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java Thu Feb 23 12:03:21 2012 -0800
4.2 +++ b/src/share/classes/com/sun/media/sound/SoftMixingSourceDataLine.java Fri Feb 24 18:24:03 2012 -0800
4.3 @@ -130,6 +130,12 @@
4.4 if (len % framesize != 0)
4.5 throw new IllegalArgumentException(
4.6 "Number of bytes does not represent an integral number of sample frames.");
4.7 + if (off < 0) {
4.8 + throw new ArrayIndexOutOfBoundsException(off);
4.9 + }
4.10 + if ((long)off + (long)len > (long)b.length) {
4.11 + throw new ArrayIndexOutOfBoundsException(b.length);
4.12 + }
4.13
4.14 byte[] buff = cycling_buffer;
4.15 int buff_len = cycling_buffer.length;
5.1 --- a/src/share/classes/java/io/File.java Thu Feb 23 12:03:21 2012 -0800
5.2 +++ b/src/share/classes/java/io/File.java Fri Feb 24 18:24:03 2012 -0800
5.3 @@ -153,7 +153,7 @@
5.4 /**
5.5 * The FileSystem object representing the platform's local file system.
5.6 */
5.7 - static private FileSystem fs = FileSystem.getFileSystem();
5.8 + private static final FileSystem fs = FileSystem.getFileSystem();
5.9
5.10 /**
5.11 * This abstract pathname's normalized pathname string. A normalized
5.12 @@ -162,13 +162,13 @@
5.13 *
5.14 * @serial
5.15 */
5.16 - private String path;
5.17 + private final String path;
5.18
5.19 /**
5.20 * The length of this abstract pathname's prefix, or zero if it has no
5.21 * prefix.
5.22 */
5.23 - private transient int prefixLength;
5.24 + private final transient int prefixLength;
5.25
5.26 /**
5.27 * Returns the length of this abstract pathname's prefix.
5.28 @@ -2023,10 +2023,28 @@
5.29 char sep = s.readChar(); // read the previous separator char
5.30 if (sep != separatorChar)
5.31 pathField = pathField.replace(sep, separatorChar);
5.32 - this.path = fs.normalize(pathField);
5.33 - this.prefixLength = fs.prefixLength(this.path);
5.34 + String path = fs.normalize(pathField);
5.35 + UNSAFE.putObject(this, PATH_OFFSET, path);
5.36 + UNSAFE.putIntVolatile(this, PREFIX_LENGTH_OFFSET, fs.prefixLength(path));
5.37 }
5.38
5.39 + private static final long PATH_OFFSET;
5.40 + private static final long PREFIX_LENGTH_OFFSET;
5.41 + private static final sun.misc.Unsafe UNSAFE;
5.42 + static {
5.43 + try {
5.44 + sun.misc.Unsafe unsafe = sun.misc.Unsafe.getUnsafe();
5.45 + PATH_OFFSET = unsafe.objectFieldOffset(
5.46 + File.class.getDeclaredField("path"));
5.47 + PREFIX_LENGTH_OFFSET = unsafe.objectFieldOffset(
5.48 + File.class.getDeclaredField("prefixLength"));
5.49 + UNSAFE = unsafe;
5.50 + } catch (ReflectiveOperationException e) {
5.51 + throw new Error(e);
5.52 + }
5.53 + }
5.54 +
5.55 +
5.56 /** use serialVersionUID from JDK 1.0.2 for interoperability */
5.57 private static final long serialVersionUID = 301077366599181567L;
5.58
6.1 --- a/src/share/classes/java/io/ObjectStreamClass.java Thu Feb 23 12:03:21 2012 -0800
6.2 +++ b/src/share/classes/java/io/ObjectStreamClass.java Fri Feb 24 18:24:03 2012 -0800
6.3 @@ -123,14 +123,39 @@
6.4 */
6.5 private boolean hasBlockExternalData = true;
6.6
6.7 + /**
6.8 + * Contains information about InvalidClassException instances to be thrown
6.9 + * when attempting operations on an invalid class. Note that instances of
6.10 + * this class are immutable and are potentially shared among
6.11 + * ObjectStreamClass instances.
6.12 + */
6.13 + private static class ExceptionInfo {
6.14 + private final String className;
6.15 + private final String message;
6.16 +
6.17 + ExceptionInfo(String cn, String msg) {
6.18 + className = cn;
6.19 + message = msg;
6.20 + }
6.21 +
6.22 + /**
6.23 + * Returns (does not throw) an InvalidClassException instance created
6.24 + * from the information in this object, suitable for being thrown by
6.25 + * the caller.
6.26 + */
6.27 + InvalidClassException newInvalidClassException() {
6.28 + return new InvalidClassException(className, message);
6.29 + }
6.30 + }
6.31 +
6.32 /** exception (if any) thrown while attempting to resolve class */
6.33 private ClassNotFoundException resolveEx;
6.34 /** exception (if any) to throw if non-enum deserialization attempted */
6.35 - private InvalidClassException deserializeEx;
6.36 + private ExceptionInfo deserializeEx;
6.37 /** exception (if any) to throw if non-enum serialization attempted */
6.38 - private InvalidClassException serializeEx;
6.39 + private ExceptionInfo serializeEx;
6.40 /** exception (if any) to throw if default serialization attempted */
6.41 - private InvalidClassException defaultSerializeEx;
6.42 + private ExceptionInfo defaultSerializeEx;
6.43
6.44 /** serializable fields */
6.45 private ObjectStreamField[] fields;
6.46 @@ -444,7 +469,8 @@
6.47 fields = getSerialFields(cl);
6.48 computeFieldOffsets();
6.49 } catch (InvalidClassException e) {
6.50 - serializeEx = deserializeEx = e;
6.51 + serializeEx = deserializeEx =
6.52 + new ExceptionInfo(e.classname, e.getMessage());
6.53 fields = NO_FIELDS;
6.54 }
6.55
6.56 @@ -483,15 +509,14 @@
6.57
6.58 if (deserializeEx == null) {
6.59 if (isEnum) {
6.60 - deserializeEx = new InvalidClassException(name, "enum type");
6.61 + deserializeEx = new ExceptionInfo(name, "enum type");
6.62 } else if (cons == null) {
6.63 - deserializeEx = new InvalidClassException(
6.64 - name, "no valid constructor");
6.65 + deserializeEx = new ExceptionInfo(name, "no valid constructor");
6.66 }
6.67 }
6.68 for (int i = 0; i < fields.length; i++) {
6.69 if (fields[i].getField() == null) {
6.70 - defaultSerializeEx = new InvalidClassException(
6.71 + defaultSerializeEx = new ExceptionInfo(
6.72 name, "unmatched serializable field(s) declared");
6.73 }
6.74 }
6.75 @@ -601,8 +626,8 @@
6.76 (externalizable != localDesc.externalizable) ||
6.77 !(serializable || externalizable))
6.78 {
6.79 - deserializeEx = new InvalidClassException(localDesc.name,
6.80 - "class invalid for deserialization");
6.81 + deserializeEx = new ExceptionInfo(
6.82 + localDesc.name, "class invalid for deserialization");
6.83 }
6.84 }
6.85
6.86 @@ -727,11 +752,7 @@
6.87 */
6.88 void checkDeserialize() throws InvalidClassException {
6.89 if (deserializeEx != null) {
6.90 - InvalidClassException ice =
6.91 - new InvalidClassException(deserializeEx.classname,
6.92 - deserializeEx.getMessage());
6.93 - ice.initCause(deserializeEx);
6.94 - throw ice;
6.95 + throw deserializeEx.newInvalidClassException();
6.96 }
6.97 }
6.98
6.99 @@ -742,11 +763,7 @@
6.100 */
6.101 void checkSerialize() throws InvalidClassException {
6.102 if (serializeEx != null) {
6.103 - InvalidClassException ice =
6.104 - new InvalidClassException(serializeEx.classname,
6.105 - serializeEx.getMessage());
6.106 - ice.initCause(serializeEx);
6.107 - throw ice;
6.108 + throw serializeEx.newInvalidClassException();
6.109 }
6.110 }
6.111
6.112 @@ -759,11 +776,7 @@
6.113 */
6.114 void checkDefaultSerialize() throws InvalidClassException {
6.115 if (defaultSerializeEx != null) {
6.116 - InvalidClassException ice =
6.117 - new InvalidClassException(defaultSerializeEx.classname,
6.118 - defaultSerializeEx.getMessage());
6.119 - ice.initCause(defaultSerializeEx);
6.120 - throw ice;
6.121 + throw defaultSerializeEx.newInvalidClassException();
6.122 }
6.123 }
6.124
7.1 --- a/src/share/classes/java/lang/Math.java Thu Feb 23 12:03:21 2012 -0800
7.2 +++ b/src/share/classes/java/lang/Math.java Fri Feb 24 18:24:03 2012 -0800
7.3 @@ -81,6 +81,22 @@
7.4 * floating-point approximation. Not all approximations that have 1
7.5 * ulp accuracy will automatically meet the monotonicity requirements.
7.6 *
7.7 + * <p>
7.8 + * The platform uses signed two's complement integer arithmetic with
7.9 + * int and long primitive types. The developer should choose
7.10 + * the primitive type to ensure that arithmetic operations consistently
7.11 + * produce correct results, which in some cases means the operations
7.12 + * will not overflow the range of values of the computation.
7.13 + * The best practice is to choose the primitive type and algorithm to avoid
7.14 + * overflow. In cases where the size is {@code int} or {@code long} and
7.15 + * overflow errors need to be detected, the methods {@code addExact},
7.16 + * {@code subtractExact}, {@code multiplyExact}, and {@code toIntExact}
7.17 + * throw an {@code ArithmeticException} when the results overflow.
7.18 + * For other arithmetic operations such as divide, absolute value,
7.19 + * increment, decrement, and negation overflow occurs only with
7.20 + * a specific minimum or maximum value and should be checked against
7.21 + * the minimum or maximum as appropriate.
7.22 + *
7.23 * @author unascribed
7.24 * @author Joseph D. Darcy
7.25 * @since JDK1.0
7.26 @@ -719,6 +735,137 @@
7.27 }
7.28
7.29 /**
7.30 + * Returns the sum of its arguments,
7.31 + * throwing an exception if the result overflows an {@code int}.
7.32 + *
7.33 + * @param x the first value
7.34 + * @param y the second value
7.35 + * @return the result
7.36 + * @throws ArithmeticException if the result overflows an int
7.37 + */
7.38 + public static int addExact(int x, int y) {
7.39 + int r = x + y;
7.40 + // HD 2-12 Overflow iff both arguments have the opposite sign of the result
7.41 + if (((x ^ r) & (y ^ r)) < 0) {
7.42 + throw new ArithmeticException("integer overflow");
7.43 + }
7.44 + return r;
7.45 + }
7.46 +
7.47 + /**
7.48 + * Returns the sum of its arguments,
7.49 + * throwing an exception if the result overflows a {@code long}.
7.50 + *
7.51 + * @param x the first value
7.52 + * @param y the second value
7.53 + * @return the result
7.54 + * @throws ArithmeticException if the result overflows a long
7.55 + */
7.56 + public static long addExact(long x, long y) {
7.57 + long r = x + y;
7.58 + // HD 2-12 Overflow iff both arguments have the opposite sign of the result
7.59 + if (((x ^ r) & (y ^ r)) < 0) {
7.60 + throw new ArithmeticException("long overflow");
7.61 + }
7.62 + return r;
7.63 + }
7.64 +
7.65 + /**
7.66 + * Returns the difference of the arguments,
7.67 + * throwing an exception if the result overflows an {@code int}.
7.68 + *
7.69 + * @param x the first value
7.70 + * @param y the second value to subtract from the first
7.71 + * @return the result
7.72 + * @throws ArithmeticException if the result overflows an int
7.73 + */
7.74 + public static int subtractExact(int x, int y) {
7.75 + int r = x - y;
7.76 + // HD 2-12 Overflow iff the arguments have different signs and
7.77 + // the sign of the result is different than the sign of x
7.78 + if (((x ^ y) & (x ^ r)) < 0) {
7.79 + throw new ArithmeticException("integer overflow");
7.80 + }
7.81 + return r;
7.82 + }
7.83 +
7.84 + /**
7.85 + * Returns the difference of the arguments,
7.86 + * throwing an exception if the result overflows a {@code long}.
7.87 + *
7.88 + * @param x the first value
7.89 + * @param y the second value to subtract from the first
7.90 + * @return the result
7.91 + * @throws ArithmeticException if the result overflows a long
7.92 + */
7.93 + public static long subtractExact(long x, long y) {
7.94 + long r = x - y;
7.95 + // HD 2-12 Overflow iff the arguments have different signs and
7.96 + // the sign of the result is different than the sign of x
7.97 + if (((x ^ y) & (x ^ r)) < 0) {
7.98 + throw new ArithmeticException("long overflow");
7.99 + }
7.100 + return r;
7.101 + }
7.102 +
7.103 + /**
7.104 + * Returns the product of the arguments,
7.105 + * throwing an exception if the result overflows an {@code int}.
7.106 + *
7.107 + * @param x the first value
7.108 + * @param y the second value
7.109 + * @return the result
7.110 + * @throws ArithmeticException if the result overflows an int
7.111 + */
7.112 + public static int multiplyExact(int x, int y) {
7.113 + long r = (long)x * (long)y;
7.114 + if ((int)r != r) {
7.115 + throw new ArithmeticException("long overflow");
7.116 + }
7.117 + return (int)r;
7.118 + }
7.119 +
7.120 + /**
7.121 + * Returns the product of the arguments,
7.122 + * throwing an exception if the result overflows a {@code long}.
7.123 + *
7.124 + * @param x the first value
7.125 + * @param y the second value
7.126 + * @return the result
7.127 + * @throws ArithmeticException if the result overflows a long
7.128 + */
7.129 + public static long multiplyExact(long x, long y) {
7.130 + long r = x * y;
7.131 + long ax = Math.abs(x);
7.132 + long ay = Math.abs(y);
7.133 + if (((ax | ay) >>> 31 != 0)) {
7.134 + // Some bits greater than 2^31 that might cause overflow
7.135 + // Check the result using the divide operator
7.136 + // and check for the special case of Long.MIN_VALUE * -1
7.137 + if (((y != 0) && (r / y != x)) ||
7.138 + (x == Long.MIN_VALUE && y == -1)) {
7.139 + throw new ArithmeticException("long overflow");
7.140 + }
7.141 + }
7.142 + return r;
7.143 + }
7.144 +
7.145 + /**
7.146 + * Returns the value of the {@code long} argument;
7.147 + * throwing an exception if the value overflows an {@code int}.
7.148 + *
7.149 + * @param value the long value
7.150 + * @return the argument as an int
7.151 + * @throws ArithmeticException if the {@code argument} overflows an int
7.152 + */
7.153 + public static int toIntExact(long value) {
7.154 + if ((int)value != value) {
7.155 + throw new ArithmeticException("integer overflow");
7.156 + }
7.157 + return (int)value;
7.158 + }
7.159 +
7.160 + /**
7.161 * Returns the absolute value of an {@code int} value.
7.162 * If the argument is not negative, the argument is returned.
7.163 * If the argument is negative, the negation of the argument is returned.
7.164 @@ -1737,7 +1884,7 @@
7.165 }
7.166
7.167 /**
7.168 - * Return {@code d} ×
7.169 + * Returns {@code d} ×
7.170 * 2<sup>{@code scaleFactor}</sup> rounded as if performed
7.171 * by a single correctly rounded floating-point multiply to a
7.172 * member of the double value set. See the Java
7.173 @@ -1844,7 +1991,7 @@
7.174 }
7.175
7.176 /**
7.177 - * Return {@code f} ×
7.178 + * Returns {@code f} ×
7.179 * 2<sup>{@code scaleFactor}</sup> rounded as if performed
7.180 * by a single correctly rounded floating-point multiply to a
7.181 * member of the float value set. See the Java
8.1 --- a/src/share/classes/java/lang/StrictMath.java Thu Feb 23 12:03:21 2012 -0800
8.2 +++ b/src/share/classes/java/lang/StrictMath.java Fri Feb 24 18:24:03 2012 -0800
8.3 @@ -56,6 +56,22 @@
8.4 * {@code sinh}, {@code cosh}, {@code tanh},
8.5 * {@code hypot}, {@code expm1}, and {@code log1p}.
8.6 *
8.7 + * <p>
8.8 + * The platform uses signed two's complement integer arithmetic with
8.9 + * int and long primitive types. The developer should choose
8.10 + * the primitive type to ensure that arithmetic operations consistently
8.11 + * produce correct results, which in some cases means the operations
8.12 + * will not overflow the range of values of the computation.
8.13 + * The best practice is to choose the primitive type and algorithm to avoid
8.14 + * overflow. In cases where the size is {@code int} or {@code long} and
8.15 + * overflow errors need to be detected, the methods {@code addExact},
8.16 + * {@code subtractExact}, {@code multiplyExact}, and {@code toIntExact}
8.17 + * throw an {@code ArithmeticException} when the results overflow.
8.18 + * For other arithmetic operations such as divide, absolute value,
8.19 + * increment, decrement, and negation overflow occurs only with
8.20 + * a specific minimum or maximum value and should be checked against
8.21 + * the minimum or maximum as appropriate.
8.22 + *
8.23 * @author unascribed
8.24 * @author Joseph D. Darcy
8.25 * @since 1.3
8.26 @@ -699,7 +715,111 @@
8.27 }
8.28
8.29 /**
8.30 - * Returns the absolute value of an {@code int} value..
8.31 + * Returns the sum of its arguments,
8.32 + * throwing an exception if the result overflows an {@code int}.
8.33 + *
8.34 + * @param x the first value
8.35 + * @param y the second value
8.36 + * @return the result
8.37 + * @throws ArithmeticException if the result overflows an int
8.38 + * @see Math#addExact(int,int)
8.39 + * @since 1.8
8.40 + */
8.41 + public static int addExact(int x, int y) {
8.42 + return Math.addExact(x, y);
8.43 + }
8.44 +
8.45 + /**
8.46 + * Returns the sum of its arguments,
8.47 + * throwing an exception if the result overflows a {@code long}.
8.48 + *
8.49 + * @param x the first value
8.50 + * @param y the second value
8.51 + * @return the result
8.52 + * @throws ArithmeticException if the result overflows a long
8.53 + * @see Math#addExact(long,long)
8.54 + * @since 1.8
8.55 + */
8.56 + public static long addExact(long x, long y) {
8.57 + return Math.addExact(x, y);
8.58 + }
8.59 +
8.60 + /**
8.61 + * Return the difference of the arguments,
8.62 + * throwing an exception if the result overflows an {@code int}.
8.63 + *
8.64 + * @param x the first value
8.65 + * @param y the second value to subtract from the first
8.66 + * @return the result
8.67 + * @throws ArithmeticException if the result overflows an int
8.68 + * @see Math#subtractExact(int,int)
8.69 + * @since 1.8
8.70 + */
8.71 + public static int subtractExact(int x, int y) {
8.72 + return Math.subtractExact(x, y);
8.73 + }
8.74 +
8.75 + /**
8.76 + * Return the difference of the arguments,
8.77 + * throwing an exception if the result overflows a {@code long}.
8.78 + *
8.79 + * @param x the first value
8.80 + * @param y the second value to subtract from the first
8.81 + * @return the result
8.82 + * @throws ArithmeticException if the result overflows a long
8.83 + * @see Math#subtractExact(long,long)
8.84 + * @since 1.8
8.85 + */
8.86 + public static long subtractExact(long x, long y) {
8.87 + return Math.subtractExact(x, y);
8.88 + }
8.89 +
8.90 + /**
8.91 + * Return the product of the arguments,
8.92 + * throwing an exception if the result overflows an {@code int}.
8.93 + *
8.94 + * @param x the first value
8.95 + * @param y the second value
8.96 + * @return the result
8.97 + * @throws ArithmeticException if the result overflows an int
8.98 + * @see Math#multiplyExact(int,int)
8.99 + * @since 1.8
8.100 + */
8.101 + public static int multiplyExact(int x, int y) {
8.102 + return Math.multiplyExact(x, y);
8.103 + }
8.104 +
8.105 + /**
8.106 + * Return the product of the arguments,
8.107 + * throwing an exception if the result overflows a {@code long}.
8.108 + *
8.109 + * @param x the first value
8.110 + * @param y the second value
8.111 + * @return the result
8.112 + * @throws ArithmeticException if the result overflows a long
8.113 + * @see Math#multiplyExact(long,long)
8.114 + * @since 1.8
8.115 + */
8.116 + public static long multiplyExact(long x, long y) {
8.117 + return Math.multiplyExact(x, y);
8.118 + }
8.119 +
8.120 + /**
8.121 + * Return the value of the {@code long} argument;
8.122 + * throwing an exception if the value overflows an {@code int}.
8.123 + *
8.124 + * @param value the long value
8.125 + * @return the argument as an int
8.126 + * @throws ArithmeticException if the {@code argument} overflows an int
8.127 + * @see Math#toIntExact(int)
8.128 + * @since 1.8
8.129 + */
8.130 + public static int toIntExact(long value) {
8.131 + return Math.toIntExact(value);
8.132 + }
8.133 +
8.134 + /**
8.135 + * Returns the absolute value of an {@code int} value.
8.136 * If the argument is not negative, the argument is returned.
8.137 * If the argument is negative, the negation of the argument is returned.
8.138 *
9.1 --- a/src/share/classes/java/lang/System.java Thu Feb 23 12:03:21 2012 -0800
9.2 +++ b/src/share/classes/java/lang/System.java Fri Feb 24 18:24:03 2012 -0800
9.3 @@ -1100,6 +1100,19 @@
9.4 public static native String mapLibraryName(String libname);
9.5
9.6 /**
9.7 + * Create PrintStream for stdout/err based on encoding.
9.8 + */
9.9 + private static PrintStream newPrintStream(FileOutputStream fos, String enc) {
9.10 + if (enc != null) {
9.11 + try {
9.12 + return new PrintStream(new BufferedOutputStream(fos, 128), true, enc);
9.13 + } catch (UnsupportedEncodingException uee) {}
9.14 + }
9.15 + return new PrintStream(new BufferedOutputStream(fos, 128), true);
9.16 + }
9.17 +
9.18 +
9.19 + /**
9.20 * Initialize the system class. Called after thread initialization.
9.21 */
9.22 private static void initializeSystemClass() {
9.23 @@ -1139,8 +1152,9 @@
9.24 FileOutputStream fdOut = new FileOutputStream(FileDescriptor.out);
9.25 FileOutputStream fdErr = new FileOutputStream(FileDescriptor.err);
9.26 setIn0(new BufferedInputStream(fdIn));
9.27 - setOut0(new PrintStream(new BufferedOutputStream(fdOut, 128), true));
9.28 - setErr0(new PrintStream(new BufferedOutputStream(fdErr, 128), true));
9.29 + setOut0(newPrintStream(fdOut, props.getProperty("sun.stdout.encoding")));
9.30 + setErr0(newPrintStream(fdErr, props.getProperty("sun.stderr.encoding")));
9.31 +
9.32 // Load the zip library now in order to keep java.util.zip.ZipFile
9.33 // from trying to use itself to load this library later.
9.34 loadLibrary("zip");
10.1 --- a/src/share/classes/java/util/TimeZone.java Thu Feb 23 12:03:21 2012 -0800
10.2 +++ b/src/share/classes/java/util/TimeZone.java Fri Feb 24 18:24:03 2012 -0800
10.3 @@ -43,6 +43,8 @@
10.4 import java.security.AccessController;
10.5 import java.security.PrivilegedAction;
10.6 import java.util.concurrent.ConcurrentHashMap;
10.7 +import sun.misc.SharedSecrets;
10.8 +import sun.misc.JavaAWTAccess;
10.9 import sun.security.action.GetPropertyAction;
10.10 import sun.util.TimeZoneNameUtility;
10.11 import sun.util.calendar.ZoneInfo;
10.12 @@ -615,7 +617,7 @@
10.13 * method doesn't create a clone.
10.14 */
10.15 static TimeZone getDefaultRef() {
10.16 - TimeZone defaultZone = defaultZoneTL.get();
10.17 + TimeZone defaultZone = getDefaultInAppContext();
10.18 if (defaultZone == null) {
10.19 defaultZone = defaultTimeZone;
10.20 if (defaultZone == null) {
10.21 @@ -706,10 +708,65 @@
10.22 if (hasPermission()) {
10.23 synchronized (TimeZone.class) {
10.24 defaultTimeZone = zone;
10.25 - defaultZoneTL.set(null);
10.26 + setDefaultInAppContext(null);
10.27 }
10.28 } else {
10.29 - defaultZoneTL.set(zone);
10.30 + setDefaultInAppContext(zone);
10.31 + }
10.32 + }
10.33 +
10.34 + /**
10.35 + * Returns the default TimeZone in an AppContext if any AppContext
10.36 + * has ever used. null is returned if any AppContext hasn't been
10.37 + * used or if the AppContext doesn't have the default TimeZone.
10.38 + */
10.39 + private synchronized static TimeZone getDefaultInAppContext() {
10.40 + // JavaAWTAccess provides access implementation-private methods without using reflection.
10.41 + JavaAWTAccess javaAWTAccess = SharedSecrets.getJavaAWTAccess();
10.42 +
10.43 + // Note that javaAWTAccess may be null if sun.awt.AppContext class hasn't
10.44 + // been loaded. If so, it implies that AWTSecurityManager is not our
10.45 + // SecurityManager and we can use a local static variable.
10.46 + // This works around a build time issue.
10.47 + if (javaAWTAccess == null) {
10.48 + return mainAppContextDefault;
10.49 + } else {
10.50 + if (!javaAWTAccess.isDisposed()) {
10.51 + TimeZone tz = (TimeZone)
10.52 + javaAWTAccess.get(TimeZone.class);
10.53 + if (tz == null && javaAWTAccess.isMainAppContext()) {
10.54 + return mainAppContextDefault;
10.55 + } else {
10.56 + return tz;
10.57 + }
10.58 + }
10.59 + }
10.60 + return null;
10.61 + }
10.62 +
10.63 + /**
10.64 + * Sets the default TimeZone in the AppContext to the given
10.65 + * tz. null is handled special: do nothing if any AppContext
10.66 + * hasn't been used, remove the default TimeZone in the
10.67 + * AppContext otherwise.
10.68 + */
10.69 + private synchronized static void setDefaultInAppContext(TimeZone tz) {
10.70 + // JavaAWTAccess provides access implementation-private methods without using reflection.
10.71 + JavaAWTAccess javaAWTAccess = SharedSecrets.getJavaAWTAccess();
10.72 +
10.73 + // Note that javaAWTAccess may be null if sun.awt.AppContext class hasn't
10.74 + // been loaded. If so, it implies that AWTSecurityManager is not our
10.75 + // SecurityManager and we can use a local static variable.
10.76 + // This works around a build time issue.
10.77 + if (javaAWTAccess == null) {
10.78 + mainAppContextDefault = tz;
10.79 + } else {
10.80 + if (!javaAWTAccess.isDisposed()) {
10.81 + javaAWTAccess.put(TimeZone.class, tz);
10.82 + if (javaAWTAccess.isMainAppContext()) {
10.83 + mainAppContextDefault = null;
10.84 + }
10.85 + }
10.86 }
10.87 }
10.88
10.89 @@ -760,12 +817,13 @@
10.90 */
10.91 private String ID;
10.92 private static volatile TimeZone defaultTimeZone;
10.93 - private static final InheritableThreadLocal<TimeZone> defaultZoneTL
10.94 - = new InheritableThreadLocal<TimeZone>();
10.95
10.96 static final String GMT_ID = "GMT";
10.97 private static final int GMT_ID_LENGTH = 3;
10.98
10.99 + // a static TimeZone we can reference if no AppContext is in place
10.100 + private static TimeZone mainAppContextDefault;
10.101 +
10.102 /**
10.103 * Parses a custom time zone identifier and returns a corresponding zone.
10.104 * This method doesn't support the RFC 822 time zone format. (e.g., +hhmm)
11.1 --- a/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java Thu Feb 23 12:03:21 2012 -0800
11.2 +++ b/src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java Fri Feb 24 18:24:03 2012 -0800
11.3 @@ -34,8 +34,10 @@
11.4 */
11.5
11.6 package java.util.concurrent.atomic;
11.7 +
11.8 +import java.lang.reflect.Array;
11.9 +import java.util.Arrays;
11.10 import sun.misc.Unsafe;
11.11 -import java.util.*;
11.12
11.13 /**
11.14 * An array of object references in which elements may be updated
11.15 @@ -49,13 +51,23 @@
11.16 public class AtomicReferenceArray<E> implements java.io.Serializable {
11.17 private static final long serialVersionUID = -6209656149925076980L;
11.18
11.19 - private static final Unsafe unsafe = Unsafe.getUnsafe();
11.20 - private static final int base = unsafe.arrayBaseOffset(Object[].class);
11.21 + private static final Unsafe unsafe;
11.22 + private static final int base;
11.23 private static final int shift;
11.24 - private final Object[] array;
11.25 + private static final long arrayFieldOffset;
11.26 + private final Object[] array; // must have exact type Object[]
11.27
11.28 static {
11.29 - int scale = unsafe.arrayIndexScale(Object[].class);
11.30 + int scale;
11.31 + try {
11.32 + unsafe = Unsafe.getUnsafe();
11.33 + arrayFieldOffset = unsafe.objectFieldOffset
11.34 + (AtomicReferenceArray.class.getDeclaredField("array"));
11.35 + base = unsafe.arrayBaseOffset(Object[].class);
11.36 + scale = unsafe.arrayIndexScale(Object[].class);
11.37 + } catch (Exception e) {
11.38 + throw new Error(e);
11.39 + }
11.40 if ((scale & (scale - 1)) != 0)
11.41 throw new Error("data type scale not a power of two");
11.42 shift = 31 - Integer.numberOfLeadingZeros(scale);
11.43 @@ -91,7 +103,7 @@
11.44 */
11.45 public AtomicReferenceArray(E[] array) {
11.46 // Visibility guaranteed by final field guarantees
11.47 - this.array = array.clone();
11.48 + this.array = Arrays.copyOf(array, array.length, Object[].class);
11.49 }
11.50
11.51 /**
11.52 @@ -197,7 +209,7 @@
11.53 * @return the String representation of the current values of array
11.54 */
11.55 public String toString() {
11.56 - int iMax = array.length - 1;
11.57 + int iMax = array.length - 1;
11.58 if (iMax == -1)
11.59 return "[]";
11.60
11.61 @@ -211,4 +223,19 @@
11.62 }
11.63 }
11.64
11.65 + /**
11.66 + * Reconstitutes the instance from a stream (that is, deserializes it).
11.67 + * @param s the stream
11.68 + */
11.69 + private void readObject(java.io.ObjectInputStream s)
11.70 + throws java.io.IOException, ClassNotFoundException {
11.71 + // Note: This must be changed if any additional fields are defined
11.72 + Object a = s.readFields().get("array", null);
11.73 + if (a == null || !a.getClass().isArray())
11.74 + throw new java.io.InvalidObjectException("Not array type");
11.75 + if (a.getClass() != Object[].class)
11.76 + a = Arrays.copyOf((Object[])a, Array.getLength(a), Object[].class);
11.77 + unsafe.putObjectVolatile(this, arrayFieldOffset, a);
11.78 + }
11.79 +
11.80 }
12.1 --- a/src/share/classes/sun/awt/AppContext.java Thu Feb 23 12:03:21 2012 -0800
12.2 +++ b/src/share/classes/sun/awt/AppContext.java Fri Feb 24 18:24:03 2012 -0800
12.3 @@ -787,6 +787,27 @@
12.4 }
12.5 return changeSupport.getPropertyChangeListeners(propertyName);
12.6 }
12.7 +
12.8 + // Set up JavaAWTAccess in SharedSecrets
12.9 + static {
12.10 + sun.misc.SharedSecrets.setJavaAWTAccess(new sun.misc.JavaAWTAccess() {
12.11 + public Object get(Object key) {
12.12 + return getAppContext().get(key);
12.13 + }
12.14 + public void put(Object key, Object value) {
12.15 + getAppContext().put(key, value);
12.16 + }
12.17 + public void remove(Object key) {
12.18 + getAppContext().remove(key);
12.19 + }
12.20 + public boolean isDisposed() {
12.21 + return getAppContext().isDisposed();
12.22 + }
12.23 + public boolean isMainAppContext() {
12.24 + return (numAppContexts == 1);
12.25 + }
12.26 + });
12.27 + }
12.28 }
12.29
12.30 final class MostRecentKeyValue {
13.1 --- a/src/share/classes/sun/java2d/SunGraphics2D.java Thu Feb 23 12:03:21 2012 -0800
13.2 +++ b/src/share/classes/sun/java2d/SunGraphics2D.java Fri Feb 24 18:24:03 2012 -0800
13.3 @@ -370,6 +370,17 @@
13.4 }
13.5
13.6 public void validatePipe() {
13.7 + /* This workaround is for the situation when we update the Pipelines
13.8 + * for invalid SurfaceData and run further code when the current
13.9 + * pipeline doesn't support the type of new SurfaceData created during
13.10 + * the current pipeline's work (in place of the invalid SurfaceData).
