diff --git a/jdk/src/share/classes/com/sun/jndi/dns/DnsContext.java b/jdk/src/share/classes/com/sun/jndi/dns/DnsContext.java
index 3b30bb96a6e..4375af2db55 100644
--- a/jdk/src/share/classes/com/sun/jndi/dns/DnsContext.java
+++ b/jdk/src/share/classes/com/sun/jndi/dns/DnsContext.java
@@ -972,14 +972,11 @@ class NameClassPairEnumeration implements NamingEnumeration {
}
/*
- * ctx will be closed when no longer needed by the enumeration.
+ * ctx will be set to null when no longer needed by the enumeration.
*/
- public void close () {
+ public void close() {
nodes = null;
- if (ctx != null) {
- ctx.close();
- ctx = null;
- }
+ ctx = null;
}
public boolean hasMore() {
diff --git a/jdk/src/share/classes/com/sun/security/jgss/AuthorizationDataEntry.java b/jdk/src/share/classes/com/sun/security/jgss/AuthorizationDataEntry.java
new file mode 100644
index 00000000000..0386792a7c2
--- /dev/null
+++ b/jdk/src/share/classes/com/sun/security/jgss/AuthorizationDataEntry.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package com.sun.security.jgss;
+
+/**
+ * Kerberos 5 AuthorizationData entry.
+ */
+final public class AuthorizationDataEntry {
+
+ private final int type;
+ private final byte[] data;
+
+ /**
+ * Create an AuthorizationDataEntry object.
+ * @param type the ad-type
+ * @param data the ad-data, a copy of the data will be saved
+ * inside the object.
+ */
+ public AuthorizationDataEntry(int type, byte[] data) {
+ this.type = type;
+ this.data = data.clone();
+ }
+
+ /**
+ * Get the ad-type field.
+ * @return ad-type
+ */
+ public int getType() {
+ return type;
+ }
+
+ /**
+ * Get a copy of the ad-data field.
+ * @return ad-data
+ */
+ public byte[] getData() {
+ return data.clone();
+ }
+
+ public String toString() {
+ return "AuthorizationDataEntry: type="+type+", data=" +
+ data.length + " bytes:\n" +
+ new sun.misc.HexDumpEncoder().encode(data);
+ }
+}
diff --git a/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java b/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java
new file mode 100644
index 00000000000..dc7a3556d7d
--- /dev/null
+++ b/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package com.sun.security.jgss;
+
+import org.ietf.jgss.*;
+
+/**
+ * The extended GSSContext interface for supporting additional
+ * functionalities not defined by {@code org.ietf.jgss.GSSContext},
+ * such as querying context-specific attributes.
+ */
+public interface ExtendedGSSContext extends GSSContext {
+ /**
+ * Return the mechanism-specific attribute associated with {@code type}.
+ *
+ * For each supported attribute type, the type for the output are
+ * defined below.
+ *
+ * - {@code KRB5_GET_TKT_FLAGS}:
+ * the returned object is a boolean array for the service ticket flags,
+ * which is long enough to contain all true bits. This means if
+ * the user wants to get the n'th bit but the length of the
+ * returned array is less than n, it is regarded as false.
+ *
- {@code KRB5_GET_SESSION_KEY}:
+ * the returned object is an instance of {@link java.security.Key},
+ * which has the following properties:
+ *
+ * - Algorithm: enctype as a string, where
+ * enctype is defined in RFC 3961, section 8.
+ *
- Format: "RAW"
+ *
- Encoded form: the raw key bytes, not in any ASN.1 encoding
+ *
+ * - {@code KRB5_GET_AUTHZ_DATA}:
+ * the returned object is an array of
+ * {@link com.sun.security.jgss.AuthorizationDataEntry}, or null if the
+ * optional field is missing in the service ticket.
+ *
- {@code KRB5_GET_AUTHTIME}:
+ * the returned object is a String object in the standard KerberosTime
+ * format defined in RFC 4120 5.2.3
+ *
+ *
+ * If there is a security manager, an {@link InquireSecContextPermission}
+ * with the name {@code type.mech} must be granted. Otherwise, this could
+ * result in a {@link SecurityException}.
