From cb2742d7b21cfe83b391b9dd8a98f326cd12ecf0 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Tue, 11 Aug 2009 12:15:24 +0800 Subject: [PATCH 1/8] 6866479: libzip.so caused JVM to crash when running jarsigner Reviewed-by: mullan --- .../classes/sun/security/tools/JarSigner.java | 10 +++ .../sun/security/tools/jarsigner/samename.sh | 61 +++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 jdk/test/sun/security/tools/jarsigner/samename.sh diff --git a/jdk/src/share/classes/sun/security/tools/JarSigner.java b/jdk/src/share/classes/sun/security/tools/JarSigner.java index 76a9c403145..fd0797a854d 100644 --- a/jdk/src/share/classes/sun/security/tools/JarSigner.java +++ b/jdk/src/share/classes/sun/security/tools/JarSigner.java @@ -412,6 +412,16 @@ public class JarSigner { } storetype = KeyStoreUtil.niceStoreTypeName(storetype); + try { + if (signedjar != null && new File(signedjar).getCanonicalPath().equals( + new File(jarfile).getCanonicalPath())) { + signedjar = null; + } + } catch (IOException ioe) { + // File system error? + // Just ignore it. + } + if (P11KEYSTORE.equalsIgnoreCase(storetype) || KeyStoreUtil.isWindowsKeyStore(storetype)) { token = true; diff --git a/jdk/test/sun/security/tools/jarsigner/samename.sh b/jdk/test/sun/security/tools/jarsigner/samename.sh new file mode 100644 index 00000000000..7949088a7b9 --- /dev/null +++ b/jdk/test/sun/security/tools/jarsigner/samename.sh @@ -0,0 +1,61 @@ +# +# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, +# CA 95054 USA or visit www.sun.com if you need additional information or +# have any questions. +# + +# @test +# @bug 6866479 +# @summary libzip.so caused JVM to crash when running jarsigner +# + +if [ "${TESTJAVA}" = "" ] ; then + JAVAC_CMD=`which javac` + TESTJAVA=`dirname $JAVAC_CMD`/.. +fi + +# set platform-dependent variables +OS=`uname -s` +case "$OS" in + Windows_* | CYGWIN* ) + SIGNEDJAR=EM.jar + FS="\\" + ;; + * ) + SIGNEDJAR=em.jar + FS="/" + ;; +esac + +KS=samename.jks +JFILE=em.jar + +KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS" +JAR=$TESTJAVA${FS}bin${FS}jar +JARSIGNER=$TESTJAVA${FS}bin${FS}jarsigner + +rm $KS $JFILE $SIGNEDJAR +echo A > A +$JAR cvf $JFILE A + +$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300 + +$JARSIGNER -keystore $KS -storepass changeit -signedjar $SIGNEDJAR $JFILE a + From 50689ce53631940317bc75381f2aedce1b344029 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Tue, 11 Aug 2009 12:17:13 +0800 Subject: [PATCH 2/8] 6710360: export Kerberos session key to applications Reviewed-by: valeriep --- .../sun/security/jgss/ExtendedGSSContext.java | 90 +++++++++++++++++++ .../jgss/InquireSecContextPermission.java | 54 +++++++++++ .../com/sun/security/jgss/InquireType.java | 38 ++++++++ .../sun/security/jgss/GSSContextImpl.java | 19 +++- .../sun/security/jgss/krb5/Krb5Context.java | 52 +++++++++++ .../sun/security/jgss/spi/GSSContextSpi.java | 16 +++- .../security/jgss/spnego/SpNegoContext.java | 22 ++++- .../jgss/wrapper/NativeGSSContext.java | 9 +- .../sun/security/tools/PolicyTool.java | 19 ++-- .../InquireSecContextPermissionCheck.java | 50 +++++++++++ jdk/test/sun/security/krb5/auto/Context.java | 16 +++- 11 files changed, 368 insertions(+), 17 deletions(-) create mode 100644 jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java create mode 100644 jdk/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java create mode 100644 jdk/src/share/classes/com/sun/security/jgss/InquireType.java create mode 100644 jdk/test/com/sun/security/jgss/InquireSecContextPermissionCheck.java diff --git a/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java b/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java new file mode 100644 index 00000000000..ed1ab747136 --- /dev/null +++ b/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java @@ -0,0 +1,90 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Sun designates this + * particular file as subject to the "Classpath" exception as provided + * by Sun in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +package com.sun.security.jgss; + +import org.ietf.jgss.*; + +/** + * The extended GSSContext interface for supporting additional + * functionalities not defined by {@code org.ietf.jgss.GSSContext}, + * such as querying context-specific attributes. + */ +public interface ExtendedGSSContext extends GSSContext { + /** + * Return the mechanism-specific attribute associated with {@code type}. + *

+ * For each supported attribute type, the type for the output are + * defined below. + *
    + *
  1. {@code KRB5_GET_SESSION_KEY}: + * the returned object is an instance of {@link java.security.Key}, + * which has the following properties: + *
      + *
    • Algorithm: enctype as a string, where + * enctype is defined in RFC 3961, section 8. + *
    • Format: "RAW" + *
    • Encoded form: the raw key bytes, not in any ASN.1 encoding + *
    + *
+ * + * If there is a security manager, an {@link InquireSecContextPermission} + * with the name {@code type.mech} must be granted. Otherwise, this could + * result in a {@link SecurityException}.