13.11 + * Usually SurfaceData and Pipelines are repaired (through revalidateAll)
13.12 + * and called again in the exception handlers */
13.13 +
13.14 + if (!surfaceData.isValid()) {
13.15 + throw new InvalidPipeException("attempt to validate Pipe with invalid SurfaceData");
13.16 + }
13.17 +
13.18 surfaceData.validatePipe(this);
13.19 }
13.20
13.21 @@ -1804,7 +1815,12 @@
13.22 width += x;
13.23 height += y;
13.24 }
13.25 - if (!getCompClip().intersectsQuickCheckXYXY(x, y, width, height)) {
13.26 +
13.27 + try {
13.28 + if (!getCompClip().intersectsQuickCheckXYXY(x, y, width, height)) {
13.29 + return false;
13.30 + }
13.31 + } catch (InvalidPipeException e) {
13.32 return false;
13.33 }
13.34 // REMIND: We could go one step further here and examine the
13.35 @@ -1988,8 +2004,8 @@
13.36 try {
13.37 doCopyArea(x, y, w, h, dx, dy);
13.38 } catch (InvalidPipeException e) {
13.39 - revalidateAll();
13.40 try {
13.41 + revalidateAll();
13.42 doCopyArea(x, y, w, h, dx, dy);
13.43 } catch (InvalidPipeException e2) {
13.44 // Still catching the exception; we are not yet ready to
13.45 @@ -2120,8 +2136,8 @@
13.46 try {
13.47 drawpipe.drawLine(this, x1, y1, x2, y2);
13.48 } catch (InvalidPipeException e) {
13.49 - revalidateAll();
13.50 try {
13.51 + revalidateAll();
13.52 drawpipe.drawLine(this, x1, y1, x2, y2);
13.53 } catch (InvalidPipeException e2) {
13.54 // Still catching the exception; we are not yet ready to
13.55 @@ -2137,8 +2153,8 @@
13.56 try {
13.57 drawpipe.drawRoundRect(this, x, y, w, h, arcW, arcH);
13.58 } catch (InvalidPipeException e) {
13.59 - revalidateAll();
13.60 try {
13.61 + revalidateAll();
13.62 drawpipe.drawRoundRect(this, x, y, w, h, arcW, arcH);
13.63 } catch (InvalidPipeException e2) {
13.64 // Still catching the exception; we are not yet ready to
13.65 @@ -2154,8 +2170,8 @@
13.66 try {
13.67 fillpipe.fillRoundRect(this, x, y, w, h, arcW, arcH);
13.68 } catch (InvalidPipeException e) {
13.69 - revalidateAll();
13.70 try {
13.71 + revalidateAll();
13.72 fillpipe.fillRoundRect(this, x, y, w, h, arcW, arcH);
13.73 } catch (InvalidPipeException e2) {
13.74 // Still catching the exception; we are not yet ready to
13.75 @@ -2171,8 +2187,8 @@
13.76 try {
13.77 drawpipe.drawOval(this, x, y, w, h);
13.78 } catch (InvalidPipeException e) {
13.79 - revalidateAll();
13.80 try {
13.81 + revalidateAll();
13.82 drawpipe.drawOval(this, x, y, w, h);
13.83 } catch (InvalidPipeException e2) {
13.84 // Still catching the exception; we are not yet ready to
13.85 @@ -2188,8 +2204,8 @@
13.86 try {
13.87 fillpipe.fillOval(this, x, y, w, h);
13.88 } catch (InvalidPipeException e) {
13.89 - revalidateAll();
13.90 try {
13.91 + revalidateAll();
13.92 fillpipe.fillOval(this, x, y, w, h);
13.93 } catch (InvalidPipeException e2) {
13.94 // Still catching the exception; we are not yet ready to
13.95 @@ -2206,8 +2222,8 @@
13.96 try {
13.97 drawpipe.drawArc(this, x, y, w, h, startAngl, arcAngl);
13.98 } catch (InvalidPipeException e) {
13.99 - revalidateAll();
13.100 try {
13.101 + revalidateAll();
13.102 drawpipe.drawArc(this, x, y, w, h, startAngl, arcAngl);
13.103 } catch (InvalidPipeException e2) {
13.104 // Still catching the exception; we are not yet ready to
13.105 @@ -2224,8 +2240,8 @@
13.106 try {
13.107 fillpipe.fillArc(this, x, y, w, h, startAngl, arcAngl);
13.108 } catch (InvalidPipeException e) {
13.109 - revalidateAll();
13.110 try {
13.111 + revalidateAll();
13.112 fillpipe.fillArc(this, x, y, w, h, startAngl, arcAngl);
13.113 } catch (InvalidPipeException e2) {
13.114 // Still catching the exception; we are not yet ready to
13.115 @@ -2241,8 +2257,8 @@
13.116 try {
13.117 drawpipe.drawPolyline(this, xPoints, yPoints, nPoints);
13.118 } catch (InvalidPipeException e) {
13.119 - revalidateAll();
13.120 try {
13.121 + revalidateAll();
13.122 drawpipe.drawPolyline(this, xPoints, yPoints, nPoints);
13.123 } catch (InvalidPipeException e2) {
13.124 // Still catching the exception; we are not yet ready to
13.125 @@ -2258,8 +2274,8 @@
13.126 try {
13.127 drawpipe.drawPolygon(this, xPoints, yPoints, nPoints);
13.128 } catch (InvalidPipeException e) {
13.129 - revalidateAll();
13.130 try {
13.131 + revalidateAll();
13.132 drawpipe.drawPolygon(this, xPoints, yPoints, nPoints);
13.133 } catch (InvalidPipeException e2) {
13.134 // Still catching the exception; we are not yet ready to
13.135 @@ -2275,8 +2291,8 @@
13.136 try {
13.137 fillpipe.fillPolygon(this, xPoints, yPoints, nPoints);
13.138 } catch (InvalidPipeException e) {
13.139 - revalidateAll();
13.140 try {
13.141 + revalidateAll();
13.142 fillpipe.fillPolygon(this, xPoints, yPoints, nPoints);
13.143 } catch (InvalidPipeException e2) {
13.144 // Still catching the exception; we are not yet ready to
13.145 @@ -2292,8 +2308,8 @@
13.146 try {
13.147 drawpipe.drawRect(this, x, y, w, h);
13.148 } catch (InvalidPipeException e) {
13.149 - revalidateAll();
13.150 try {
13.151 + revalidateAll();
13.152 drawpipe.drawRect(this, x, y, w, h);
13.153 } catch (InvalidPipeException e2) {
13.154 // Still catching the exception; we are not yet ready to
13.155 @@ -2309,8 +2325,8 @@
13.156 try {
13.157 fillpipe.fillRect(this, x, y, w, h);
13.158 } catch (InvalidPipeException e) {
13.159 - revalidateAll();
13.160 try {
13.161 + revalidateAll();
13.162 fillpipe.fillRect(this, x, y, w, h);
13.163 } catch (InvalidPipeException e2) {
13.164 // Still catching the exception; we are not yet ready to
13.165 @@ -2358,7 +2374,6 @@
13.166 Paint p = paint;
13.167 setComposite(AlphaComposite.Src);
13.168 setColor(getBackground());
13.169 - validatePipe();
13.170 fillRect(x, y, w, h);
13.171 setPaint(p);
13.172 setComposite(c);
13.173 @@ -2382,8 +2397,8 @@
13.174 try {
13.175 shapepipe.draw(this, s);
13.176 } catch (InvalidPipeException e) {
13.177 - revalidateAll();
13.178 try {
13.179 + revalidateAll();
13.180 shapepipe.draw(this, s);
13.181 } catch (InvalidPipeException e2) {
13.182 // Still catching the exception; we are not yet ready to
13.183 @@ -2412,8 +2427,8 @@
13.184 try {
13.185 shapepipe.fill(this, s);
13.186 } catch (InvalidPipeException e) {
13.187 - revalidateAll();
13.188 try {
13.189 + revalidateAll();
13.190 shapepipe.fill(this, s);
13.191 } catch (InvalidPipeException e2) {
13.192 // Still catching the exception; we are not yet ready to
13.193 @@ -2560,10 +2575,17 @@
13.194 // Include padding for interpolation/antialiasing if necessary
13.195 int pad = isIntegerTranslate ? 0 : 3;
13.196
13.197 + Region clip;
13.198 + try {
13.199 + clip = getCompClip();
13.200 + } catch (InvalidPipeException e) {
13.201 + return;
13.202 + }
13.203 +
13.204 // Determine the region of the image that may contribute to
13.205 // the clipped drawing area
13.206 Rectangle region = getImageRegion(img,
13.207 - getCompClip(),
13.208 + clip,
13.209 transform,
13.210 xform,
13.211 pad, pad);
13.212 @@ -2806,8 +2828,8 @@
13.213 try {
13.214 textpipe.drawString(this, str, x, y);
13.215 } catch (InvalidPipeException e) {
13.216 - revalidateAll();
13.217 try {
13.218 + revalidateAll();
13.219 textpipe.drawString(this, str, x, y);
13.220 } catch (InvalidPipeException e2) {
13.221 // Still catching the exception; we are not yet ready to
13.222 @@ -2835,8 +2857,8 @@
13.223 try {
13.224 textpipe.drawString(this, str, x, y);
13.225 } catch (InvalidPipeException e) {
13.226 - revalidateAll();
13.227 try {
13.228 + revalidateAll();
13.229 textpipe.drawString(this, str, x, y);
13.230 } catch (InvalidPipeException e2) {
13.231 // Still catching the exception; we are not yet ready to
13.232 @@ -2881,8 +2903,8 @@
13.233 try {
13.234 textpipe.drawGlyphVector(this, gv, x, y);
13.235 } catch (InvalidPipeException e) {
13.236 - revalidateAll();
13.237 try {
13.238 + revalidateAll();
13.239 textpipe.drawGlyphVector(this, gv, x, y);
13.240 } catch (InvalidPipeException e2) {
13.241 // Still catching the exception; we are not yet ready to
13.242 @@ -2914,8 +2936,8 @@
13.243 try {
13.244 textpipe.drawChars(this, data, offset, length, x, y);
13.245 } catch (InvalidPipeException e) {
13.246 - revalidateAll();
13.247 try {
13.248 + revalidateAll();
13.249 textpipe.drawChars(this, data, offset, length, x, y);
13.250 } catch (InvalidPipeException e2) {
13.251 // Still catching the exception; we are not yet ready to
13.252 @@ -2951,8 +2973,8 @@
13.253 try {
13.254 textpipe.drawChars(this, chData, 0, length, x, y);
13.255 } catch (InvalidPipeException e) {
13.256 - revalidateAll();
13.257 try {
13.258 + revalidateAll();
13.259 textpipe.drawChars(this, chData, 0, length, x, y);
13.260 } catch (InvalidPipeException e2) {
13.261 // Still catching the exception; we are not yet ready to
13.262 @@ -2988,8 +3010,8 @@
13.263 return imagepipe.copyImage(this, img, dx, dy, sx, sy,
13.264 width, height, bgcolor, observer);
13.265 } catch (InvalidPipeException e) {
13.266 - revalidateAll();
13.267 try {
13.268 + revalidateAll();
13.269 return imagepipe.copyImage(this, img, dx, dy, sx, sy,
13.270 width, height, bgcolor, observer);
13.271 } catch (InvalidPipeException e2) {
13.272 @@ -3025,8 +3047,8 @@
13.273 return imagepipe.scaleImage(this, img, x, y, width, height,
13.274 bg, observer);
13.275 } catch (InvalidPipeException e) {
13.276 - revalidateAll();
13.277 try {
13.278 + revalidateAll();
13.279 return imagepipe.scaleImage(this, img, x, y, width, height,
13.280 bg, observer);
13.281 } catch (InvalidPipeException e2) {
13.282 @@ -3061,8 +3083,8 @@
13.283 try {
13.284 return imagepipe.copyImage(this, img, x, y, bg, observer);
13.285 } catch (InvalidPipeException e) {
13.286 - revalidateAll();
13.287 try {
13.288 + revalidateAll();
13.289 return imagepipe.copyImage(this, img, x, y, bg, observer);
13.290 } catch (InvalidPipeException e2) {
13.291 // Still catching the exception; we are not yet ready to
13.292 @@ -3138,8 +3160,8 @@
13.293 sx1, sy1, sx2, sy2, bgcolor,
13.294 observer);
13.295 } catch (InvalidPipeException e) {
13.296 - revalidateAll();
13.297 try {
13.298 + revalidateAll();
13.299 return imagepipe.scaleImage(this, img, dx1, dy1, dx2, dy2,
13.300 sx1, sy1, sx2, sy2, bgcolor,
13.301 observer);
13.302 @@ -3187,8 +3209,8 @@
13.303 try {
13.304 return imagepipe.transformImage(this, img, xform, observer);
13.305 } catch (InvalidPipeException e) {
13.306 - revalidateAll();
13.307 try {
13.308 + revalidateAll();
13.309 return imagepipe.transformImage(this, img, xform, observer);
13.310 } catch (InvalidPipeException e2) {
13.311 // Still catching the exception; we are not yet ready to
13.312 @@ -3213,8 +3235,8 @@
13.313 try {
13.314 imagepipe.transformImage(this, bImg, op, x, y);
13.315 } catch (InvalidPipeException e) {
13.316 - revalidateAll();
13.317 try {
13.318 + revalidateAll();
13.319 imagepipe.transformImage(this, bImg, op, x, y);
13.320 } catch (InvalidPipeException e2) {
13.321 // Still catching the exception; we are not yet ready to
14.1 --- a/src/share/classes/sun/java2d/opengl/OGLRenderer.java Thu Feb 23 12:03:21 2012 -0800
14.2 +++ b/src/share/classes/sun/java2d/opengl/OGLRenderer.java Fri Feb 24 18:24:03 2012 -0800
14.3 @@ -27,6 +27,7 @@
14.4
14.5 import java.awt.Transparency;
14.6 import java.awt.geom.Path2D;
14.7 +import sun.java2d.InvalidPipeException;
14.8 import sun.java2d.SunGraphics2D;
14.9 import sun.java2d.loops.GraphicsPrimitive;
14.10 import sun.java2d.pipe.BufferedRenderPipe;
14.11 @@ -46,7 +47,12 @@
14.12 int ctxflags =
14.13 sg2d.paint.getTransparency() == Transparency.OPAQUE ?
14.14 OGLContext.SRC_IS_OPAQUE : OGLContext.NO_CONTEXT_FLAGS;
14.15 - OGLSurfaceData dstData = (OGLSurfaceData)sg2d.surfaceData;
14.16 + OGLSurfaceData dstData;
14.17 + try {
14.18 + dstData = (OGLSurfaceData)sg2d.surfaceData;
14.19 + } catch (ClassCastException e) {
14.20 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
14.21 + }
14.22 OGLContext.validateContext(dstData, dstData,
14.23 sg2d.getCompClip(), sg2d.composite,
14.24 null, sg2d.paint, sg2d, ctxflags);
14.25 @@ -55,7 +61,12 @@
14.26 @Override
14.27 protected void validateContextAA(SunGraphics2D sg2d) {
14.28 int ctxflags = OGLContext.NO_CONTEXT_FLAGS;
14.29 - OGLSurfaceData dstData = (OGLSurfaceData)sg2d.surfaceData;
14.30 + OGLSurfaceData dstData;
14.31 + try {
14.32 + dstData = (OGLSurfaceData)sg2d.surfaceData;
14.33 + } catch (ClassCastException e) {
14.34 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
14.35 + }
14.36 OGLContext.validateContext(dstData, dstData,
14.37 sg2d.getCompClip(), sg2d.composite,
14.38 null, sg2d.paint, sg2d, ctxflags);
14.39 @@ -69,7 +80,12 @@
14.40 int ctxflags =
14.41 sg2d.surfaceData.getTransparency() == Transparency.OPAQUE ?
14.42 OGLContext.SRC_IS_OPAQUE : OGLContext.NO_CONTEXT_FLAGS;
14.43 - OGLSurfaceData dstData = (OGLSurfaceData)sg2d.surfaceData;
14.44 + OGLSurfaceData dstData;
14.45 + try {
14.46 + dstData = (OGLSurfaceData)sg2d.surfaceData;
14.47 + } catch (ClassCastException e) {
14.48 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
14.49 + }
14.50 OGLContext.validateContext(dstData, dstData,
14.51 sg2d.getCompClip(), sg2d.composite,
14.52 null, null, null, ctxflags);
15.1 --- a/src/share/classes/sun/java2d/pipe/BufferedContext.java Thu Feb 23 12:03:21 2012 -0800
15.2 +++ b/src/share/classes/sun/java2d/pipe/BufferedContext.java Fri Feb 24 18:24:03 2012 -0800
15.3 @@ -111,6 +111,8 @@
15.4 *
15.5 * Note: must be called while the RenderQueue lock is held.
15.6 *
15.7 + * It's assumed that the type of surfaces has been checked by the Renderer
15.8 + *
15.9 * @throws InvalidPipeException if either src or dest surface is not valid
15.10 * or lost
15.11 * @see RenderQueue#lock
15.12 @@ -135,6 +137,8 @@
15.13 *
15.14 * Note: must be called while the RenderQueue lock is held.
15.15 *
15.16 + * It's assumed that the type of surfaces has been checked by the Renderer
15.17 + *
15.18 * @throws InvalidPipeException if the surface is not valid
15.19 * or lost
15.20 * @see RenderQueue#lock
15.21 @@ -160,6 +164,8 @@
15.22 *
15.23 * Note: must be called while the RenderQueue lock is held.
15.24 *
15.25 + * It's assumed that the type of surfaces has been checked by the Renderer
15.26 + *
15.27 * @throws InvalidPipeException if either src or dest surface is not valid
15.28 * or lost
15.29 */
16.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
16.2 +++ b/src/share/classes/sun/misc/JavaAWTAccess.java Fri Feb 24 18:24:03 2012 -0800
16.3 @@ -0,0 +1,34 @@
16.4 +/*
16.5 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
16.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
16.7 + *
16.8 + * This code is free software; you can redistribute it and/or modify it
16.9 + * under the terms of the GNU General Public License version 2 only, as
16.10 + * published by the Free Software Foundation. Oracle designates this
16.11 + * particular file as subject to the "Classpath" exception as provided
16.12 + * by Oracle in the LICENSE file that accompanied this code.
16.13 + *
16.14 + * This code is distributed in the hope that it will be useful, but WITHOUT
16.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
16.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16.17 + * version 2 for more details (a copy is included in the LICENSE file that
16.18 + * accompanied this code).
16.19 + *
16.20 + * You should have received a copy of the GNU General Public License version
16.21 + * 2 along with this work; if not, write to the Free Software Foundation,
16.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
16.23 + *
16.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
16.25 + * or visit www.oracle.com if you need additional information or have any
16.26 + * questions.
16.27 + */
16.28 +
16.29 +package sun.misc;
16.30 +
16.31 +public interface JavaAWTAccess {
16.32 + public Object get(Object key);
16.33 + public void put(Object key, Object value);
16.34 + public void remove(Object key);
16.35 + public boolean isDisposed();
16.36 + public boolean isMainAppContext();
16.37 +}
17.1 --- a/src/share/classes/sun/misc/SharedSecrets.java Thu Feb 23 12:03:21 2012 -0800
17.2 +++ b/src/share/classes/sun/misc/SharedSecrets.java Fri Feb 24 18:24:03 2012 -0800
17.3 @@ -52,6 +52,7 @@
17.4 private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
17.5 private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess;
17.6 private static JavaSecurityAccess javaSecurityAccess;
17.7 + private static JavaAWTAccess javaAWTAccess;
17.8
17.9 public static JavaUtilJarAccess javaUtilJarAccess() {
17.10 if (javaUtilJarAccess == null) {
17.11 @@ -150,4 +151,14 @@
17.12 }
17.13 return javaSecurityAccess;
17.14 }
17.15 +
17.16 + public static void setJavaAWTAccess(JavaAWTAccess jaa) {
17.17 + javaAWTAccess = jaa;
17.18 + }
17.19 +
17.20 + public static JavaAWTAccess getJavaAWTAccess() {
17.21 + // this may return null in which case calling code needs to
17.22 + // provision for.
17.23 + return javaAWTAccess;
17.24 + }
17.25 }
18.1 --- a/src/share/classes/sun/net/httpserver/Request.java Thu Feb 23 12:03:21 2012 -0800
18.2 +++ b/src/share/classes/sun/net/httpserver/Request.java Fri Feb 24 18:24:03 2012 -0800
18.3 @@ -200,6 +200,13 @@
18.4 v = new String();
18.5 else
18.6 v = String.copyValueOf(s, keyend, len - keyend);
18.7 +
18.8 + if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) {
18.9 + throw new IOException("Maximum number of request headers (" +
18.10 + "sun.net.httpserver.maxReqHeaders) exceeded, " +
18.11 + ServerConfig.getMaxReqHeaders() + ".");
18.12 + }
18.13 +
18.14 hdrs.add (k,v);
18.15 len = 0;
18.16 }
19.1 --- a/src/share/classes/sun/net/httpserver/ServerConfig.java Thu Feb 23 12:03:21 2012 -0800
19.2 +++ b/src/share/classes/sun/net/httpserver/ServerConfig.java Fri Feb 24 18:24:03 2012 -0800
19.3 @@ -1,5 +1,5 @@
19.4 /*
19.5 - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
19.6 + * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
19.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
19.8 *
19.9 * This code is free software; you can redistribute it and/or modify it
19.10 @@ -35,32 +35,33 @@
19.11
19.12 class ServerConfig {
19.13
19.14 - static int clockTick;
19.15 -
19.16 - static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec.
19.17 + private static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec.
19.18
19.19 /* These values must be a reasonable multiple of clockTick */
19.20 - static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min
19.21 - static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ;
19.22 + private static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min
19.23 + private static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ;
19.24
19.25 - static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever
19.26 - static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever
19.27 - static final long DEFAULT_TIMER_MILLIS = 1000;
19.28 + private static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever
19.29 + private static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever
19.30 + private static final long DEFAULT_TIMER_MILLIS = 1000;
19.31 + private static final int DEFAULT_MAX_REQ_HEADERS = 200;
19.32 + private static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024;
19.33
19.34 - static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024;
19.35 -
19.36 - static long idleInterval;
19.37 - static long drainAmount; // max # of bytes to drain from an inputstream
19.38 - static int maxIdleConnections;
19.39 -
19.40 + private static int clockTick;
19.41 + private static long idleInterval;
19.42 + // The maximum number of bytes to drain from an inputstream
19.43 + private static long drainAmount;
19.44 + private static int maxIdleConnections;
19.45 + // The maximum number of request headers allowable
19.46 + private static int maxReqHeaders;
19.47 // max time a request or response is allowed to take
19.48 - static long maxReqTime;
19.49 - static long maxRspTime;
19.50 - static long timerMillis;
19.51 - static boolean debug;
19.52 + private static long maxReqTime;
19.53 + private static long maxRspTime;
19.54 + private static long timerMillis;
19.55 + private static boolean debug;
19.56
19.57 // the value of the TCP_NODELAY socket-level option
19.58 - static boolean noDelay;
19.59 + private static boolean noDelay;
19.60
19.61 static {
19.62 java.security.AccessController.doPrivileged(
19.63 @@ -80,6 +81,10 @@
19.64 drainAmount = Long.getLong("sun.net.httpserver.drainAmount",
19.65 DEFAULT_DRAIN_AMOUNT);
19.66
19.67 + maxReqHeaders = Integer.getInteger(
19.68 + "sun.net.httpserver.maxReqHeaders",
19.69 + DEFAULT_MAX_REQ_HEADERS);
19.70 +
19.71 maxReqTime = Long.getLong("sun.net.httpserver.maxReqTime",
19.72 DEFAULT_MAX_REQ_TIME);
19.73
19.74 @@ -99,8 +104,7 @@
19.75
19.76 }
19.77
19.78 -
19.79 - static void checkLegacyProperties (final Logger logger) {
19.80 + static void checkLegacyProperties(final Logger logger) {
19.81
19.82 // legacy properties that are no longer used
19.83 // print a warning to logger if they are set.
19.84 @@ -137,35 +141,39 @@
19.85 );
19.86 }
19.87
19.88 - static boolean debugEnabled () {
19.89 + static boolean debugEnabled() {
19.90 return debug;
19.91 }
19.92
19.93 - static long getIdleInterval () {
19.94 + static long getIdleInterval() {
19.95 return idleInterval;
19.96 }
19.97
19.98 - static int getClockTick () {
19.99 + static int getClockTick() {
19.100 return clockTick;
19.101 }
19.102
19.103 - static int getMaxIdleConnections () {
19.104 + static int getMaxIdleConnections() {
19.105 return maxIdleConnections;
19.106 }
19.107
19.108 - static long getDrainAmount () {
19.109 + static long getDrainAmount() {
19.110 return drainAmount;
19.111 }
19.112
19.113 - static long getMaxReqTime () {
19.114 + static int getMaxReqHeaders() {
19.115 + return maxReqHeaders;
19.116 + }
19.117 +
19.118 + static long getMaxReqTime() {
19.119 return maxReqTime;
19.120 }
19.121
19.122 - static long getMaxRspTime () {
19.123 + static long getMaxRspTime() {
19.124 return maxRspTime;
19.125 }
19.126
19.127 - static long getTimerMillis () {
19.128 + static long getTimerMillis() {
19.129 return timerMillis;
19.130 }
19.131
20.1 --- a/src/share/classes/sun/nio/ch/NativeThreadSet.java Thu Feb 23 12:03:21 2012 -0800
20.2 +++ b/src/share/classes/sun/nio/ch/NativeThreadSet.java Fri Feb 24 18:24:03 2012 -0800
20.3 @@ -44,8 +44,9 @@
20.4 //
20.5 int add() {
20.6 long th = NativeThread.current();
20.7 - if (th == -1)
20.8 - return -1;
20.9 + // 0 and -1 are treated as placeholders, not real thread handles
20.10 + if (th == 0)
20.11 + th = -1;
20.12 synchronized (this) {
20.13 int start = 0;
20.14 if (used >= elts.length) {
20.15 @@ -71,8 +72,6 @@
20.16 // Removes the thread at the given index.
20.17 //
20.18 void remove(int i) {
20.19 - if (i < 0)
20.20 - return;
20.21 synchronized (this) {
20.22 elts[i] = 0;
20.23 used--;
20.24 @@ -91,7 +90,8 @@
20.25 long th = elts[i];
20.26 if (th == 0)
20.27 continue;
20.28 - NativeThread.signal(th);
20.29 + if (th != -1)
20.30 + NativeThread.signal(th);
20.31 if (--u == 0)
20.32 break;
20.33 }
21.1 --- a/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java Thu Feb 23 12:03:21 2012 -0800
21.2 +++ b/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java Fri Feb 24 18:24:03 2012 -0800
21.3 @@ -141,7 +141,7 @@
21.4 if (s == null) {
21.5 return getInstance();
21.6 } else {
21.7 - return getInstance0(s);
21.8 + return getInstance0(parse(s));
21.9 }
21.10 }
21.11
22.1 --- a/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java Thu Feb 23 12:03:21 2012 -0800
22.2 +++ b/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java Fri Feb 24 18:24:03 2012 -0800
22.3 @@ -1,5 +1,5 @@
22.4 /*
22.5 - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
22.6 + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
22.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
22.8 *
22.9 * This code is free software; you can redistribute it and/or modify it
22.10 @@ -661,7 +661,10 @@
22.11 + "\n Subject: " + cert.getSubjectX500Principal() + ")");
22.12 }
22.13
22.14 - ForwardState currState = (ForwardState) currentState;
22.15 + ForwardState currState = (ForwardState)currentState;
22.16 +
22.17 + // Don't bother to verify untrusted certificate more.
22.18 + currState.untrustedChecker.check(cert, Collections.<String>emptySet());
22.19
22.20 /*
22.21 * check for looping - abort a loop if
23.1 --- a/src/share/classes/sun/security/provider/certpath/ForwardState.java Thu Feb 23 12:03:21 2012 -0800
23.2 +++ b/src/share/classes/sun/security/provider/certpath/ForwardState.java Fri Feb 24 18:24:03 2012 -0800
23.3 @@ -1,5 +1,5 @@
23.4 /*
23.5 - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
23.6 + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
23.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
23.8 *
23.9 * This code is free software; you can redistribute it and/or modify it
23.10 @@ -79,6 +79,9 @@
23.11 /* the checker used for revocation status */
23.12 public CrlRevocationChecker crlChecker;
23.13
23.14 + /* the untrusted certificates checker */
23.15 + UntrustedChecker untrustedChecker;
23.16 +
23.17 /* The list of user-defined checkers that support forward checking */
23.18 ArrayList<PKIXCertPathChecker> forwardCheckers;
23.19
24.1 --- a/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Thu Feb 23 12:03:21 2012 -0800
24.2 +++ b/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Fri Feb 24 18:24:03 2012 -0800
24.3 @@ -1,5 +1,5 @@
24.4 /*
24.5 - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
24.6 + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
24.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
24.8 *
24.9 * This code is free software; you can redistribute it and/or modify it
24.10 @@ -314,10 +314,12 @@
24.11 pkixParam.isAnyPolicyInhibited(),
24.12 pkixParam.getPolicyQualifiersRejected(),
24.13 rootNode);
24.14 + UntrustedChecker untrustedChecker = new UntrustedChecker();
24.15
24.16 ArrayList<PKIXCertPathChecker> certPathCheckers =
24.17 new ArrayList<PKIXCertPathChecker>();
24.18 // add standard checkers that we will be using
24.19 + certPathCheckers.add(untrustedChecker);
24.20 certPathCheckers.add(algorithmChecker);
24.21 certPathCheckers.add(keyChecker);
24.22 certPathCheckers.add(constraintsChecker);
25.1 --- a/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java Thu Feb 23 12:03:21 2012 -0800
25.2 +++ b/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java Fri Feb 24 18:24:03 2012 -0800
25.3 @@ -1,5 +1,5 @@
25.4 /*
25.5 - * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
25.6 + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
25.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
25.8 *
25.9 * This code is free software; you can redistribute it and/or modify it
25.10 @@ -347,6 +347,10 @@
25.11 return;
25.12 }
25.13
25.14 + // Don't bother to verify untrusted certificate more.
25.15 + currentState.untrustedChecker.check(cert,
25.16 + Collections.<String>emptySet());
25.17 +
25.18 /*
25.19 * check for looping - abort a loop if
25.20 * ((we encounter the same certificate twice) AND
26.1 --- a/src/share/classes/sun/security/provider/certpath/ReverseState.java Thu Feb 23 12:03:21 2012 -0800
26.2 +++ b/src/share/classes/sun/security/provider/certpath/ReverseState.java Fri Feb 24 18:24:03 2012 -0800
26.3 @@ -1,5 +1,5 @@
26.4 /*
26.5 - * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
26.6 + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
26.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
26.8 *
26.9 * This code is free software; you can redistribute it and/or modify it
26.10 @@ -99,6 +99,9 @@
26.11 /* the algorithm checker */
26.12 AlgorithmChecker algorithmChecker;
26.13
26.14 + /* the untrusted certificates checker */
26.15 + UntrustedChecker untrustedChecker;
26.16 +
26.17 /* the trust anchor used to validate the path */
26.18 TrustAnchor trustAnchor;
26.19
27.1 --- a/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Thu Feb 23 12:03:21 2012 -0800
27.2 +++ b/src/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java Fri Feb 24 18:24:03 2012 -0800
27.3 @@ -1,5 +1,5 @@
27.4 /*
27.5 - * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
27.6 + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
27.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
27.8 *
27.9 * This code is free software; you can redistribute it and/or modify it
27.10 @@ -284,6 +284,7 @@
27.11 Iterator<TrustAnchor> iter = buildParams.getTrustAnchors().iterator();
27.12 while (iter.hasNext()) {
27.13 TrustAnchor anchor = iter.next();
27.14 +
27.15 /* check if anchor satisfies target constraints */
27.16 if (anchorIsTarget(anchor, targetSel)) {
27.17 this.trustAnchor = anchor;
27.18 @@ -303,6 +304,7 @@
27.19 currentState.crlChecker =
27.20 new CrlRevocationChecker(null, buildParams, null, onlyEECert);
27.21 currentState.algorithmChecker = new AlgorithmChecker(anchor);
27.22 + currentState.untrustedChecker = new UntrustedChecker();
27.23 try {
27.24 depthFirstSearchReverse(null, currentState,
27.25 new ReverseBuilder(buildParams, targetSubjectDN), adjacencyList,
27.26 @@ -349,6 +351,7 @@
27.27 // init the crl checker
27.28 currentState.crlChecker
27.29 = new CrlRevocationChecker(null, buildParams, null, onlyEECert);
27.30 + currentState.untrustedChecker = new UntrustedChecker();
27.31
27.32 depthFirstSearchForward(targetSubjectDN, currentState,
27.33 new ForwardBuilder
27.34 @@ -645,8 +648,8 @@
27.35 vertex.setIndex(adjList.size() - 1);
27.36
27.37 /* recursively search for matching certs at next dN */
27.38 - depthFirstSearchForward(cert.getIssuerX500Principal(), nextState, builder,
27.39 - adjList, certPathList);
27.40 + depthFirstSearchForward(cert.getIssuerX500Principal(),
27.41 + nextState, builder, adjList, certPathList);
27.42
27.43 /*
27.44 * If path has been completed, return ASAP!
28.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
28.2 +++ b/src/share/classes/sun/security/provider/certpath/UntrustedChecker.java Fri Feb 24 18:24:03 2012 -0800
28.3 @@ -0,0 +1,89 @@
28.4 +/*
28.5 + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
28.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
28.7 + *
28.8 + * This code is free software; you can redistribute it and/or modify it
28.9 + * under the terms of the GNU General Public License version 2 only, as
28.10 + * published by the Free Software Foundation. Oracle designates this
28.11 + * particular file as subject to the "Classpath" exception as provided
28.12 + * by Oracle in the LICENSE file that accompanied this code.
28.13 + *
28.14 + * This code is distributed in the hope that it will be useful, but WITHOUT
28.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
28.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
28.17 + * version 2 for more details (a copy is included in the LICENSE file that
28.18 + * accompanied this code).
28.19 + *
28.20 + * You should have received a copy of the GNU General Public License version
28.21 + * 2 along with this work; if not, write to the Free Software Foundation,
28.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
28.23 + *
28.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
28.25 + * or visit www.oracle.com if you need additional information or have any
28.26 + * questions.
28.27 + */
28.28 +
28.29 +package sun.security.provider.certpath;
28.30 +
28.31 +import java.security.cert.Certificate;
28.32 +import java.security.cert.X509Certificate;
28.33 +import java.security.cert.CertPathValidatorException;
28.34 +import java.security.cert.PKIXCertPathChecker;
28.35 +import java.util.Set;
28.36 +import java.util.Collection;
28.37 +import sun.security.util.Debug;
28.38 +import sun.security.util.UntrustedCertificates;
28.39 +
28.40 +/**
28.41 + * A <code>PKIXCertPathChecker</code> implementation to check whether a
28.42 + * specified certificate is distrusted.
28.43 + *
28.44 + * @see PKIXCertPathChecker
28.45 + * @see PKIXParameters
28.46 + */
28.47 +final public class UntrustedChecker extends PKIXCertPathChecker {
28.48 +
28.49 + private static final Debug debug = Debug.getInstance("certpath");
28.50 +
28.51 + /**
28.52 + * Default Constructor
28.53 + */
28.54 + public UntrustedChecker() {
28.55 + // blank
28.56 + }
28.57 +
28.58 + @Override
28.59 + public void init(boolean forward) throws CertPathValidatorException {
28.60 + // Note that this class supports both forward and reverse modes.
28.61 + }
28.62 +
28.63 + @Override
28.64 + public boolean isForwardCheckingSupported() {
28.65 + // Note that this class supports both forward and reverse modes.
28.66 + return true;
28.67 + }
28.68 +
28.69 + @Override
28.70 + public Set<String> getSupportedExtensions() {
28.71 + return null;
28.72 + }
28.73 +
28.74 + @Override
28.75 + public void check(Certificate cert,
28.76 + Collection<String> unresolvedCritExts)
28.77 + throws CertPathValidatorException {
28.78 +
28.79 + X509Certificate currCert = (X509Certificate)cert;
28.80 +
28.81 + if (UntrustedCertificates.isUntrusted(currCert)) {
28.82 + if (debug != null) {
28.83 + debug.println("UntrustedChecker: untrusted certificate " +
28.84 + currCert.getSubjectX500Principal());
28.85 + }
28.86 +
28.87 + throw new CertPathValidatorException(
28.88 + "Untrusted certificate: " + currCert.getSubjectX500Principal());
28.89 + }
28.90 + }
28.91 +}
28.92 +
29.1 --- a/src/share/classes/sun/security/ssl/CipherSuite.java Thu Feb 23 12:03:21 2012 -0800
29.2 +++ b/src/share/classes/sun/security/ssl/CipherSuite.java Fri Feb 24 18:24:03 2012 -0800
29.3 @@ -1,5 +1,5 @@
29.4 /*
29.5 - * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
29.6 + * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
29.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
29.8 *
29.9 * This code is free software; you can redistribute it and/or modify it
29.10 @@ -31,6 +31,7 @@
29.11 import java.security.NoSuchAlgorithmException;
29.12 import java.security.InvalidKeyException;
29.13 import java.security.SecureRandom;
29.14 +import java.security.KeyManagementException;
29.15
29.16 import javax.crypto.SecretKey;
29.17 import javax.crypto.spec.IvParameterSpec;
29.18 @@ -423,6 +424,17 @@
29.19 // Is the cipher algorithm of Cipher Block Chaining (CBC) mode?