+ *
+ * Example:
+ *
+ * GSSContext ctxt = m.createContext(...)
+ * // Establishing the context
+ * if (ctxt instanceof ExtendedGSSContext) {
+ * ExtendedGSSContext ex = (ExtendedGSSContext)ctxt;
+ * try {
+ * Key key = (key)ex.inquireSecContext(
+ * InquireType.KRB5_GET_SESSION_KEY);
+ * // read key info
+ * } catch (GSSException gsse) {
+ * // deal with exception
+ * }
+ * }
+ *
+ * @param type the type of the attribute requested
+ * @return the attribute, see the method documentation for details.
+ * @throws GSSException containing the following
+ * major error codes:
+ * {@link GSSException#BAD_MECH GSSException.BAD_MECH} if the mechanism
+ * does not support this method,
+ * {@link GSSException#UNAVAILABLE GSSException.UNAVAILABLE} if the
+ * type specified is not supported,
+ * {@link GSSException#NO_CONTEXT GSSException.NO_CONTEXT} if the
+ * security context is invalid,
+ * {@link GSSException#FAILURE GSSException.FAILURE} for other
+ * unspecified failures.
+ * @throws SecurityException if a security manager exists and a proper
+ * {@link InquireSecContextPermission} is not granted.
+ * @see InquireSecContextPermission
+ */
+ public Object inquireSecContext(InquireType type)
+ throws GSSException;
+}
diff --git a/jdk/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java b/jdk/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java
new file mode 100644
index 00000000000..2acb9ab9e97
--- /dev/null
+++ b/jdk/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package com.sun.security.jgss;
+
+import java.security.BasicPermission;
+
+/**
+ * This class is used to protect various attributes of an established
+ * GSS security context that can be accessed using the
+ * {@link com.sun.security.jgss.ExtendedGSSContext#inquireSecContext}
+ * method.
+ *
+ * The target name is the {@link InquireType} allowed.
+ */
+public final class InquireSecContextPermission extends BasicPermission {
+
+ /**
+ * Constructs a new {@code InquireSecContextPermission} object with
+ * the specified name. The name is the symbolic name of the
+ * {@link InquireType} allowed.
+ *
+ * @param name the {@link InquireType} allowed by this
+ * permission. "*" means all {@link InquireType}s are allowed.
+ *
+ * @throws NullPointerException if name is null.
+ * @throws IllegalArgumentException if name is empty.
+ */
+ public InquireSecContextPermission(String name) {
+ super(name);
+ }
+}
diff --git a/jdk/src/share/classes/com/sun/security/jgss/InquireType.java b/jdk/src/share/classes/com/sun/security/jgss/InquireType.java
new file mode 100644
index 00000000000..b9ea04098b5
--- /dev/null
+++ b/jdk/src/share/classes/com/sun/security/jgss/InquireType.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package com.sun.security.jgss;
+
+/**
+ * Attribute types that can be specified as an argument of
+ * {@link com.sun.security.jgss.ExtendedGSSContext#inquireSecContext}
+ */
+public enum InquireType {
+ /**
+ * Attribute type for retrieving the session key of an
+ * established Kerberos 5 security context.
+ */
+ KRB5_GET_SESSION_KEY,
+ /**
+ * Attribute type for retrieving the service ticket flags of an
+ * established Kerberos 5 security context.
+ */
+ KRB5_GET_TKT_FLAGS,
+ /**
+ * Attribute type for retrieving the authorization data in the
+ * service ticket of an established Kerberos 5 security context.
+ * Only supported on the acceptor side.
+ */
+ KRB5_GET_AUTHZ_DATA,
+ /**
+ * Attribute type for retrieving the authtime in the service ticket
+ * of an established Kerberos 5 security context.