+ * + * Example: + * 

+     *      GSSContext ctxt = m.createContext(...)
+     *      // Establishing the context
+     *      if (ctxt instanceof ExtendedGSSContext) {
+     *          ExtendedGSSContext ex = (ExtendedGSSContext)ctxt;
+     *          try {
+     *              Key key = (key)ex.inquireSecContext(
+     *                      InquireType.KRB5_GET_SESSION_KEY);
+     *              // read key info
+     *          } catch (GSSException gsse) {
+     *              // deal with exception
+     *          }
+     *      }
+     *
+ * @param type the type of the attribute requested + * @return the attribute, see the method documentation for details. + * @throws GSSException containing the following + * major error codes: + * {@link GSSException#BAD_MECH GSSException.BAD_MECH} if the mechanism + * does not support this method, + * {@link GSSException#UNAVAILABLE GSSException.UNAVAILABLE} if the + * type specified is not supported, + * {@link GSSException#NO_CONTEXT GSSException.NO_CONTEXT} if the + * security context is invalid, + * {@link GSSException#FAILURE GSSException.FAILURE} for other + * unspecified failures. + * @throws SecurityException if a security manager exists and a proper + * {@link InquireSecContextPermission} is not granted. + * @see InquireSecContextPermission + */ + public Object inquireSecContext(InquireType type) + throws GSSException; +} diff --git a/jdk/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java b/jdk/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java new file mode 100644 index 00000000000..2acb9ab9e97 --- /dev/null +++ b/jdk/src/share/classes/com/sun/security/jgss/InquireSecContextPermission.java @@ -0,0 +1,54 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Sun designates this + * particular file as subject to the "Classpath" exception as provided + * by Sun in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +package com.sun.security.jgss; + +import java.security.BasicPermission; + +/** + * This class is used to protect various attributes of an established + * GSS security context that can be accessed using the + * {@link com.sun.security.jgss.ExtendedGSSContext#inquireSecContext} + * method. + * + *

The target name is the {@link InquireType} allowed. + */ +public final class InquireSecContextPermission extends BasicPermission { + + /** + * Constructs a new {@code InquireSecContextPermission} object with + * the specified name. The name is the symbolic name of the + * {@link InquireType} allowed. + * + * @param name the {@link InquireType} allowed by this + * permission. "*" means all {@link InquireType}s are allowed. + * + * @throws NullPointerException if name is null. + * @throws IllegalArgumentException if name is empty. + */ + public InquireSecContextPermission(String name) { + super(name); + } +} diff --git a/jdk/src/share/classes/com/sun/security/jgss/InquireType.java b/jdk/src/share/classes/com/sun/security/jgss/InquireType.java new file mode 100644 index 00000000000..2b1d8172e72 --- /dev/null +++ b/jdk/src/share/classes/com/sun/security/jgss/InquireType.java @@ -0,0 +1,38 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Sun designates this + * particular file as subject to the "Classpath" exception as provided + * by Sun in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +package com.sun.security.jgss; + +/** + * Attribute types that can be specified as an argument of + * {@link com.sun.security.jgss.ExtendedGSSContext#inquireSecContext} + */ +public enum InquireType { + /** + * Attribute type for retrieving the session key of an + * established security context. + */ + KRB5_GET_SESSION_KEY +} diff --git a/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java b/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java index 046f6478277..de703ef4ded 100644 --- a/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java +++ b/jdk/src/share/classes/sun/security/jgss/GSSContextImpl.java @@ -1,5 +1,5 @@ /* - * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,14 +27,13 @@ package sun.security.jgss; import org.ietf.jgss.