29.20 final boolean isCBCMode;
29.21
29.22 + // The secure random used to detect the cipher availability.
29.23 + private final static SecureRandom secureRandom;
29.24 +
29.25 + static {
29.26 + try {
29.27 + secureRandom = JsseJce.getSecureRandom();
29.28 + } catch (KeyManagementException kme) {
29.29 + throw new RuntimeException(kme);
29.30 + }
29.31 + }
29.32 +
29.33 BulkCipher(String transformation, int keySize,
29.34 int expandedKeySize, int ivSize, boolean allowed) {
29.35 this.transformation = transformation;
29.36 @@ -505,7 +517,7 @@
29.37 IvParameterSpec iv =
29.38 new IvParameterSpec(new byte[cipher.ivSize]);
29.39 cipher.newCipher(ProtocolVersion.DEFAULT,
29.40 - key, iv, null, true);
29.41 + key, iv, secureRandom, true);
29.42 b = Boolean.TRUE;
29.43 } catch (NoSuchAlgorithmException e) {
29.44 b = Boolean.FALSE;
30.1 --- a/src/share/classes/sun/security/tools/KeyTool.java Thu Feb 23 12:03:21 2012 -0800
30.2 +++ b/src/share/classes/sun/security/tools/KeyTool.java Fri Feb 24 18:24:03 2012 -0800
30.3 @@ -2117,19 +2117,24 @@
30.4 if (caks != null) {
30.5 issuer = verifyCRL(caks, crl);
30.6 if (issuer != null) {
30.7 - System.out.println("Verified by " + issuer + " in cacerts");
30.8 + out.printf(rb.getString(
30.9 + "verified.by.s.in.s"), issuer, "cacerts");
30.10 + out.println();
30.11 }
30.12 }
30.13 if (issuer == null && keyStore != null) {
30.14 issuer = verifyCRL(keyStore, crl);
30.15 if (issuer != null) {
30.16 - System.out.println("Verified by " + issuer + " in keystore");
30.17 + out.printf(rb.getString(
30.18 + "verified.by.s.in.s"), issuer, "keystore");
30.19 + out.println();
30.20 }
30.21 }
30.22 if (issuer == null) {
30.23 out.println(rb.getString
30.24 ("STAR"));
30.25 - out.println("WARNING: not verified. Make sure -keystore and -alias are correct.");
30.26 + out.println(rb.getString
30.27 + ("warning.not.verified.make.sure.keystore.is.correct"));
30.28 out.println(rb.getString
30.29 ("STARNN"));
30.30 }
31.1 --- a/src/share/classes/sun/security/util/Resources.java Thu Feb 23 12:03:21 2012 -0800
31.2 +++ b/src/share/classes/sun/security/util/Resources.java Fri Feb 24 18:24:03 2012 -0800
31.3 @@ -409,6 +409,10 @@
31.4 {"Please.provide.keysize.for.secret.key.generation",
31.5 "Please provide -keysize for secret key generation"},
31.6
31.7 + {"verified.by.s.in.s", "Verified by %s in %s"},
31.8 + {"warning.not.verified.make.sure.keystore.is.correct",
31.9 + "WARNING: not verified. Make sure -keystore is correct."},
31.10 +
31.11 {"Extensions.", "Extensions: "},
31.12 {".Empty.value.", "(Empty value)"},
31.13 {"Extension.Request.", "Extension Request:"},
32.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
32.2 +++ b/src/share/classes/sun/security/util/UntrustedCertificates.java Fri Feb 24 18:24:03 2012 -0800
32.3 @@ -0,0 +1,741 @@
32.4 +/*
32.5 + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
32.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
32.7 + *
32.8 + * This code is free software; you can redistribute it and/or modify it
32.9 + * under the terms of the GNU General Public License version 2 only, as
32.10 + * published by the Free Software Foundation. Oracle designates this
32.11 + * particular file as subject to the "Classpath" exception as provided
32.12 + * by Oracle in the LICENSE file that accompanied this code.
32.13 + *
32.14 + * This code is distributed in the hope that it will be useful, but WITHOUT
32.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
32.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
32.17 + * version 2 for more details (a copy is included in the LICENSE file that
32.18 + * accompanied this code).
32.19 + *
32.20 + * You should have received a copy of the GNU General Public License version
32.21 + * 2 along with this work; if not, write to the Free Software Foundation,
32.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
32.23 + *
32.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
32.25 + * or visit www.oracle.com if you need additional information or have any
32.26 + * questions.
32.27 + */
32.28 +package sun.security.util;
32.29 +
32.30 +import java.io.IOException;
32.31 +import java.io.ByteArrayInputStream;
32.32 +import java.security.cert.X509Certificate;
32.33 +import java.security.cert.CertificateFactory;
32.34 +import java.security.cert.CertificateException;
32.35 +import java.util.Set;
32.36 +import java.util.HashSet;
32.37 +
32.38 +/**
32.39 + * A utility class to check if a certificate is untrusted. This is an internal
32.40 + * mechanism that explicitly marks a certificate as untrusted, normally in the
32.41 + * case that a certificate is known to be used for malicious reasons.
32.42 + *
32.43 + * <b>Attention</b>: This check is NOT meant to replace the standard PKI-defined
32.44 + * validation check, neither is it used as an alternative to CRL.
32.45 + */
32.46 +public final class UntrustedCertificates {
32.47 +
32.48 + private final static Set<X509Certificate> untrustedCerts = new HashSet<>();
32.49 +
32.50 + /**
32.51 + * Checks if a certificate is untrusted.
32.52 + *
32.53 + * @param cert the certificate to check
32.54 + * @return true if the certificate is untrusted.
32.55 + */
32.56 + public static boolean isUntrusted(X509Certificate cert) {
32.57 + return untrustedCerts.contains(cert);
32.58 + }
32.59 +
32.60 + private static void add(String alias, String pemCert) {
32.61 + // generate certificate from PEM certificate
32.62 + try (ByteArrayInputStream is =
32.63 + new ByteArrayInputStream(pemCert.getBytes())) {
32.64 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
32.65 + X509Certificate cert = (X509Certificate)cf.generateCertificate(is);
32.66 +
32.67 + if (!untrustedCerts.add(cert)) {
32.68 + throw new RuntimeException("Duplicate untrusted certificate: " +
32.69 + cert.getSubjectX500Principal());
32.70 + }
32.71 + } catch (CertificateException | IOException e) {
32.72 + throw new RuntimeException(
32.73 + "Incorrect untrusted certificate: " + alias, e);
32.74 + }
32.75 + }
32.76 +
32.77 + static {
32.78 + // -----------------------------------------------------------------
32.79 + // Compromised CAs of Digicert Malaysia
32.80 + //
32.81 + // Reported by Digicert in its announcement on November 05, 2011.
32.82 + //
32.83 +
32.84 + // Digicert Malaysia intermediate, cross-signed by CyberTrust
32.85 + //
32.86 + // Subject: CN=Digisign Server ID (Enrich),
32.87 + // OU=457608-K,
32.88 + // O=Digicert Sdn. Bhd.,
32.89 + // C=MY
32.90 + // Issuer: CN=GTE CyberTrust Global Root,
32.91 + // OU=GTE CyberTrust Solutions, Inc.,
32.92 + // O=GTE Corporation,
32.93 + // C=US
32.94 + // Serial: 120001705 (07:27:14:a9)
32.95 + add("digicert-server-cross-to-cybertrust-4C0E636A",
32.96 + "-----BEGIN CERTIFICATE-----\n" +
32.97 + "MIIDyzCCAzSgAwIBAgIEBycUqTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV\n" +
32.98 + "UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n" +
32.99 + "cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n" +
32.100 + "b2JhbCBSb290MB4XDTA3MDcxNzE1MTc0OFoXDTEyMDcxNzE1MTY1NFowYzELMAkG\n" +
32.101 + "A1UEBhMCTVkxGzAZBgNVBAoTEkRpZ2ljZXJ0IFNkbi4gQmhkLjERMA8GA1UECxMI\n" +
32.102 + "NDU3NjA4LUsxJDAiBgNVBAMTG0RpZ2lzaWduIFNlcnZlciBJRCAoRW5yaWNoKTCB\n" +
32.103 + "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArahkS02Hx4RZufuQRqCmicDx/tXa\n" +
32.104 + "VII3DZkrRSYK6Fawf8qo9I5HhAGCKeOzarWR8/uVhbxyqGToCkCcxfRxrnt7agfq\n" +
32.105 + "kBRPjYmvlKuyBtQCanuYH1m5Os1U+iDfsioK6bjdaZDAKdNO0JftZszFGUkGf/pe\n" +
32.106 + "LHx7hRsyQt97lSUCAwEAAaOCAXgwggF0MBIGA1UdEwEB/wQIMAYBAf8CAQAwXAYD\n" +
32.107 + "VR0gBFUwUzBIBgkrBgEEAbE+AQAwOzA5BggrBgEFBQcCARYtaHR0cDovL2N5YmVy\n" +
32.108 + "dHJ1c3Qub21uaXJvb3QuY29tL3JlcG9zaXRvcnkuY2ZtMAcGBWCDSgEBMA4GA1Ud\n" +
32.109 + "DwEB/wQEAwIB5jCBiQYDVR0jBIGBMH+heaR3MHUxCzAJBgNVBAYTAlVTMRgwFgYD\n" +
32.110 + "VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv\n" +
32.111 + "bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv\n" +
32.112 + "b3SCAgGlMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly93d3cucHVibGljLXRydXN0\n" +
32.113 + "LmNvbS9jZ2ktYmluL0NSTC8yMDE4L2NkcC5jcmwwHQYDVR0OBBYEFMYWk04WF+wW\n" +
32.114 + "royUdvOGbcV0boR3MA0GCSqGSIb3DQEBBQUAA4GBAHYAe6Z4K2Ydjl42xqSOBfIj\n" +
32.115 + "knyTZ9P0wAp9iy3Z6tVvGvPhSilaIoRNUC9LDPL/hcJ7VdREgr5trGeOvLQfkpxR\n" +
32.116 + "gBoU9m6rYYgLrRx/90tQUdZlG6ZHcRVesHHzNRTyN71jyNXwk1o0X9g96F33xR7A\n" +
32.117 + "5c8fhiSpPAdmzcHSNmNZ\n" +
32.118 + "-----END CERTIFICATE-----");
32.119 +
32.120 + // Digicert Malaysia intermediate, cross-signed by Entrust
32.121 + //
32.122 + // Subject: CN=Digisign Server ID - (Enrich),
32.123 + // OU=457608-K,
32.124 + // O=Digicert Sdn. Bhd.,
32.125 + // C=MY
32.126 + // Issuer: CN=Entrust.net Certification Authority (2048)
32.127 + // OU=(c) 1999 Entrust.net Limited,
32.128 + // OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),
32.129 + // O=Entrust.net
32.130 + // Serial: 1184644297 (4c:0e:63:6a)
32.131 + add("digicert-server-cross-to-entrust-ca-4C0E636A",
32.132 + "-----BEGIN CERTIFICATE-----\n" +
32.133 + "MIIEzjCCA7agAwIBAgIETA5jajANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML\n" +
32.134 + "RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp\n" +
32.135 + "bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5\n" +
32.136 + "IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp\n" +
32.137 + "ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw0xMDA3MTYxNzIzMzdaFw0xNTA3\n" +
32.138 + "MTYxNzUzMzdaMGUxCzAJBgNVBAYTAk1ZMRswGQYDVQQKExJEaWdpY2VydCBTZG4u\n" +
32.139 + "IEJoZC4xETAPBgNVBAsTCDQ1NzYwOC1LMSYwJAYDVQQDEx1EaWdpc2lnbiBTZXJ2\n" +
32.140 + "ZXIgSUQgLSAoRW5yaWNoKTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" +
32.141 + "AMWJ5PQNBkCSWccaszXRDkwqM/n4r8qef+65p21g9FTob9Wb8xtjMQRoctE0Foy0\n" +
32.142 + "FyyX3nPF2JAVoBor9cuzSIZE8B2ITM5BQhrv9Qze/kDaOSD3BlU6ap1GwdJvpbLI\n" +
32.143 + "Vz4po5zg6YV3ZuiYpyR+vsBZIOVEb7ZX2L7OwmV3WMZhQdF0BMh/SULFcqlyFu6M\n" +
32.144 + "3RJdtErU0a9Qt9iqdXZorT5dqjBtYairEFs+E78z4K9EnTgiW+9ML6ZxJhUmyiiM\n" +
32.145 + "2fqOjqmiFDXimySItPR/hZ2DTwehthSQNsQ0HI0mYW0Tb3i+6I8nx0uElqOGaAwj\n" +
32.146 + "vgvsjJQAqQSKE5D334VsDLECAwEAAaOCATQwggEwMA4GA1UdDwEB/wQEAwIBBjAS\n" +
32.147 + "BgNVHRMBAf8ECDAGAQH/AgEAMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcD\n" +
32.148 + "AgYIKwYBBQUHAwQwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8v\n" +
32.149 + "b2NzcC5lbnRydXN0Lm5ldDBEBgNVHSAEPTA7MDkGBWCDSgEBMDAwLgYIKwYBBQUH\n" +
32.150 + "AgEWImh0dHA6Ly93d3cuZGlnaWNlcnQuY29tLm15L2Nwcy5odG0wMgYDVR0fBCsw\n" +
32.151 + "KTAnoCWgI4YhaHR0cDovL2NybC5lbnRydXN0Lm5ldC8yMDQ4Y2EuY3JsMBEGA1Ud\n" +
32.152 + "DgQKBAhMTswlKAMpgTAfBgNVHSMEGDAWgBRV5IHREYC+2Im5CKMx+aEkCRa5cDAN\n" +
32.153 + "BgkqhkiG9w0BAQUFAAOCAQEAl0zvSjpJrHL8MCBrtClbp8WVBJD5MtXChWreA6E3\n" +
32.154 + "+YkAsFqsVX7bQzX/yQH4Ub7MJsrIaqTEVD4mHucMo82XZ5TdpkLrXM2POXlrM3kh\n" +
32.155 + "Bnn6gkQVmczBtznTRmJ8snDrb84gqj4Zt+l0gpy0pUtNYQA35IfS8hQ6ZHy4qXth\n" +
32.156 + "4JMi59WfPkfmNnagU9gAAzoPtTP+lsrT0oI6Lt3XSOHkp2nMHOmZSufKcEXXCwcO\n" +
32.157 + "mnUb0C+Sb/akB8O9HEumhLZ9qJqp0qcp8QtXaR6XVybsK0Os1EWDBQDp4/BGQAf6\n" +
32.158 + "6rFRc5Mcpd1TETfIKqcVJx20qsx/qjEw/LhFn0gJ7RDixQ==\n" +
32.159 + "-----END CERTIFICATE-----");
32.160 +
32.161 +
32.162 + // -----------------------------------------------------------------
32.163 + //
32.164 + // No longer used certificates
32.165 + //
32.166 +
32.167 + // Subject: CN=Java Media APIs,
32.168 + // OU=Java Signed Extensions,
32.169 + // OU=Corporate Object Signing,
32.170 + // O=Sun Microsystems Inc
32.171 + // Issuer: CN=Object Signing CA,
32.172 + // OU=Class 2 OnSite Subscriber CA,
32.173 + // OU=VeriSign Trust Network,
32.174 + // O=Sun Microsystems Inc
32.175 + // Serial: 6a:8b:99:91:37:59:4f:89:53:e2:97:18:9f:19:1e:4e
32.176 + add("java-media-pretrusted-9F191E4E",
32.177 + "-----BEGIN CERTIFICATE-----\n" +
32.178 + "MIIFdzCCBF+gAwIBAgIQaouZkTdZT4lT4pcYnxkeTjANBgkqhkiG9w0BAQUFADCB\n" +
32.179 + "gzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxHzAdBgNVBAsTFlZlcmlT\n" +
32.180 + "aWduIFRydXN0IE5ldHdvcmsxJTAjBgNVBAsTHENsYXNzIDIgT25TaXRlIFN1YnNj\n" +
32.181 + "cmliZXIgQ0ExGjAYBgNVBAMTEU9iamVjdCBTaWduaW5nIENBMB4XDTA5MDUxMjAw\n" +
32.182 + "MDAwMFoXDTEyMDUxMTIzNTk1OVowfTEdMBsGA1UEChQUU3VuIE1pY3Jvc3lzdGVt\n" +
32.183 + "cyBJbmMxITAfBgNVBAsUGENvcnBvcmF0ZSBPYmplY3QgU2lnbmluZzEfMB0GA1UE\n" +
32.184 + "CxQWSmF2YSBTaWduZWQgRXh0ZW5zaW9uczEYMBYGA1UEAxQPSmF2YSBNZWRpYSBB\n" +
32.185 + "UElzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5blzoKTVE8y4Hpz\n" +
32.186 + "q6E15RZz1bF5HnYEyYqgHkZXnAKedmYCoMzm1XK8s+gQWShLEvGEAvs5yqarx9gE\n" +
32.187 + "nnC21N28aEZgIJMa2/arKxCUkS4pxdGPYGexL9UzSRkUpoBShCZKEGdmX7gfJE2K\n" +
32.188 + "/sd9MFvGV5/yZtWXrADzvm0Kd/9mg1KRv1gfrZIq0TJbupoXPYYqb73AkI9eT2ZD\n" +
32.189 + "q9MdwD4E5+oojsDFXt8GU/D00fUhtXpYwuplU7D667WHYdJhIah0ST6JywyqcLXG\n" +
32.190 + "XSuFTXOgITT2idSHluZVmx3dqJ72u9kPkO4JdJTMDfaK8zgNLaRkiU8Qcj+qhLYH\n" +
32.191 + "ytaqcwIDAQABo4IB6jCCAeYwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwfwYD\n" +
32.192 + "VR0fBHgwdjB0oHKgcIZuaHR0cDovL29uc2l0ZWNybC52ZXJpc2lnbi5jb20vU3Vu\n" +
32.193 + "TWljcm9zeXN0ZW1zSW5jQ29ycG9yYXRlT2JqZWN0U2lnbmluZ0phdmFTaWduZWRF\n" +
32.194 + "eHRlbnNpb25zQ2xhc3NCL0xhdGVzdENSTC5jcmwwHwYDVR0jBBgwFoAUs0crgn5T\n" +
32.195 + "tHPKuLsZt76BTQeVx+0wHQYDVR0OBBYEFKS32mVx0gNWTeS4ProHEaeSpvvIMDsG\n" +
32.196 + "CCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29uc2l0ZS1vY3NwLnZl\n" +
32.197 + "cmlzaWduLmNvbTCBtQYDVR0gBIGtMIGqMDkGC2CGSAGG+EUBBxcCMCowKAYIKwYB\n" +
32.198 + "BQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwbQYLYIZIAYb3AIN9\n" +
32.199 + "nD8wXjAnBggrBgEFBQcCARYbaHR0cHM6Ly93d3cuc3VuLmNvbS9wa2kvY3BzMDMG\n" +
32.200 + "CCsGAQUFBwICMCcaJVZhbGlkYXRlZCBGb3IgU3VuIEJ1c2luZXNzIE9wZXJhdGlv\n" +
32.201 + "bnMwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQEFBQADggEBAAe6BO4W\n" +
32.202 + "3TSNWfezyelJs6kE3HfulT6Bdyz4UUoh9ykXcV8nRwT+kh25I5MdyG2GfkJoADPR\n" +
32.203 + "VhC5DYo13UFpIsTNVjq+hGYe2hML93bN7ad9SxCCyjHUo3yMz2qgBbHZI3VA9ZHA\n" +
32.204 + "aWM4Tx0saMwbcnVvlbuGh+PXvStfypJqYT6lzcdFfjNVX4FI/QQNGhBswMY51tC8\n" +
32.205 + "GTBCL2qhJon0gSCU4zaawDOf7+XxJWirLamYL1Aal1/h2z2sFrvA/1ftxtU3kZ6I\n" +
32.206 + "7De8DyoHeZg7pYGdrj7g+lPhCga/WvEhN152I+aP08YbFcJHYmK05ngl/Ye4c6Bd\n" +
32.207 + "cdrdfbw6QzEUIYY=\n" +
32.208 + "-----END CERTIFICATE-----");
32.209 +
32.210 + // Subject: CN=JavaFX 1.0 Runtime,
32.211 + // OU=Java Signed Extensions,
32.212 + // OU=Corporate Object Signing,
32.213 + // O=Sun Microsystems Inc
32.214 + // Issuer: CN=Object Signing CA,
32.215 + // OU=Class 2 OnSite Subscriber CA,
32.216 + // OU=VeriSign Trust Network,
32.217 + // O=Sun Microsystems Inc
32.218 + // Serial: 55:c0:e6:44:59:59:79:9e:d9:26:f1:b0:4a:1e:f0:27
32.219 + add("java-fx10-pretrusted-4A1EF027",
32.220 + "-----BEGIN CERTIFICATE-----\n" +
32.221 + "MIIFezCCBGOgAwIBAgIQVcDmRFlZeZ7ZJvGwSh7wJzANBgkqhkiG9w0BAQUFADCB\n" +
32.222 + "gzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxHzAdBgNVBAsTFlZlcmlT\n" +
32.223 + "aWduIFRydXN0IE5ldHdvcmsxJTAjBgNVBAsTHENsYXNzIDIgT25TaXRlIFN1YnNj\n" +
32.224 + "cmliZXIgQ0ExGjAYBgNVBAMTEU9iamVjdCBTaWduaW5nIENBMB4XDTA4MTAwOTAw\n" +
32.225 + "MDAwMFoXDTExMTAwOTIzNTk1OVowgYAxHTAbBgNVBAoUFFN1biBNaWNyb3N5c3Rl\n" +
32.226 + "bXMgSW5jMSEwHwYDVQQLFBhDb3Jwb3JhdGUgT2JqZWN0IFNpZ25pbmcxHzAdBgNV\n" +
32.227 + "BAsUFkphdmEgU2lnbmVkIEV4dGVuc2lvbnMxGzAZBgNVBAMUEkphdmFGWCAxLjAg\n" +
32.228 + "UnVudGltZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+WDc6+bu+4\n" +
32.229 + "tmAcS/lBtUc02WOt9QZpVsXg9cG2pu/8bUtmDELa8iiYBVFpIs8DU58HLrGQtCUY\n" +
32.230 + "SIAGOVPsOJoN29UKCDWfY9j5JeVhfhMGqk9DwrWhzgsjy4cpZ1pIp+k/fJ8zT8Ul\n" +
32.231 + "aYLpow1vg3UNddsmwz02tN7cOrMw9WYIG4CRYnY1OrtJSfe2pYzheC4zyvR+aiVl\n" +
32.232 + "nang2OtqikSQsNFOFHsLOJFxngy9LrO8evDSu25VTKI6zlWU6/bMeqtztJPN0VOn\n" +
32.233 + "NyUrJZvkxZ207Jg0T693BGSxNC1n+ihztXogql8950M/pEuUbDjylv5FFvlp6DSB\n" +
32.234 + "dDT2MkutmyMCAwEAAaOCAeowggHmMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeA\n" +
32.235 + "MH8GA1UdHwR4MHYwdKByoHCGbmh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29t\n" +
32.236 + "L1N1bk1pY3Jvc3lzdGVtc0luY0NvcnBvcmF0ZU9iamVjdFNpZ25pbmdKYXZhU2ln\n" +
32.237 + "bmVkRXh0ZW5zaW9uc0NsYXNzQi9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaAFLNH\n" +
32.238 + "K4J+U7Rzyri7Gbe+gU0HlcftMB0GA1UdDgQWBBTjgufVi3XJ3gx1ewsA6Rr7BR4Z\n" +
32.239 + "zjA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAGGH2h0dHA6Ly9vbnNpdGUtb2Nz\n" +
32.240 + "cC52ZXJpc2lnbi5jb20wgbUGA1UdIASBrTCBqjA5BgtghkgBhvhFAQcXAjAqMCgG\n" +
32.241 + "CCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMG0GC2CGSAGG\n" +
32.242 + "9wCDfZw/MF4wJwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3LnN1bi5jb20vcGtpL2Nw\n" +
32.243 + "czAzBggrBgEFBQcCAjAnGiVWYWxpZGF0ZWQgRm9yIFN1biBCdXNpbmVzcyBPcGVy\n" +
32.244 + "YXRpb25zMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBQUAA4IBAQAB\n" +
32.245 + "YVJTTVe7rzyTO4jc3zajErOT/COkdQTfNo0eIX1QbNynFieJvwY/jRzUZwjktIFR\n" +
32.246 + "2p4JtbpHGAtKtjOAOTieQ8xdDOoC1djzpE7/AbMvuvlTavtUKT+F7tPdhfXgWXJV\n" +
32.247 + "6Wbt8jryKyk3zZGiEhauIwZUkfjRkEtffEmZWLUd8c8rURJjfC/XHH2oyurscoxc\n" +
32.248 + "CjX29c9ynxSiS/VvQp1an0HvErGh69N48wj7cj8mtZ1yHzd2XCzSSR1OfTPfk0Pt\n" +
32.249 + "yg51p7yJaFiH21PTZegEL6zyVNOYBTKwwIi2OzpwYalD3uvK6e3OKDrfFCOxu17u\n" +
32.250 + "4PveESbrdyrmvLe7IVez\n" +
32.251 + "-----END CERTIFICATE-----");
32.252 +
32.253 + // Subject: CN=JavaFX Runtime,
32.254 + // OU=Java Signed Extensions,
32.255 + // OU=Corporate Object Signing,
32.256 + // O=Sun Microsystems Inc
32.257 + // Issuer: CN=Object Signing CA,
32.258 + // OU=Class 2 OnSite Subscriber CA,
32.259 + // OU=VeriSign Trust Network,
32.260 + // O=Sun Microsystems Inc
32.261 + // Serial: 47:f4:55:f1:da:4a:5e:f9:e3:f7:a8:03:62:17:c0:ff
32.262 + add("javafx-runtime-pretrusted-6217C0FF",
32.263 + "-----BEGIN CERTIFICATE-----\n" +
32.264 + "MIIFdjCCBF6gAwIBAgIQR/RV8dpKXvnj96gDYhfA/zANBgkqhkiG9w0BAQUFADCB\n" +
32.265 + "gzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxHzAdBgNVBAsTFlZlcmlT\n" +
32.266 + "aWduIFRydXN0IE5ldHdvcmsxJTAjBgNVBAsTHENsYXNzIDIgT25TaXRlIFN1YnNj\n" +
32.267 + "cmliZXIgQ0ExGjAYBgNVBAMTEU9iamVjdCBTaWduaW5nIENBMB4XDTA5MDEyOTAw\n" +
32.268 + "MDAwMFoXDTEyMDEyOTIzNTk1OVowfDEdMBsGA1UEChQUU3VuIE1pY3Jvc3lzdGVt\n" +
32.269 + "cyBJbmMxITAfBgNVBAsUGENvcnBvcmF0ZSBPYmplY3QgU2lnbmluZzEfMB0GA1UE\n" +
32.270 + "CxQWSmF2YSBTaWduZWQgRXh0ZW5zaW9uczEXMBUGA1UEAxQOSmF2YUZYIFJ1bnRp\n" +
32.271 + "bWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIzd0fAk8mI9ONc6RJ\n" +
32.272 + "aGieioK2FLdXEwj8zL3vdGDVmBwyR1zwYkaOIFFgF9IW/8qc4iAYA5sGUY+0g8q3\n" +
32.273 + "5DuYAxfTzBB5KdaYvbuq6GGnoHIWmTirXY+1friFp8lyXSvtuEaGB1VHaBoZchEg\n" +
32.274 + "k+UgeVDA43dHwcT1Ov3DePczJRUes8T/QHzLX+BxUDG43vjyncCEO/AjqLZxXEz2\n" +
32.275 + "xrNbKLcH3lGMJK7hdbfssUfF5BjC38Hn71HauYlA43b2no+2y0Sjulwzez2YPbDC\n" +
32.276 + "0GLR3TnKtA8dqOrnl5t3DniDbfOBNtBE3VOydJO0XW57Ng1HRXD023nm9ECPY2xp\n" +
32.277 + "0N/pAgMBAAGjggHqMIIB5jAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDB/BgNV\n" +
32.278 + "HR8EeDB2MHSgcqBwhm5odHRwOi8vb25zaXRlY3JsLnZlcmlzaWduLmNvbS9TdW5N\n" +
32.279 + "aWNyb3N5c3RlbXNJbmNDb3Jwb3JhdGVPYmplY3RTaWduaW5nSmF2YVNpZ25lZEV4\n" +
32.280 + "dGVuc2lvbnNDbGFzc0IvTGF0ZXN0Q1JMLmNybDAfBgNVHSMEGDAWgBSzRyuCflO0\n" +
32.281 + "c8q4uxm3voFNB5XH7TAdBgNVHQ4EFgQUvOdd0cKPj+Yik/iOBwTdphh5A+gwOwYI\n" +
32.282 + "KwYBBQUHAQEELzAtMCsGCCsGAQUFBzABhh9odHRwOi8vb25zaXRlLW9jc3AudmVy\n" +
32.283 + "aXNpZ24uY29tMIG1BgNVHSAEga0wgaowOQYLYIZIAYb4RQEHFwIwKjAoBggrBgEF\n" +
32.284 + "BQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTBtBgtghkgBhvcAg32c\n" +
32.285 + "PzBeMCcGCCsGAQUFBwIBFhtodHRwczovL3d3dy5zdW4uY29tL3BraS9jcHMwMwYI\n" +
32.286 + "KwYBBQUHAgIwJxolVmFsaWRhdGVkIEZvciBTdW4gQnVzaW5lc3MgT3BlcmF0aW9u\n" +
32.287 + "czATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQUFAAOCAQEAbGcf2NjL\n" +
32.288 + "AI93HG6ny2BbepaZA1a8xa/R6uUc7xV+Qw6MgLwFD4Q4i6LWUztQDvg9l68MM2/i\n" +
32.289 + "Y9LEi1KM4lcNbK5+D+t9x98wXBiuojXhVdp5ZmC03EyEBbriopdBsmXVLDSu/Y3+\n" +
32.290 + "zowOO5xwpMK3dbgsSDs2Vt0UosD3FTcRaD3GNfOhXMp+o1grHNiXF9YgkmdQbPPZ\n" +
32.291 + "DQ2KBhFPCRJXBGvyKOqno/DTg0sQ3crGH/C4/4t7mnQXWldZotmJUZ0ONc9oD+Q1\n" +
32.292 + "JAaguUKqIwn9yZ093ie+JWHbYNid9IIIPXYgtRxmf9a376WBhqhu56uJftBJ7x9g\n" +
32.293 + "eQ7Lot6CSWCiFw==\n" +
32.294 + "-----END CERTIFICATE-----");
32.295 +
32.296 + //
32.297 + // Compromised Solaris INTERNAL DEVELOPMENT USE ONLY certificate
32.298 + //
32.299 +
32.300 + // Subject: CN=Solaris INTERNAL DEVELOPMENT USE ONLY,
32.301 + // OU=Solaris Cryptographic Framework,
32.302 + // OU=Corporate Object Signing,
32.303 + // O=Sun Microsystems Inc
32.304 + // Issuer: CN=Object Signing CA,
32.305 + // OU=Class 2 OnSite Subscriber CA,
32.306 + // OU=VeriSign Trust Network,
32.307 + // O=Sun Microsystems Inc
32.308 + // Serial: 77:29:77:52:6a:19:7b:9a:a6:a2:c7:99:a0:e1:cd:8c
32.309 + add("solaris-internal-dev-A0E1CD8C",
32.310 + "-----BEGIN CERTIFICATE-----\n" +
32.311 + "MIIFHjCCBAagAwIBAgIQdyl3UmoZe5qmoseZoOHNjDANBgkqhkiG9w0BAQUFADCB\n" +
32.312 + "gzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxHzAdBgNVBAsTFlZlcmlT\n" +
32.313 + "aWduIFRydXN0IE5ldHdvcmsxJTAjBgNVBAsTHENsYXNzIDIgT25TaXRlIFN1YnNj\n" +
32.314 + "cmliZXIgQ0ExGjAYBgNVBAMTEU9iamVjdCBTaWduaW5nIENBMB4XDTA3MDEwNDAw\n" +
32.315 + "MDAwMFoXDTEwMDEwMzIzNTk1OVowgZwxHTAbBgNVBAoUFFN1biBNaWNyb3N5c3Rl\n" +
32.316 + "bXMgSW5jMSEwHwYDVQQLFBhDb3Jwb3JhdGUgT2JqZWN0IFNpZ25pbmcxKDAmBgNV\n" +
32.317 + "BAsUH1NvbGFyaXMgQ3J5cHRvZ3JhcGhpYyBGcmFtZXdvcmsxLjAsBgNVBAMUJVNv\n" +
32.318 + "bGFyaXMgSU5URVJOQUwgREVWRUxPUE1FTlQgVVNFIE9OTFkwgZ8wDQYJKoZIhvcN\n" +
32.319 + "AQEBBQADgY0AMIGJAoGBALbNU4hf3mD5ArDI9pjgioAyvV3bjMPRQdCZniIeGJBp\n" +
32.320 + "odFlSEH+Mh64W1DsY8coeZ7FvvGJkx9IpTMJW9k8w1oJK9UNqHyAQfaYjQyXi3xQ\n" +
32.321 + "LJp62EvYdGfDlwOZejEcR/MbzZG+GOPMMvQj5+xyFDvLXNGfQNTnxw2qnBgCJXjj\n" +
32.322 + "AgMBAAGjggH1MIIB8TAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDCBiQYDVR0f\n" +
32.323 + "BIGBMH8wfaB7oHmGd2h0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL1N1bk1p\n" +
32.324 + "Y3Jvc3lzdGVtc0luY0NvcnBvcmF0ZU9iamVjdFNpZ25pbmdTb2xhcmlzQ3J5cHRv\n" +
32.325 + "Z3JhcGhpY0ZyYW1ld29ya0NsYXNzQi9MYXRlc3RDUkwuY3JsMB8GA1UdIwQYMBaA\n" +
32.326 + "FLNHK4J+U7Rzyri7Gbe+gU0HlcftMB0GA1UdDgQWBBRpfiGYkehTnsIzuN2H6AFb\n" +
32.327 + "VCZG8jA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUHMAGGH2h0dHA6Ly9vbnNpdGUt\n" +
32.328 + "b2NzcC52ZXJpc2lnbi5jb20wgbUGA1UdIASBrTCBqjA5BgtghkgBhvhFAQcXAjAq\n" +
32.329 + "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMG0GC2CG\n" +
32.330 + "SAGG9wCDfZw/MF4wJwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3LnN1bi5jb20vcGtp\n" +
32.331 + "L2NwczAzBggrBgEFBQcCAjAnFiVWYWxpZGF0ZWQgRm9yIFN1biBCdXNpbmVzcyBP\n" +
32.332 + "cGVyYXRpb25zMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBQUAA4IB\n" +
32.333 + "AQCG5soy3LFHTFbA8/5SzDRhQoJkHUnOP0t3b6nvX6vZYRp649fje7TQOPRm1pFd\n" +
32.334 + "CZ17J+tggdZwgzTqY4aYpJ00jZaK6pV37q/vgFC/ia6jDs8Q+ly9cEcadBZ5loYg\n" +
32.335 + "cmxp9p57W2MNWx8VA8oFdNtKfF0jUNXbLNtvwGHmgR6YcwLrGN1b6/9Lt9bO3ODl\n" +
32.336 + "FO+ZDwkfQz5ClUVrTx2dGBvKRYFqSG5S8JAfsgYhPvcacUQkA7ExyKvfRXLWVrce\n" +
32.337 + "ZiPpcElbx+819H2sAPvVvparVeAruZGMAtejHZp9NFoowKen5drJp9VxePS4eM49\n" +
32.338 + "3DepB6lKRrNRw66LNQol4ZBz\n" +
32.339 + "-----END CERTIFICATE-----");
32.340 +
32.341 +
32.342 + // -----------------------------------------------------------------
32.343 + // Compromised CAs of DigiNotar
32.344 + //
32.345 + // Reported by Fox-IT in its interim report on September 5, 2011,
32.346 + // "DigiNotar Certificate Authority breach 'Operation Black Tulip'".
