stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
David Holmes 2011-03-16 05:29:27 -04:00
commit 4293c9d423
6 changed files with 121 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
jdk/src/share/classes/java/lang/ClassLoader.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1994, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -1626,8 +1626,10 @@ public abstract class ClassLoader {
* @since 1.2 * @since 1.2
*/ */
protected Package getPackage(String name) { protected Package getPackage(String name) {
Package pkg;
synchronized (packages) { synchronized (packages) {
Package pkg = packages.get(name); pkg = packages.get(name);
}
if (pkg == null) { if (pkg == null) {
if (parent != null) { if (parent != null) {
pkg = parent.getPackage(name); pkg = parent.getPackage(name);
@ -1635,12 +1637,18 @@ public abstract class ClassLoader {
pkg = Package.getSystemPackage(name); pkg = Package.getSystemPackage(name);
} }
if (pkg != null) { if (pkg != null) {
synchronized (packages) {
Package pkg2 = packages.get(name);
if (pkg2 == null) {
packages.put(name, pkg); packages.put(name, pkg);
} else {
pkg = pkg2;
}
}
} }
} }
return pkg; return pkg;
} }
}
/** /**
* Returns all of the <tt>Packages</tt> defined by this class loader and * Returns all of the <tt>Packages</tt> defined by this class loader and

35
jdk/src/share/classes/sun/security/provider/certpath/AdaptableX509CertSelector.java
View File

@ -46,10 +46,16 @@ import sun.security.x509.AuthorityKeyIdentifierExtension;
*/ */
class AdaptableX509CertSelector extends X509CertSelector { class AdaptableX509CertSelector extends X509CertSelector {
// The start date of a validity period. // The start date of a validity period.
private Date startDate = null; private Date startDate;
// The end date of a validity period. // The end date of a validity period.
private Date endDate = null; private Date endDate;
// Is subject key identifier sensitive?
private boolean isSKIDSensitive = false;
// Is serial number sensitive?
private boolean isSNSensitive = false;
AdaptableX509CertSelector() { AdaptableX509CertSelector() {
super(); super();
@ -97,15 +103,24 @@ class AdaptableX509CertSelector extends X509CertSelector {
if (akidext != null) { if (akidext != null) {
KeyIdentifier akid = (KeyIdentifier)akidext.get(akidext.KEY_ID); KeyIdentifier akid = (KeyIdentifier)akidext.get(akidext.KEY_ID);
if (akid != null) { if (akid != null) {
// Do not override the previous setting
if (getSubjectKeyIdentifier() == null) {
DerOutputStream derout = new DerOutputStream(); DerOutputStream derout = new DerOutputStream();
derout.putOctetString(akid.getIdentifier()); derout.putOctetString(akid.getIdentifier());
super.setSubjectKeyIdentifier(derout.toByteArray()); super.setSubjectKeyIdentifier(derout.toByteArray());
isSKIDSensitive = true;
}
} }
SerialNumber asn = SerialNumber asn =
(SerialNumber)akidext.get(akidext.SERIAL_NUMBER); (SerialNumber)akidext.get(akidext.SERIAL_NUMBER);
if (asn != null) { if (asn != null) {
// Do not override the previous setting
if (getSerialNumber() == null) {
super.setSerialNumber(asn.getNumber()); super.setSerialNumber(asn.getNumber());
isSNSensitive = true;
}
} }
// the subject criterion should be set by the caller. // the subject criterion should be set by the caller.
@ -148,11 +163,25 @@ class AdaptableX509CertSelector extends X509CertSelector {
} }
} }
if (version < 3 || xcert.getExtensionValue("2.5.29.14") == null) {
// If no SubjectKeyIdentifier extension, don't bother to check it. // If no SubjectKeyIdentifier extension, don't bother to check it.
if (isSKIDSensitive &&
(version < 3 || xcert.getExtensionValue("2.5.29.14") == null)) {
setSubjectKeyIdentifier(null); setSubjectKeyIdentifier(null);
} }
// In practice, a CA may replace its root certificate and require that
// the existing certificate is still valid, even if the AKID extension
// does not match the replacement root certificate fields.
//
// Conservatively, we only support the replacement for version 1 and
// version 2 certificate. As for version 2, the certificate extension
// may contain sensitive information (for example, policies), the
// AKID need to be respected to seek the exact certificate in case
// of key or certificate abuse.
if (isSNSensitive && version < 3) {
setSerialNumber(null);
}
return super.match(cert); return super.match(cert);
} }

26
jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
View File

@ -243,12 +243,6 @@ class ForwardBuilder extends Builder {
caTargetSelector.setPolicy(getMatchingPolicies()); caTargetSelector.setPolicy(getMatchingPolicies());
} }
/*
* Require CA certs with a pathLenConstraint that allows
* at least as many CA certs that have already been traversed
*/
caTargetSelector.setBasicConstraints(currentState.traversedCACerts);
sel = caTargetSelector; sel = caTargetSelector;
} else { } else {
@ -282,12 +276,6 @@ class ForwardBuilder extends Builder {
CertPathHelper.setPathToNames CertPathHelper.setPathToNames
(caSelector, currentState.subjectNamesTraversed); (caSelector, currentState.subjectNamesTraversed);
/*
* Require CA certs with a pathLenConstraint that allows
* at least as many CA certs that have already been traversed
*/
caSelector.setBasicConstraints(currentState.traversedCACerts);
/* /*
* Facilitate certification path construction with authority * Facilitate certification path construction with authority
* key identifier and subject key identifier. * key identifier and subject key identifier.
@ -305,6 +293,14 @@ class ForwardBuilder extends Builder {
sel = caSelector; sel = caSelector;
} }
/*
* For compatibility, conservatively, we don't check the path
* length constraint of trusted anchors. Please don't set the
* basic constraints criterion unless the trusted certificate
* matching is completed.
*/
sel.setBasicConstraints(-1);
for (X509Certificate trustedCert : trustedCerts) { for (X509Certificate trustedCert : trustedCerts) {
if (sel.match(trustedCert)) { if (sel.match(trustedCert)) {
if (debug != null) { if (debug != null) {
@ -323,6 +319,12 @@ class ForwardBuilder extends Builder {
*/ */
sel.setCertificateValid(date); sel.setCertificateValid(date);
/*
* Require CA certs with a pathLenConstraint that allows
* at least as many CA certs that have already been traversed
*/
sel.setBasicConstraints(currentState.traversedCACerts);
/* /*
* If we have already traversed as many CA certs as the maxPathLength * If we have already traversed as many CA certs as the maxPathLength
* will allow us to, then we don't bother looking through these * will allow us to, then we don't bother looking through these