*; import sun.security.jgss.spi.*; -import sun.security.jgss.*; import sun.security.util.ObjectIdentifier; import java.io.InputStream; import java.io.OutputStream; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; - +import com.sun.security.jgss.*; /** * This class represents the JGSS security context and its associated @@ -88,7 +87,7 @@ import java.io.IOException; * per-message operations are returned in an instance of the MessageProp * class, which is used as an argument in these calls. */ -class GSSContextImpl implements GSSContext { +class GSSContextImpl implements ExtendedGSSContext { private GSSManagerImpl gssManager = null; @@ -630,4 +629,16 @@ class GSSContextImpl implements GSSContext { srcName = null; targName = null; } + + @Override + public Object inquireSecContext(InquireType type) throws GSSException { + SecurityManager security = System.getSecurityManager(); + if (security != null) { + security.checkPermission(new InquireSecContextPermission(type.toString())); + } + if (mechCtxt == null) { + throw new GSSException(GSSException.NO_CONTEXT); + } + return mechCtxt.inquireSecContext(type); + } } diff --git a/jdk/src/share/classes/sun/security/jgss/krb5/Krb5Context.java b/jdk/src/share/classes/sun/security/jgss/krb5/Krb5Context.java index f2ef7d59875..48d62c76c26 100644 --- a/jdk/src/share/classes/sun/security/jgss/krb5/Krb5Context.java +++ b/jdk/src/share/classes/sun/security/jgss/krb5/Krb5Context.java @@ -25,6 +25,7 @@ package sun.security.jgss.krb5; +import com.sun.security.jgss.InquireType; import org.ietf.jgss.*; import sun.misc.HexDumpEncoder; import sun.security.jgss.GSSUtil; @@ -38,6 +39,7 @@ import java.io.IOException; import java.security.Provider; import java.security.AccessController; import java.security.AccessControlContext; +import java.security.Key; import java.security.PrivilegedExceptionAction; import java.security.PrivilegedActionException; import javax.crypto.Cipher; @@ -1283,4 +1285,54 @@ class Krb5Context implements GSSContextSpi { // Currently used by InitialToken only return caller; } + + /** + * The session key returned by inquireSecContext(KRB5_INQ_SSPI_SESSION_KEY) + */ + static class KerberosSessionKey implements Key { + private EncryptionKey key; + + KerberosSessionKey(EncryptionKey key) { + this.key = key; + } + + @Override + public String getAlgorithm() { + return Integer.toString(key.getEType()); + } + + @Override + public String getFormat() { + return "RAW"; + } + + @Override + public byte[] getEncoded() { + return key.getBytes().clone(); + } + + @Override + public String toString() { + return "Kerberos session key: etype: " + key.getEType() + "\n" + + new sun.misc.HexDumpEncoder().encodeBuffer(key.getBytes()); + } + } + + /** + * Return the mechanism-specific attribute associated with {@code type}. + * Only KRB5_GET_SESSION_KEY is supported now. + */ + public Object inquireSecContext(InquireType type) + throws GSSException { + if (type == InquireType.KRB5_GET_SESSION_KEY) { + if (key == null) { + throw new GSSException(GSSException.NO_CONTEXT, -1, + "Session key not established."); + } else { + return new KerberosSessionKey(key); + } + } + throw new GSSException(GSSException.UNAVAILABLE, -1, + "Inquire type not supported."); + } } diff --git a/jdk/src/share/classes/sun/security/jgss/spi/GSSContextSpi.java b/jdk/src/share/classes/sun/security/jgss/spi/GSSContextSpi.java index b4ce37a4c0e..5bf359a1f8c 100644 --- a/jdk/src/share/classes/sun/security/jgss/spi/GSSContextSpi.java +++ b/jdk/src/share/classes/sun/security/jgss/spi/GSSContextSpi.java @@ -1,5 +1,5 @@ /* - * Portions Copyright 2000-2005 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -46,6 +46,7 @@ import org.ietf.jgss.