32.347 + //
32.348 +
32.349 + //
32.350 + // Compromised DigiNotar Cyber CA
32.351 + //
32.352 +
32.353 + // DigiNotar intermediate, cross-signed by CyberTrust
32.354 + //
32.355 + // Subject: EMAILADDRESS=info@diginotar.nl, CN=DigiNotar Cyber CA,
32.356 + // O=DigiNotar, C=NL
32.357 + // Issuer: CN=GTE CyberTrust Global Root,
32.358 + // OU=GTE CyberTrust Solutions, Inc.,
32.359 + // O=GTE Corporation,
32.360 + // C=US
32.361 + // Serial: 120000525 (07:27:10:0D)
32.362 + add("info-at-diginotar-cyber-ca-cross-to-gte-cybertrust-0727100D",
32.363 + "-----BEGIN CERTIFICATE-----\n" +
32.364 + "MIIFWjCCBMOgAwIBAgIEBycQDTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV\n" +
32.365 + "UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n" +
32.366 + "cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n" +
32.367 + "b2JhbCBSb290MB4XDTA2MTAwNDEwNTQxMVoXDTExMTAwNDEwNTMxMVowYDELMAkG\n" +
32.368 + "A1UEBhMCTkwxEjAQBgNVBAoTCURpZ2lOb3RhcjEbMBkGA1UEAxMSRGlnaU5vdGFy\n" +
32.369 + "IEN5YmVyIENBMSAwHgYJKoZIhvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIw\n" +
32.370 + "DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANLOFQotqF6EZ639vu9Gx8i5z3P8\n" +
32.371 + "9DS5+SxD52ATPXrjss87Z2yQrcC5P4RS8DVC3HTcKDu9UrSnrHJFF8bwieu0qiXy\n" +
32.372 + "XUte0dmHutZ9fPXOMp8QM8WxSrtekTHC0OlBwpFkfglBO9uLCDdqqspS3rU5HsCI\n" +
32.373 + "A6U/i5kTYUO1m4Kz7iBvz6FEouova0CfjytXraFTwoUiaZ2gP1HfC0GRDaXhqKpc\n" +
32.374 + "SQhdvd5wQbEPyWNr0380dAIvNFp4dRxoeoFnivPaQPBgY/SSINcDpj2jHmfEhBtB\n" +
32.375 + "pcmM5r3qSLYFFgizNxJa92E89zhvLpfgb1Y4VNMota0Ubi5LZLUnZbd1JQm2Bz2V\n" +
32.376 + "VgIKgmCyc0XgMyZRdJq51FAc9k1bW1JSE1qmf6cO4ehBVGeYjIfVydNsy9NUkgYJ\n" +
32.377 + "NEH3gW8/nsl8dVWw58Gzd+jDxAA1lUBwEEoF3iW7n1mlZLxHYL9g43aLE1Xd4XR6\n" +
32.378 + "uc8kpmp/3mQiRFhogmoQ+T3lPhu5vfwi9GAEibtVbShV+t6OjRshFNc3izR7Tfay\n" +
32.379 + "shDPM7F9HGKZSMsrbHaWVb8ZDR0fu2WqG46ZtcYokOWCLXhQIJr9eS8kf/CJKWn0\n" +
32.380 + "fc1zvrPtTsHR7VJej/e4142HrbLZG1ES/1az4a80fVykeIgQnp0DxqWqoiRR90kU\n" +
32.381 + "xbHuWUOV36toKDA/AgMBAAGjggGGMIIBgjASBgNVHRMBAf8ECDAGAQH/AgEBMFMG\n" +
32.382 + "A1UdIARMMEowSAYJKwYBBAGxPgEAMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93d3cu\n" +
32.383 + "cHVibGljLXRydXN0LmNvbS9DUFMvT21uaVJvb3QuaHRtbDAOBgNVHQ8BAf8EBAMC\n" +
32.384 + "AQYwgaAGA1UdIwSBmDCBlYAUpgwdn2H/Bxe1vzhG20Mw1Y6wUgaheaR3MHUxCzAJ\n" +
32.385 + "BgNVBAYTAlVTMRgwFgYDVQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdU\n" +
32.386 + "RSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVy\n" +
32.387 + "VHJ1c3QgR2xvYmFsIFJvb3SCAgGlMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly93\n" +
32.388 + "d3cucHVibGljLXRydXN0LmNvbS9jZ2ktYmluL0NSTC8yMDE4L2NkcC5jcmwwHQYD\n" +
32.389 + "VR0OBBYEFKv5aN/PSjfXe0WMX3LeQETDZbvCMA0GCSqGSIb3DQEBBQUAA4GBAI9o\n" +
32.390 + "a6VbB7pEZg4cqFwwezPkCiYE/O+eGjjWLqEf0JlHwnVkJP2eOyh2uSYoYZEMbSz4\n" +
32.391 + "BJ98UAHV42mv7xXSRZskCSpmBU8lgcpdvqrBWSeuM46C9990sFWzjvjnN8huqlZE\n" +
32.392 + "9r1TgSOWPbT6MopTZkQloiXGpjwljPDgKAYityZB\n" +
32.393 + "-----END CERTIFICATE-----");
32.394 +
32.395 + // DigiNotar intermediate, cross-signed by CyberTrust
32.396 + //
32.397 + // Subject: CN=DigiNotar Cyber CA, O=DigiNotar, C=NL
32.398 + // Issuer: CN=GTE CyberTrust Global Root,
32.399 + // OU=GTE CyberTrust Solutions, Inc.,
32.400 + // O=GTE Corporation,
32.401 + // C=US
32.402 + // Serial: 120000505 (07:27:0F:F9)
32.403 + add("diginotar-cyber-ca-cross-to-gte-cybertrust-07270FF9",
32.404 + "-----BEGIN CERTIFICATE-----\n" +
32.405 + "MIIFODCCBKGgAwIBAgIEBycP+TANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV\n" +
32.406 + "UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n" +
32.407 + "cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n" +
32.408 + "b2JhbCBSb290MB4XDTA2MDkyMDA5NDUzMloXDTEzMDkyMDA5NDQwNlowPjELMAkG\n" +
32.409 + "A1UEBhMCTkwxEjAQBgNVBAoTCURpZ2lOb3RhcjEbMBkGA1UEAxMSRGlnaU5vdGFy\n" +
32.410 + "IEN5YmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0s4VCi2o\n" +
32.411 + "XoRnrf2+70bHyLnPc/z0NLn5LEPnYBM9euOyzztnbJCtwLk/hFLwNULcdNwoO71S\n" +
32.412 + "tKesckUXxvCJ67SqJfJdS17R2Ye61n189c4ynxAzxbFKu16RMcLQ6UHCkWR+CUE7\n" +
32.413 + "24sIN2qqylLetTkewIgDpT+LmRNhQ7WbgrPuIG/PoUSi6i9rQJ+PK1etoVPChSJp\n" +
32.414 + "naA/Ud8LQZENpeGoqlxJCF293nBBsQ/JY2vTfzR0Ai80Wnh1HGh6gWeK89pA8GBj\n" +
32.415 + "9JIg1wOmPaMeZ8SEG0GlyYzmvepItgUWCLM3Elr3YTz3OG8ul+BvVjhU0yi1rRRu\n" +
32.416 + "LktktSdlt3UlCbYHPZVWAgqCYLJzReAzJlF0mrnUUBz2TVtbUlITWqZ/pw7h6EFU\n" +
32.417 + "Z5iMh9XJ02zL01SSBgk0QfeBbz+eyXx1VbDnwbN36MPEADWVQHAQSgXeJbufWaVk\n" +
32.418 + "vEdgv2DjdosTVd3hdHq5zySman/eZCJEWGiCahD5PeU+G7m9/CL0YASJu1VtKFX6\n" +
32.419 + "3o6NGyEU1zeLNHtN9rKyEM8zsX0cYplIyytsdpZVvxkNHR+7Zaobjpm1xiiQ5YIt\n" +
32.420 + "eFAgmv15LyR/8IkpafR9zXO+s+1OwdHtUl6P97jXjYetstkbURL/VrPhrzR9XKR4\n" +
32.421 + "iBCenQPGpaqiJFH3SRTFse5ZQ5Xfq2goMD8CAwEAAaOCAYYwggGCMBIGA1UdEwEB\n" +
32.422 + "/wQIMAYBAf8CAQEwUwYDVR0gBEwwSjBIBgkrBgEEAbE+AQAwOzA5BggrBgEFBQcC\n" +
32.423 + "ARYtaHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL0NQUy9PbW5pUm9vdC5odG1s\n" +
32.424 + "MA4GA1UdDwEB/wQEAwIBBjCBoAYDVR0jBIGYMIGVgBSmDB2fYf8HF7W/OEbbQzDV\n" +
32.425 + "jrBSBqF5pHcwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlv\n" +
32.426 + "bjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYD\n" +
32.427 + "VQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdIICAaUwRQYDVR0fBD4wPDA6\n" +
32.428 + "oDigNoY0aHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL2NnaS1iaW4vQ1JMLzIw\n" +
32.429 + "MTgvY2RwLmNybDAdBgNVHQ4EFgQUq/lo389KN9d7RYxfct5ARMNlu8IwDQYJKoZI\n" +
32.430 + "hvcNAQEFBQADgYEACcpiD427SuDUejUrBi3RKGG2rAH7g0m8rtQvLYauGYOl1h0T\n" +
32.431 + "4he+/jJ06XoUOMqUXvcpAWlxG5Ea/aO7qh3Ke+IW/aGjDvMMX7LhIDGUK16Sdu36\n" +
32.432 + "6bUjpr8KOwOpb1JgVM1f6bcvfKIn/UGDdbYN+3gm87FF6TKVKho1IZXFonU=\n" +
32.433 + "-----END CERTIFICATE-----");
32.434 +
32.435 + // DigiNotar intermediate, cross-signed by CyberTrust
32.436 + //
32.437 + // Subject: CN=DigiNotar Cyber CA, O=DigiNotar, C=NL
32.438 + // Issuer: CN=GTE CyberTrust Global Root,
32.439 + // OU=GTE CyberTrust Solutions, Inc.,
32.440 + // O=GTE Corporation,
32.441 + // C=US
32.442 + // Serial: 120000515 (07:27:10:03)
32.443 + add("diginotar-cyber-ca-cross-to-gte-cybertrust-07271003",
32.444 + "-----BEGIN CERTIFICATE-----\n" +
32.445 + "MIIFODCCBKGgAwIBAgIEBycQAzANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV\n" +
32.446 + "UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU\n" +
32.447 + "cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds\n" +
32.448 + "b2JhbCBSb290MB4XDTA2MDkyNzEwNTMzMloXDTExMDkyNzEwNTIzMFowPjELMAkG\n" +
32.449 + "A1UEBhMCTkwxEjAQBgNVBAoTCURpZ2lOb3RhcjEbMBkGA1UEAxMSRGlnaU5vdGFy\n" +
32.450 + "IEN5YmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0s4VCi2o\n" +
32.451 + "XoRnrf2+70bHyLnPc/z0NLn5LEPnYBM9euOyzztnbJCtwLk/hFLwNULcdNwoO71S\n" +
32.452 + "tKesckUXxvCJ67SqJfJdS17R2Ye61n189c4ynxAzxbFKu16RMcLQ6UHCkWR+CUE7\n" +
32.453 + "24sIN2qqylLetTkewIgDpT+LmRNhQ7WbgrPuIG/PoUSi6i9rQJ+PK1etoVPChSJp\n" +
32.454 + "naA/Ud8LQZENpeGoqlxJCF293nBBsQ/JY2vTfzR0Ai80Wnh1HGh6gWeK89pA8GBj\n" +
32.455 + "9JIg1wOmPaMeZ8SEG0GlyYzmvepItgUWCLM3Elr3YTz3OG8ul+BvVjhU0yi1rRRu\n" +
32.456 + "LktktSdlt3UlCbYHPZVWAgqCYLJzReAzJlF0mrnUUBz2TVtbUlITWqZ/pw7h6EFU\n" +
32.457 + "Z5iMh9XJ02zL01SSBgk0QfeBbz+eyXx1VbDnwbN36MPEADWVQHAQSgXeJbufWaVk\n" +
32.458 + "vEdgv2DjdosTVd3hdHq5zySman/eZCJEWGiCahD5PeU+G7m9/CL0YASJu1VtKFX6\n" +
32.459 + "3o6NGyEU1zeLNHtN9rKyEM8zsX0cYplIyytsdpZVvxkNHR+7Zaobjpm1xiiQ5YIt\n" +
32.460 + "eFAgmv15LyR/8IkpafR9zXO+s+1OwdHtUl6P97jXjYetstkbURL/VrPhrzR9XKR4\n" +
32.461 + "iBCenQPGpaqiJFH3SRTFse5ZQ5Xfq2goMD8CAwEAAaOCAYYwggGCMBIGA1UdEwEB\n" +
32.462 + "/wQIMAYBAf8CAQEwUwYDVR0gBEwwSjBIBgkrBgEEAbE+AQAwOzA5BggrBgEFBQcC\n" +
32.463 + "ARYtaHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL0NQUy9PbW5pUm9vdC5odG1s\n" +
32.464 + "MA4GA1UdDwEB/wQEAwIBBjCBoAYDVR0jBIGYMIGVgBSmDB2fYf8HF7W/OEbbQzDV\n" +
32.465 + "jrBSBqF5pHcwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlv\n" +
32.466 + "bjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYD\n" +
32.467 + "VQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdIICAaUwRQYDVR0fBD4wPDA6\n" +
32.468 + "oDigNoY0aHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL2NnaS1iaW4vQ1JMLzIw\n" +
32.469 + "MTgvY2RwLmNybDAdBgNVHQ4EFgQUq/lo389KN9d7RYxfct5ARMNlu8IwDQYJKoZI\n" +
32.470 + "hvcNAQEFBQADgYEAWcyGZhizJlRP1jjNupZey+yZG6oMDW4Z11boriMHbYPCndBE\n" +
32.471 + "bVh07zmPbZsihOw9w/vm5KbVX5CgxUv4Rhzh/20Faixf3P3bpWg0qgzHVVusNVR/\n" +
32.472 + "P50aKkpdK3hp+QLl56e+lWOddSAINIpmcuyDI1hyuzB+GJEASm9tNU/6rs8=\n" +
32.473 + "-----END CERTIFICATE-----");
32.474 +
32.475 + //
32.476 + // Compromised DigiNotar Root CA
32.477 + //
32.478 +
32.479 + // DigiNotar intermediate, cross-signed by Entrust
32.480 + //
32.481 + // Subject: EMAILADDRESS=info@diginotar.nl,
32.482 + // CN=DigiNotar Root CA,
32.483 + // O=DigiNotar, C=NL
32.484 + // Issuer: CN=Entrust.net Secure Server Certification Authority
32.485 + // OU=(c) 1999 Entrust.net Limited,
32.486 + // OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
32.487 + // O=Entrust.net,
32.488 + // C=US,
32.489 + // Serial: 1184644297 (46:9C:3C:C9)
32.490 + add("info-at-diginotar-root-ca-cross-to-entrust-secure-server-469C3CC9",
32.491 + "-----BEGIN CERTIFICATE-----\n" +
32.492 + "MIIFSDCCBLGgAwIBAgIERpw8yTANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
32.493 + "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
32.494 + "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
32.495 + "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
32.496 + "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA0\n" +
32.497 + "MjYwNTAwMDBaFw0xMzA4MTQyMDEyMzZaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
32.498 + "EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
32.499 + "hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
32.500 + "ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
32.501 + "OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
32.502 + "hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
32.503 + "gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
32.504 + "IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
32.505 + "BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
32.506 + "Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
32.507 + "5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
32.508 + "DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
32.509 + "9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
32.510 + "7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
32.511 + "ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
32.512 + "BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
32.513 + "BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
32.514 + "VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
32.515 + "bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
32.516 + "A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
32.517 + "BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAI979rBep8tu3TeLunapgsZ0jtXp\n" +
32.518 + "GDFjKWSk87dj1jCyYi+q/GyDyZ6ZQZNRP0sF+6twscq05lClWNy3TROMp7QeuoLO\n" +
32.519 + "G7Utw3OJaswUtp4YglANMRTHEe3g9ltifUXRH5tSuy7u6yi4LD4WTm5ULP6r/g6l\n" +
32.520 + "0CnjXYb0+b1Fmz6U\n" +
32.521 + "-----END CERTIFICATE-----");
32.522 +
32.523 + // DigiNotar intermediate, cross-signed by Entrust
32.524 + //
32.525 + // Subject: EMAILADDRESS=info@diginotar.nl,
32.526 + // CN=DigiNotar Root CA,
32.527 + // O=DigiNotar, C=NL
32.528 + // Issuer: CN=Entrust.net Secure Server Certification Authority
32.529 + // OU=(c) 1999 Entrust.net Limited,
32.530 + // OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
32.531 + // O=Entrust.net,
32.532 + // C=US,
32.533 + // Serial: 1184640175 (46:9C:2C:AF)
32.534 + add("info-at-diginotar-root-ca-cross-to-entrust-secure-server-469C2CAF",
32.535 + "-----BEGIN CERTIFICATE-----\n" +
32.536 + "MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
32.537 + "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
32.538 + "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
32.539 + "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
32.540 + "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
32.541 + "MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
32.542 + "EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
32.543 + "hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
32.544 + "ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
32.545 + "OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
32.546 + "hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
32.547 + "gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
32.548 + "IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
32.549 + "BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
32.550 + "Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
32.551 + "5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
32.552 + "DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
32.553 + "9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
32.554 + "7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
32.555 + "ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
32.556 + "BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
32.557 + "BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
32.558 + "VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
32.559 + "bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
32.560 + "A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
32.561 + "BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
32.562 + "xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
32.563 + "ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
32.564 + "ZFdYf+hthc3m6IcJ\n" +
32.565 + "-----END CERTIFICATE-----");
32.566 +
32.567 + //
32.568 + // Compromised DigiNotar PKIoverheid CA Organisatie - G2
32.569 + //
32.570 +
32.571 + // DigiNotar intermediate, cross-signed by the Dutch government
32.572 + //
32.573 + // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2,
32.574 + // O=DigiNotar B.V.,
32.575 + // C=NL
32.576 + // Issuer: CN=Staat der Nederlanden Organisatie CA - G2,
32.577 + // O=Staat der Nederlanden,
32.578 + // C=NL
32.579 + // Serial: 20001983 (01:31:34:bf)
32.580 + add("diginotar-pkioverheid-organisatie-cross-to-nederlanden-013134BF",
32.581 + "-----BEGIN CERTIFICATE-----\n" +
32.582 + "MIIGnDCCBISgAwIBAgIEATE0vzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJO\n" +
32.583 + "TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMTIwMAYDVQQDDClTdGFh\n" +
32.584 + "dCBkZXIgTmVkZXJsYW5kZW4gT3JnYW5pc2F0aWUgQ0EgLSBHMjAeFw0xMDA1MTIw\n" +
32.585 + "ODUxMzhaFw0yMDAzMjMwOTUwMDRaMFoxCzAJBgNVBAYTAk5MMRcwFQYDVQQKDA5E\n" +
32.586 + "aWdpTm90YXIgQi5WLjEyMDAGA1UEAwwpRGlnaU5vdGFyIFBLSW92ZXJoZWlkIENB\n" +
32.587 + "IE9yZ2FuaXNhdGllIC0gRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\n" +
32.588 + "AQCxExkPJ+Zs1FWGS9DsiYpFkXisR71HK+T8RetPtCZzWzfTw3/2497Xo/gtaMUI\n" +
32.589 + "PkuU1uSHJTZrhLUYdPMoWHMvm2rPvAQe9t7dr/xLqvXbZmIlASWC3vKXWhBu3V2p\n" +
32.590 + "IrEEqSNzOvhxrR3PhETrR9Gvbch8KKvH8jd6dF9fxQIUiqNa4xtsAeNdjtlo1vQJ\n" +
32.591 + "GzLckbUs9SDrjANtJkm4k8SFXdjSm69WaswFM8ygQp40VUSca6DUEtArVM23iQ3l\n" +
32.592 + "9uvo+4UBM096a/GdcjOWDveyhKWlJ8Qn8VFzKXe6Z27+TNy04qGhgS85SY1DOBPO\n" +
32.593 + "0KVcwoc6AGdlQiPxNlkKHaNRyLyjlCox3+M88p0aPASw77EKMBNzttfzo0wBdRSF\n" +
32.594 + "eMDXijlYhVD6LubFvs+LP6+PNtQlCS3SD6xyk/K/i9RQs/kVUJuZ9RTZ+4uRozIm\n" +
32.595 + "JqD43ztggYaDeVsr6xM9KTrBbd29no6H1kquNJcF7hSm9tw4fkrpJFQHPZdoN0Zr\n" +
32.596 + "DceoIa8TVOQJavFNRgrJXfubT73e+7dUy7g4nKc5+2otwHuNq6WnV+xKkoozxeEg\n" +
32.597 + "XHPYkJIrgNUPhhhpfDlPhIa890xb89W0yqDC8DciynlSH1PmqvOQsDvd8ij9rOvF\n" +
32.598 + "BiSgydQvD1j9tZ7sD8+yWdCiBHo4aq5y+73wJWKUCacFCwIDAQABo4IBYTCCAV0w\n" +
32.599 + "SAYDVR0gBEEwPzA9BgRVHSAAMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cuZGln\n" +
32.600 + "aW5vdGFyLm5sL2Nwcy9wa2lvdmVyaGVpZDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud\n" +
32.601 + "DwEB/wQEAwIBBjCBhQYDVR0jBH4wfIAUORCLSZJc22ESIM1JnRqO2pxnQLmhXqRc\n" +
32.602 + "MFoxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIgTmVkZXJsYW5kZW4x\n" +
32.603 + "KzApBgNVBAMMIlN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENBIC0gRzKCBACY\n" +
32.604 + "lvQwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5wa2lvdmVyaGVpZC5ubC9E\n" +
32.605 + "b21PcmdhbmlzYXRpZUxhdGVzdENSTC1HMi5jcmwwHQYDVR0OBBYEFLxdlDvZq3sD\n" +
32.606 + "JXNhwtst7vyrj2WhMA0GCSqGSIb3DQEBCwUAA4ICAQCP/C1Mt9kt1R+978v0t2gX\n" +
32.607 + "dZ1O1ffdnPEqJu2forYcA9VTs+wIzzTi48P0tRYvyMO+19NzqwA2+RpKftZj6V5G\n" +
32.608 + "uqW2jhW3oyrYQx3vXcgfgYWzi/f/PPTZ9EYIP5y8HaDZqEzNJVJOCrEg9x/pQ9lU\n" +
32.609 + "RoETmsBedGwqmDLq/He7DaWiMZgifnx859qkrey3LhoZcfhIUNpDjyyE3cFAJ+O1\n" +
32.610 + "8BVOltT4XOOGKUYr1zsH6zh/yIZXl9PvKjPEF1DVZGlrK2tFXl0vF8paTs/D1zk8\n" +
32.611 + "9TufRrmb5w5Jl53W1eMbD+qPAU6aE5RZCgIHSEsaYKt/T+0L2FUNaG9VnGllFULs\n" +
32.612 + "wNzdbKzDFs4LHVabpMTE0i7gD+JEJytQaaTcYuiKISlCbMwAOpZ2m+9AwKRed4Qy\n" +
32.613 + "bCYqOWauXeO5ubIsaB8empADOfCqs6TMSYsYNOk3yXspx4R8b0QVL+xhWQTJRcui\n" +
32.614 + "1lKifH8pktZKxYtCqNT+6tjHhyMY5J16fXNAUpigrm7jBT8FD+Clxm1N7YM3iJzH\n" +
32.615 + "89xCmmq21yFJNnfy7xhPxXDZnunetyuL9Lx+KN8NQMmFXK6dxTH/0FwOtah+8Okv\n" +
32.616 + "uq+IruW10Vilr5xxpykBkINpN4IFuvwJwQhujHg7wzMCgD9EhQgd31VWCK0shS1d\n" +
32.617 + "sQPhrqp0xaTzTro3mHuCuQ==\n" +
32.618 + "-----END CERTIFICATE-----");
32.619 +
32.620 + //
32.621 + // Compromised DigiNotar PKIoverheid CA Overheid en Bedrijven
32.622 + //
32.623 +
32.624 + // DigiNotar intermediate, cross-signed by the Dutch government
32.625 + //
32.626 + // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,
32.627 + // O=DigiNotar B.V.,
32.628 + // C=NL
32.629 + // Issuer: CN=Staat der Nederlanden Overheid CA
32.630 + // O=Staat der Nederlanden,
32.631 + // C=NL
32.632 + // Serial: 20015536 (01:31:69:b0)
32.633 + add("diginotar-pkioverheid-overheid-enb-cross-to-nederlanden-013169B0",
32.634 + "-----BEGIN CERTIFICATE-----\n" +
32.635 + "MIIEiDCCA3CgAwIBAgIEATFpsDANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJO\n" +
32.636 + "TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSowKAYDVQQDEyFTdGFh\n" +
32.637 + "dCBkZXIgTmVkZXJsYW5kZW4gT3ZlcmhlaWQgQ0EwHhcNMDcwNzA1MDg0MjA3WhcN\n" +
32.638 + "MTUwNzI3MDgzOTQ2WjBfMQswCQYDVQQGEwJOTDEXMBUGA1UEChMORGlnaU5vdGFy\n" +
32.639 + "IEIuVi4xNzA1BgNVBAMTLkRpZ2lOb3RhciBQS0lvdmVyaGVpZCBDQSBPdmVyaGVp\n" +
32.640 + "ZCBlbiBCZWRyaWp2ZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc\n" +
32.641 + "vdKnTmoKuzuiheF/AK2+tDBomAfNoHrElM9x+Yo35FPrV3bMi+Zs/u6HVcg+uwQ5\n" +
32.642 + "AKeAeKxbT370vbhUuHE7BzFJOZNUfCA7eSuPu2GQfbGs5h+QLp1FAalkLU3DL7nn\n" +
32.643 + "UNVOKlyrdnY3Rtd57EKZ96LspIlw3Dgrh6aqJOadkiQbvvb91C8ZF3rmMgeUVAVT\n" +
32.644 + "Q+lsvK9Hy7zL/b07RBKB8WtLu+20z6slTxjSzAL8o0+1QjPLWc0J3NNQ/aB2jKx+\n" +
32.645 + "ZopC9q0ckvO2+xRG603XLzDgbe5bNr5EdLcgBVeFTegAGaL2DOauocBC36esgl3H\n" +
32.646 + "aLcY5olLmmv6znn58yynAgMBAAGjggFQMIIBTDBIBgNVHSAEQTA/MD0GBFUdIAAw\n" +
32.647 + "NTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5kaWdpbm90YXIubmwvY3BzL3BraW92\n" +
32.648 + "ZXJoZWlkMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMIGABgNVHSME\n" +
32.649 + "eTB3gBQLhtYPd6NosftkCcOIblwEHFfpPaFZpFcwVTELMAkGA1UEBhMCTkwxHjAc\n" +
32.650 + "BgNVBAoTFVN0YWF0IGRlciBOZWRlcmxhbmRlbjEmMCQGA1UEAxMdU3RhYXQgZGVy\n" +
32.651 + "IE5lZGVybGFuZGVuIFJvb3QgQ0GCBACYmnkwPQYDVR0fBDYwNDAyoDCgLoYsaHR0\n" +
32.652 + "cDovL2NybC5wa2lvdmVyaGVpZC5ubC9Eb21PdkxhdGVzdENSTC5jcmwwHQYDVR0O\n" +
32.653 + "BBYEFEwIyY128ZjHPt881y91DbF2eZfMMA0GCSqGSIb3DQEBBQUAA4IBAQAMlIca\n" +
32.654 + "v03jheLu19hjeQ5Q38aEW9K72fUxCho1l3TfFPoqDz7toOMI9tVOW6+mriXiRWsi\n" +
32.655 + "D7dUKH6S3o0UbNEc5W50BJy37zRERd/Jgx0ZH8Apad+J1T/CsFNt5U4X5HNhIxMm\n" +
32.656 + "cUP9TFnLw98iqiEr2b+VERqKpOKrp11Lbyn1UtHk0hWxi/7wA8+nfemZhzizDXMU\n" +
32.657 + "5HIs4c71rQZIZPrTKbmi2Lv01QulQERDjqC/zlqlUkxk0xcxYczopIro5Ij76eUv\n" +
32.658 + "BjMzm5RmZrGrUDqhCYF0U1onuabSJc/Tw6f/ltAv6uAejVLpGBwgCkegllYOQJBR\n" +
32.659 + "RKwa/fHuhR/3Qlpl\n" +
32.660 + "-----END CERTIFICATE-----");
32.661 +
32.662 + //
32.663 + // Compromised DigiNotar PKIoverheid CA Overheid
32.664 + //
32.665 +
32.666 + // DigiNotar intermediate, cross-signed by the Dutch government
32.667 + //
32.668 + // Subject: CN=DigiNotar PKIoverheid CA Overheid
32.669 + // O=DigiNotar B.V.,
32.670 + // C=NL
32.671 + // Issuer: CN=Staat der Nederlanden Overheid CA
32.672 + // O=Staat der Nederlanden,
32.673 + // C=NL
32.674 + // Serial: 20006006 (01:31:44:76)
32.675 + add("diginotar-pkioverheid-overheid-cross-to-nederlanden-01314476",
32.676 + "-----BEGIN CERTIFICATE-----\n" +
32.677 + "MIIEezCCA2OgAwIBAgIEATFEdjANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJO\n" +
32.678 + "TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSowKAYDVQQDEyFTdGFh\n" +
32.679 + "dCBkZXIgTmVkZXJsYW5kZW4gT3ZlcmhlaWQgQ0EwHhcNMDQwNjI0MDgxOTMyWhcN\n" +
32.680 + "MTAwNjIzMDgxNzM2WjBSMQswCQYDVQQGEwJOTDEXMBUGA1UEChMORGlnaU5vdGFy\n" +
32.681 + "IEIuVi4xKjAoBgNVBAMTIURpZ2lOb3RhciBQS0lvdmVyaGVpZCBDQSBPdmVyaGVp\n" +
32.682 + "ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANSlrubta5tlOjVCi/gb\n" +
32.683 + "yLCvRqfBjxG8H594VcKHu0WAYc99SPZF9cycj5mw2GyfQvy/WIrGrL4iyNq1gSqR\n" +
32.684 + "0QA/mTXKZIaPqzpDhdm+VvrKkmjrbZfaQxgMSs3ChtBsjcP9Lc0X1zXZ4Q8nBe3k\n" +
32.685 + "BTp+zehINfmbjoEgXLxsMR5RQ6GxzKjuC04PQpbJQgTIakglKaqYcDDZbEscWgPV\n" +
32.686 + "Hgj/2aoHlj6leW/ThHZ+O41jUguEmBLZA3mu3HrCfrHntb5dPt0ihzSx7GtD/SaX\n" +
32.687 + "5HBLxnP189YuqMk5iRA95CtiSdKauvon/xRKRLNgG6XAz0ctSoY7xLDdiBVU5kJd\n" +
32.688 + "FScCAwEAAaOCAVAwggFMMEgGA1UdIARBMD8wPQYEVR0gADA1MDMGCCsGAQUFBwIB\n" +
32.689 + "FidodHRwOi8vd3d3LmRpZ2lub3Rhci5ubC9jcHMvcGtpb3ZlcmhlaWQwDwYDVR0T\n" +
32.690 + "AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgYAGA1UdIwR5MHeAFAuG1g93o2ix\n" +
32.691 + "+2QJw4huXAQcV+k9oVmkVzBVMQswCQYDVQQGEwJOTDEeMBwGA1UEChMVU3RhYXQg\n" +
32.692 + "ZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFhdCBkZXIgTmVkZXJsYW5kZW4g\n" +
32.693 + "Um9vdCBDQYIEAJiaeTA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3JsLnBraW92\n" +
32.694 + "ZXJoZWlkLm5sL0RvbU92TGF0ZXN0Q1JMLmNybDAdBgNVHQ4EFgQUvRaYQh2+kdE9\n" +
32.695 + "wpcl4CjXWOC1f+IwDQYJKoZIhvcNAQEFBQADggEBAGhQsCWLiaN2EOhPAW+JQP6o\n" +
32.696 + "XBOrLv5w6joahzBFVn1BiefzmlMKjibqKYxURRvMAsMkh82/MfL8V0w6ugxl81lu\n" +
32.697 + "i42dcxl9cKSVXKMw4bbBzJ2VQI5HTIABwefeNuy/eX6idVwYdt3ajAH7fUA8Q9Cq\n" +
32.698 + "vr6H8B+8mwoEqTVTEVlCSsC/EXsokYEUr06PPzRudKjDmijgj7zFaIioZNc8hk7g\n" +
32.699 + "ufEgrs/tmcNGylrwRHgCXjCRBt2NHlZ08l7A1AGU8HcHlSbG9Un/2q9kVHUkps0D\n" +
32.700 + "gtUaEK+x6jpAu/R8Ojezu/+ZEcwwjI/KOhG+84+ejFmtyEkrUdsAdEdLf/2dKsw=\n" +
32.701 + "-----END CERTIFICATE-----");
32.702 +
32.703 + //
32.704 + // Compromised DigiNotar Services 1024 CA
32.705 + //
32.706 +
32.707 + // DigiNotar intermediate, cross-signed by the Entrust
32.708 + //
32.709 + // Subject: EMAILADDRESS=info@diginotar.nl,
32.710 + // CN=DigiNotar Services 1024 CA
32.711 + // O=DigiNotar, C=NL
32.712 + // Issuer: CN=Entrust.net Secure Server Certification Authority,
32.713 + // OU=(c) 1999 Entrust.net Limited,
32.714 + // OU=www.entrust.net/CPS incorp. by ref. (limits liab.),
32.715 + // O=Entrust.net,
32.716 + // C=US
32.717 + // Serial: 1184640176 (46:9c:2c:b0)
32.718 + add("diginotar-services-1024-ca-cross-to-entrust-469C2CB0",
32.719 + "-----BEGIN CERTIFICATE-----\n" +
32.720 + "MIIDzTCCAzagAwIBAgIERpwssDANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
32.721 + "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
32.722 + "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
32.723 + "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
32.724 + "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
32.725 + "MjYxNTU5MDBaFw0xMzA4MjYxNjI5MDBaMGgxCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
32.726 + "EwlEaWdpTm90YXIxIzAhBgNVBAMTGkRpZ2lOb3RhciBTZXJ2aWNlcyAxMDI0IENB\n" +
32.727 + "MSAwHgYJKoZIhvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCBnzANBgkqhkiG9w0B\n" +
32.728 + "AQEFAAOBjQAwgYkCgYEA2ptNXTz50eKLxsYIIMXZHkjsZlhneWIrQWP0iY1o2q+4\n" +
32.729 + "lDaLGSSkoJPSmQ+yrS01Tc0vauH5mxkrvAQafi09UmTN8T5nD4ku6PJPrqYIoYX+\n" +
32.730 + "oakJ5sarPkP8r3oDkdqmOaZh7phPGKjTs69mgumfvN1y+QYEvRLZGCTnq5NTi1kC\n" +
32.731 + "AwEAAaOCASYwggEiMBIGA1UdEwEB/wQIMAYBAf8CAQAwJwYDVR0lBCAwHgYIKwYB\n" +
32.732 + "BQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAwMwYI\n" +
32.733 + "KwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5l\n" +
32.734 + "dDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L3NlcnZl\n" +
32.735 + "cjEuY3JsMB0GA1UdDgQWBBT+3JRJDG/vXH/G8RKZTxZJrfuCZTALBgNVHQ8EBAMC\n" +
32.736 + "AQYwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7UISX8+1i0BowGQYJKoZIhvZ9B0EA\n" +
32.737 + "BAwwChsEVjcuMQMCAIEwDQYJKoZIhvcNAQEFBQADgYEAY3RqN6k/lpxmyFisCcnv\n" +
32.738 + "9WWUf6MCxDgxvV0jh+zUVrLJsm7kBQb87PX6iHBZ1O7m3bV6oKNgLwIMq94SXa/w\n" +
32.739 + "NUuqikeRGvWFLELHHe+VQ7NeuJWTpdrFKKqtci0xrZlrbP+MISevrZqRK8fdWMNu\n" +
32.740 + "B8WfedLHjFW/TMcnXlEWKz4=\n" +
32.741 + "-----END CERTIFICATE-----");
32.742 +
32.743 + }
32.744 +}
33.1 --- a/src/share/classes/sun/security/validator/SimpleValidator.java Thu Feb 23 12:03:21 2012 -0800
33.2 +++ b/src/share/classes/sun/security/validator/SimpleValidator.java Fri Feb 24 18:24:03 2012 -0800
33.3 @@ -1,5 +1,5 @@
33.4 /*
33.5 - * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
33.6 + * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
33.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
33.8 *
33.9 * This code is free software; you can redistribute it and/or modify it
33.10 @@ -40,6 +40,7 @@
33.11 import sun.security.util.ObjectIdentifier;
33.12
33.13 import sun.security.provider.certpath.AlgorithmChecker;
33.14 +import sun.security.provider.certpath.UntrustedChecker;
33.15
33.16 /**
33.17 * A simple validator implementation. It is based on code from the JSSE
33.18 @@ -137,6 +138,9 @@
33.19 date = new Date();
33.20 }
33.21
33.22 + // create distrusted certificates checker
33.23 + UntrustedChecker untrustedChecker = new UntrustedChecker();
33.24 +
33.25 // create default algorithm constraints checker
33.26 TrustAnchor anchor = new TrustAnchor(chain[chain.length - 1], null);
33.27 AlgorithmChecker defaultAlgChecker = new AlgorithmChecker(anchor);
33.28 @@ -154,6 +158,17 @@
33.29 X509Certificate issuerCert = chain[i + 1];
33.30 X509Certificate cert = chain[i];
33.31
33.32 + // check untrusted certificate
33.33 + try {
33.34 + // Untrusted checker does not care about the unresolved
33.35 + // critical extensions.