+ */
+ KRB5_GET_AUTHTIME
+}
diff --git a/jdk/src/share/classes/java/nio/file/SimpleFileVisitor.java b/jdk/src/share/classes/java/nio/file/SimpleFileVisitor.java
index 36852392327..761773513ed 100644
--- a/jdk/src/share/classes/java/nio/file/SimpleFileVisitor.java
+++ b/jdk/src/share/classes/java/nio/file/SimpleFileVisitor.java
@@ -47,6 +47,14 @@ public class SimpleFileVisitor implements FileVisitor {
protected SimpleFileVisitor() {
}
+ /**
+ * Throws NullPointerException if obj is null.
+ */
+ private static void checkNotNull(Object obj) {
+ if (obj == null)
+ throw new NullPointerException();
+ }
+
/**
* Invoked for a directory before entries in the directory are visited.
*
@@ -55,6 +63,7 @@ public class SimpleFileVisitor implements FileVisitor {
*/
@Override
public FileVisitResult preVisitDirectory(T dir) {
+ checkNotNull(dir);
return FileVisitResult.CONTINUE;
}
@@ -70,6 +79,8 @@ public class SimpleFileVisitor implements FileVisitor {
*/
@Override
public FileVisitResult preVisitDirectoryFailed(T dir, IOException exc) {
+ checkNotNull(dir);
+ checkNotNull(exc);
throw new IOError(exc);
}
@@ -81,6 +92,8 @@ public class SimpleFileVisitor implements FileVisitor {
*/
@Override
public FileVisitResult visitFile(T file, BasicFileAttributes attrs) {
+ checkNotNull(file);
+ checkNotNull(attrs);
return FileVisitResult.CONTINUE;
}
@@ -96,6 +109,8 @@ public class SimpleFileVisitor implements FileVisitor {
*/
@Override
public FileVisitResult visitFileFailed(T file, IOException exc) {
+ checkNotNull(file);
+ checkNotNull(exc);
throw new IOError(exc);
}
@@ -114,6 +129,7 @@ public class SimpleFileVisitor implements FileVisitor {
*/
@Override
public FileVisitResult postVisitDirectory(T dir, IOException exc) {
+ checkNotNull(dir);
if (exc != null)
throw new IOError(exc);
return FileVisitResult.CONTINUE;
diff --git a/jdk/src/share/classes/java/nio/file/attribute/AclFileAttributeView.java b/jdk/src/share/classes/java/nio/file/attribute/AclFileAttributeView.java
index 4127a78e942..13583381cbb 100644
--- a/jdk/src/share/classes/java/nio/file/attribute/AclFileAttributeView.java
+++ b/jdk/src/share/classes/java/nio/file/attribute/AclFileAttributeView.java
@@ -75,7 +75,7 @@ import java.io.IOException;
* .lookupPrincipalByName("joe");
*
* // get view
- * AclFileAttributeView view = file.newFileAttributeView(AclFileAttributeView.class);
+ * AclFileAttributeView view = file.getFileAttributeView(AclFileAttributeView.class);
*
* // create ACE to give "joe" read access
* AclEntry entry = AclEntry.newBuilder()
diff --git a/jdk/src/share/classes/java/nio/file/attribute/PosixFileAttributeView.java b/jdk/src/share/classes/java/nio/file/attribute/PosixFileAttributeView.java
index aeec36a941a..2dfb2c92eac 100644
--- a/jdk/src/share/classes/java/nio/file/attribute/PosixFileAttributeView.java
+++ b/jdk/src/share/classes/java/nio/file/attribute/PosixFileAttributeView.java
@@ -61,7 +61,7 @@ import java.io.IOException;
* Suppose we need to print out the owner and access permissions of a file:
*
* FileRef file = ...