*; import java.io.InputStream; import java.io.OutputStream; import java.security.Provider; +import com.sun.security.jgss.*; /** * This interface is implemented by a mechanism specific instance of a GSS @@ -265,7 +266,6 @@ public interface GSSContextSpi { * @param msgPro on input it contains the requested qop and * confidentiality state, on output, the applied values * @exception GSSException may be thrown - * @see MessageInfo * @see unwrap */ public void wrap(InputStream is, OutputStream os, MessageProp msgProp) @@ -315,7 +315,6 @@ public interface GSSContextSpi { * @param msgProp will contain the applied qop and confidentiality * of the input token and any informatory status values * @exception GSSException may be thrown - * @see MessageInfo * @see wrap */ public void unwrap(InputStream is, OutputStream os, @@ -403,4 +402,15 @@ public interface GSSContextSpi { * @exception GSSException may be thrown */ public void dispose() throws GSSException; + + /** + * Return the mechanism-specific attribute associated with (@code type}. + * + * @param type the type of the attribute requested + * @return the attribute + * @throws GSSException see {@link ExtendedGSSContext#inquireSecContext} + * for details + */ + public Object inquireSecContext(InquireType type) + throws GSSException; } diff --git a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java index a84e8a26001..a436092f1bb 100644 --- a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java +++ b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java @@ -25,10 +25,10 @@ package sun.security.jgss.spnego; +import com.sun.security.jgss.ExtendedGSSContext; +import com.sun.security.jgss.InquireType; import java.io.*; import java.security.Provider; -import java.util.List; -import java.util.ArrayList; import org.ietf.jgss.*; import sun.security.jgss.*; import sun.security.jgss.spi.*; @@ -1185,4 +1185,22 @@ public class SpNegoContext implements GSSContextSpi { return ("Unknown state " + state); } } + + /** + * Retrieve attribute of the context for {@code type}. + */ + public Object inquireSecContext(InquireType type) + throws GSSException { + if (mechContext == null) { + throw new GSSException(GSSException.NO_CONTEXT, -1, + "Underlying mech not established."); + } + if (mechContext instanceof ExtendedGSSContext) { + return ((ExtendedGSSContext)mechContext).inquireSecContext(type); + } else { + throw new GSSException(GSSException.BAD_MECH, -1, + "inquireSecContext not supported by underlying mech."); + } + } + } diff --git a/jdk/src/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java b/jdk/src/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java index 63f37e47614..5b2a670b054 100644 --- a/jdk/src/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java +++ b/jdk/src/share/classes/sun/security/jgss/wrapper/NativeGSSContext.java @@ -1,5 +1,5 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,6 +36,7 @@ import sun.security.util.ObjectIdentifier; import sun.security.jgss.spnego.NegTokenInit; import sun.security.jgss.spnego.NegTokenTarg; import javax.security.auth.kerberos.DelegationPermission; +import com.sun.security.jgss.InquireType; import java.io.*; @@ -615,4 +616,10 @@ class NativeGSSContext implements GSSContextSpi { protected void finalize() throws Throwable { dispose(); } + + public Object inquireSecContext(InquireType type) + throws GSSException { + throw new GSSException(GSSException.UNAVAILABLE, -1, + "Inquire type not supported."); + } } diff --git a/jdk/src/share/classes/sun/security/tools/PolicyTool.java b/jdk/src/share/classes/sun/security/tools/PolicyTool.java index c2c6218bd35..afc3a9b8988 100644 --- a/jdk/src/share/classes/sun/security/tools/PolicyTool.java +++ b/jdk/src/share/classes/sun/security/tools/PolicyTool.java @@ -1,5 +1,5 @@ /* - * Copyright 1997-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,21 +35,16 @@ import java.net.MalformedURLException; import java.lang.reflect.