33.36 + untrustedChecker.check(cert, Collections.<String>emptySet());
33.37 + } catch (CertPathValidatorException cpve) {
33.38 + throw new ValidatorException(
33.39 + "Untrusted certificate: " + cert.getSubjectX500Principal(),
33.40 + ValidatorException.T_UNTRUSTED_CERT, cert, cpve);
33.41 + }
33.42 +
33.43 // check certificate algorithm
33.44 try {
33.45 // Algorithm checker does not care about the unresolved
34.1 --- a/src/share/classes/sun/security/validator/ValidatorException.java Thu Feb 23 12:03:21 2012 -0800
34.2 +++ b/src/share/classes/sun/security/validator/ValidatorException.java Fri Feb 24 18:24:03 2012 -0800
34.3 @@ -1,5 +1,5 @@
34.4 /*
34.5 - * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved.
34.6 + * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
34.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
34.8 *
34.9 * This code is free software; you can redistribute it and/or modify it
34.10 @@ -58,6 +58,9 @@
34.11 public final static Object T_ALGORITHM_DISABLED =
34.12 "Certificate signature algorithm disabled";
34.13
34.14 + public final static Object T_UNTRUSTED_CERT =
34.15 + "Untrusted certificate";
34.16 +
34.17 private Object type;
34.18 private X509Certificate cert;
34.19
35.1 --- a/src/share/native/java/lang/System.c Thu Feb 23 12:03:21 2012 -0800
35.2 +++ b/src/share/native/java/lang/System.c Fri Feb 24 18:24:03 2012 -0800
35.3 @@ -235,7 +235,14 @@
35.4 }
35.5 PUTPROP(props, "file.encoding", sprops->encoding);
35.6 PUTPROP(props, "sun.jnu.encoding", sprops->sun_jnu_encoding);
35.7 + if (sprops->sun_stdout_encoding != NULL) {
35.8 + PUTPROP(props, "sun.stdout.encoding", sprops->sun_stdout_encoding);
35.9 + }
35.10 + if (sprops->sun_stderr_encoding != NULL) {
35.11 + PUTPROP(props, "sun.stderr.encoding", sprops->sun_stderr_encoding);
35.12 + }
35.13 PUTPROP(props, "file.encoding.pkg", "sun.io");
35.14 +
35.15 /* unicode_encoding specifies the default endianness */
35.16 PUTPROP(props, "sun.io.unicode.encoding", sprops->unicode_encoding);
35.17 PUTPROP(props, "sun.cpu.isalist",
36.1 --- a/src/share/native/java/lang/java_props.h Thu Feb 23 12:03:21 2012 -0800
36.2 +++ b/src/share/native/java/lang/java_props.h Fri Feb 24 18:24:03 2012 -0800
36.3 @@ -66,6 +66,8 @@
36.4 char *display_variant;
36.5 char *encoding;
36.6 char *sun_jnu_encoding;
36.7 + char *sun_stdout_encoding;
36.8 + char *sun_stderr_encoding;
36.9 char *timezone;
36.10
36.11 char *printerJob;
37.1 --- a/src/share/native/java/util/zip/zip_util.c Thu Feb 23 12:03:21 2012 -0800
37.2 +++ b/src/share/native/java/util/zip/zip_util.c Fri Feb 24 18:24:03 2012 -0800
37.3 @@ -521,7 +521,7 @@
37.4 {
37.5 jint count = 0;
37.6 ptrdiff_t i;
37.7 - for (i = 0; i + CENHDR < end - beg; i += CENSIZE(beg + i))
37.8 + for (i = 0; i + CENHDR <= end - beg; i += CENSIZE(beg + i))
37.9 count++;
37.10 return count;
37.11 }
38.1 --- a/src/solaris/native/sun/nio/ch/FileDispatcherImpl.c Thu Feb 23 12:03:21 2012 -0800
38.2 +++ b/src/solaris/native/sun/nio/ch/FileDispatcherImpl.c Fri Feb 24 18:24:03 2012 -0800
38.3 @@ -191,7 +191,7 @@
38.4 }
38.5 lockResult = fcntl(fd, cmd, &fl);
38.6 if (lockResult < 0) {
38.7 - if ((cmd == F_SETLK64) && (errno == EAGAIN))
38.8 + if ((cmd == F_SETLK64) && (errno == EAGAIN || errno == EACCES))
38.9 return sun_nio_ch_FileDispatcherImpl_NO_LOCK;
38.10 if (errno == EINTR)
38.11 return sun_nio_ch_FileDispatcherImpl_INTERRUPTED;
39.1 --- a/src/windows/classes/sun/java2d/d3d/D3DRenderer.java Thu Feb 23 12:03:21 2012 -0800
39.2 +++ b/src/windows/classes/sun/java2d/d3d/D3DRenderer.java Fri Feb 24 18:24:03 2012 -0800
39.3 @@ -27,6 +27,7 @@
39.4
39.5 import java.awt.Transparency;
39.6 import java.awt.geom.Path2D;
39.7 +import sun.java2d.InvalidPipeException;
39.8 import sun.java2d.SunGraphics2D;
39.9 import sun.java2d.loops.GraphicsPrimitive;
39.10 import sun.java2d.pipe.BufferedPaints;
39.11 @@ -47,7 +48,12 @@
39.12 int ctxflags =
39.13 sg2d.paint.getTransparency() == Transparency.OPAQUE ?
39.14 D3DContext.SRC_IS_OPAQUE : D3DContext.NO_CONTEXT_FLAGS;
39.15 - D3DSurfaceData dstData = (D3DSurfaceData)sg2d.surfaceData;
39.16 + D3DSurfaceData dstData;
39.17 + try {
39.18 + dstData = (D3DSurfaceData)sg2d.surfaceData;
39.19 + } catch (ClassCastException e) {
39.20 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
39.21 + }
39.22 D3DContext.validateContext(dstData, dstData,
39.23 sg2d.getCompClip(), sg2d.composite,
39.24 null, sg2d.paint, sg2d, ctxflags);
39.25 @@ -56,7 +62,12 @@
39.26 @Override
39.27 protected void validateContextAA(SunGraphics2D sg2d) {
39.28 int ctxflags = D3DContext.NO_CONTEXT_FLAGS;
39.29 - D3DSurfaceData dstData = (D3DSurfaceData)sg2d.surfaceData;
39.30 + D3DSurfaceData dstData;
39.31 + try {
39.32 + dstData = (D3DSurfaceData)sg2d.surfaceData;
39.33 + } catch (ClassCastException e) {
39.34 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
39.35 + }
39.36 D3DContext.validateContext(dstData, dstData,
39.37 sg2d.getCompClip(), sg2d.composite,
39.38 null, sg2d.paint, sg2d, ctxflags);
39.39 @@ -70,7 +81,12 @@
39.40 int ctxflags =
39.41 sg2d.surfaceData.getTransparency() == Transparency.OPAQUE ?
39.42 D3DContext.SRC_IS_OPAQUE : D3DContext.NO_CONTEXT_FLAGS;
39.43 - D3DSurfaceData dstData = (D3DSurfaceData)sg2d.surfaceData;
39.44 + D3DSurfaceData dstData;
39.45 + try {
39.46 + dstData = (D3DSurfaceData)sg2d.surfaceData;
39.47 + } catch (ClassCastException e) {
39.48 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
39.49 + }
39.50 D3DContext.validateContext(dstData, dstData,
39.51 sg2d.getCompClip(), sg2d.composite,
39.52 null, null, null, ctxflags);
40.1 --- a/src/windows/classes/sun/java2d/windows/GDIRenderer.java Thu Feb 23 12:03:21 2012 -0800
40.2 +++ b/src/windows/classes/sun/java2d/windows/GDIRenderer.java Fri Feb 24 18:24:03 2012 -0800
40.3 @@ -29,6 +29,7 @@
40.4 import java.awt.Shape;
40.5 import java.awt.geom.Path2D;
40.6 import java.awt.geom.PathIterator;
40.7 +import sun.java2d.InvalidPipeException;
40.8 import sun.java2d.SunGraphics2D;
40.9 import sun.java2d.SurfaceData;
40.10 import sun.java2d.pipe.Region;
40.11 @@ -45,7 +46,7 @@
40.12 PixelFillPipe,
40.13 ShapeDrawPipe
40.14 {
40.15 - native void doDrawLine(SurfaceData sData,
40.16 + native void doDrawLine(GDIWindowSurfaceData sData,
40.17 Region clip, Composite comp, int color,
40.18 int x1, int y1, int x2, int y2);
40.19
40.20 @@ -54,24 +55,32 @@
40.21 {
40.22 int transx = sg2d.transX;
40.23 int transy = sg2d.transY;
40.24 - doDrawLine(sg2d.surfaceData,
40.25 - sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.26 - x1+transx, y1+transy, x2+transx, y2+transy);
40.27 + try {
40.28 + doDrawLine((GDIWindowSurfaceData)sg2d.surfaceData,
40.29 + sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.30 + x1+transx, y1+transy, x2+transx, y2+transy);
40.31 + } catch (ClassCastException e) {
40.32 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.33 + }
40.34 }
40.35
40.36 - native void doDrawRect(SurfaceData sData,
40.37 + native void doDrawRect(GDIWindowSurfaceData sData,
40.38 Region clip, Composite comp, int color,
40.39 int x, int y, int w, int h);
40.40
40.41 public void drawRect(SunGraphics2D sg2d,
40.42 int x, int y, int width, int height)
40.43 {
40.44 - doDrawRect(sg2d.surfaceData,
40.45 - sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.46 - x+sg2d.transX, y+sg2d.transY, width, height);
40.47 + try {
40.48 + doDrawRect((GDIWindowSurfaceData)sg2d.surfaceData,
40.49 + sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.50 + x+sg2d.transX, y+sg2d.transY, width, height);
40.51 + } catch (ClassCastException e) {
40.52 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.53 + }
40.54 }
40.55
40.56 - native void doDrawRoundRect(SurfaceData sData,
40.57 + native void doDrawRoundRect(GDIWindowSurfaceData sData,
40.58 Region clip, Composite comp, int color,
40.59 int x, int y, int w, int h,
40.60 int arcW, int arcH);
40.61 @@ -80,25 +89,33 @@
40.62 int x, int y, int width, int height,
40.63 int arcWidth, int arcHeight)
40.64 {
40.65 - doDrawRoundRect(sg2d.surfaceData,
40.66 - sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.67 - x+sg2d.transX, y+sg2d.transY, width, height,
40.68 - arcWidth, arcHeight);
40.69 + try {
40.70 + doDrawRoundRect((GDIWindowSurfaceData)sg2d.surfaceData,
40.71 + sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.72 + x+sg2d.transX, y+sg2d.transY, width, height,
40.73 + arcWidth, arcHeight);
40.74 + } catch (ClassCastException e) {
40.75 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.76 + }
40.77 }
40.78
40.79 - native void doDrawOval(SurfaceData sData,
40.80 + native void doDrawOval(GDIWindowSurfaceData sData,
40.81 Region clip, Composite comp, int color,
40.82 int x, int y, int w, int h);
40.83
40.84 public void drawOval(SunGraphics2D sg2d,
40.85 int x, int y, int width, int height)
40.86 {
40.87 - doDrawOval(sg2d.surfaceData,
40.88 - sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.89 - x+sg2d.transX, y+sg2d.transY, width, height);
40.90 + try {
40.91 + doDrawOval((GDIWindowSurfaceData)sg2d.surfaceData,
40.92 + sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.93 + x+sg2d.transX, y+sg2d.transY, width, height);
40.94 + } catch (ClassCastException e) {
40.95 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.96 + }
40.97 }
40.98
40.99 - native void doDrawArc(SurfaceData sData,
40.100 + native void doDrawArc(GDIWindowSurfaceData sData,
40.101 Region clip, Composite comp, int color,
40.102 int x, int y, int w, int h,
40.103 int angleStart, int angleExtent);
40.104 @@ -107,13 +124,17 @@
40.105 int x, int y, int width, int height,
40.106 int startAngle, int arcAngle)
40.107 {
40.108 - doDrawArc(sg2d.surfaceData,
40.109 - sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.110 - x+sg2d.transX, y+sg2d.transY, width, height,
40.111 - startAngle, arcAngle);
40.112 + try {
40.113 + doDrawArc((GDIWindowSurfaceData)sg2d.surfaceData,
40.114 + sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.115 + x+sg2d.transX, y+sg2d.transY, width, height,
40.116 + startAngle, arcAngle);
40.117 + } catch (ClassCastException e) {
40.118 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.119 + }
40.120 }
40.121
40.122 - native void doDrawPoly(SurfaceData sData,
40.123 + native void doDrawPoly(GDIWindowSurfaceData sData,
40.124 Region clip, Composite comp, int color,
40.125 int transx, int transy,
40.126 int[] xpoints, int[] ypoints,
40.127 @@ -123,33 +144,45 @@
40.128 int xpoints[], int ypoints[],
40.129 int npoints)
40.130 {
40.131 - doDrawPoly(sg2d.surfaceData,
40.132 - sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.133 - sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, false);
40.134 + try {
40.135 + doDrawPoly((GDIWindowSurfaceData)sg2d.surfaceData,
40.136 + sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.137 + sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, false);
40.138 + } catch (ClassCastException e) {
40.139 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.140 + }
40.141 }
40.142
40.143 public void drawPolygon(SunGraphics2D sg2d,
40.144 int xpoints[], int ypoints[],
40.145 int npoints)
40.146 {
40.147 - doDrawPoly(sg2d.surfaceData,
40.148 - sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.149 - sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, true);
40.150 + try {
40.151 + doDrawPoly((GDIWindowSurfaceData)sg2d.surfaceData,
40.152 + sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.153 + sg2d.transX, sg2d.transY, xpoints, ypoints, npoints, true);
40.154 + } catch (ClassCastException e) {
40.155 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.156 + }
40.157 }
40.158
40.159 - native void doFillRect(SurfaceData sData,
40.160 + native void doFillRect(GDIWindowSurfaceData sData,
40.161 Region clip, Composite comp, int color,
40.162 int x, int y, int w, int h);
40.163
40.164 public void fillRect(SunGraphics2D sg2d,
40.165 int x, int y, int width, int height)
40.166 {
40.167 - doFillRect(sg2d.surfaceData,
40.168 - sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.169 - x+sg2d.transX, y+sg2d.transY, width, height);
40.170 + try {
40.171 + doFillRect((GDIWindowSurfaceData)sg2d.surfaceData,
40.172 + sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.173 + x+sg2d.transX, y+sg2d.transY, width, height);
40.174 + } catch (ClassCastException e) {
40.175 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.176 + }
40.177 }
40.178
40.179 - native void doFillRoundRect(SurfaceData sData,
40.180 + native void doFillRoundRect(GDIWindowSurfaceData sData,
40.181 Region clip, Composite comp, int color,
40.182 int x, int y, int w, int h,
40.183 int arcW, int arcH);
40.184 @@ -158,25 +191,33 @@
40.185 int x, int y, int width, int height,
40.186 int arcWidth, int arcHeight)
40.187 {
40.188 - doFillRoundRect(sg2d.surfaceData,
40.189 - sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.190 - x+sg2d.transX, y+sg2d.transY, width, height,
40.191 - arcWidth, arcHeight);
40.192 + try {
40.193 + doFillRoundRect((GDIWindowSurfaceData)sg2d.surfaceData,
40.194 + sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.195 + x+sg2d.transX, y+sg2d.transY, width, height,
40.196 + arcWidth, arcHeight);
40.197 + } catch (ClassCastException e) {
40.198 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.199 + }
40.200 }
40.201
40.202 - native void doFillOval(SurfaceData sData,
40.203 + native void doFillOval(GDIWindowSurfaceData sData,
40.204 Region clip, Composite comp, int color,
40.205 int x, int y, int w, int h);
40.206
40.207 public void fillOval(SunGraphics2D sg2d,
40.208 int x, int y, int width, int height)
40.209 {
40.210 - doFillOval(sg2d.surfaceData,
40.211 - sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.212 - x+sg2d.transX, y+sg2d.transY, width, height);
40.213 + try {
40.214 + doFillOval((GDIWindowSurfaceData)sg2d.surfaceData,
40.215 + sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.216 + x+sg2d.transX, y+sg2d.transY, width, height);
40.217 + } catch (ClassCastException e) {
40.218 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.219 + }
40.220 }
40.221
40.222 - native void doFillArc(SurfaceData sData,
40.223 + native void doFillArc(GDIWindowSurfaceData sData,
40.224 Region clip, Composite comp, int color,
40.225 int x, int y, int w, int h,
40.226 int angleStart, int angleExtent);
40.227 @@ -185,13 +226,17 @@
40.228 int x, int y, int width, int height,
40.229 int startAngle, int arcAngle)
40.230 {
40.231 - doFillArc(sg2d.surfaceData,
40.232 - sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.233 - x+sg2d.transX, y+sg2d.transY, width, height,
40.234 - startAngle, arcAngle);
40.235 + try {
40.236 + doFillArc((GDIWindowSurfaceData)sg2d.surfaceData,
40.237 + sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.238 + x+sg2d.transX, y+sg2d.transY, width, height,
40.239 + startAngle, arcAngle);
40.240 + } catch (ClassCastException e) {
40.241 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.242 + }
40.243 }
40.244
40.245 - native void doFillPoly(SurfaceData sData,
40.246 + native void doFillPoly(GDIWindowSurfaceData sData,
40.247 Region clip, Composite comp, int color,
40.248 int transx, int transy,
40.249 int[] xpoints, int[] ypoints,
40.250 @@ -201,12 +246,16 @@
40.251 int xpoints[], int ypoints[],
40.252 int npoints)
40.253 {
40.254 - doFillPoly(sg2d.surfaceData,
40.255 - sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.256 - sg2d.transX, sg2d.transY, xpoints, ypoints, npoints);
40.257 + try {
40.258 + doFillPoly((GDIWindowSurfaceData)sg2d.surfaceData,
40.259 + sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.260 + sg2d.transX, sg2d.transY, xpoints, ypoints, npoints);
40.261 + } catch (ClassCastException e) {
40.262 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.263 + }
40.264 }
40.265
40.266 - native void doShape(SurfaceData sData,
40.267 + native void doShape(GDIWindowSurfaceData sData,
40.268 Region clip, Composite comp, int color,
40.269 int transX, int transY,
40.270 Path2D.Float p2df, boolean isfill);
40.271 @@ -228,9 +277,13 @@
40.272 transX = 0;
40.273 transY = 0;
40.274 }
40.275 - doShape(sg2d.surfaceData,
40.276 - sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.277 - transX, transY, p2df, isfill);
40.278 + try {
40.279 + doShape((GDIWindowSurfaceData)sg2d.surfaceData,
40.280 + sg2d.getCompClip(), sg2d.composite, sg2d.eargb,
40.281 + transX, transY, p2df, isfill);
40.282 + } catch (ClassCastException e) {
40.283 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.284 + }
40.285 }
40.286
40.287 // REMIND: This is just a hack to get WIDE lines to honor the
40.288 @@ -239,7 +292,12 @@
40.289 // method that could be filled by the doShape method more quickly.
40.290 public void doFillSpans(SunGraphics2D sg2d, SpanIterator si) {
40.291 int box[] = new int[4];
40.292 - SurfaceData sd = sg2d.surfaceData;
40.293 + GDIWindowSurfaceData sd;
40.294 + try {
40.295 + sd = (GDIWindowSurfaceData)sg2d.surfaceData;
40.296 + } catch (ClassCastException e) {
40.297 + throw new InvalidPipeException("wrong surface data type: " + sg2d.surfaceData);
40.298 + }
40.299 Region clip = sg2d.getCompClip();
40.300 Composite comp = sg2d.composite;
40.301 int eargb = sg2d.eargb;
40.302 @@ -268,7 +326,7 @@
40.303 doShape(sg2d, s, true);
40.304 }
40.305
40.306 - public native void devCopyArea(SurfaceData sData,
40.307 + public native void devCopyArea(GDIWindowSurfaceData sData,
40.308 int srcx, int srcy,
40.309 int dx, int dy,
40.310 int w, int h);
40.311 @@ -278,21 +336,21 @@
40.312 }
40.313
40.314 public static class Tracer extends GDIRenderer {
40.315 - void doDrawLine(SurfaceData sData,
40.316 + void doDrawLine(GDIWindowSurfaceData sData,
40.317 Region clip, Composite comp, int color,
40.318 int x1, int y1, int x2, int y2)
40.319 {
40.320 GraphicsPrimitive.tracePrimitive("GDIDrawLine");
40.321 super.doDrawLine(sData, clip, comp, color, x1, y1, x2, y2);
40.322 }
40.323 - void doDrawRect(SurfaceData sData,
40.324 + void doDrawRect(GDIWindowSurfaceData sData,
40.325 Region clip, Composite comp, int color,
40.326 int x, int y, int w, int h)
40.327 {
40.328 GraphicsPrimitive.tracePrimitive("GDIDrawRect");
40.329 super.doDrawRect(sData, clip, comp, color, x, y, w, h);
40.330 }
40.331 - void doDrawRoundRect(SurfaceData sData,
40.332 + void doDrawRoundRect(GDIWindowSurfaceData sData,
40.333 Region clip, Composite comp, int color,
40.334 int x, int y, int w, int h,
40.335 int arcW, int arcH)
40.336 @@ -301,14 +359,14 @@
40.337 super.doDrawRoundRect(sData, clip, comp, color,
40.338 x, y, w, h, arcW, arcH);
40.339 }
40.340 - void doDrawOval(SurfaceData sData,
40.341 + void doDrawOval(GDIWindowSurfaceData sData,
40.342 Region clip, Composite comp, int color,
40.343 int x, int y, int w, int h)
40.344 {
40.345 GraphicsPrimitive.tracePrimitive("GDIDrawOval");
40.346 super.doDrawOval(sData, clip, comp, color, x, y, w, h);
40.347 }
40.348 - void doDrawArc(SurfaceData sData,
40.349 + void doDrawArc(GDIWindowSurfaceData sData,
40.350 Region clip, Composite comp, int color,
40.351 int x, int y, int w, int h,
40.352 int angleStart, int angleExtent)
40.353 @@ -317,7 +375,7 @@
40.354 super.doDrawArc(sData, clip, comp, color, x, y, w, h,
40.355 angleStart, angleExtent);
40.356 }
40.357 - void doDrawPoly(SurfaceData sData,
40.358 + void doDrawPoly(GDIWindowSurfaceData sData,
40.359 Region clip, Composite comp, int color,
40.360 int transx, int transy,
40.361 int[] xpoints, int[] ypoints,
40.362 @@ -327,14 +385,14 @@
40.363 super.doDrawPoly(sData, clip, comp, color, transx, transy,
40.364 xpoints, ypoints, npoints, isclosed);
40.365 }
40.366 - void doFillRect(SurfaceData sData,
40.367 + void doFillRect(GDIWindowSurfaceData sData,
40.368 Region clip, Composite comp, int color,
40.369 int x, int y, int w, int h)
40.370 {
40.371 GraphicsPrimitive.tracePrimitive("GDIFillRect");
40.372 super.doFillRect(sData, clip, comp, color, x, y, w, h);
40.373 }
40.374 - void doFillRoundRect(SurfaceData sData,
40.375 + void doFillRoundRect(GDIWindowSurfaceData sData,
40.376 Region clip, Composite comp, int color,
40.377 int x, int y, int w, int h,
40.378 int arcW, int arcH)
40.379 @@ -343,14 +401,14 @@
40.380 super.doFillRoundRect(sData, clip, comp, color,
40.381 x, y, w, h, arcW, arcH);
40.382 }
40.383 - void doFillOval(SurfaceData sData,
40.384 + void doFillOval(GDIWindowSurfaceData sData,
40.385 Region clip, Composite comp, int color,
40.386 int x, int y, int w, int h)
40.387 {
40.388 GraphicsPrimitive.tracePrimitive("GDIFillOval");
40.389 super.doFillOval(sData, clip, comp, color, x, y, w, h);
40.390 }
40.391 - void doFillArc(SurfaceData sData,
40.392 + void doFillArc(GDIWindowSurfaceData sData,
40.393 Region clip, Composite comp, int color,
40.394 int x, int y, int w, int h,
40.395 int angleStart, int angleExtent)
40.396 @@ -359,7 +417,7 @@
40.397 super.doFillArc(sData, clip, comp, color, x, y, w, h,
40.398 angleStart, angleExtent);
40.399 }
40.400 - void doFillPoly(SurfaceData sData,
40.401 + void doFillPoly(GDIWindowSurfaceData sData,
40.402 Region clip, Composite comp, int color,
40.403 int transx, int transy,
40.404 int[] xpoints, int[] ypoints,
40.405 @@ -369,7 +427,7 @@
40.406 super.doFillPoly(sData, clip, comp, color, transx, transy,
40.407 xpoints, ypoints, npoints);
40.408 }
40.409 - void doShape(SurfaceData sData,
40.410 + void doShape(GDIWindowSurfaceData sData,
40.411 Region clip, Composite comp, int color,
40.412 int transX, int transY,
40.413 Path2D.Float p2df, boolean isfill)
40.414 @@ -380,7 +438,7 @@
40.415 super.doShape(sData, clip, comp, color,
40.416 transX, transY, p2df, isfill);
40.417 }
40.418 - public void devCopyArea(SurfaceData sData,
40.419 + public void devCopyArea(GDIWindowSurfaceData sData,
40.420 int srcx, int srcy,
40.421 int dx, int dy,
40.422 int w, int h)
41.1 --- a/src/windows/classes/sun/nio/ch/NativeThread.java Thu Feb 23 12:03:21 2012 -0800
41.2 +++ b/src/windows/classes/sun/nio/ch/NativeThread.java Fri Feb 24 18:24:03 2012 -0800
41.3 @@ -31,7 +31,11 @@
41.4
41.5 class NativeThread {
41.6
41.7 - static long current() { return -1; }
41.8 + static long current() {
41.9 + // return 0 to ensure that async close of blocking sockets will close
41.10 + // the underlying socket.