- * PosixFileAttributes attrs = file.newFileAttributeView(PosixFileAttributeView.class)
+ * PosixFileAttributes attrs = file.getFileAttributeView(PosixFileAttributeView.class)
* .readAttributes();
* System.out.format("%s %s%n",
* attrs.owner().getName(),
diff --git a/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java b/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java
index 046f6478277..de703ef4ded 100644
--- a/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java
+++ b/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,14 +27,13 @@ package sun.security.jgss;
import org.ietf.jgss.*;
import sun.security.jgss.spi.*;
-import sun.security.jgss.*;
import sun.security.util.ObjectIdentifier;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
-
+import com.sun.security.jgss.*;
/**
* This class represents the JGSS security context and its associated
@@ -88,7 +87,7 @@ import java.io.IOException;
* per-message operations are returned in an instance of the MessageProp
* class, which is used as an argument in these calls.
*/
-class GSSContextImpl implements GSSContext {
+class GSSContextImpl implements ExtendedGSSContext {
private GSSManagerImpl gssManager = null;
@@ -630,4 +629,16 @@ class GSSContextImpl implements GSSContext {
srcName = null;
targName = null;
}
+
+ @Override
+ public Object inquireSecContext(InquireType type) throws GSSException {
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ security.checkPermission(new InquireSecContextPermission(type.toString()));
+ }
+ if (mechCtxt == null) {
+ throw new GSSException(GSSException.NO_CONTEXT);
+ }
+ return mechCtxt.inquireSecContext(type);
+ }
}
diff --git a/jdk/src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java b/jdk/src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java
index 6706e8e4a4c..5f88068ccec 100644
--- a/jdk/src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java
+++ b/jdk/src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,12 +25,14 @@
package sun.security.jgss.krb5;
+import com.sun.security.jgss.AuthorizationDataEntry;
import org.ietf.jgss.*;
import java.io.InputStream;
-import java.io.OutputStream;
import java.io.IOException;
import sun.security.krb5.*;
import java.net.InetAddress;
+import sun.security.krb5.internal.AuthorizationData;
+import sun.security.krb5.internal.KerberosTime;
class InitSecContextToken extends InitialToken {
@@ -59,6 +61,9 @@ class InitSecContextToken extends InitialToken {
Checksum checksum = gssChecksum.getChecksum();
+ context.setTktFlags(serviceTicket.getFlags());
+ context.setAuthTime(
+ new KerberosTime(serviceTicket.getAuthTime()).toString());
apReq = new KrbApReq(serviceTicket,
mutualRequired,
useSubkey,
@@ -143,6 +148,21 @@ class InitSecContextToken extends InitialToken {
// Use the same sequence number as the peer
// (Behaviour exhibited by the Windows SSPI server)
context.resetMySequenceNumber(peerSeqNumber);
+ context.setAuthTime(
+ new KerberosTime(apReq.getCreds().getAuthTime()).toString());
+ context.setTktFlags(apReq.getCreds().getFlags());
+ AuthorizationData ad = apReq.getCreds().getAuthzData();
+ if (ad == null) {
+ context.setAuthzData(null);
+ } else {
+ AuthorizationDataEntry[] authzData =
+ new AuthorizationDataEntry[ad.count()];
+ for (int i=0; i>> KrbApReq: authenticate succeed.");
}
diff --git a/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java b/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java
index 269edec71a1..13c89dec7d8 100644
--- a/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java
+++ b/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java
@@ -174,4 +174,12 @@ public class AuthorizationData implements Cloneable {
}
return retVal;
}
+
+ public int count() {
+ return entry.length;
+ }
+
+ public AuthorizationDataEntry item(int i) {
+ return (AuthorizationDataEntry)entry[i].clone();
+ }
}
diff --git a/jdk/src/share/classes/sun/security/tools/JarSigner.java b/jdk/src/share/classes/sun/security/tools/JarSigner.java
index 76a9c403145..fd0797a854d 100644
--- a/jdk/src/share/classes/sun/security/tools/JarSigner.java
+++ b/jdk/src/share/classes/sun/security/tools/JarSigner.java
@@ -412,6 +412,16 @@ public class JarSigner {
}
storetype = KeyStoreUtil.niceStoreTypeName(storetype);
+ try {
+ if (signedjar != null && new File(signedjar).getCanonicalPath().equals(
+ new File(jarfile).getCanonicalPath())) {
+ signedjar = null;
+ }
+ } catch (IOException ioe) {
+ // File system error?
