From c8fdd35dd5c79df90ed1969106c4fe50d4ccfcd5 Mon Sep 17 00:00:00 2001 From: Xue-Lei Andrew Fan Date: Tue, 1 Dec 2015 01:32:51 +0000 Subject: [PATCH 1/4] 8136442: Don't tie Certificate signature algorithms to ciphersuites Reviewed-by: mullan --- .../classes/sun/security/ssl/ServerHandshaker.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java b/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java index 0329c61b308..8de22f15be1 100644 --- a/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java +++ b/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java @@ -1415,8 +1415,8 @@ final class ServerHandshaker extends Handshaker { } } - // need EC cert signed using EC - if (setupPrivateKeyAndChain("EC_EC") == false) { + // need EC cert + if (setupPrivateKeyAndChain("EC") == false) { return false; } if (setupEphemeralECDHKeys() == false) { @@ -1424,15 +1424,15 @@ final class ServerHandshaker extends Handshaker { } break; case K_ECDH_RSA: - // need EC cert signed using RSA - if (setupPrivateKeyAndChain("EC_RSA") == false) { + // need EC cert + if (setupPrivateKeyAndChain("EC") == false) { return false; } setupStaticECDHKeys(); break; case K_ECDH_ECDSA: - // need EC cert signed using EC - if (setupPrivateKeyAndChain("EC_EC") == false) { + // need EC cert + if (setupPrivateKeyAndChain("EC") == false) { return false; } setupStaticECDHKeys(); From bea542ea6b33088a730b76a2f2f02596c25ac7a1 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Tue, 1 Dec 2015 10:02:06 +0800 Subject: [PATCH 2/4] 8144107: jdk/security tests not included Reviewed-by: mullan --- jdk/test/TEST.groups | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jdk/test/TEST.groups b/jdk/test/TEST.groups index 1ec1b7d375c..fcb5f56d081 100644 --- a/jdk/test/TEST.groups +++ b/jdk/test/TEST.groups @@ -173,6 +173,7 @@ jdk_security3 = \ com/sun/security \ -com/sun/security/jgss \ com/sun/org/apache/xml/internal/security \ + jdk/security \ sun/security \ -sun/security/krb5 \ -sun/security/jgss \ @@ -453,6 +454,7 @@ needs_jdk = \ :jdk_jdi \ com/sun/tools \ demo \ + jdk/security/jarsigner \ sun/security/tools/jarsigner \ sun/security/tools/policytool \ sun/rmi/rmic \ From b3f93e752e48ed92357a5f91e20ac27c102caa50 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Tue, 1 Dec 2015 15:07:10 +0800 Subject: [PATCH 3/4] 8144294: jdk/security/jarsigner/Function.java failed to clean up files after test on Windows Reviewed-by: xuelei --- jdk/test/jdk/security/jarsigner/Function.java | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/jdk/test/jdk/security/jarsigner/Function.java b/jdk/test/jdk/security/jarsigner/Function.java index eead632be87..50835c2f164 100644 --- a/jdk/test/jdk/security/jarsigner/Function.java +++ b/jdk/test/jdk/security/jarsigner/Function.java @@ -71,13 +71,17 @@ public class Function { " -keypass changeit -dname" + " CN=RSA -alias r -genkeypair -keyalg rsa").split(" ")); - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(new FileInputStream("ks"), "changeit".toCharArray()); - PrivateKey key = (PrivateKey)ks.getKey("r", "changeit".toCharArray()); - Certificate cert = ks.getCertificate("r"); - JarSigner.Builder jsb = new JarSigner.Builder(key, - CertificateFactory.getInstance("X.509").generateCertPath( - Collections.singletonList(cert))); + JarSigner.Builder jsb; + + try (FileInputStream fis = new FileInputStream("ks")) { + KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(fis, "changeit".toCharArray()); + PrivateKey key = (PrivateKey)ks.getKey("r", "changeit".toCharArray()); + Certificate cert = ks.getCertificate("r"); + jsb = new JarSigner.Builder(key, + CertificateFactory.getInstance("X.509").generateCertPath( + Collections.singletonList(cert))); + } jsb.digestAlgorithm("SHA1"); jsb.signatureAlgorithm("SHA1withRSA"); From 6e98557332290561eb46cebc4c217e17f9301728 Mon Sep 17 00:00:00 2001 From: Claes Redestad Date: Tue, 1 Dec 2015 09:22:01 +0100 Subject: [PATCH 4/4] 8143926: ObjectStreamField constructor eagerly load ObjectStreamClass Reviewed-by: chegar, alanb, shade --- .../classes/java/io/ObjectStreamClass.java | 63 +++---------------- .../classes/java/io/ObjectStreamField.java | 58 ++++++++++++++++- 2 files changed, 64 insertions(+), 57 deletions(-) diff --git a/jdk/src/java.base/share/classes/java/io/ObjectStreamClass.java b/jdk/src/java.base/share/classes/java/io/ObjectStreamClass.java index 762706c1e88..5179cce2dbe 100644 --- a/jdk/src/java.base/share/classes/java/io/ObjectStreamClass.java +++ b/jdk/src/java.base/share/classes/java/io/ObjectStreamClass.