41.11 + return 0;
41.12 + }
41.13
41.14 static void signal(long nt) { }
41.15
42.1 --- a/src/windows/classes/sun/nio/ch/SocketDispatcher.java Thu Feb 23 12:03:21 2012 -0800
42.2 +++ b/src/windows/classes/sun/nio/ch/SocketDispatcher.java Fri Feb 24 18:24:03 2012 -0800
42.3 @@ -55,10 +55,11 @@
42.4 return writev0(fd, address, len);
42.5 }
42.6
42.7 - void close(FileDescriptor fd) throws IOException {
42.8 + void preClose(FileDescriptor fd) throws IOException {
42.9 + preClose0(fd);
42.10 }
42.11
42.12 - void preClose(FileDescriptor fd) throws IOException {
42.13 + void close(FileDescriptor fd) throws IOException {
42.14 close0(fd);
42.15 }
42.16
42.17 @@ -75,5 +76,7 @@
42.18 static native long writev0(FileDescriptor fd, long address, int len)
42.19 throws IOException;
42.20
42.21 + static native void preClose0(FileDescriptor fd) throws IOException;
42.22 +
42.23 static native void close0(FileDescriptor fd) throws IOException;
42.24 }
43.1 --- a/src/windows/native/java/lang/java_props_md.c Thu Feb 23 12:03:21 2012 -0800
43.2 +++ b/src/windows/native/java/lang/java_props_md.c Fri Feb 24 18:24:03 2012 -0800
43.3 @@ -31,6 +31,9 @@
43.4 #include <sys/timeb.h>
43.5 #include <tchar.h>
43.6
43.7 +#include <stdlib.h>
43.8 +#include <Wincon.h>
43.9 +
43.10 #include "locale_str.h"
43.11 #include "java_props.h"
43.12
43.13 @@ -123,6 +126,17 @@
43.14 return ret;
43.15 }
43.16
43.17 +static char* getConsoleEncoding()
43.18 +{
43.19 + char* buf = malloc(16);
43.20 + int cp = GetConsoleCP();
43.21 + if (cp >= 874 && cp <= 950)
43.22 + sprintf(buf, "ms%d", cp);
43.23 + else
43.24 + sprintf(buf, "cp%d", cp);
43.25 + return buf;
43.26 +}
43.27 +
43.28 // Exported entries for AWT
43.29 DllExport const char *
43.30 getEncodingFromLangID(LANGID langID)
43.31 @@ -562,6 +576,7 @@
43.32
43.33 {
43.34 char * display_encoding;
43.35 + HANDLE hStdOutErr;
43.36
43.37 // Windows UI Language selection list only cares "language"
43.38 // information of the UI Language. For example, the list
43.39 @@ -606,6 +621,20 @@
43.40 sprops.encoding = "MS950_HKSCS";
43.41 sprops.sun_jnu_encoding = "MS950_HKSCS";
43.42 }
43.43 +
43.44 + hStdOutErr = GetStdHandle(STD_OUTPUT_HANDLE);
43.45 + if (hStdOutErr != INVALID_HANDLE_VALUE &&
43.46 + GetFileType(hStdOutErr) == FILE_TYPE_CHAR) {
43.47 + sprops.sun_stdout_encoding = getConsoleEncoding();
43.48 + }
43.49 + hStdOutErr = GetStdHandle(STD_ERROR_HANDLE);
43.50 + if (hStdOutErr != INVALID_HANDLE_VALUE &&
43.51 + GetFileType(hStdOutErr) == FILE_TYPE_CHAR) {
43.52 + if (sprops.sun_stdout_encoding != NULL)
43.53 + sprops.sun_stderr_encoding = sprops.sun_stdout_encoding;
43.54 + else
43.55 + sprops.sun_stderr_encoding = getConsoleEncoding();
43.56 + }
43.57 }
43.58 }
43.59
44.1 --- a/src/windows/native/sun/java2d/windows/GDIRenderer.cpp Thu Feb 23 12:03:21 2012 -0800
44.2 +++ b/src/windows/native/sun/java2d/windows/GDIRenderer.cpp Fri Feb 24 18:24:03 2012 -0800
44.3 @@ -117,7 +117,7 @@
44.4 /*
44.5 * Class: sun_java2d_windows_GDIRenderer
44.6 * Method: doDrawLine
44.7 - * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
44.8 + * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
44.9 */
44.10 JNIEXPORT void JNICALL
44.11 Java_sun_java2d_windows_GDIRenderer_doDrawLine
44.12 @@ -164,7 +164,7 @@
44.13 /*
44.14 * Class: sun_java2d_windows_GDIRenderer
44.15 * Method: doDrawRect
44.16 - * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
44.17 + * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
44.18 */
44.19 JNIEXPORT void JNICALL
44.20 Java_sun_java2d_windows_GDIRenderer_doDrawRect
44.21 @@ -209,7 +209,7 @@
44.22 /*
44.23 * Class: sun_java2d_windows_GDIRenderer
44.24 * Method: doDrawRoundRect
44.25 - * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
44.26 + * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
44.27 */
44.28 JNIEXPORT void JNICALL
44.29 Java_sun_java2d_windows_GDIRenderer_doDrawRoundRect
44.30 @@ -253,7 +253,7 @@
44.31 /*
44.32 * Class: sun_java2d_windows_GDIRenderer
44.33 * Method: doDrawOval
44.34 - * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
44.35 + * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
44.36 */
44.37 JNIEXPORT void JNICALL
44.38 Java_sun_java2d_windows_GDIRenderer_doDrawOval
44.39 @@ -291,7 +291,7 @@
44.40 /*
44.41 * Class: sun_java2d_windows_GDIRenderer
44.42 * Method: doDrawArc
44.43 - * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
44.44 + * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
44.45 */
44.46 JNIEXPORT void JNICALL
44.47 Java_sun_java2d_windows_GDIRenderer_doDrawArc
44.48 @@ -347,7 +347,7 @@
44.49 /*
44.50 * Class: sun_java2d_windows_GDIRenderer
44.51 * Method: doDrawPoly
44.52 - * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[IIZ)V
44.53 + * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[IIZ)V
44.54 */
44.55 JNIEXPORT void JNICALL
44.56 Java_sun_java2d_windows_GDIRenderer_doDrawPoly
44.57 @@ -412,7 +412,7 @@
44.58 /*
44.59 * Class: sun_java2d_windows_GDIRenderer
44.60 * Method: doFillRect
44.61 - * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
44.62 + * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
44.63 */
44.64 JNIEXPORT void JNICALL
44.65 Java_sun_java2d_windows_GDIRenderer_doFillRect
44.66 @@ -445,7 +445,7 @@
44.67 /*
44.68 * Class: sun_java2d_windows_GDIRenderer
44.69 * Method: doFillRoundRect
44.70 - * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
44.71 + * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
44.72 */
44.73 JNIEXPORT void JNICALL
44.74 Java_sun_java2d_windows_GDIRenderer_doFillRoundRect
44.75 @@ -488,7 +488,7 @@
44.76 /*
44.77 * Class: sun_java2d_windows_GDIRenderer
44.78 * Method: doFillOval
44.79 - * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
44.80 + * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIII)V
44.81 */
44.82 JNIEXPORT void JNICALL
44.83 Java_sun_java2d_windows_GDIRenderer_doFillOval
44.84 @@ -555,7 +555,7 @@
44.85 /*
44.86 * Class: sun_java2d_windows_GDIRenderer
44.87 * Method: doFillArc
44.88 - * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
44.89 + * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;IIIIIII)V
44.90 */
44.91 JNIEXPORT void JNICALL
44.92 Java_sun_java2d_windows_GDIRenderer_doFillArc
44.93 @@ -615,7 +615,7 @@
44.94 /*
44.95 * Class: sun_java2d_windows_GDIRenderer
44.96 * Method: doFillPoly
44.97 - * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[II)V
44.98 + * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;Ljava/awt/Composite;III[I[II)V
44.99 */
44.100 JNIEXPORT void JNICALL
44.101 Java_sun_java2d_windows_GDIRenderer_doFillPoly
44.102 @@ -680,7 +680,7 @@
44.103 /*
44.104 * Class: sun_java2d_windows_GDIRenderer
44.105 * Method: doShape
44.106 - * Signature: (Lsun/java2d/SurfaceData;Lsun/java2d/pipe/Region;
44.107 + * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;Lsun/java2d/pipe/Region;
44.108 * Ljava/awt/Composite;IIILjava/awt/geom/Path2D.Float;Z)V
44.109 */
44.110 JNIEXPORT void JNICALL
44.111 @@ -863,7 +863,7 @@
44.112 /*
44.113 * Class: sun_java2d_windows_GDIRenderer
44.114 * Method: devCopyArea
44.115 - * Signature: (Lsun/awt/windows/SurfaceData;IIIIII)V
44.116 + * Signature: (Lsun/java2d/windows/GDIWindowSurfaceData;IIIIII)V
44.117 */
44.118 JNIEXPORT void JNICALL
44.119 Java_sun_java2d_windows_GDIRenderer_devCopyArea
45.1 --- a/src/windows/native/sun/nio/ch/SocketDispatcher.c Thu Feb 23 12:03:21 2012 -0800
45.2 +++ b/src/windows/native/sun/nio/ch/SocketDispatcher.c Fri Feb 24 18:24:03 2012 -0800
45.3 @@ -238,23 +238,25 @@
45.4 }
45.5
45.6 JNIEXPORT void JNICALL
45.7 +Java_sun_nio_ch_SocketDispatcher_preClose0(JNIEnv *env, jclass clazz,
45.8 + jobject fdo)
45.9 +{
45.10 + jint fd = fdval(env, fdo);
45.11 + struct linger l;
45.12 + int len = sizeof(l);
45.13 + if (getsockopt(fd, SOL_SOCKET, SO_LINGER, (char *)&l, &len) == 0) {
45.14 + if (l.l_onoff == 0) {
45.15 + WSASendDisconnect(fd, NULL);
45.16 + }
45.17 + }
45.18 +}
45.19 +
45.20 +JNIEXPORT void JNICALL
45.21 Java_sun_nio_ch_SocketDispatcher_close0(JNIEnv *env, jclass clazz,
45.22 jobject fdo)
45.23 {
45.24 jint fd = fdval(env, fdo);
45.25 - struct linger l;
45.26 - int len = sizeof(l);
45.27 -
45.28 - if (fd != -1) {
45.29 - int result = 0;
45.30 - if (getsockopt(fd, SOL_SOCKET, SO_LINGER, (char *)&l, &len) == 0) {
45.31 - if (l.l_onoff == 0) {
45.32 - WSASendDisconnect(fd, NULL);
45.33 - }
45.34 - }
45.35 - result = closesocket(fd);
45.36 - if (result == SOCKET_ERROR) {
45.37 - JNU_ThrowIOExceptionWithLastError(env, "Socket close failed");
45.38 - }
45.39 + if (closesocket(fd) == SOCKET_ERROR) {
45.40 + JNU_ThrowIOExceptionWithLastError(env, "Socket close failed");
45.41 }
45.42 }
46.1 --- a/test/Makefile Thu Feb 23 12:03:21 2012 -0800
46.2 +++ b/test/Makefile Fri Feb 24 18:24:03 2012 -0800
46.3 @@ -432,14 +432,14 @@
46.4 javax/imageio javax/print sun/pisces)
46.5 $(call RunOthervmBatch)
46.6
46.7 -# Stable agentvm testruns (minus items from PROBLEM_LIST)
46.8 +# Stable othervm testruns (minus items from PROBLEM_LIST)
46.9 JDK_ALL_TARGETS += jdk_beans1
46.10 JDK_DEFAULT_TARGETS += jdk_beans1
46.11 jdk_beans1: $(call TestDirs, \
46.12 java/beans/beancontext java/beans/PropertyChangeSupport \
46.13 java/beans/Introspector java/beans/Performance \
46.14 java/beans/VetoableChangeSupport java/beans/Statement)
46.15 - $(call RunAgentvmBatch)
46.16 + $(call RunOthervmBatch)
46.17
46.18 # Stable othervm testruns (minus items from PROBLEM_LIST)
46.19 # Using agentvm has serious problems with these tests
47.1 --- a/test/ProblemList.txt Thu Feb 23 12:03:21 2012 -0800
47.2 +++ b/test/ProblemList.txt Fri Feb 24 18:24:03 2012 -0800
47.3 @@ -114,83 +114,10 @@
47.4
47.5 # jdk_awt
47.6
47.7 -# None of the awt tests are using samevm, might not be worth the effort due
47.8 -# to the vm overhead not being enough to make a difference.
47.9 -# In general, the awt tests are problematic with or without samevm, and there
47.10 -# are issues with using a Xvfb display.
47.11 -
47.12 -# Fails on solaris sparc, timedout? in othervm mode
47.13 -java/awt/event/MouseEvent/AcceptExtraButton/AcceptExtraButton.java generic-all
47.14 -
47.15 -# Causes hang in samevm mode??? Solaris 11 i586
47.16 -java/awt/FullScreen/SetFSWindow/FSFrame.java generic-all
47.17 -
47.18 -# Fails on solaris 11 i586, -client, in othervm mode not sure why
47.19 -java/awt/Component/PrintAllXcheckJNI/PrintAllXcheckJNI.java generic-all
47.20 -java/awt/Focus/CloseDialogActivateOwnerTest/CloseDialogActivateOwnerTest.java generic-all
47.21 -java/awt/FontClass/FontAccess.java generic-all
47.22 -java/awt/Mixing/HWDisappear.java generic-all
47.23 -java/awt/Mixing/MixingInHwPanel.java generic-all
47.24 -java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest.html generic-all
47.25 -java/awt/Robot/AcceptExtraMouseButtons/AcceptExtraMouseButtons.java generic-all
47.26 -java/awt/Toolkit/SecurityTest/SecurityTest2.java generic-all
47.27 -java/awt/image/mlib/MlibOpsTest.java generic-all
47.28 -
47.29 -# Fails on windows, othervm mode, various errors
47.30 -java/awt/Focus/NonFocusableWindowTest/NonfocusableOwnerTest.java generic-all
47.31 -java/awt/Focus/OwnedWindowFocusIMECrashTest/OwnedWindowFocusIMECrashTest.java generic-all
47.32 -java/awt/FullScreen/NoResizeEventOnDMChangeTest/NoResizeEventOnDMChangeTest.java generic-all
47.33 -java/awt/Mouse/MouseModifiersUnitTest/MouseModifiersUnitTest_Standard.java generic-all
47.34 -java/awt/event/KeyEvent/KeyTyped/CtrlASCII.html generic-all
47.35 -java/awt/font/Threads/FontThread.java generic-all
47.36 -java/awt/print/PrinterJob/PrtException.java generic-all
47.37 -
47.38 -# Fails with windows X64, othervm, -server
47.39 -com/sun/awt/Translucency/WindowOpacity.java generic-all
47.40 -java/awt/EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java generic-all
47.41 -java/awt/EventDispatchThread/LoopRobustness/LoopRobustness.html generic-all
47.42 -java/awt/Focus/AppletInitialFocusTest/AppletInitialFocusTest1.html generic-all
47.43 -java/awt/Focus/FocusEmbeddedFrameTest/FocusEmbeddedFrameTest.java generic-all
47.44 -java/awt/Frame/LayoutOnMaximizeTest/LayoutOnMaximizeTest.java generic-all
47.45 -java/awt/FullScreen/TranslucentWindow/TranslucentWindow.java generic-all
47.46 -java/awt/Mixing/MixingOnShrinkingHWButton.java generic-all
47.47 -java/awt/Mouse/MouseModifiersUnitTest/ExtraButtonDrag.java generic-all
47.48 -
47.49 ############################################################################
47.50
47.51 # jdk_beans
47.52
47.53 -# A large set of the beans tests set the security manager, which would seem
47.54 -# to indicate that a large number of them should be "othervm", yet are all
47.55 -# very small tests and could greatly benefit from a samevm test run.
47.56 -# So a large batch of beans tests are currently run with othervm mode.
47.57 -
47.58 -# Filed 6986807
47.59 -java/beans/Introspector/TestTypeResolver.java generic-all
47.60 -
47.61 -# Filed 6986813
47.62 -java/beans/Introspector/memory/Test4508780.java generic-all
47.63 -
47.64 -# Linux, some kind of problems with X11 display
47.65 -java/beans/PropertyChangeSupport/Test4682386.java generic-all
47.66 -java/beans/PropertyChangeSupport/TestSynchronization.java generic-all
47.67 -java/beans/Statement/Test4653179.java generic-all
47.68 -
47.69 -# Runs REALLY slow on Solaris sparc for some reason, both -client and -server
47.70 -java/beans/XMLEncoder/Test4625418.java solaris-sparc
47.71 -
47.72 -# Problems with samevm and setting security manager (speculation partially)
47.73 -java/beans/Introspector/4168475/Test4168475.java generic-all
47.74 -java/beans/Introspector/4520754/Test4520754.java generic-all
47.75 -java/beans/Introspector/6380849/TestBeanInfo.java generic-all
47.76 -java/beans/Introspector/Test4144543.java generic-all
47.77 -
47.78 -# Failed to call method solaris-sparc???
47.79 -java/beans/EventHandler/Test6788531.java generic-all
47.80 -
47.81 -# Jar or class not found???
47.82 -java/beans/XMLEncoder/6329581/Test6329581.java generic-all
47.83 -
47.84 ############################################################################
47.85
47.86 # jdk_lang
47.87 @@ -211,6 +138,12 @@
47.88
47.89 # jdk_management
47.90
47.91 +# 6959636
47.92 +javax/management/loading/LibraryLoader/LibraryLoaderTest.java windows-all
47.93 +
47.94 +# 7144846
47.95 +javax/management/remote/mandatory/connection/ReconnectTest.java generic-all
47.96 +
47.97 # 7073626
47.98 sun/management/jmxremote/bootstrap/RmiBootstrapTest.sh windows-all
47.99 sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh windows-all
47.100 @@ -229,72 +162,6 @@
47.101 # Need to be marked othervm, or changed to be samevm safe
47.102 com/sun/jndi/rmi/registry/RegistryContext/UnbindIdempotent.java generic-all
47.103
47.104 -# Need to be marked othervm, or changed to be samevm safe
47.105 -com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java generic-all
47.106 -
47.107 -# Solaris sparc and others, exception in initializer
47.108 -javax/imageio/CachePremissionsTest/CachePermissionsTest.java generic-all
47.109 -
47.110 -# Leaves file rgba_* open, fails with windows samevm
47.111 -javax/imageio/plugins/png/PngOutputTypeTest.java generic-all
47.112 -
47.113 -# Suspect test.png file is left open, windows samevm problems
47.114 -javax/imageio/plugins/png/ITXtTest.java generic-all
47.115 -
47.116 -# Solaris sparc and others, failed to compile testcase
47.117 -javax/imageio/metadata/DOML3Node.java generic-all
47.118 -
47.119 -# One of these tests is leaving file IMGP1001.JPG open, windows samevm
47.120 -javax/imageio/plugins/jpeg/ConcurrentReadingTest.java generic-all
47.121 -javax/imageio/plugins/jpeg/ReadingInterruptionTest.java generic-all
47.122 -
47.123 -# One of these files is missing a close on writer_* files, windows samevm
47.124 -javax/imageio/plugins/jpeg/ConcurrentWritingTest.java generic-all
47.125 -javax/imageio/plugins/jpeg/WritingInterruptionTest.java generic-all
47.126 -
47.127 -# Leaving file test.jpg open, windows samevm
47.128 -javax/imageio/plugins/jpeg/ReadAsGrayTest.java generic-all
47.129 -
47.130 -# Missing close on file wbmp*, windows samevm
47.131 -javax/imageio/plugins/wbmp/CanDecodeTest.java generic-all
47.132 -
47.133 -# Failures on OpenSolaris, cannot read input files? samevm issues?
47.134 -javax/imageio/metadata/BooleanAttributes.java generic-all
47.135 -javax/imageio/plugins/bmp/BMPSubsamplingTest.java generic-all
47.136 -javax/imageio/plugins/bmp/TopDownTest.java generic-all
47.137 -javax/imageio/plugins/gif/EncodeSubImageTest.java generic-all
47.138 -javax/imageio/plugins/gif/GifTransparencyTest.java generic-all
47.139 -javax/imageio/plugins/png/GrayPngTest.java generic-all
47.140 -javax/imageio/plugins/png/ItxtUtf8Test.java generic-all
47.141 -javax/imageio/plugins/png/MergeStdCommentTest.java generic-all
47.142 -javax/imageio/plugins/png/ShortHistogramTest.java generic-all
47.143 -javax/imageio/plugins/shared/BitDepth.java generic-all
47.144 -
47.145 -# Exclude all javax/print tests, even if they passed, they may need samevm work
47.146 -
47.147 -# Times out on solaris-sparc, sparcv9, x64 -server, some on i586 -client
47.148 -javax/print/attribute/autosense/PrintAutoSenseData.java generic-all
47.149 -javax/print/attribute/Chroma.java generic-all
47.150 -javax/print/attribute/CollateAttr.java generic-all
47.151 -javax/print/attribute/PSCopiesFlavorTest.java generic-all
47.152 -javax/print/LookupServices.java generic-all
47.153 -javax/print/TestRaceCond.java generic-all
47.154 -
47.155 -# These tests really require a printer (might all be windows only tests?)
47.156 -javax/print/CheckDupFlavor.java generic-all
47.157 -javax/print/PrintSE/PrintSE.sh generic-all
47.158 -javax/print/attribute/ChromaticityValues.java generic-all
47.159 -javax/print/attribute/GetCopiesSupported.java generic-all
47.160 -javax/print/attribute/SidesPageRangesTest.java generic-all
47.161 -javax/print/attribute/SupportedPrintableAreas.java generic-all
47.162 -javax/print/attribute/AttributeTest.java generic-all
47.163 -
47.164 -# Only print test left, excluding just because all print tests have been
47.165 -javax/print/attribute/MediaMappingsTest.java generic-all
47.166 -
47.167 -# Filed 7058852
47.168 -javax/sound/sampled/FileWriter/AlawEncoderSync.java generic-all
47.169 -
47.170 ############################################################################
47.171
47.172 # jdk_net
47.173 @@ -317,6 +184,7 @@
47.174 # failing on vista 32/64 on nightly
47.175 # 7102702
47.176 java/net/PortUnreachableException/OneExceptionOnly.java windows-all
47.177 +
47.178 ############################################################################
47.179
47.180 # jdk_io
47.181 @@ -354,6 +222,12 @@
47.182
47.183 # jdk_security
47.184
47.185 +# 7145024
47.186 +sun/security/ssl/com/sun/net/ssl/internal/ssl/GenSSLConfigs/main.java solaris-all
47.187 +
47.188 +# 7147060
47.189 +com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java generic-all
47.190 +
47.191 # Failing on Solaris i586, 3/9/2010, not a -samevm issue (jdk_security3)
47.192 sun/security/pkcs11/Secmod/AddPrivateKey.java solaris-i586
47.193 sun/security/pkcs11/ec/ReadCertificates.java solaris-i586
47.194 @@ -409,21 +283,16 @@
47.195
47.196 ############################################################################
47.197
47.198 -# jdk_swing (not using samevm)
47.199 +# jdk_sound
47.200
47.201 -# Fails on solaris 11 i586, with othervm
47.202 -javax/swing/JFileChooser/6570445/bug6570445.java generic-all
47.203 -javax/swing/JFileChooser/6738668/bug6738668.java generic-all
47.204 -javax/swing/JPopupMenu/6675802/bug6675802.java generic-all
47.205 -javax/swing/system/6799345/TestShutdown.java generic-all
47.206 +############################################################################
47.207 +
47.208 +# jdk_swing
47.209
47.210 ############################################################################
47.211
47.212 # jdk_text
47.213
47.214 -# Linux x64 occasional errors, no details
47.215 -java/text/Bidi/Bug6665028.java linux-x64
47.216 -
47.217 ############################################################################
47.218
47.219 # jdk_tools
47.220 @@ -452,7 +321,7 @@
47.221 # 7132203
47.222 sun/jvmstat/monitor/MonitoredVm/CR6672135.java generic-all
47.223
47.224 -# Tests take too long
47.225 +# Tests take too long, see 7143279
47.226 tools/pack200/CommandLineTests.java generic-all
47.227 tools/pack200/Pack200Test.java generic-all
47.228
48.1 --- a/test/java/io/Serializable/expectedStackTrace/ExpectedStackTrace.java Thu Feb 23 12:03:21 2012 -0800
48.2 +++ b/test/java/io/Serializable/expectedStackTrace/ExpectedStackTrace.java Fri Feb 24 18:24:03 2012 -0800
48.3 @@ -22,7 +22,7 @@
48.4 */
48.5
48.6 /* @test
48.7 - * @bug 6317435
48.8 + * @bug 6317435 7110700
48.9 * @summary Verify that stack trace contains a proper cause of
48.10 * InvalidClassException (methods: checkSerialize,
48.11 * checkDeserialize or checkDefaultSerialize)
48.12 @@ -59,7 +59,7 @@
48.13 private static final String SER_METHOD_NAME = "checkSerializable";
48.14
48.15 public static final void main(String[] args) throws Exception {
48.16 - System.err.println("\nRegression test for CR6317435");
48.17 + System.err.println("\nRegression test for CRs 6317435, 7110700");
48.18 checkSerializable(getObject());
48.19 }
48.20
48.21 @@ -99,9 +99,12 @@
48.22 }
48.23 }
48.24 if (found) {
48.25 + if (ex.getCause() != null) {
48.26 + throw new Error("\nTest for CR 7110700 FAILED");
48.27 + }
48.28 System.err.println("\nTEST PASSED");
48.29 } else {
48.30 - throw new Error();
48.31 + throw new Error("\nTest for CR 6317435 FAILED");
48.32 }
48.33 }
48.34 }
49.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
49.2 +++ b/test/java/lang/Math/ExactArithTests.java Fri Feb 24 18:24:03 2012 -0800
49.3 @@ -0,0 +1,266 @@
49.4 +/*
49.5 + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
49.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
49.7 + *
49.8 + * This code is free software; you can redistribute it and/or modify it
49.9 + * under the terms of the GNU General Public License version 2 only, as
49.10 + * published by the Free Software Foundation.
49.11 + *
49.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
49.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
49.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
49.15 + * version 2 for more details (a copy is included in the LICENSE file that
49.16 + * accompanied this code).
49.17 + *
49.18 + * You should have received a copy of the GNU General Public License version
49.19 + * 2 along with this work; if not, write to the Free Software Foundation,
49.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
49.21 + *
49.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
49.23 + * or visit www.oracle.com if you need additional information or have any
49.24 + * questions.
49.25 + */
49.26 +
49.27 +import java.math.BigInteger;
49.28 +
49.29 +/**
49.30 + * @test Test for Math.*Exact integer and long methods.
49.31 + * @bug 6708398
49.32 + * @summary Basic tests for Math exact arithmetic operations.
49.33 + *
49.34 + * @author Roger Riggs
49.35 + */
49.36 +public class ExactArithTests {
49.37 +
49.38 + /**
49.39 + * The count of test errors.
49.40 + */
49.41 + private static int errors = 0;
49.42 +
49.43 + /**
49.44 + * @param args the command line arguments
49.45 + */
49.46 + public static void main(String[] args) {
49.47 + testIntegerExact();
49.48 + testLongExact();
49.49 +
49.50 + if (errors > 0) {
49.51 + throw new RuntimeException(errors + " errors found in ExactArithTests.");
49.52 + }
49.53 + }
49.54 +
49.55 + static void fail(String message) {
49.56 + errors++;
49.57 + System.err.println(message);
49.58 + }
49.59 +
49.60 + /**
49.61 + * Test Math.addExact, multiplyExact, subtractExact, toIntValue methods
49.62 + * with {@code int} arguments.
49.63 + */
49.64 + static void testIntegerExact() {
49.65 + testIntegerExact(0, 0);
49.66 + testIntegerExact(1, 1);
49.67 + testIntegerExact(1, -1);
49.68 + testIntegerExact(-1, 1);
49.69 + testIntegerExact(1000, 2000);
49.70 +
49.71 + testIntegerExact(Integer.MIN_VALUE, Integer.MIN_VALUE);
49.72 + testIntegerExact(Integer.MAX_VALUE, Integer.MAX_VALUE);
49.73 + testIntegerExact(Integer.MIN_VALUE, 1);
49.74 + testIntegerExact(Integer.MAX_VALUE, 1);
49.75 + testIntegerExact(Integer.MIN_VALUE, 2);
49.76 + testIntegerExact(Integer.MAX_VALUE, 2);
49.77 + testIntegerExact(Integer.MIN_VALUE, -1);
49.78 + testIntegerExact(Integer.MAX_VALUE, -1);
49.79 + testIntegerExact(Integer.MIN_VALUE, -2);
49.80 + testIntegerExact(Integer.MAX_VALUE, -2);
49.81 +
49.82 + }
49.83 +
49.84 + /**
49.85 + * Test exact arithmetic by comparing with the same operations using long
49.86 + * and checking that the result is the same as the integer truncation.
49.87 + * Errors are reported with {@link fail}.
49.88 + *
49.89 + * @param x first parameter
49.90 + * @param y second parameter
49.91 + */
49.92 + static void testIntegerExact(int x, int y) {
49.93 + try {
49.94 + // Test addExact
49.95 + int sum = Math.addExact(x, y);
49.96 + long sum2 = (long) x + (long) y;
49.97 + if ((int) sum2 != sum2) {
49.98 + fail("FAIL: int Math.addExact(" + x + " + " + y + ") = " + sum + "; expected Arithmetic exception");
49.99 + } else if (sum != sum2) {
49.100 + fail("FAIL: long Math.addExact(" + x + " + " + y + ") = " + sum + "; expected: " + sum2);
49.101 + }
49.102 + } catch (ArithmeticException ex) {
49.103 + long sum2 = (long) x + (long) y;
49.104 + if ((int) sum2 == sum2) {
49.105 + fail("FAIL: int Math.addExact(" + x + " + " + y + ")" + "; Unexpected exception: " + ex);
49.106 +
49.107 + }
49.108 + }
49.109 +
49.110 + try {
49.111 + // Test subtractExact
49.112 + int diff = Math.subtractExact(x, y);
49.113 + long diff2 = (long) x - (long) y;
49.114 + if ((int) diff2 != diff2) {
49.115 + fail("FAIL: int Math.subtractExact(" + x + " - " + y + ") = " + diff + "; expected: " + diff2);
49.116 + }
49.117 +
49.118 + } catch (ArithmeticException ex) {
49.119 + long diff2 = (long) x - (long) y;
49.120 + if ((int) diff2 == diff2) {
49.121 + fail("FAIL: int Math.subtractExact(" + x + " - " + y + ")" + "; Unexpected exception: " + ex);
49.122 + }
49.123 + }
49.124 +
49.125 + try {
49.126 + // Test multiplyExact
49.127 + int product = Math.multiplyExact(x, y);
49.128 + long m2 = (long) x * (long) y;
49.129 + if ((int) m2 != m2) {
49.130 + fail("FAIL: int Math.multiplyExact(" + x + " * " + y + ") = " + product + "; expected: " + m2);
49.131 + }
49.132 + } catch (ArithmeticException ex) {
49.133 + long m2 = (long) x * (long) y;
49.134 + if ((int) m2 == m2) {
49.135 + fail("FAIL: int Math.multiplyExact(" + x + " * " + y + ")" + "; Unexpected exception: " + ex);
49.136 + }
49.137 + }
49.138 +
49.139 + }
49.140 +
49.141 + /**
49.142 + * Test Math.addExact, multiplyExact, subtractExact, toIntExact methods
49.143 + * with {@code long} arguments.
49.144 + */
49.145 + static void testLongExact() {
49.146 + testLongExactTwice(0, 0);
49.147 + testLongExactTwice(1, 1);
49.148 + testLongExactTwice(1, -1);
49.149 + testLongExactTwice(1000, 2000);
49.150 +
49.151 + testLongExactTwice(Long.MIN_VALUE, Long.MIN_VALUE);
49.152 + testLongExactTwice(Long.MAX_VALUE, Long.MAX_VALUE);
49.153 + testLongExactTwice(Long.MIN_VALUE, 1);
49.154 + testLongExactTwice(Long.MAX_VALUE, 1);
49.155 + testLongExactTwice(Long.MIN_VALUE, 2);
49.156 + testLongExactTwice(Long.MAX_VALUE, 2);
49.157 + testLongExactTwice(Long.MIN_VALUE, -1);
49.158 + testLongExactTwice(Long.MAX_VALUE, -1);
49.159 + testLongExactTwice(Long.MIN_VALUE, -2);
49.160 + testLongExactTwice(Long.MAX_VALUE, -2);
49.161 + testLongExactTwice(Long.MIN_VALUE/2, 2);
49.162 + testLongExactTwice(Long.MAX_VALUE, 2);
49.163 + testLongExactTwice(Integer.MAX_VALUE, Integer.MAX_VALUE);
49.164 + testLongExactTwice(Integer.MAX_VALUE, -Integer.MAX_VALUE);
49.165 + testLongExactTwice(Integer.MAX_VALUE+1, Integer.MAX_VALUE+1);
49.166 + testLongExactTwice(Integer.MAX_VALUE+1, -Integer.MAX_VALUE+1);
49.167 + testLongExactTwice(Integer.MIN_VALUE-1, Integer.MIN_VALUE-1);
49.168 + testLongExactTwice(Integer.MIN_VALUE-1, -Integer.MIN_VALUE-1);
49.169 + testLongExactTwice(Integer.MIN_VALUE/2, 2);
49.170 +
49.171 + }
49.172 +
49.173 + /**
49.174 + * Test each of the exact operations with the arguments and
49.175 + * with the arguments reversed.
49.176 + * @param x
49.177 + * @param y
49.178 + */
49.179 + static void testLongExactTwice(long x, long y) {
49.180 + testLongExact(x, y);
49.181 + testLongExact(y, x);
49.182 + }
49.183 +
49.184 +
49.185 + /**
49.186 + * Test long exact arithmetic by comparing with the same operations using BigInteger
49.187 + * and checking that the result is the same as the long truncation.
49.188 + * Errors are reported with {@link fail}.
49.189 + *
49.190 + * @param x first parameter
49.191 + * @param y second parameter
49.192 + */
49.193 + static void testLongExact(long x, long y) {
49.194 + BigInteger resultBig = null;
49.195 + final BigInteger xBig = BigInteger.valueOf(x);
49.196 + final BigInteger yBig = BigInteger.valueOf(y);
49.197 + try {
49.198 + // Test addExact
49.199 + resultBig = xBig.add(yBig);
49.200 + long sum = Math.addExact(x, y);
49.201 + checkResult("long Math.addExact", x, y, sum, resultBig);
49.202 + } catch (ArithmeticException ex) {
49.203 + if (inLongRange(resultBig)) {
49.204 + fail("FAIL: long Math.addExact(" + x + " + " + y + "); Unexpected exception: " + ex);
49.205 + }
49.206 + }
49.207 +
49.208 + try {
49.209 + // Test subtractExact
49.210 + resultBig = xBig.subtract(yBig);
49.211 + long diff = Math.subtractExact(x, y);
49.212 + checkResult("long Math.subtractExact", x, y, diff, resultBig);
49.213 + } catch (ArithmeticException ex) {
49.214 + if (inLongRange(resultBig)) {
49.215 + fail("FAIL: long Math.subtractExact(" + x + " - " + y + ")" + "; Unexpected exception: " + ex);
49.216 + }
49.217 + }
49.218 +
49.219 + try {
49.220 + // Test multiplyExact
49.221 + resultBig = xBig.multiply(yBig);
49.222 + long product = Math.multiplyExact(x, y);
49.223 + checkResult("long Math.multiplyExact", x, y, product, resultBig);
49.224 + } catch (ArithmeticException ex) {
49.225 + if (inLongRange(resultBig)) {
49.226 + fail("FAIL: long Math.multiplyExact(" + x + " * " + y + ")" + "; Unexpected exception: " + ex);
49.227 + }
49.228 + }
49.229 +
49.230 + try {
49.231 + // Test toIntExact
49.232 + int value = Math.toIntExact(x);
49.233 + if ((long)value != x) {
49.234 + fail("FAIL: " + "long Math.toIntExact" + "(" + x + ") = " + value + "; expected an arithmetic exception: ");
49.235 + }
49.236 + } catch (ArithmeticException ex) {
49.237 + if (resultBig.bitLength() <= 32) {
49.238 + fail("FAIL: long Math.toIntExact(" + x + ")" + "; Unexpected exception: " + ex);
49.239 + }
49.240 + }
49.241 +
49.242 + }
49.243 +
49.244 + /**
49.245 + * Compare the expected and actual results.
49.246 + * @param message message for the error
49.247 + * @param x first argument
49.248 + * @param y second argument
49.249 + * @param result actual result value
49.250 + * @param expected expected result value
49.251 + */
49.252 + static void checkResult(String message, long x, long y, long result, BigInteger expected) {
49.253 + BigInteger resultBig = BigInteger.valueOf(result);
49.254 + if (!inLongRange(expected)) {
49.255 + fail("FAIL: " + message + "(" + x + ", " + y + ") = " + result + "; expected an arithmetic exception: ");
49.256 + } else if (!resultBig.equals(expected)) {
49.257 + fail("FAIL: " + message + "(" + x + ", " + y + ") = " + result + "; expected " + expected);
49.258 + }
49.259 + }
49.260 +
49.261 + /**
49.262 + * Check if the value fits in 64 bits (a long).
49.263 + * @param value
49.264 + * @return true if the value fits in 64 bits (including the sign).
49.265 + */
49.266 + static boolean inLongRange(BigInteger value) {
49.267 + return value.bitLength() <= 63;
49.268 + }
49.269 +}
50.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
50.2 +++ b/test/java/lang/StrictMath/ExactArithTests.java Fri Feb 24 18:24:03 2012 -0800
50.3 @@ -0,0 +1,266 @@
50.4 +/*
50.5 + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
50.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
50.7 + *
50.8 + * This code is free software; you can redistribute it and/or modify it
50.9 + * under the terms of the GNU General Public License version 2 only, as
50.10 + * published by the Free Software Foundation.
50.11 + *
50.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
50.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
50.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
50.15 + * version 2 for more details (a copy is included in the LICENSE file that
50.16 + * accompanied this code).
50.17 + *
50.18 + * You should have received a copy of the GNU General Public License version
50.19 + * 2 along with this work; if not, write to the Free Software Foundation,
50.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
50.21 + *
50.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
50.23 + * or visit www.oracle.com if you need additional information or have any
50.24 + * questions.
50.25 + */
50.26 +
50.27 +import java.math.BigInteger;
50.28 +
50.29 +/**
50.30 + * @test Test for StrictMath.*Exact integer and long methods.
50.31 + * @bug 6708398
50.32 + * @summary Basic tests for StrictMath exact arithmetic operations.
50.33 + *
50.34 + * @author Roger Riggs
50.35 + */
50.36 +public class ExactArithTests {
50.37 +
50.38 + /**
50.39 + * The count of test errors.
50.40 + */
50.41 + private static int errors = 0;
50.42 +
50.43 + /**
50.44 + * @param args the command line arguments
50.45 + */
50.46 + public static void main(String[] args) {
50.47 + testIntegerExact();
50.48 + testLongExact();
50.49 +
50.50 + if (errors > 0) {
50.51 + throw new RuntimeException(errors + " errors found in ExactArithTests.");
50.52 + }
50.53 + }
50.54 +
50.55 + static void fail(String message) {
50.56 + errors++;
50.57 + System.err.println(message);
50.58 + }
50.59 +
50.60 + /**
50.61 + * Test StrictMath.addExact, multiplyExact, subtractExact, toIntValue methods
50.62 + * with {@code int} arguments.
50.63 + */
50.64 + static void testIntegerExact() {
50.65 + testIntegerExact(0, 0);
50.66 + testIntegerExact(1, 1);
50.67 + testIntegerExact(1, -1);
50.68 + testIntegerExact(-1, 1);
50.69 + testIntegerExact(1000, 2000);
50.70 +
50.71 + testIntegerExact(Integer.MIN_VALUE, Integer.MIN_VALUE);
50.72 + testIntegerExact(Integer.MAX_VALUE, Integer.MAX_VALUE);
50.73 + testIntegerExact(Integer.MIN_VALUE, 1);
50.74 + testIntegerExact(Integer.MAX_VALUE, 1);
50.75 + testIntegerExact(Integer.MIN_VALUE, 2);
50.76 + testIntegerExact(Integer.MAX_VALUE, 2);
50.77 + testIntegerExact(Integer.MIN_VALUE, -1);
50.78 + testIntegerExact(Integer.MAX_VALUE, -1);
50.79 + testIntegerExact(Integer.MIN_VALUE, -2);
50.80 + testIntegerExact(Integer.MAX_VALUE, -2);
50.81 +
50.82 + }
50.83 +
50.84 + /**
50.85 + * Test exact arithmetic by comparing with the same operations using long
50.86 + * and checking that the result is the same as the integer truncation.
50.87 + * Errors are reported with {@link fail}.