+ // Just ignore it.
+ }
+
if (P11KEYSTORE.equalsIgnoreCase(storetype) ||
KeyStoreUtil.isWindowsKeyStore(storetype)) {
token = true;
diff --git a/jdk/src/share/classes/sun/security/tools/KeyTool.java b/jdk/src/share/classes/sun/security/tools/KeyTool.java
index 892e86447e9..8f9e86ee063 100644
--- a/jdk/src/share/classes/sun/security/tools/KeyTool.java
+++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java
@@ -880,41 +880,41 @@ public final class KeyTool {
// might not work properly, since -gencert is slow
// and there's no data in the pipe at the beginning.
ByteArrayOutputStream bout = new ByteArrayOutputStream();
- byte[] b = new byte[4096];
- while (true) {
- int len = inStream.read(b);
- if (len < 0) break;
- bout.write(b, 0, len);
- }
- inStream = new ByteArrayInputStream(bout.toByteArray());
try {
- String importAlias = (alias!=null)?alias:keyAlias;
- if (keyStore.entryInstanceOf(importAlias, KeyStore.PrivateKeyEntry.class)) {
- kssave = installReply(importAlias, inStream);
- if (kssave) {
- System.err.println(rb.getString
- ("Certificate reply was installed in keystore"));
- } else {
- System.err.println(rb.getString
- ("Certificate reply was not installed in keystore"));
- }
- } else if (!keyStore.containsAlias(importAlias) ||
- keyStore.entryInstanceOf(importAlias,
- KeyStore.TrustedCertificateEntry.class)) {
- kssave = addTrustedCert(importAlias, inStream);
- if (kssave) {
- System.err.println(rb.getString
- ("Certificate was added to keystore"));
- } else {
- System.err.println(rb.getString
- ("Certificate was not added to keystore"));
- }
+ byte[] b = new byte[4096];
+ while (true) {
+ int len = inStream.read(b);
+ if (len < 0) break;
+ bout.write(b, 0, len);
}
} finally {
if (inStream != System.in) {
inStream.close();
}
}
+ inStream = new ByteArrayInputStream(bout.toByteArray());
+ String importAlias = (alias!=null)?alias:keyAlias;
+ if (keyStore.entryInstanceOf(importAlias, KeyStore.PrivateKeyEntry.class)) {
+ kssave = installReply(importAlias, inStream);
+ if (kssave) {
+ System.err.println(rb.getString
+ ("Certificate reply was installed in keystore"));
+ } else {
+ System.err.println(rb.getString
+ ("Certificate reply was not installed in keystore"));
+ }
+ } else if (!keyStore.containsAlias(importAlias) ||
+ keyStore.entryInstanceOf(importAlias,
+ KeyStore.TrustedCertificateEntry.class)) {
+ kssave = addTrustedCert(importAlias, inStream);
+ if (kssave) {
+ System.err.println(rb.getString
+ ("Certificate was added to keystore"));
+ } else {
+ System.err.println(rb.getString
+ ("Certificate was not added to keystore"));
+ }
+ }
} else if (command == IMPORTKEYSTORE) {
doImportKeyStore();
kssave = true;
diff --git a/jdk/src/share/classes/sun/security/tools/PolicyTool.java b/jdk/src/share/classes/sun/security/tools/PolicyTool.java
index c2c6218bd35..ce54ba61ca9 100644
--- a/jdk/src/share/classes/sun/security/tools/PolicyTool.java
+++ b/jdk/src/share/classes/sun/security/tools/PolicyTool.java
@@ -1,5 +1,5 @@
/*
- * Copyright 1997-2008 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -35,21 +35,16 @@ import java.net.MalformedURLException;
import java.lang.reflect.*;
import java.text.Collator;
import java.text.MessageFormat;
-import sun.misc.BASE64Decoder;