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -54,6 +54,8 @@ import sun.reflect.Reflection; import sun.reflect.ReflectionFactory; import sun.reflect.misc.ReflectUtil; +import static java.io.ObjectStreamField.*; + /** * Serialization's descriptor for classes. It contains the name and * serialVersionUID of the class. The ObjectStreamClass for a specific class @@ -1519,61 +1521,14 @@ public class ObjectStreamClass implements Serializable { * if class names equal, false otherwise. */ private static boolean classNamesEqual(String name1, String name2) { - name1 = name1.substring(name1.lastIndexOf('.') + 1); - name2 = name2.substring(name2.lastIndexOf('.') + 1); - return name1.equals(name2); + int idx1 = name1.lastIndexOf('.') + 1; + int idx2 = name2.lastIndexOf('.') + 1; + int len1 = name1.length() - idx1; + int len2 = name2.length() - idx2; + return len1 == len2 && + name1.regionMatches(idx1, name2, idx2, len1); } - /** - * Returns JVM type signature for given primitive. - */ - private static String getPrimitiveSignature(Class cl) { - if (cl == Integer.TYPE) - return "I"; - else if (cl == Byte.TYPE) - return "B"; - else if (cl == Long.TYPE) - return "J"; - else if (cl == Float.TYPE) - return "F"; - else if (cl == Double.TYPE) - return "D"; - else if (cl == Short.TYPE) - return "S"; - else if (cl == Character.TYPE) - return "C"; - else if (cl == Boolean.TYPE) - return "Z"; - else if (cl == Void.TYPE) - return "V"; - else - throw new InternalError(); - } - - /** - * Returns JVM type signature for given class. - */ - static String getClassSignature(Class cl) { - if (cl.isPrimitive()) - return getPrimitiveSignature(cl); - else - return appendClassSignature(new StringBuilder(), cl).toString(); - } - - private static StringBuilder appendClassSignature(StringBuilder sbuf, Class cl) { - while (cl.isArray()) { - sbuf.append('['); - cl = cl.getComponentType(); - } - - if (cl.isPrimitive()) - sbuf.append(getPrimitiveSignature(cl)); - else - sbuf.append('L').append(cl.getName().replace('.', '/')).append(';'); - - return sbuf; - } - /** * Returns JVM type signature for given list of parameters and return type. */ diff --git a/jdk/src/java.base/share/classes/java/io/ObjectStreamField.java b/jdk/src/java.base/share/classes/java/io/ObjectStreamField.java index f77c312da74..bf03a67d317 100644 --- a/jdk/src/java.base/share/classes/java/io/ObjectStreamField.java +++ b/jdk/src/java.base/share/classes/java/io/ObjectStreamField.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -91,7 +91,7 @@ public class ObjectStreamField this.name = name; this.type = type; this.unshared = unshared; - signature = ObjectStreamClass.getClassSignature(type).intern(); + signature = getClassSignature(type).intern(); field = null; } @@ -123,6 +123,58 @@ public class ObjectStreamField } } + /** + * Returns JVM type signature for given primitive. + */ + private static String getPrimitiveSignature(Class cl) { + if (cl == Integer.TYPE) + return "I"; + else if (cl == Byte.TYPE) + return "B"; + else if (cl == Long.TYPE) + return "J"; + else if (cl == Float.TYPE) + return "F"; + else if (cl == Double.TYPE) + return "D"; + else if (cl == Short.TYPE) + return "S"; + else if (cl == Character.TYPE) + return "C"; + else if (cl == Boolean.TYPE) + return "Z"; + else if (cl == Void.TYPE) + return "V"; + else + throw new InternalError(); + } + + /** + * Returns JVM type signature for given class. + */ + static String getClassSignature(Class cl) { + if (cl.isPrimitive()) { + return getPrimitiveSignature(cl); + } else { + return appendClassSignature(new StringBuilder(), cl).toString(); + } + } + + static StringBuilder appendClassSignature(StringBuilder sbuf, Class cl) { + while (cl.isArray()) { + sbuf.append('['); + cl = cl.getComponentType(); + } + + if (cl.isPrimitive()) { + sbuf.append(getPrimitiveSignature(cl)); + } else { + sbuf.append('L').append(cl.getName().replace('.', '/')).append(';'); + } + + return sbuf; + } + /** * Creates an ObjectStreamField representing the given field with the * specified unshared setting. For compatibility with the behavior of @@ -137,7 +189,7 @@ public class ObjectStreamField name = field.getName(); Class ftype = field.getType(); type = (showType || ftype.isPrimitive()) ? ftype : Object.class; - signature = ObjectStreamClass.getClassSignature(ftype).intern(); + signature = getClassSignature(ftype).intern(); } /**