50.88 + *
50.89 + * @param x first parameter
50.90 + * @param y second parameter
50.91 + */
50.92 + static void testIntegerExact(int x, int y) {
50.93 + try {
50.94 + // Test addExact
50.95 + int sum = StrictMath.addExact(x, y);
50.96 + long sum2 = (long) x + (long) y;
50.97 + if ((int) sum2 != sum2) {
50.98 + fail("FAIL: int StrictMath.addExact(" + x + " + " + y + ") = " + sum + "; expected Arithmetic exception");
50.99 + } else if (sum != sum2) {
50.100 + fail("FAIL: long StrictMath.addExact(" + x + " + " + y + ") = " + sum + "; expected: " + sum2);
50.101 + }
50.102 + } catch (ArithmeticException ex) {
50.103 + long sum2 = (long) x + (long) y;
50.104 + if ((int) sum2 == sum2) {
50.105 + fail("FAIL: int StrictMath.addExact(" + x + " + " + y + ")" + "; Unexpected exception: " + ex);
50.106 +
50.107 + }
50.108 + }
50.109 +
50.110 + try {
50.111 + // Test subtractExact
50.112 + int diff = StrictMath.subtractExact(x, y);
50.113 + long diff2 = (long) x - (long) y;
50.114 + if ((int) diff2 != diff2) {
50.115 + fail("FAIL: int StrictMath.subtractExact(" + x + " - " + y + ") = " + diff + "; expected: " + diff2);
50.116 + }
50.117 +
50.118 + } catch (ArithmeticException ex) {
50.119 + long diff2 = (long) x - (long) y;
50.120 + if ((int) diff2 == diff2) {
50.121 + fail("FAIL: int StrictMath.subtractExact(" + x + " - " + y + ")" + "; Unexpected exception: " + ex);
50.122 + }
50.123 + }
50.124 +
50.125 + try {
50.126 + // Test multiplyExact
50.127 + int product = StrictMath.multiplyExact(x, y);
50.128 + long m2 = (long) x * (long) y;
50.129 + if ((int) m2 != m2) {
50.130 + fail("FAIL: int StrictMath.multiplyExact(" + x + " * " + y + ") = " + product + "; expected: " + m2);
50.131 + }
50.132 + } catch (ArithmeticException ex) {
50.133 + long m2 = (long) x * (long) y;
50.134 + if ((int) m2 == m2) {
50.135 + fail("FAIL: int StrictMath.multiplyExact(" + x + " * " + y + ")" + "; Unexpected exception: " + ex);
50.136 + }
50.137 + }
50.138 +
50.139 + }
50.140 +
50.141 + /**
50.142 + * Test StrictMath.addExact, multiplyExact, subtractExact, toIntExact methods
50.143 + * with {@code long} arguments.
50.144 + */
50.145 + static void testLongExact() {
50.146 + testLongExactTwice(0, 0);
50.147 + testLongExactTwice(1, 1);
50.148 + testLongExactTwice(1, -1);
50.149 + testLongExactTwice(1000, 2000);
50.150 +
50.151 + testLongExactTwice(Long.MIN_VALUE, Long.MIN_VALUE);
50.152 + testLongExactTwice(Long.MAX_VALUE, Long.MAX_VALUE);
50.153 + testLongExactTwice(Long.MIN_VALUE, 1);
50.154 + testLongExactTwice(Long.MAX_VALUE, 1);
50.155 + testLongExactTwice(Long.MIN_VALUE, 2);
50.156 + testLongExactTwice(Long.MAX_VALUE, 2);
50.157 + testLongExactTwice(Long.MIN_VALUE, -1);
50.158 + testLongExactTwice(Long.MAX_VALUE, -1);
50.159 + testLongExactTwice(Long.MIN_VALUE, -2);
50.160 + testLongExactTwice(Long.MAX_VALUE, -2);
50.161 + testLongExactTwice(Long.MIN_VALUE/2, 2);
50.162 + testLongExactTwice(Long.MAX_VALUE, 2);
50.163 + testLongExactTwice(Integer.MAX_VALUE, Integer.MAX_VALUE);
50.164 + testLongExactTwice(Integer.MAX_VALUE, -Integer.MAX_VALUE);
50.165 + testLongExactTwice(Integer.MAX_VALUE+1, Integer.MAX_VALUE+1);
50.166 + testLongExactTwice(Integer.MAX_VALUE+1, -Integer.MAX_VALUE+1);
50.167 + testLongExactTwice(Integer.MIN_VALUE-1, Integer.MIN_VALUE-1);
50.168 + testLongExactTwice(Integer.MIN_VALUE-1, -Integer.MIN_VALUE-1);
50.169 + testLongExactTwice(Integer.MIN_VALUE/2, 2);
50.170 +
50.171 + }
50.172 +
50.173 + /**
50.174 + * Test each of the exact operations with the arguments and
50.175 + * with the arguments reversed.
50.176 + * @param x
50.177 + * @param y
50.178 + */
50.179 + static void testLongExactTwice(long x, long y) {
50.180 + testLongExact(x, y);
50.181 + testLongExact(y, x);
50.182 + }
50.183 +
50.184 +
50.185 + /**
50.186 + * Test long exact arithmetic by comparing with the same operations using BigInteger
50.187 + * and checking that the result is the same as the long truncation.
50.188 + * Errors are reported with {@link fail}.
50.189 + *
50.190 + * @param x first parameter
50.191 + * @param y second parameter
50.192 + */
50.193 + static void testLongExact(long x, long y) {
50.194 + BigInteger resultBig = null;
50.195 + final BigInteger xBig = BigInteger.valueOf(x);
50.196 + final BigInteger yBig = BigInteger.valueOf(y);
50.197 + try {
50.198 + // Test addExact
50.199 + resultBig = xBig.add(yBig);
50.200 + long sum = StrictMath.addExact(x, y);
50.201 + checkResult("long StrictMath.addExact", x, y, sum, resultBig);
50.202 + } catch (ArithmeticException ex) {
50.203 + if (inLongRange(resultBig)) {
50.204 + fail("FAIL: long StrictMath.addExact(" + x + " + " + y + "); Unexpected exception: " + ex);
50.205 + }
50.206 + }
50.207 +
50.208 + try {
50.209 + // Test subtractExact
50.210 + resultBig = xBig.subtract(yBig);
50.211 + long diff = StrictMath.subtractExact(x, y);
50.212 + checkResult("long StrictMath.subtractExact", x, y, diff, resultBig);
50.213 + } catch (ArithmeticException ex) {
50.214 + if (inLongRange(resultBig)) {
50.215 + fail("FAIL: long StrictMath.subtractExact(" + x + " - " + y + ")" + "; Unexpected exception: " + ex);
50.216 + }
50.217 + }
50.218 +
50.219 + try {
50.220 + // Test multiplyExact
50.221 + resultBig = xBig.multiply(yBig);
50.222 + long product = StrictMath.multiplyExact(x, y);
50.223 + checkResult("long StrictMath.multiplyExact", x, y, product, resultBig);
50.224 + } catch (ArithmeticException ex) {
50.225 + if (inLongRange(resultBig)) {
50.226 + fail("FAIL: long StrictMath.multiplyExact(" + x + " * " + y + ")" + "; Unexpected exception: " + ex);
50.227 + }
50.228 + }
50.229 +
50.230 + try {
50.231 + // Test toIntExact
50.232 + int value = StrictMath.toIntExact(x);
50.233 + if ((long)value != x) {
50.234 + fail("FAIL: " + "long StrictMath.toIntExact" + "(" + x + ") = " + value + "; expected an arithmetic exception: ");
50.235 + }
50.236 + } catch (ArithmeticException ex) {
50.237 + if (resultBig.bitLength() <= 32) {
50.238 + fail("FAIL: long StrictMath.toIntExact(" + x + ")" + "; Unexpected exception: " + ex);
50.239 + }
50.240 + }
50.241 +
50.242 + }
50.243 +
50.244 + /**
50.245 + * Compare the expected and actual results.
50.246 + * @param message message for the error
50.247 + * @param x first argument
50.248 + * @param y second argument
50.249 + * @param result actual result value
50.250 + * @param expected expected result value
50.251 + */
50.252 + static void checkResult(String message, long x, long y, long result, BigInteger expected) {
50.253 + BigInteger resultBig = BigInteger.valueOf(result);
50.254 + if (!inLongRange(expected)) {
50.255 + fail("FAIL: " + message + "(" + x + ", " + y + ") = " + result + "; expected an arithmetic exception: ");
50.256 + } else if (!resultBig.equals(expected)) {
50.257 + fail("FAIL: " + message + "(" + x + ", " + y + ") = " + result + "; expected " + expected);
50.258 + }
50.259 + }
50.260 +
50.261 + /**
50.262 + * Check if the value fits in 64 bits (a long).
50.263 + * @param value
50.264 + * @return true if the value fits in 64 bits (including the sign).
50.265 + */
50.266 + static boolean inLongRange(BigInteger value) {
50.267 + return value.bitLength() <= 63;
50.268 + }
50.269 +}
51.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
51.2 +++ b/test/javax/sound/sampled/DataLine/DataLine_ArrayIndexOutOfBounds.java Fri Feb 24 18:24:03 2012 -0800
51.3 @@ -0,0 +1,226 @@
51.4 +/**
51.5 + * @test
51.6 + * @bug 7088367
51.7 + * @summary SourceDataLine.write and TargetDataLine.read don't throw ArrayIndexOutOfBoundsException
51.8 + * @author Alex Menkov
51.9 + */
51.10 +
51.11 +import javax.sound.sampled.AudioSystem;
51.12 +import javax.sound.sampled.DataLine;
51.13 +import javax.sound.sampled.Line;
51.14 +import javax.sound.sampled.LineUnavailableException;
51.15 +import javax.sound.sampled.Mixer;
51.16 +import javax.sound.sampled.SourceDataLine;
51.17 +import javax.sound.sampled.TargetDataLine;
51.18 +
51.19 +public class DataLine_ArrayIndexOutOfBounds {
51.20 +
51.21 + static int total = 0;
51.22 + static int failed = 0;
51.23 +
51.24 + // shared buffer for all tests
51.25 + static final byte[] buffer = new byte[5000000];
51.26 +
51.27 + // the class describes different test scenarios (buffer properties)
51.28 + static abstract class Scenario {
51.29 + abstract int getBufferOffset(DataLine line);
51.30 + abstract int getBufferLength(DataLine line);
51.31 + }
51.32 +
51.33 + // scenarios to tests
51.34 + static Scenario[] scenarios = new Scenario[]{
51.35 + new Scenario() {
51.36 + public String toString() {
51.37 + return "offset is near Integer.MAX_VALUE";
51.38 + }
51.39 + public int getBufferOffset(DataLine line) {
51.40 + return Integer.MAX_VALUE - 4096;
51.41 + }
51.42 + public int getBufferLength(DataLine line) {
51.43 + return 65536;
51.44 + }
51.45 + },
51.46 + new Scenario() {
51.47 + public String toString() {
51.48 + return "offset is less than buffer.length, length is large";
51.49 + }
51.50 + int getBufferOffset(DataLine line) {
51.51 + return buffer.length / 10;
51.52 + }
51.53 + int getBufferLength(DataLine line) {
51.54 + return Integer.MAX_VALUE - getBufferOffset(line) + 4096;
51.55 + }
51.56 + }
51.57 + };
51.58 +
51.59 + public static void main(String[] args) throws Exception {
51.60 + Mixer.Info[] infos = AudioSystem.getMixerInfo();
51.61 + log("" + infos.length + " mixers detected");
51.62 + for (int i=0; i<infos.length; i++) {
51.63 + Mixer mixer = AudioSystem.getMixer(infos[i]);
51.64 + log("Mixer " + (i+1) + ": " + infos[i]);
51.65 + try {
51.66 + mixer.open();
51.67 + for (Scenario scenario: scenarios) {
51.68 + testSDL(mixer, scenario);
51.69 + testTDL(mixer, scenario);
51.70 + }
51.71 + mixer.close();
51.72 + } catch (LineUnavailableException ex) {
51.73 + log("LineUnavailableException: " + ex);
51.74 + }
51.75 + }
51.76 + if (failed == 0) {
51.77 + log("PASSED (" + total + " tests)");
51.78 + } else {
51.79 + log("FAILED (" + failed + " of " + total + " tests)");
51.80 + throw new Exception("Test FAILED");
51.81 + }
51.82 + }
51.83 +
51.84 + final static int STOPPER_DELAY = 5000; // 1 sec
51.85 +
51.86 + static class AsyncLineStopper implements Runnable {
51.87 + private final DataLine line;
51.88 + private final long delayMS; // delay before stop the line
51.89 + private final Thread thread;
51.90 + private final Object readyEvent = new Object();
51.91 + private final Object startEvent = new Object();
51.92 +
51.93 + public AsyncLineStopper(DataLine line, long delayMS) {
51.94 + this.line = line;
51.95 + this.delayMS = delayMS;
51.96 + thread = new Thread(this);
51.97 + thread.setDaemon(true);
51.98 + // starts the thread and waits until it becomes ready
51.99 + synchronized (readyEvent) {
51.100 + thread.start();
51.101 + try {
51.102 + readyEvent.wait();
51.103 + } catch (InterruptedException ex) { }
51.104 + }
51.105 + }
51.106 +
51.107 + // makes the delay and then stops the line
51.108 + public void schedule() {
51.109 + synchronized(startEvent) {
51.110 + startEvent.notifyAll();
51.111 + }
51.112 + }
51.113 +
51.114 + // force stop/close the line
51.115 + public void force() {
51.116 + thread.interrupt();
51.117 + try {
51.118 + thread.join();
51.119 + } catch (InterruptedException ex) {
51.120 + log("join exception: " + ex);
51.121 + }
51.122 + }
51.123 +
51.124 + // Runnable implementation
51.125 + public void run() {
51.126 + try {
51.127 + synchronized(readyEvent) {
51.128 + readyEvent.notifyAll();
51.129 + }
51.130 + synchronized(startEvent) {
51.131 + startEvent.wait();
51.132 + }
51.133 + // delay
51.134 + Thread.sleep(delayMS);
51.135 + } catch (InterruptedException ex) {
51.136 + log(" AsyncLineStopper has been interrupted: " + ex);
51.137 + }
51.138 + // and flush
51.139 + log(" stop...");
51.140 + line.stop();
51.141 + log(" close...");
51.142 + line.close();
51.143 + }
51.144 + }
51.145 +
51.146 + static void testSDL(Mixer mixer, Scenario scenario) {
51.147 + log(" Testing SDL (scenario: " + scenario + ")...");
51.148 + Line.Info linfo = new Line.Info(SourceDataLine.class);
51.149 + SourceDataLine line = null;
51.150 + try {
51.151 + line = (SourceDataLine)mixer.getLine(linfo);
51.152 + log(" got line: " + line);
51.153 + log(" open...");
51.154 + line.open();
51.155 + } catch (IllegalArgumentException ex) {
51.156 + log(" unsupported (IllegalArgumentException)");
51.157 + return;
51.158 + } catch (LineUnavailableException ex) {
51.159 + log(" unavailable: " + ex);
51.160 + return;
51.161 + }
51.162 +
51.163 + total++;
51.164 +
51.165 + log(" start...");
51.166 + line.start();
51.167 +
51.168 + AsyncLineStopper lineStopper = new AsyncLineStopper(line, STOPPER_DELAY);
51.169 + int offset = scenario.getBufferOffset(line);
51.170 + int len = scenario.getBufferLength(line);
51.171 + // ensure len represents integral number of frames
51.172 + len -= len % line.getFormat().getFrameSize();
51.173 +
51.174 + log(" write...");
51.175 + lineStopper.schedule();
51.176 + try {
51.177 + line.write(buffer, offset, len);
51.178 + log(" ERROR: didn't get ArrayIndexOutOfBoundsException");
51.179 + failed++;
51.180 + } catch (ArrayIndexOutOfBoundsException ex) {
51.181 + log(" OK: got ArrayIndexOutOfBoundsException: " + ex);
51.182 + }
51.183 + lineStopper.force();
51.184 + }
51.185 +
51.186 + static void testTDL(Mixer mixer, Scenario scenario) {
51.187 + log(" Testing TDL (scenario: " + scenario + ")...");
51.188 + Line.Info linfo = new Line.Info(TargetDataLine.class);
51.189 + TargetDataLine line = null;
51.190 + try {
51.191 + line = (TargetDataLine)mixer.getLine(linfo);
51.192 + log(" got line: " + line);
51.193 + log(" open...");
51.194 + line.open();
51.195 + } catch (IllegalArgumentException ex) {
51.196 + log(" unsupported (IllegalArgumentException)");
51.197 + return;
51.198 + } catch (LineUnavailableException ex) {
51.199 + log(" unavailable: " + ex);
51.200 + return;
51.201 + }
51.202 +
51.203 + total++;
51.204 +
51.205 + log(" start...");
51.206 + line.start();
51.207 +
51.208 + AsyncLineStopper lineStopper = new AsyncLineStopper(line, STOPPER_DELAY);
51.209 + int offset = scenario.getBufferOffset(line);
51.210 + int len = scenario.getBufferLength(line);
51.211 + // ensure len represents integral number of frames
51.212 + len -= len % line.getFormat().getFrameSize();
51.213 +
51.214 + log(" read...");
51.215 + try {
51.216 + line.read(buffer, offset, len);
51.217 + log(" ERROR: didn't get ArrayIndexOutOfBoundsException");
51.218 + failed++;
51.219 + } catch (ArrayIndexOutOfBoundsException ex) {
51.220 + log(" OK: got ArrayIndexOutOfBoundsException: " + ex);
51.221 + }
51.222 + lineStopper.force();
51.223 + }
51.224 +
51.225 + static void log(String s) {
51.226 + System.out.println(s);
51.227 + System.out.flush();
51.228 + }
51.229 +}
52.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
52.2 +++ b/test/sun/security/krb5/ktab/FileKeyTab.java Fri Feb 24 18:24:03 2012 -0800
52.3 @@ -0,0 +1,58 @@
52.4 +/*
52.5 + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
52.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
52.7 + *
52.8 + * This code is free software; you can redistribute it and/or modify it
52.9 + * under the terms of the GNU General Public License version 2 only, as
52.10 + * published by the Free Software Foundation.
52.11 + *
52.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
52.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
52.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
52.15 + * version 2 for more details (a copy is included in the LICENSE file that
52.16 + * accompanied this code).
52.17 + *
52.18 + * You should have received a copy of the GNU General Public License version
52.19 + * 2 along with this work; if not, write to the Free Software Foundation,
52.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
52.21 + *
52.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
52.23 + * or visit www.oracle.com if you need additional information or have any
52.24 + * questions.
52.25 + */
52.26 +/*
52.27 + * @test
52.28 + * @bug 7144530
52.29 + * @summary KeyTab.getInstance(String) no longer handles keyTabNames with "file:" prefix
52.30 + */
52.31 +import java.io.File;
52.32 +import sun.security.krb5.PrincipalName;
52.33 +import sun.security.krb5.internal.ktab.KeyTab;
52.34 +
52.35 +public class FileKeyTab {
52.36 + public static void main(String[] args) throws Exception {
52.37 + String name = "ktab";
52.38 + KeyTab kt = KeyTab.create(name);
52.39 + kt.addEntry(new PrincipalName("a@A"), "x".toCharArray(), 1, true);
52.40 + kt.save();
52.41 + check(name);
52.42 + check("FILE:" + name);
52.43 +
52.44 + name = new File(name).getAbsolutePath().toString();
52.45 +
52.46 + check(name);
52.47 + check("FILE:" + name);
52.48 +
52.49 + // The bug reporter uses this style, should only work for
52.50 + // absolute path
52.51 + check("FILE:/" + name);
52.52 + }
52.53 +
52.54 + static void check(String file) throws Exception {
52.55 + System.out.println("Checking for " + file + "...");
52.56 + KeyTab kt2 = KeyTab.getInstance(file);
52.57 + if (kt2.isMissing()) {
52.58 + throw new Exception("FILE:ktab cannot be loaded");
52.59 + }
52.60 + }
52.61 +}
53.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
53.2 +++ b/test/sun/security/provider/certpath/X509CertPath/ForwardBuildCompromised.java Fri Feb 24 18:24:03 2012 -0800
53.3 @@ -0,0 +1,312 @@
53.4 +/*
53.5 + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
53.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
53.7 + *
53.8 + * This code is free software; you can redistribute it and/or modify it
53.9 + * under the terms of the GNU General Public License version 2 only, as
53.10 + * published by the Free Software Foundation.
53.11 + *
53.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
53.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
53.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
53.15 + * version 2 for more details (a copy is included in the LICENSE file that
53.16 + * accompanied this code).
53.17 + *
53.18 + * You should have received a copy of the GNU General Public License version
53.19 + * 2 along with this work; if not, write to the Free Software Foundation,
53.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
53.21 + *
53.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
53.23 + * or visit www.oracle.com if you need additional information or have any
53.24 + * questions.
53.25 + */
53.26 +
53.27 +/*
53.28 + * @test
53.29 + * @bug 7123519
53.30 + * @summary Problem with java/classes_security
53.31 + */
53.32 +
53.33 +import java.net.*;
53.34 +import java.util.*;
53.35 +import java.io.*;
53.36 +import javax.net.ssl.*;
53.37 +import java.security.KeyStore;
53.38 +import java.security.cert.*;
53.39 +import java.security.spec.*;
53.40 +import java.security.interfaces.*;
53.41 +
53.42 +public class ForwardBuildCompromised {
53.43 + // DigiNotar Root CA, untrusted root certificate
53.44 + static String trustedCertStr =
53.45 + "-----BEGIN CERTIFICATE-----\n" +
53.46 + "MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
53.47 + "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
53.48 + "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
53.49 + "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
53.50 + "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" +
53.51 + "MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" +
53.52 + "ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" +
53.53 + "b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" +
53.54 + "bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" +
53.55 + "U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" +
53.56 + "A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" +
53.57 + "I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" +
53.58 + "wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" +
53.59 + "AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" +
53.60 + "oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" +
53.61 + "BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" +
53.62 + "dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" +
53.63 + "MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" +
53.64 + "b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" +
53.65 + "dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" +
53.66 + "MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" +
53.67 + "E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" +
53.68 + "MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" +
53.69 + "hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" +
53.70 + "95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" +
53.71 + "2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" +
53.72 + "-----END CERTIFICATE-----";
53.73 +
53.74 + // DigiNotar Root CA, untrusted cross-certificate
53.75 + static String untrustedCrossCertStr =
53.76 + "-----BEGIN CERTIFICATE-----\n" +
53.77 + "MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
53.78 + "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
53.79 + "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
53.80 + "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
53.81 + "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
53.82 + "MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
53.83 + "EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
53.84 + "hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
53.85 + "ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
53.86 + "OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
53.87 + "hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
53.88 + "gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
53.89 + "IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
53.90 + "BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
53.91 + "Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
53.92 + "5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
53.93 + "DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
53.94 + "9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
53.95 + "7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
53.96 + "ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
53.97 + "BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
53.98 + "BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
53.99 + "VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
53.100 + "bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
53.101 + "A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
53.102 + "BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
53.103 + "xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
53.104 + "ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
53.105 + "ZFdYf+hthc3m6IcJ\n" +
53.106 + "-----END CERTIFICATE-----";
53.107 +
53.108 + // DigiNotar Root CA, compromised certificate
53.109 + static String compromisedCertStr =
53.110 + "-----BEGIN CERTIFICATE-----\n" +
53.111 + "MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" +
53.112 + "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
53.113 + "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
53.114 + "HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" +
53.115 + "MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" +
53.116 + "MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" +
53.117 + "AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" +
53.118 + "8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" +
53.119 + "tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" +
53.120 + "HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" +
53.121 + "zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" +
53.122 + "JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" +
53.123 + "ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" +
53.124 + "a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" +
53.125 + "K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" +
53.126 + "puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" +
53.127 + "yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" +
53.128 + "owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" +
53.129 + "HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" +
53.130 + "jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" +
53.131 + "fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" +
53.132 + "Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" +
53.133 + "M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" +
53.134 + "Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" +
53.135 + "2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" +
53.136 + "/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" +
53.137 + "nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" +
53.138 + "O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" +
53.139 + "9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" +
53.140 + "j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" +
53.141 + "-----END CERTIFICATE-----";
53.142 +
53.143 + // DigiNotar Public CA 2025, intermediate certificate
53.144 + static String intermediateCertStr =
53.145 + "-----BEGIN CERTIFICATE-----\n" +
53.146 + "MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" +
53.147 + "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
53.148 + "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
53.149 + "HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" +
53.150 + "MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" +
53.151 + "IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" +
53.152 + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" +
53.153 + "Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" +
53.154 + "SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" +
53.155 + "Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" +
53.156 + "xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" +
53.157 + "6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" +
53.158 + "sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" +
53.159 + "dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" +
53.160 + "100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" +
53.161 + "AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" +
53.162 + "Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" +
53.163 + "dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" +
53.164 + "IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" +
53.165 + "hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" +
53.166 + "LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" +
53.167 + "+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" +
53.168 + "ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" +
53.169 + "wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" +
53.170 + "a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" +
53.171 + "4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" +
53.172 + "asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" +
53.173 + "yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" +
53.174 + "Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" +
53.175 + "fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" +
53.176 + "hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" +
53.177 + "MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" +
53.178 + "hOiR4IX9Tg==\n" +
53.179 + "-----END CERTIFICATE-----";
53.180 +
53.181 + // The fraudulent certificate issued by above compromised CA
53.182 + static String targetCertStr =
53.183 + "-----BEGIN CERTIFICATE-----\n" +
53.184 + "MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" +
53.185 + "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" +
53.186 + "Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" +
53.187 + "dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" +
53.188 + "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" +
53.189 + "ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" +
53.190 + "b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" +
53.191 + "CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" +
53.192 + "7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" +
53.193 + "ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" +
53.194 + "OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" +
53.195 + "vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" +
53.196 + "EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" +
53.197 + "dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" +
53.198 + "/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" +
53.199 + "aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" +
53.200 + "bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" +
53.201 + "IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" +
53.202 + "dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" +
53.203 + "oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" +
53.204 + "YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" +
53.205 + "b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" +
53.206 + "9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" +
53.207 + "UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" +
53.208 + "pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" +
53.209 + "FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" +
53.210 + "U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" +
53.211 + "baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" +
53.212 + "-----END CERTIFICATE-----";
53.213 +
53.214 + public static void main(String args[]) throws Exception {
53.215 +
53.216 + Exception reservedException = null;
53.217 + try {
53.218 + build();
53.219 + } catch (CertPathBuilderException cpbe) {
53.220 + reservedException = cpbe;
53.221 + }
53.222 +
53.223 + if (reservedException == null) {
53.224 + throw new Exception("Unable to block fraudulent certificate");
53.225 + }
53.226 +
53.227 + System.out.println(
53.228 + "The expected untrusted cert exception: " + reservedException);
53.229 + }
53.230 +
53.231 + private static X509CertSelector generateSelector() throws Exception {
53.232 +
53.233 + // generate certificate from cert strings
53.234 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
53.235 +
53.236 + X509Certificate target = null;
53.237 + try (ByteArrayInputStream is =
53.238 + new ByteArrayInputStream(targetCertStr.getBytes())) {
53.239 + target = (X509Certificate)cf.generateCertificate(is);
53.240 + }
53.241 +
53.242 + X509CertSelector selector = new X509CertSelector();
53.243 + selector.setCertificate(target);
53.244 +
53.245 + return selector;
53.246 + }
53.247 +
53.248 +
53.249 + private static CertStore generateCertificateStore() throws Exception {
53.250 +
53.251 + // generate certificate from cert strings
53.252 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
53.253 +
53.254 + // generate certification path
53.255 + Set<Certificate> entries = new HashSet();
53.256 +
53.257 + try (ByteArrayInputStream is =
53.258 + new ByteArrayInputStream(targetCertStr.getBytes())) {
53.259 + entries.add(cf.generateCertificate(is));
53.260 + }
53.261 +
53.262 + try (ByteArrayInputStream is =
53.263 + new ByteArrayInputStream(intermediateCertStr.getBytes())) {
53.264 + entries.add(cf.generateCertificate(is));
53.265 + }
53.266 +
53.267 + try (ByteArrayInputStream is =
53.268 + new ByteArrayInputStream(compromisedCertStr.getBytes())) {
53.269 + entries.add(cf.generateCertificate(is));
53.270 + }
53.271 +
53.272 + try (ByteArrayInputStream is =
53.273 + new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) {
53.274 + entries.add(cf.generateCertificate(is));
53.275 + }
53.276 +
53.277 + return CertStore.getInstance("Collection",
53.278 + new CollectionCertStoreParameters(entries));
53.279 + }
53.280 +
53.281 + private static Set<TrustAnchor> generateTrustAnchors()
53.282 + throws CertificateException, IOException {
53.283 + // generate certificate from cert string
53.284 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
53.285 +
53.286 + Certificate trustedCert = null;
53.287 + try (ByteArrayInputStream is =
53.288 + new ByteArrayInputStream(trustedCertStr.getBytes())) {
53.289 + trustedCert = cf.generateCertificate(is);
53.290 + }
53.291 +
53.292 + // generate a trust anchor
53.293 + TrustAnchor anchor =
53.294 + new TrustAnchor((X509Certificate)trustedCert, null);
53.295 +
53.296 + return Collections.singleton(anchor);
53.297 + }
53.298 +
53.299 + private static void build() throws Exception {
53.300 + X509CertSelector selector = generateSelector();
53.301 + Set<TrustAnchor> anchors = generateTrustAnchors();
53.302 + CertStore certs = generateCertificateStore();
53.303 +
53.304 + PKIXBuilderParameters params =
53.305 + new PKIXBuilderParameters(anchors, selector);
53.306 + params.addCertStore(certs);
53.307 + params.setRevocationEnabled(false);
53.308 + params.setDate(new Date(111, 11, 25)); // 2011-12-25
53.309 +
53.310 + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
53.311 + PKIXCertPathBuilderResult result =
53.312 + (PKIXCertPathBuilderResult)builder.build(params);
53.313 + }
53.314 +}
53.315 +
54.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
54.2 +++ b/test/sun/security/provider/certpath/X509CertPath/ReverseBuildCompromised.java Fri Feb 24 18:24:03 2012 -0800
54.3 @@ -0,0 +1,315 @@
54.4 +/*
54.5 + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
54.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
54.7 + *
54.8 + * This code is free software; you can redistribute it and/or modify it
54.9 + * under the terms of the GNU General Public License version 2 only, as
54.10 + * published by the Free Software Foundation.
54.11 + *
54.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
54.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
54.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
54.15 + * version 2 for more details (a copy is included in the LICENSE file that
54.16 + * accompanied this code).
54.17 + *
54.18 + * You should have received a copy of the GNU General Public License version
54.19 + * 2 along with this work; if not, write to the Free Software Foundation,
54.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
54.21 + *
54.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
54.23 + * or visit www.oracle.com if you need additional information or have any
54.24 + * questions.