-import sun.security.provider.PolicyParser.PermissionEntry;
import sun.security.util.PropertyExpander;
import sun.security.util.PropertyExpander.ExpandException;
import java.awt.*;
import java.awt.event.*;
import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import java.security.*;
import sun.security.provider.*;
import sun.security.util.PolicyUtil;
import javax.security.auth.x500.X500Principal;
-import java.util.HashSet;
/**
* PolicyTool may be used by users and administrators to configure the
@@ -1459,6 +1454,7 @@ class ToolDialog extends Dialog {
PERM_ARRAY.add(new AWTPerm());
PERM_ARRAY.add(new DelegationPerm());
PERM_ARRAY.add(new FilePerm());
+ PERM_ARRAY.add(new InqSecContextPerm());
PERM_ARRAY.add(new LogPerm());
PERM_ARRAY.add(new MgmtPerm());
PERM_ARRAY.add(new MBeanPerm());
@@ -3961,6 +3957,20 @@ class FilePerm extends Perm {
}
}
+class InqSecContextPerm extends Perm {
+ public InqSecContextPerm() {
+ super("InquireSecContextPermission",
+ "com.sun.security.jgss.InquireSecContextPermission",
+ new String[] {
+ "KRB5_GET_SESSION_KEY",
+ "KRB5_GET_TKT_FLAGS",
+ "KRB5_GET_AUTHZ_DATA",
+ "KRB5_GET_AUTHTIME"
+ },
+ null);
+ }
+}
+
class LogPerm extends Perm {
public LogPerm() {
super("LoggingPermission",
diff --git a/jdk/src/solaris/native/sun/nio/ch/Net.c b/jdk/src/solaris/native/sun/nio/ch/Net.c
index 14ef8d14305..79031de6b59 100644
--- a/jdk/src/solaris/native/sun/nio/ch/Net.c
+++ b/jdk/src/solaris/native/sun/nio/ch/Net.c
@@ -541,7 +541,7 @@ Java_sun_nio_ch_Net_shutdown(JNIEnv *env, jclass cl, jobject fdo, jint jhow)
{
int how = (jhow == sun_nio_ch_Net_SHUT_RD) ? SHUT_RD :
(jhow == sun_nio_ch_Net_SHUT_WR) ? SHUT_WR : SHUT_RDWR;
- if (shutdown(fdval(env, fdo), how) < 0)
+ if ((shutdown(fdval(env, fdo), how) < 0) && (errno != ENOTCONN))
handleSocketError(env, errno);
}
diff --git a/jdk/test/com/sun/security/jgss/InquireSecContextPermissionCheck.java b/jdk/test/com/sun/security/jgss/InquireSecContextPermissionCheck.java
new file mode 100644
index 00000000000..5a940ae91eb
--- /dev/null
+++ b/jdk/test/com/sun/security/jgss/InquireSecContextPermissionCheck.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+/**
+ * @test
+ * @bug 6710360
+ * @summary export Kerberos session key to applications
+ */
+
+import com.sun.security.jgss.InquireSecContextPermission;
+
+public class InquireSecContextPermissionCheck {
+
+ public static void main(String[] args) throws Exception {
+
+ InquireSecContextPermission p0, p1;
+ p0 = new InquireSecContextPermission(
+ "KRB5_GET_SESSION_KEY");
+ p1 = new InquireSecContextPermission("*");
+
+ if (!p1.implies(p0) || !p1.implies(p1) || !p0.implies(p0)) {
+ throw new Exception("Check failed");
+ }
+
+ if (p0.implies(p1)) {
+ throw new Exception("This is bad");
+ }
+ }
+}
+
diff --git a/jdk/test/java/nio/channels/SocketChannel/Shutdown.java b/jdk/test/java/nio/channels/SocketChannel/Shutdown.java
index 16bd7a011ad..c2e579304f0 100644
--- a/jdk/test/java/nio/channels/SocketChannel/Shutdown.java
+++ b/jdk/test/java/nio/channels/SocketChannel/Shutdown.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2002 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -22,26 +22,65 @@
*/
/* @test
- * @bug 4618960
- * @summary Test isInputShutdown
- * @library ..