5
jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -378,7 +378,8 @@ final class ClientHandshaker extends Handshaker {
if (!isNegotiable(mesgVersion)) { if (!isNegotiable(mesgVersion)) {
throw new SSLHandshakeException( throw new SSLHandshakeException(
"Server chose " + mesgVersion + "Server chose " + mesgVersion +
", but client does not support or disables " + mesgVersion); ", but that protocol version is not enabled or not supported " +
"by the client.");
} }
handshakeHash.protocolDetermined(mesgVersion); handshakeHash.protocolDetermined(mesgVersion);

4
jdk/src/share/classes/sun/security/ssl/SunJSSE.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -195,6 +195,8 @@ public abstract class SunJSSE extends java.security.Provider {
"sun.security.ssl.KeyManagerFactoryImpl$SunX509"); "sun.security.ssl.KeyManagerFactoryImpl$SunX509");
put("KeyManagerFactory.NewSunX509", put("KeyManagerFactory.NewSunX509",
"sun.security.ssl.KeyManagerFactoryImpl$X509"); "sun.security.ssl.KeyManagerFactoryImpl$X509");
put("Alg.Alias.KeyManagerFactory.PKIX", "NewSunX509");
put("TrustManagerFactory.SunX509", put("TrustManagerFactory.SunX509",
"sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory"); "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory");
put("TrustManagerFactory.PKIX", put("TrustManagerFactory.PKIX",

47
jdk/test/sun/security/ssl/javax/net/ssl/GetInstance.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,8 +23,9 @@
/* /*
* @test * @test
* @bug 4898428 * @bug 4898428 7022855
* @summary verify getInstance() works using Provider.getService() * @summary verify getInstance() works using Provider.getService()
* Export "PKIX" as the standard algorithm name of KeyManagerFactory
* @author Andreas Sterbenz * @author Andreas Sterbenz
*/ */
@ -61,6 +62,20 @@ public class GetInstance {
kmf = KeyManagerFactory.getInstance("SunX509", p); kmf = KeyManagerFactory.getInstance("SunX509", p);
same(p, kmf.getProvider()); same(p, kmf.getProvider());
kmf = KeyManagerFactory.getInstance("NewSunX509");
same(p, kmf.getProvider());
kmf = KeyManagerFactory.getInstance("NewSunX509", "SunJSSE");
same(p, kmf.getProvider());
kmf = KeyManagerFactory.getInstance("NewSunX509", p);
same(p, kmf.getProvider());
kmf = KeyManagerFactory.getInstance("PKIX");
same(p, kmf.getProvider());
kmf = KeyManagerFactory.getInstance("PKIX", "SunJSSE");
same(p, kmf.getProvider());
kmf = KeyManagerFactory.getInstance("PKIX", p);
same(p, kmf.getProvider());
TrustManagerFactory tmf; TrustManagerFactory tmf;
tmf = TrustManagerFactory.getInstance("SunX509"); tmf = TrustManagerFactory.getInstance("SunX509");
same(p, tmf.getProvider()); same(p, tmf.getProvider());
@ -69,6 +84,34 @@ public class GetInstance {
tmf = TrustManagerFactory.getInstance("SunX509", p); tmf = TrustManagerFactory.getInstance("SunX509", p);
same(p, tmf.getProvider()); same(p, tmf.getProvider());
tmf = TrustManagerFactory.getInstance("PKIX");
same(p, tmf.getProvider());
tmf = TrustManagerFactory.getInstance("PKIX", "SunJSSE");
same(p, tmf.getProvider());
tmf = TrustManagerFactory.getInstance("PKIX", p);
same(p, tmf.getProvider());
tmf = TrustManagerFactory.getInstance("SunPKIX");
same(p, tmf.getProvider());
tmf = TrustManagerFactory.getInstance("SunPKIX", "SunJSSE");
same(p, tmf.getProvider());
tmf = TrustManagerFactory.getInstance("SunPKIX", p);
same(p, tmf.getProvider());
tmf = TrustManagerFactory.getInstance("X509");
same(p, tmf.getProvider());
tmf = TrustManagerFactory.getInstance("X509", "SunJSSE");
same(p, tmf.getProvider());
tmf = TrustManagerFactory.getInstance("X509", p);
same(p, tmf.getProvider());
tmf = TrustManagerFactory.getInstance("X.509");
same(p, tmf.getProvider());
tmf = TrustManagerFactory.getInstance("X.509", "SunJSSE");
same(p, tmf.getProvider());
tmf = TrustManagerFactory.getInstance("X.509", p);
same(p, tmf.getProvider());
testComSun(); testComSun();
long stop = System.currentTimeMillis(); long stop = System.currentTimeMillis();