54.25 + */
54.26 +
54.27 +/*
54.28 + * @test
54.29 + * @bug 7123519
54.30 + * @summary Problem with java/classes_security
54.31 + */
54.32 +
54.33 +import java.net.*;
54.34 +import java.util.*;
54.35 +import java.io.*;
54.36 +import javax.net.ssl.*;
54.37 +import java.security.KeyStore;
54.38 +import java.security.cert.*;
54.39 +import java.security.spec.*;
54.40 +import java.security.interfaces.*;
54.41 +import sun.security.provider.certpath.SunCertPathBuilderParameters;
54.42 +
54.43 +public class ReverseBuildCompromised {
54.44 + // DigiNotar Root CA, untrusted root certificate
54.45 + static String trustedCertStr =
54.46 + "-----BEGIN CERTIFICATE-----\n" +
54.47 + "MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
54.48 + "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
54.49 + "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
54.50 + "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
54.51 + "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" +
54.52 + "MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" +
54.53 + "ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" +
54.54 + "b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" +
54.55 + "bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" +
54.56 + "U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" +
54.57 + "A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" +
54.58 + "I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" +
54.59 + "wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" +
54.60 + "AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" +
54.61 + "oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" +
54.62 + "BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" +
54.63 + "dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" +
54.64 + "MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" +
54.65 + "b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" +
54.66 + "dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" +
54.67 + "MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" +
54.68 + "E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" +
54.69 + "MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" +
54.70 + "hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" +
54.71 + "95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" +
54.72 + "2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" +
54.73 + "-----END CERTIFICATE-----";
54.74 +
54.75 + // DigiNotar Root CA, untrusted cross-certificate
54.76 + static String untrustedCrossCertStr =
54.77 + "-----BEGIN CERTIFICATE-----\n" +
54.78 + "MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
54.79 + "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
54.80 + "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
54.81 + "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
54.82 + "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
54.83 + "MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
54.84 + "EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
54.85 + "hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
54.86 + "ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
54.87 + "OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
54.88 + "hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
54.89 + "gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
54.90 + "IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
54.91 + "BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
54.92 + "Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
54.93 + "5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
54.94 + "DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
54.95 + "9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
54.96 + "7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
54.97 + "ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
54.98 + "BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
54.99 + "BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
54.100 + "VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
54.101 + "bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
54.102 + "A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
54.103 + "BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
54.104 + "xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
54.105 + "ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
54.106 + "ZFdYf+hthc3m6IcJ\n" +
54.107 + "-----END CERTIFICATE-----";
54.108 +
54.109 + // DigiNotar Root CA, compromised certificate
54.110 + static String compromisedCertStr =
54.111 + "-----BEGIN CERTIFICATE-----\n" +
54.112 + "MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" +
54.113 + "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
54.114 + "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
54.115 + "HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" +
54.116 + "MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" +
54.117 + "MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" +
54.118 + "AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" +
54.119 + "8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" +
54.120 + "tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" +
54.121 + "HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" +
54.122 + "zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" +
54.123 + "JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" +
54.124 + "ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" +
54.125 + "a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" +
54.126 + "K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" +
54.127 + "puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" +
54.128 + "yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" +
54.129 + "owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" +
54.130 + "HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" +
54.131 + "jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" +
54.132 + "fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" +
54.133 + "Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" +
54.134 + "M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" +
54.135 + "Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" +
54.136 + "2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" +
54.137 + "/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" +
54.138 + "nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" +
54.139 + "O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" +
54.140 + "9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" +
54.141 + "j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" +
54.142 + "-----END CERTIFICATE-----";
54.143 +
54.144 + // DigiNotar Public CA 2025, intermediate certificate
54.145 + static String intermediateCertStr =
54.146 + "-----BEGIN CERTIFICATE-----\n" +
54.147 + "MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" +
54.148 + "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
54.149 + "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
54.150 + "HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" +
54.151 + "MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" +
54.152 + "IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" +
54.153 + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" +
54.154 + "Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" +
54.155 + "SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" +
54.156 + "Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" +
54.157 + "xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" +
54.158 + "6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" +
54.159 + "sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" +
54.160 + "dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" +
54.161 + "100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" +
54.162 + "AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" +
54.163 + "Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" +
54.164 + "dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" +
54.165 + "IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" +
54.166 + "hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" +
54.167 + "LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" +
54.168 + "+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" +
54.169 + "ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" +
54.170 + "wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" +
54.171 + "a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" +
54.172 + "4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" +
54.173 + "asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" +
54.174 + "yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" +
54.175 + "Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" +
54.176 + "fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" +
54.177 + "hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" +
54.178 + "MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" +
54.179 + "hOiR4IX9Tg==\n" +
54.180 + "-----END CERTIFICATE-----";
54.181 +
54.182 + // The fraudulent certificate issued by above compromised CA
54.183 + static String targetCertStr =
54.184 + "-----BEGIN CERTIFICATE-----\n" +
54.185 + "MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" +
54.186 + "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" +
54.187 + "Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" +
54.188 + "dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" +
54.189 + "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" +
54.190 + "ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" +
54.191 + "b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" +
54.192 + "CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" +
54.193 + "7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" +
54.194 + "ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" +
54.195 + "OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" +
54.196 + "vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" +
54.197 + "EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" +
54.198 + "dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" +
54.199 + "/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" +
54.200 + "aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" +
54.201 + "bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" +
54.202 + "IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" +
54.203 + "dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" +
54.204 + "oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" +
54.205 + "YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" +
54.206 + "b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" +
54.207 + "9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" +
54.208 + "UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" +
54.209 + "pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" +
54.210 + "FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" +
54.211 + "U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" +
54.212 + "baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" +
54.213 + "-----END CERTIFICATE-----";
54.214 +
54.215 + public static void main(String args[]) throws Exception {
54.216 +
54.217 + Exception reservedException = null;
54.218 + try {
54.219 + build();
54.220 + } catch (CertPathBuilderException cpbe) {
54.221 + reservedException = cpbe;
54.222 + }
54.223 +
54.224 + if (reservedException == null) {
54.225 + throw new Exception("Unable to block fraudulent certificate");
54.226 + }
54.227 +
54.228 + System.out.println(
54.229 + "The expected untrusted cert exception: " + reservedException);
54.230 + }
54.231 +
54.232 + private static X509CertSelector generateSelector() throws Exception {
54.233 +
54.234 + // generate certificate from cert strings
54.235 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
54.236 +
54.237 + X509Certificate target = null;
54.238 + try (ByteArrayInputStream is =
54.239 + new ByteArrayInputStream(targetCertStr.getBytes())) {
54.240 + target = (X509Certificate)cf.generateCertificate(is);
54.241 + }
54.242 +
54.243 + X509CertSelector selector = new X509CertSelector();
54.244 + selector.setCertificate(target);
54.245 + selector.setSubject(target.getSubjectX500Principal());
54.246 +
54.247 + return selector;
54.248 + }
54.249 +
54.250 +
54.251 + private static CertStore generateCertificateStore() throws Exception {
54.252 +
54.253 + // generate certificate from cert strings
54.254 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
54.255 +
54.256 + // generate certification path
54.257 + Set<Certificate> entries = new HashSet();
54.258 +
54.259 + try (ByteArrayInputStream is =
54.260 + new ByteArrayInputStream(targetCertStr.getBytes())) {
54.261 + entries.add(cf.generateCertificate(is));
54.262 + }
54.263 +
54.264 + try (ByteArrayInputStream is =
54.265 + new ByteArrayInputStream(intermediateCertStr.getBytes())) {
54.266 + entries.add(cf.generateCertificate(is));
54.267 + }
54.268 +
54.269 + try (ByteArrayInputStream is =
54.270 + new ByteArrayInputStream(compromisedCertStr.getBytes())) {
54.271 + entries.add(cf.generateCertificate(is));
54.272 + }
54.273 +
54.274 + try (ByteArrayInputStream is =
54.275 + new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) {
54.276 + entries.add(cf.generateCertificate(is));
54.277 + }
54.278 +
54.279 + return CertStore.getInstance("Collection",
54.280 + new CollectionCertStoreParameters(entries));
54.281 + }
54.282 +
54.283 + private static Set<TrustAnchor> generateTrustAnchors()
54.284 + throws CertificateException, IOException {
54.285 + // generate certificate from cert string
54.286 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
54.287 +
54.288 + Certificate trustedCert = null;
54.289 + try (ByteArrayInputStream is =
54.290 + new ByteArrayInputStream(trustedCertStr.getBytes())) {
54.291 + trustedCert = cf.generateCertificate(is);
54.292 + }
54.293 +
54.294 + // generate a trust anchor
54.295 + TrustAnchor anchor =
54.296 + new TrustAnchor((X509Certificate)trustedCert, null);
54.297 +
54.298 + return Collections.singleton(anchor);
54.299 + }
54.300 +
54.301 + private static void build() throws Exception {
54.302 + X509CertSelector selector = generateSelector();
54.303 + Set<TrustAnchor> anchors = generateTrustAnchors();
54.304 + CertStore certs = generateCertificateStore();
54.305 +
54.306 + SunCertPathBuilderParameters params =
54.307 + new SunCertPathBuilderParameters(anchors, selector);
54.308 + params.setBuildForward(false);
54.309 + params.addCertStore(certs);
54.310 + params.setRevocationEnabled(false);
54.311 + params.setDate(new Date(111, 11, 25)); // 2011-12-25
54.312 +
54.313 + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
54.314 + PKIXCertPathBuilderResult result =
54.315 + (PKIXCertPathBuilderResult)builder.build(params);
54.316 + }
54.317 +}
54.318 +
55.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
55.2 +++ b/test/sun/security/provider/certpath/X509CertPath/ValidateCompromised.java Fri Feb 24 18:24:03 2012 -0800
55.3 @@ -0,0 +1,297 @@
55.4 +/*
55.5 + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
55.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
55.7 + *
55.8 + * This code is free software; you can redistribute it and/or modify it
55.9 + * under the terms of the GNU General Public License version 2 only, as
55.10 + * published by the Free Software Foundation.
55.11 + *
55.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
55.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
55.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
55.15 + * version 2 for more details (a copy is included in the LICENSE file that
55.16 + * accompanied this code).
55.17 + *
55.18 + * You should have received a copy of the GNU General Public License version
55.19 + * 2 along with this work; if not, write to the Free Software Foundation,
55.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
55.21 + *
55.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
55.23 + * or visit www.oracle.com if you need additional information or have any
55.24 + * questions.
55.25 + */
55.26 +
55.27 +/*
55.28 + * @test
55.29 + * @bug 7123519
55.30 + * @summary Problem with java/classes_security
55.31 + */
55.32 +
55.33 +import java.net.*;
55.34 +import java.util.*;
55.35 +import java.io.*;
55.36 +import javax.net.ssl.*;
55.37 +import java.security.KeyStore;
55.38 +import java.security.cert.*;
55.39 +import java.security.spec.*;
55.40 +import java.security.interfaces.*;
55.41 +
55.42 +public class ValidateCompromised {
55.43 + // DigiNotar Root CA, untrusted root certificate
55.44 + static String trustedCertStr =
55.45 + "-----BEGIN CERTIFICATE-----\n" +
55.46 + "MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
55.47 + "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
55.48 + "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
55.49 + "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
55.50 + "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" +
55.51 + "MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" +
55.52 + "ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" +
55.53 + "b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" +
55.54 + "bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" +
55.55 + "U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" +
55.56 + "A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" +
55.57 + "I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" +
55.58 + "wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" +
55.59 + "AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" +
55.60 + "oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" +
55.61 + "BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" +
55.62 + "dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" +
55.63 + "MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" +
55.64 + "b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" +
55.65 + "dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" +
55.66 + "MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" +
55.67 + "E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" +
55.68 + "MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" +
55.69 + "hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" +
55.70 + "95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" +
55.71 + "2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" +
55.72 + "-----END CERTIFICATE-----";
55.73 +
55.74 + // DigiNotar Root CA, untrusted cross-certificate
55.75 + static String untrustedCrossCertStr =
55.76 + "-----BEGIN CERTIFICATE-----\n" +
55.77 + "MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
55.78 + "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
55.79 + "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
55.80 + "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
55.81 + "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
55.82 + "MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
55.83 + "EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
55.84 + "hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
55.85 + "ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
55.86 + "OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
55.87 + "hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
55.88 + "gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
55.89 + "IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
55.90 + "BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
55.91 + "Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
55.92 + "5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
55.93 + "DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
55.94 + "9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
55.95 + "7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
55.96 + "ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
55.97 + "BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
55.98 + "BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
55.99 + "VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
55.100 + "bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
55.101 + "A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
55.102 + "BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
55.103 + "xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
55.104 + "ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
55.105 + "ZFdYf+hthc3m6IcJ\n" +
55.106 + "-----END CERTIFICATE-----";
55.107 +
55.108 + // DigiNotar Root CA, compromised certificate
55.109 + static String compromisedCertStr =
55.110 + "-----BEGIN CERTIFICATE-----\n" +
55.111 + "MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" +
55.112 + "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
55.113 + "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
55.114 + "HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" +
55.115 + "MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" +
55.116 + "MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" +
55.117 + "AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" +
55.118 + "8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" +
55.119 + "tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" +
55.120 + "HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" +
55.121 + "zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" +
55.122 + "JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" +
55.123 + "ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" +
55.124 + "a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" +
55.125 + "K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" +
55.126 + "puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" +
55.127 + "yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" +
55.128 + "owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" +
55.129 + "HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" +
55.130 + "jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" +
55.131 + "fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" +
55.132 + "Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" +
55.133 + "M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" +
55.134 + "Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" +
55.135 + "2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" +
55.136 + "/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" +
55.137 + "nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" +
55.138 + "O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" +
55.139 + "9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" +
55.140 + "j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" +
55.141 + "-----END CERTIFICATE-----";
55.142 +
55.143 + // DigiNotar Public CA 2025, intermediate certificate
55.144 + static String intermediateCertStr =
55.145 + "-----BEGIN CERTIFICATE-----\n" +
55.146 + "MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" +
55.147 + "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
55.148 + "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
55.149 + "HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" +
55.150 + "MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" +
55.151 + "IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" +
55.152 + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" +
55.153 + "Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" +
55.154 + "SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" +
55.155 + "Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" +
55.156 + "xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" +
55.157 + "6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" +
55.158 + "sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" +
55.159 + "dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" +
55.160 + "100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" +
55.161 + "AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" +
55.162 + "Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" +
55.163 + "dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" +
55.164 + "IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" +
55.165 + "hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" +
55.166 + "LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" +
55.167 + "+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" +
55.168 + "ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" +
55.169 + "wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" +
55.170 + "a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" +
55.171 + "4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" +
55.172 + "asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" +
55.173 + "yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" +
55.174 + "Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" +
55.175 + "fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" +
55.176 + "hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" +
55.177 + "MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" +
55.178 + "hOiR4IX9Tg==\n" +
55.179 + "-----END CERTIFICATE-----";
55.180 +
55.181 + // The fraudulent certificate issued by above compromised CA
55.182 + static String targetCertStr =
55.183 + "-----BEGIN CERTIFICATE-----\n" +
55.184 + "MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" +
55.185 + "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" +
55.186 + "Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" +
55.187 + "dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" +
55.188 + "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" +
55.189 + "ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" +
55.190 + "b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" +
55.191 + "CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" +
55.192 + "7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" +
55.193 + "ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" +
55.194 + "OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" +
55.195 + "vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" +
55.196 + "EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" +
55.197 + "dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" +
55.198 + "/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" +
55.199 + "aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" +
55.200 + "bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" +
55.201 + "IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" +
55.202 + "dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" +
55.203 + "oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" +
55.204 + "YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" +
55.205 + "b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" +
55.206 + "9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" +
55.207 + "UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" +
55.208 + "pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" +
55.209 + "FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" +
55.210 + "U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" +
55.211 + "baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" +
55.212 + "-----END CERTIFICATE-----";
55.213 +
55.214 + public static void main(String args[]) throws Exception {
55.215 +
55.216 + Exception reservedException = null;
55.217 + try {
55.218 + validate();
55.219 + } catch (CertPathValidatorException cpve) {
55.220 + reservedException = cpve;
55.221 + }
55.222 +
55.223 + if (reservedException == null) {
55.224 + throw new Exception("Unable to block fraudulent certificate");
55.225 + }
55.226 +
55.227 + System.out.println(
55.228 + "The expected untrusted cert exception: " + reservedException);
55.229 + }
55.230 +
55.231 + private static CertPath generateCertificatePath()
55.232 + throws CertificateException, IOException {
55.233 +
55.234 + // generate certificate from cert strings
55.235 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
55.236 +
55.237 + // generate certification path
55.238 + List<Certificate> list = new ArrayList();
55.239 +
55.240 + try (ByteArrayInputStream is =
55.241 + new ByteArrayInputStream(targetCertStr.getBytes())) {
55.242 + list.add(cf.generateCertificate(is));
55.243 + }
55.244 +
55.245 + try (ByteArrayInputStream is =
55.246 + new ByteArrayInputStream(intermediateCertStr.getBytes())) {
55.247 + list.add(cf.generateCertificate(is));
55.248 + }
55.249 +
55.250 + try (ByteArrayInputStream is =
55.251 + new ByteArrayInputStream(compromisedCertStr.getBytes())) {
55.252 + list.add(cf.generateCertificate(is));
55.253 + }
55.254 +
55.255 + try (ByteArrayInputStream is =
55.256 + new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) {
55.257 + list.add(cf.generateCertificate(is));
55.258 + }
55.259 +
55.260 + return cf.generateCertPath(list);
55.261 + }
55.262 +
55.263 + private static Set<TrustAnchor> generateTrustAnchors()
55.264 + throws CertificateException, IOException {
55.265 + // generate certificate from cert string
55.266 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
55.267 +
55.268 + Certificate trustedCert = null;
55.269 + try (ByteArrayInputStream is =
55.270 + new ByteArrayInputStream(trustedCertStr.getBytes())) {
55.271 + trustedCert = cf.generateCertificate(is);
55.272 + }
55.273 +
55.274 + // generate a trust anchor
55.275 + TrustAnchor anchor =
55.276 + new TrustAnchor((X509Certificate)trustedCert, null);
55.277 +
55.278 + return Collections.singleton(anchor);
55.279 + }
55.280 +
55.281 + private static void validate()
55.282 + throws CertPathValidatorException, Exception {
55.283 +
55.284 + CertPath path = generateCertificatePath();
55.285 + Set<TrustAnchor> anchors = generateTrustAnchors();
55.286 +
55.287 + PKIXParameters params = new PKIXParameters(anchors);
55.288 +
55.289 + // disable certificate revocation checking
55.290 + params.setRevocationEnabled(false);
55.291 +
55.292 + // set the validation time
55.293 + params.setDate(new Date(111, 11, 25)); // 2011-12-25
55.294 +
55.295 + CertPathValidator validator = CertPathValidator.getInstance("PKIX");
55.296 +
55.297 + validator.validate(path, params);
55.298 + }
55.299 +}
55.300 +
56.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
56.2 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/ComodoHacker.java Fri Feb 24 18:24:03 2012 -0800
56.3 @@ -0,0 +1,305 @@
56.4 +/*
56.5 + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
56.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
56.7 + *
56.8 + * This code is free software; you can redistribute it and/or modify it
56.9 + * under the terms of the GNU General Public License version 2 only, as
56.10 + * published by the Free Software Foundation.
56.11 + *
56.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
56.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
56.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
56.15 + * version 2 for more details (a copy is included in the LICENSE file that
56.16 + * accompanied this code).
56.17 + *
56.18 + * You should have received a copy of the GNU General Public License version
56.19 + * 2 along with this work; if not, write to the Free Software Foundation,
56.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
56.21 + *
56.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
56.23 + * or visit www.oracle.com if you need additional information or have any
56.24 + * questions.
56.25 + */
56.26 +
56.27 +/*
56.28 + * @test
56.29 + * @bug 7123519
56.30 + * @summary Problem with java/classes_security
56.31 + * @run main/othervm ComodoHacker PKIX
56.32 + * @run main/othervm ComodoHacker SunX509
56.33 + */
56.34 +
56.35 +import java.net.*;
56.36 +import java.util.*;
56.37 +import java.io.*;
56.38 +import javax.net.ssl.*;
56.39 +import java.security.KeyStore;
56.40 +import java.security.cert.Certificate;
56.41 +import java.security.cert.CertificateFactory;
56.42 +import java.security.cert.X509Certificate;
56.43 +import java.security.cert.CertificateException;
56.44 +import java.security.spec.*;
56.45 +import java.security.interfaces.*;
56.46 +
56.47 +public class ComodoHacker {
56.48 + // DigiNotar Root CA, untrusted root certificate
56.49 + static String trustedCertStr =
56.50 + "-----BEGIN CERTIFICATE-----\n" +
56.51 + "MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
56.52 + "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
56.53 + "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
56.54 + "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
56.55 + "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1\n" +
56.56 + "MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE\n" +
56.57 + "ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j\n" +
56.58 + "b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF\n" +
56.59 + "bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg\n" +
56.60 + "U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA\n" +
56.61 + "A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/\n" +
56.62 + "I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3\n" +
56.63 + "wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC\n" +
56.64 + "AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb\n" +
56.65 + "oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5\n" +
56.66 + "BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p\n" +
56.67 + "dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk\n" +
56.68 + "MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp\n" +
56.69 + "b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu\n" +
56.70 + "dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0\n" +
56.71 + "MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi\n" +
56.72 + "E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa\n" +
56.73 + "MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI\n" +
56.74 + "hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN\n" +
56.75 + "95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd\n" +
56.76 + "2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=\n" +
56.77 + "-----END CERTIFICATE-----";
56.78 +
56.79 + // DigiNotar Root CA, untrusted cross-certificate
56.80 + static String untrustedCrossCertStr =
56.81 + "-----BEGIN CERTIFICATE-----\n" +
56.82 + "MIIFSDCCBLGgAwIBAgIERpwsrzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC\n" +
56.83 + "VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u\n" +
56.84 + "ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc\n" +
56.85 + "KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u\n" +
56.86 + "ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzA3\n" +
56.87 + "MjYxNTU3MzlaFw0xMzA4MjYxNjI3MzlaMF8xCzAJBgNVBAYTAk5MMRIwEAYDVQQK\n" +
56.88 + "EwlEaWdpTm90YXIxGjAYBgNVBAMTEURpZ2lOb3RhciBSb290IENBMSAwHgYJKoZI\n" +
56.89 + "hvcNAQkBFhFpbmZvQGRpZ2lub3Rhci5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\n" +
56.90 + "ADCCAgoCggIBAKywWMEAvdghCAsrmv5uVjAFnxt3kBBBXMMNhxF3joHxynzpjGrt\n" +
56.91 + "OHQ1u9rf+bvACTe0lnOBfTMamDn3k2+Vfz25sXWHulFI6ItwPpUExdi2wxbZiLCx\n" +
56.92 + "hx1w2oa0DxSLes8Q0XQ2ohJ7d4ZKeeZ73wIRaKVOhq40WJskE3hWIiUeAYtLUXH7\n" +
56.93 + "gsxZlmmIWmhTxbkNAjfLS7xmSpB+KgsFB+0WX1WQddhGyRuD4gi+8SPMmR3WKg+D\n" +
56.94 + "IBVYJ4Iu+uIiwkmxuQGBap1tnUB3aHZOISpthECFTnaZfILz87cCWdQmARuO361T\n" +
56.95 + "BtGuGN3isjrL14g4jqxbKbkZ05j5GAPPSIKGZgsbaQ/J6ziIeiYaBUyS1yTUlvKs\n" +
56.96 + "Ui2jR9VS9j/+zoQGcKaqPqLytlY0GFei5IFt58rwatPHkWsCg0F8Fe9rmmRe49A8\n" +
56.97 + "5bHre12G+8vmd0nNo2Xc97mcuOQLX5PPzDAaMhzOHGOVpfnq4XSLnukrqTB7oBgf\n" +
56.98 + "DhgL5Vup09FsHgdnj5FLqYq80maqkwGIspH6MVzVpsFSCAnNCmOi0yKm6KHZOQaX\n" +
56.99 + "9W6NApCMFHs/gM0bnLrEWHIjr7ZWn8Z6QjMpBz+CyeYfBQ3NTCg2i9PIPhzGiO9e\n" +
56.100 + "7olk6R3r2ol+MqZp0d3MiJ/R0MlmIdwGZ8WUepptYkx9zOBkgLKeR46jAgMBAAGj\n" +
56.101 + "ggEmMIIBIjASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMB\n" +
56.102 + "BggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMDMGCCsGAQUF\n" +
56.103 + "BwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYD\n" +
56.104 + "VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9zZXJ2ZXIxLmNy\n" +
56.105 + "bDAdBgNVHQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wCwYDVR0PBAQDAgEGMB8G\n" +
56.106 + "A1UdIwQYMBaAFPAXYhNVPbP/CgBr+1CEl/PtYtAaMBkGCSqGSIb2fQdBAAQMMAob\n" +
56.107 + "BFY3LjEDAgCBMA0GCSqGSIb3DQEBBQUAA4GBAEa6RcDNcEIGUlkDJUY/pWTds4zh\n" +
56.108 + "xbVkp3wSmpwPFhx5fxTyF4HD2L60jl3aqjTB7gPpsL2Pk5QZlNsi3t4UkCV70UOd\n" +
56.109 + "ueJRN3o/LOtk4+bjXY2lC0qTHbN80VMLqPjmaf9ghSA9hwhskdtMgRsgfd90q5QP\n" +
56.110 + "ZFdYf+hthc3m6IcJ\n" +
56.111 + "-----END CERTIFICATE-----";
56.112 +
56.113 + // DigiNotar Root CA, compromised certificate
56.114 + static String compromisedCertStr =
56.115 + "-----BEGIN CERTIFICATE-----\n" +
56.116 + "MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf\n" +
56.117 + "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
56.118 + "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
56.119 + "HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES\n" +
56.120 + "MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg\n" +
56.121 + "MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB\n" +
56.122 + "AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B\n" +
56.123 + "8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY\n" +
56.124 + "tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl\n" +
56.125 + "HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj\n" +
56.126 + "zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU\n" +
56.127 + "JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM\n" +
56.128 + "ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv\n" +
56.129 + "a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p\n" +
56.130 + "K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi\n" +
56.131 + "puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT\n" +
56.132 + "yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO\n" +
56.133 + "owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV\n" +
56.134 + "HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC\n" +
56.135 + "jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy\n" +
56.136 + "fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo\n" +
56.137 + "Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo\n" +
56.138 + "M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM\n" +
56.139 + "Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed\n" +
56.140 + "2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH\n" +
56.141 + "/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl\n" +
56.142 + "nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE\n" +
56.143 + "O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU\n" +
56.144 + "9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9\n" +
56.145 + "j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr\n" +
56.146 + "-----END CERTIFICATE-----";
56.147 +
56.148 + // DigiNotar Public CA 2025, intermediate certificate
56.149 + static String intermediateCertStr =
56.150 + "-----BEGIN CERTIFICATE-----\n" +
56.151 + "MIIGAzCCA+ugAwIBAgIQHn16Uz1FMEGWQA9xSB9FBDANBgkqhkiG9w0BAQUFADBf\n" +
56.152 + "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp\n" +
56.153 + "Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww\n" +
56.154 + "HhcNMDYwMjA2MTYwNzAyWhcNMjUwMzI4MTYwNzAyWjBmMQswCQYDVQQGEwJOTDES\n" +
56.155 + "MBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdpTm90YXIgUHVibGljIENB\n" +
56.156 + "IDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5vdGFyLm5sMIIBIjANBgkq\n" +
56.157 + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/2eu/I5fMG8lbvPph3e8zfJpZQtg/72\n" +
56.158 + "Yx29+ivtKehiF6A3n785XyoY6IT3vlCrhy1CbMOY3M0x1n4YQlv17B0XZ/DqHyBA\n" +
56.159 + "SQvnDNbkM9j4NoSy/sRtGsP6PetIFFjrhE9whZuvuSUC1PY4PruEEJp8zOCx4+wU\n" +
56.160 + "Zt9xvjy4Xra+bSia5rwccQ/R5FYTGKrYCthOy9C9ud5Fhd++rlVhgdA/78w+Cs2s\n" +
56.161 + "xS4i0MAxG75P3/e/bATJKepbydHdDjkyz9o3RW/wdPUXhzEw4EwUjYg6XJrDzMad\n" +
56.162 + "6aL9M/eaxDjgz6o48EaWRDrGptaE2uJRuErVz7oOO0p/wYKq/BU+/wIDAQABo4IB\n" +
56.163 + "sjCCAa4wOgYIKwYBBQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vdmFsaWRh\n" +
56.164 + "dGlvbi5kaWdpbm90YXIubmwwHwYDVR0jBBgwFoAUiGi/4I41xDs4a2L3KDuEgcgM\n" +
56.165 + "100wEgYDVR0TAQH/BAgwBgEB/wIBADCBxgYDVR0gBIG+MIG7MIG4Bg5ghBABh2kB\n" +
56.166 + "AQEBBQIGBDCBpTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpbm90YXIubmwv\n" +
56.167 + "Y3BzMHoGCCsGAQUFBwICMG4abENvbmRpdGlvbnMsIGFzIG1lbnRpb25lZCBvbiBv\n" +
56.168 + "dXIgd2Vic2l0ZSAod3d3LmRpZ2lub3Rhci5ubCksIGFyZSBhcHBsaWNhYmxlIHRv\n" +
56.169 + "IGFsbCBvdXIgcHJvZHVjdHMgYW5kIHNlcnZpY2VzLjBDBgNVHR8EPDA6MDigNqA0\n" +
56.170 + "hjJodHRwOi8vc2VydmljZS5kaWdpbm90YXIubmwvY3JsL3Jvb3QvbGF0ZXN0Q1JM\n" +
56.171 + "LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFN8zwK+S/jf8ttgWFtDZsZHV\n" +
56.172 + "+m6lMA0GCSqGSIb3DQEBBQUAA4ICAQCfV1rmBd9QStEyQ40lT0tqby0/3ez0STuJ\n" +
56.173 + "ESBQLQD56XYdb4VFSuqA6xTtiuSVHLoiv2xyISN9FvX3A5VtifkJ00JEaLQJiSsE\n" +
56.174 + "wGDkYGl1DT7SsqtAVKdMAuCM+e0j0/RV3hZ6kcrM7/wFccHwM+/TiurR9lgZDzB4\n" +
56.175 + "a7++A4XrYyKx9vc9ZwBEnD1nrAe7++gg9cuZgP7e+QL0FBHMjpw+gnCDjr2dzBZC\n" +
56.176 + "4r+b8SOqlbPRPexBuNghlc7PfcPIyFis2LJXDRMWiAd3TcfdALwRsuKMR/T+cwyr\n" +
56.177 + "asy69OEGHplLT57otQ524BDctDXNzlH9bHEh52QzqkWvIDqs42910IUy1nYNPIUG\n" +
56.178 + "yYJV/T7H8Jb6vfMZWe47iUFvtNZCi8+b542gRUwdi+ca+hGviBC9Qr4Wv1pl7CBQ\n" +
56.179 + "Hy1axTkHiQawUo/hgmoetCpftugl9yJTfvsBorUV1ZMxn9B1JLSGtWnbUsFRla7G\n" +
56.180 + "fNa0IsUkzmmha8XCzvNu0d1PDGtcQyUqmDOE1Hx4cIBeuF8ipuIXkrVCr9zAZ4ZC\n" +
56.181 + "hgz6aA1gDTW8whSRJqYEYEQ0pcMEFLyXE+Nz3O8NinO2AuxqKhjMk13203xA7lPY\n" +
56.182 + "MnBQ0v7S3qqbp/pvPMiUhOz/VaYted6QmOY5EATBnFiLCuw87JXoAyp382eJ3WX1\n" +
56.183 + "hOiR4IX9Tg==\n" +
56.184 + "-----END CERTIFICATE-----";
56.185 +
56.186 + // The fraudulent certificate issued by above compromised CA
56.187 + static String targetCertStr =
56.188 + "-----BEGIN CERTIFICATE-----\n" +
56.189 + "MIIFKDCCBBCgAwIBAgIQBeLmpM0J6lTWZbB1/iKiVjANBgkqhkiG9w0BAQUFADBm\n" +
56.190 + "MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMSEwHwYDVQQDExhEaWdp\n" +
56.191 + "Tm90YXIgUHVibGljIENBIDIwMjUxIDAeBgkqhkiG9w0BCQEWEWluZm9AZGlnaW5v\n" +
56.192 + "dGFyLm5sMB4XDTExMDcxMDE5MDYzMFoXDTEzMDcwOTE5MDYzMFowajELMAkGA1UE\n" +
56.193 + "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZp\n" +
56.194 + "ZXcxFzAVBgNVBAUTDlBLMDAwMjI5MjAwMDAyMRUwEwYDVQQDEwwqLmdvb2dsZS5j\n" +
56.195 + "b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbeKubCV0aCxhOiOS\n" +
56.196 + "CSQ/w9HXTYuD5BLKuiqXNw3setdTymeJz2L8aWOHo3nicFNDVwWTgwWomGNr2J6Q\n" +
56.197 + "7g1iINNSW0rR4E1l2szRkcnAY6c6i/Eke93nF4i2hDsnIBveolF5yjpuRm73uQQD\n" +
56.198 + "ulHjA3BFRF/PTi0fw2/Yt+8ieoMuNcMWN6Eou5Gqt5YZkWv176ofeCbsBmMrP87x\n" +
56.199 + "OhhtTDckCapk4VQZG2XrfzZcV6tdzCp5TI8uHdu17cdzXm1imZ8tyvzFeiCEOQN8\n" +
56.200 + "vPNzB/fIr3CJQ5q4uM5aKT3DD5PeVzf4rfJKQNgCTWiIBc9XcWEUuszwAsnmg7e2\n" +
56.201 + "EJRdAgMBAAGjggHMMIIByDA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0\n" +
56.202 + "dHA6Ly92YWxpZGF0aW9uLmRpZ2lub3Rhci5ubDAfBgNVHSMEGDAWgBTfM8Cvkv43\n" +
56.203 + "/LbYFhbQ2bGR1fpupTAJBgNVHRMEAjAAMIHGBgNVHSAEgb4wgbswgbgGDmCEEAGH\n" +
56.204 + "aQEBAQIEAQICMIGlMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2lub3Rhci5u\n" +
56.205 + "bC9jcHMwegYIKwYBBQUHAgIwbhpsQ29uZGl0aW9ucywgYXMgbWVudGlvbmVkIG9u\n" +
56.206 + "IG91ciB3ZWJzaXRlICh3d3cuZGlnaW5vdGFyLm5sKSwgYXJlIGFwcGxpY2FibGUg\n" +
56.207 + "dG8gYWxsIG91ciBwcm9kdWN0cyBhbmQgc2VydmljZXMuMEkGA1UdHwRCMEAwPqA8\n" +
56.208 + "oDqGOGh0dHA6Ly9zZXJ2aWNlLmRpZ2lub3Rhci5ubC9jcmwvcHVibGljMjAyNS9s\n" +
56.209 + "YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIEsDAbBgNVHREEFDASgRBhZG1pbkBn\n" +
56.210 + "b29nbGUuY29tMB0GA1UdDgQWBBQHSn0WJzIo0eMBMQUNsMqN6eF/7TANBgkqhkiG\n" +
56.211 + "9w0BAQUFAAOCAQEAAs5dL7N9wzRJkI4Aq4lC5t8j5ZadqnqUcgYLADzSv4ExytNH\n" +
56.212 + "UY2nH6iVTihC0UPSsILWraoeApdT7Rphz/8DLQEBRGdeKWAptNM3EbiXtQaZT2uB\n" +
56.213 + "pidL8UoafX0kch3f71Y1scpBEjvu5ZZLnjg0A8AL0tnsereOVdDpU98bKqdbbrnM\n" +
56.214 + "FRmBlSf7xdaNca6JJHeEpga4E9Ty683CmccrSGXdU2tTCuHEJww+iOAUtPIZcsum\n" +
56.215 + "U7/eYeY1pMyGLyIjbNgRY7nDzRwvM/BsbL9eh4/mSQj/4nncqJd22sVQpCggQiVK\n" +
56.216 + "baB2sVGcVNBkK55bT8gPqnx8JypubyUvayzZGg==\n" +
56.217 + "-----END CERTIFICATE-----";
56.218 +
56.219 + private static String tmAlgorithm; // trust manager
56.220 +
56.221 + public static void main(String args[]) throws Exception {
56.222 + // Get the customized arguments.
56.223 + parseArguments(args);
56.224 +
56.225 + X509TrustManager tm = getTrustManager();
56.226 + X509Certificate[] chain = getFraudulentChain();
56.227 +
56.228 + Exception reservedException = null;
56.229 + try {
56.230 + tm.checkClientTrusted(chain, "RSA");
56.231 + } catch (CertificateException ce) {
56.232 + reservedException = ce;
56.233 + }
56.234 +
56.235 + if (reservedException == null) {
56.236 + throw new Exception("Unable to block fraudulent certificate");
56.237 + }
56.238 +
56.239 + reservedException = null;
56.240 + try {
56.241 + tm.checkServerTrusted(chain, "RSA");
56.242 + } catch (CertificateException ce) {
56.243 + reservedException = ce;
56.244 + }
56.245 +
56.246 + if (reservedException == null) {
56.247 + throw new Exception("Unable to block fraudulent certificate");
56.248 + }
56.249 +
56.250 + System.out.println(
56.251 + "The expected untrusted cert exception: " + reservedException);
56.252 + }
56.253 +
56.254 + private static void parseArguments(String[] args) {
56.255 + tmAlgorithm = args[0];
56.256 + }
56.257 +
56.258 + private static X509TrustManager getTrustManager() throws Exception {
56.259 + // generate certificate from cert string
56.260 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
56.261 +
56.262 + // create a key store
56.263 + KeyStore ks = KeyStore.getInstance("JKS");
56.264 + ks.load(null, null);
56.265 +
56.266 + // import the trusted cert
56.267 + try (ByteArrayInputStream is =
56.268 + new ByteArrayInputStream(trustedCertStr.getBytes())) {
56.269 + Certificate trustedCert = cf.generateCertificate(is);
56.270 + ks.setCertificateEntry("RSA Export Signer", trustedCert);
56.271 + }
56.272 +
56.273 + // create the trust manager
56.274 + TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlgorithm);
56.275 + tmf.init(ks);
56.276 +
56.277 + return (X509TrustManager)tmf.getTrustManagers()[0];
56.278 + }
56.279 +
56.280 + private static X509Certificate[] getFraudulentChain() throws Exception {
56.281 + // generate certificate from cert string
56.282 + CertificateFactory cf = CertificateFactory.getInstance("X.509");
56.283 +
56.284 + X509Certificate[] chain = new X509Certificate[4];
56.285 + try (ByteArrayInputStream is =
56.286 + new ByteArrayInputStream(targetCertStr.getBytes())) {
56.287 + chain[0] = (X509Certificate)cf.generateCertificate(is);
56.288 + }
56.289 +
56.290 + try (ByteArrayInputStream is =
56.291 + new ByteArrayInputStream(intermediateCertStr.getBytes())) {
56.292 + chain[1] = (X509Certificate)cf.generateCertificate(is);
56.293 + }
56.294 +
56.295 + try (ByteArrayInputStream is =
56.296 + new ByteArrayInputStream(compromisedCertStr.getBytes())) {
56.297 + chain[2] = (X509Certificate)cf.generateCertificate(is);
56.298 + }
56.299 +
56.300 + try (ByteArrayInputStream is =
56.301 + new ByteArrayInputStream(untrustedCrossCertStr.getBytes())) {
56.302 + chain[3] = (X509Certificate)cf.generateCertificate(is);
56.303 + }
56.304 +
56.305 + return chain;
56.306 + }
56.307 +}
56.308 +