+ * @bug 4618960 4516760
+ * @summary Test shutdownXXX and isInputShutdown
*/
+import java.io.IOException;
import java.net.*;
-import java.nio.*;
+import java.nio.ByteBuffer;
import java.nio.channels.*;
public class Shutdown {
- public static void main(String args[]) throws Exception {
- InetSocketAddress sa = new InetSocketAddress(
- InetAddress.getByName(TestUtil.HOST), 23);
- SocketChannel sc = SocketChannel.open(sa);
- boolean before = sc.socket().isInputShutdown();
- sc.socket().shutdownInput();
- boolean after = sc.socket().isInputShutdown();
- sc.close();
- if (before || !after)
- throw new Exception("Test failed");
+ /**
+ * Accept a connection, and close it immediately causing a hard reset.
+ */
+ static void acceptAndReset(ServerSocketChannel ssc) throws IOException {
+ SocketChannel peer = ssc.accept();
+ try {
+ peer.setOption(StandardSocketOption.SO_LINGER, 0);
+ peer.configureBlocking(false);
+ peer.write(ByteBuffer.wrap(new byte[128*1024]));
+ } finally {
+ peer.close();
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+ ServerSocketChannel ssc = ServerSocketChannel.open()
+ .bind(new InetSocketAddress(0));
+ try {
+ InetAddress lh = InetAddress.getLocalHost();
+ int port = ((InetSocketAddress)(ssc.getLocalAddress())).getPort();
+ SocketAddress remote = new InetSocketAddress(lh, port);
+
+ // Test SocketChannel shutdownXXX
+ SocketChannel sc;
+ sc = SocketChannel.open(remote);
+ try {
+ acceptAndReset(ssc);
+ sc.shutdownInput();
+ sc.shutdownOutput();
+ } finally {
+ sc.close();
+ }
+
+ // Test Socket adapter shutdownXXX and isShutdownInput
+ sc = SocketChannel.open(remote);
+ try {
+ acceptAndReset(ssc);
+ boolean before = sc.socket().isInputShutdown();
+ sc.socket().shutdownInput();
+ boolean after = sc.socket().isInputShutdown();
+ if (before || !after)
+ throw new RuntimeException("Before and after test failed");
+ sc.socket().shutdownOutput();
+ } finally {
+ sc.close();
+ }
+ } finally {
+ ssc.close();
+ }
}
}
diff --git a/jdk/test/java/nio/file/Files/Misc.java b/jdk/test/java/nio/file/Files/Misc.java
index cd7e17a4bb8..a262274c436 100644
--- a/jdk/test/java/nio/file/Files/Misc.java
+++ b/jdk/test/java/nio/file/Files/Misc.java
@@ -22,13 +22,14 @@
*/
/* @test
- * @bug 4313887 6838333
+ * @bug 4313887 6838333 6865748
* @summary Unit test for java.nio.file.Files for miscellenous cases not
* covered by other tests
* @library ..
*/
import java.nio.file.*;
+import java.nio.file.attribute.Attributes;
import java.io.IOException;
import java.util.*;
@@ -113,5 +114,29 @@ public class Misc {
npeExpected();
} catch (NullPointerException e) {
}
+
+ SimpleFileVisitor visitor = new SimpleFileVisitor() { };
+ boolean ranTheGauntlet = false;
+ try { visitor.preVisitDirectory(null);
+ } catch (NullPointerException x0) {
+ try { visitor.preVisitDirectoryFailed(null, new IOException());
+ } catch (NullPointerException x1) {
+ try { visitor.preVisitDirectoryFailed(dir, null);
+ } catch (NullPointerException x2) {
+ try { visitor.visitFile(null, Attributes.readBasicFileAttributes(Paths.get(".")));
+ } catch (NullPointerException x3) {
+ try { visitor.visitFile(dir, null);
+ } catch (NullPointerException x4) {
+ try { visitor.visitFileFailed(null, new IOException());
+ } catch (NullPointerException x5) {
+ try { visitor.visitFileFailed(dir, null);
+ } catch (NullPointerException x6) {
+ try { visitor.postVisitDirectory(null, new IOException());
+ } catch (NullPointerException x7) {
+ // if we get here then all visit* methods threw NPE as expected
+ ranTheGauntlet = true;
+ }}}}}}}}
+ if (!ranTheGauntlet)
+ throw new RuntimeException("A visit method did not throw NPE");
}
}
diff --git a/jdk/test/sun/security/krb5/auto/Context.java b/jdk/test/sun/security/krb5/auto/Context.java
index 2439aa24037..140623f8310 100644
--- a/jdk/test/sun/security/krb5/auto/Context.java
+++ b/jdk/test/sun/security/krb5/auto/Context.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2008-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -22,6 +22,7 @@
*/
import com.sun.security.auth.module.Krb5LoginModule;
+import java.security.Key;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
@@ -38,6 +39,9 @@ import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;
+import com.sun.security.jgss.ExtendedGSSContext;
+import com.sun.security.jgss.InquireType;
+import com.sun.security.jgss.AuthorizationDataEntry;
/**
* Context of a JGSS subject, encapsulating Subject and GSSContext.
@@ -276,6 +280,34 @@ public class Context {
}
}
}
+ if (x != null && x instanceof ExtendedGSSContext) {
+ if (x.isEstablished()) {
+ ExtendedGSSContext ex = (ExtendedGSSContext)x;
+ Key k = (Key)ex.inquireSecContext(
+ InquireType.KRB5_GET_SESSION_KEY);
+ if (k == null) {
+ throw new Exception("Session key cannot be null");
+ }
+ System.out.println("Session key is: " + k);
+ boolean[] flags = (boolean[])ex.inquireSecContext(
+ InquireType.KRB5_GET_TKT_FLAGS);
+ if (flags == null) {
+ throw new Exception("Ticket flags cannot be null");
+ }
+ System.out.println("Ticket flags is: " + Arrays.toString(flags));
+ String authTime = (String)ex.inquireSecContext(
+ InquireType.KRB5_GET_AUTHTIME);
+ if (authTime == null) {
+ throw new Exception("Auth time cannot be null");
+ }
+ System.out.println("AuthTime is: " + authTime);
+ if (!x.isInitiator()) {
+ AuthorizationDataEntry[] ad = (AuthorizationDataEntry[])ex.inquireSecContext(
+ InquireType.KRB5_GET_AUTHZ_DATA);
+ System.out.println("AuthzData is: " + Arrays.toString(ad));
+ }
+ }
+ }
}
/**
diff --git a/jdk/test/sun/security/tools/jarsigner/samename.sh b/jdk/test/sun/security/tools/jarsigner/samename.sh
new file mode 100644
index 00000000000..7949088a7b9
--- /dev/null
+++ b/jdk/test/sun/security/tools/jarsigner/samename.sh
@@ -0,0 +1,61 @@
+#
+# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+# @test
+# @bug 6866479
+# @summary libzip.so caused JVM to crash when running jarsigner
+#
+
+if [ "${TESTJAVA}" = "" ] ; then
+ JAVAC_CMD=`which javac`
+ TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+ Windows_* | CYGWIN* )
+ SIGNEDJAR=EM.jar
+ FS="\\"
+ ;;
+ * )
+ SIGNEDJAR=em.jar
+ FS="/"
+ ;;
+esac
+
+KS=samename.jks
+JFILE=em.jar
+
+KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS"
+JAR=$TESTJAVA${FS}bin${FS}jar
+JARSIGNER=$TESTJAVA${FS}bin${FS}jarsigner
+
+rm $KS $JFILE $SIGNEDJAR
+echo A > A
+$JAR cvf $JFILE A
+
+$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
+
+$JARSIGNER -keystore $KS -storepass changeit -signedjar $SIGNEDJAR $JFILE a
+