*; import java.text.Collator; import java.text.MessageFormat; -import sun.misc.BASE64Decoder; -import sun.security.provider.PolicyParser.PermissionEntry; import sun.security.util.PropertyExpander; import sun.security.util.PropertyExpander.ExpandException; import java.awt.*; import java.awt.event.*; import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; import java.security.cert.CertificateException; import java.security.*; import sun.security.provider.*; import sun.security.util.PolicyUtil; import javax.security.auth.x500.X500Principal; -import java.util.HashSet; /** * PolicyTool may be used by users and administrators to configure the @@ -1459,6 +1454,7 @@ class ToolDialog extends Dialog { PERM_ARRAY.add(new AWTPerm()); PERM_ARRAY.add(new DelegationPerm()); PERM_ARRAY.add(new FilePerm()); + PERM_ARRAY.add(new InqSecContextPerm()); PERM_ARRAY.add(new LogPerm()); PERM_ARRAY.add(new MgmtPerm()); PERM_ARRAY.add(new MBeanPerm()); @@ -3961,6 +3957,17 @@ class FilePerm extends Perm { } } +class InqSecContextPerm extends Perm { + public InqSecContextPerm() { + super("InquireSecContextPermission", + "com.sun.security.jgss.InquireSecContextPermission", + new String[] { + "KRB5_GET_SESSION_KEY" + }, + null); + } +} + class LogPerm extends Perm { public LogPerm() { super("LoggingPermission", diff --git a/jdk/test/com/sun/security/jgss/InquireSecContextPermissionCheck.java b/jdk/test/com/sun/security/jgss/InquireSecContextPermissionCheck.java new file mode 100644 index 00000000000..5a940ae91eb --- /dev/null +++ b/jdk/test/com/sun/security/jgss/InquireSecContextPermissionCheck.java @@ -0,0 +1,50 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/** + * @test + * @bug 6710360 + * @summary export Kerberos session key to applications + */ + +import com.sun.security.jgss.InquireSecContextPermission; + +public class InquireSecContextPermissionCheck { + + public static void main(String[] args) throws Exception { + + InquireSecContextPermission p0, p1; + p0 = new InquireSecContextPermission( + "KRB5_GET_SESSION_KEY"); + p1 = new InquireSecContextPermission("*"); + + if (!p1.implies(p0) || !p1.implies(p1) || !p0.implies(p0)) { + throw new Exception("Check failed"); + } + + if (p0.implies(p1)) { + throw new Exception("This is bad"); + } + } +} + diff --git a/jdk/test/sun/security/krb5/auto/Context.java b/jdk/test/sun/security/krb5/auto/Context.java index 2439aa24037..b8ce532be19 100644 --- a/jdk/test/sun/security/krb5/auto/Context.java +++ b/jdk/test/sun/security/krb5/auto/Context.java @@ -1,5 +1,5 @@ /* - * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2008-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,6 +22,7 @@ */ import com.sun.security.auth.module.Krb5LoginModule; +import java.security.Key; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.util.Arrays; @@ -38,6 +39,8 @@ import org.ietf.jgss.GSSManager; import org.ietf.jgss.GSSName; import org.ietf.jgss.MessageProp; import org.ietf.jgss.Oid; +import com.sun.security.jgss.ExtendedGSSContext; +import com.sun.security.jgss.InquireType; /** * Context of a JGSS subject, encapsulating Subject and GSSContext. @@ -276,6 +279,17 @@ public class Context { } } } + if (x != null && x instanceof ExtendedGSSContext) { + if (x.isEstablished()) { + ExtendedGSSContext ex = (ExtendedGSSContext)x; + Key k = (Key)ex.inquireSecContext( + InquireType.KRB5_GET_SESSION_KEY); + if (k == null) { + throw new Exception("Session key cannot be null"); + } + System.out.println("Session key is: " + k); + } + } } /** From be3a1f1294df8c38d5c26c8377e897d8eb1325bb Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Tue, 11 Aug 2009 12:20:32 +0800 Subject: [PATCH 3/8] 6821190: more InquireType values for ExtendedGSSContext Reviewed-by: valeriep --- .../security/jgss/AuthorizationDataEntry.java | 68 +++++++++++++++++++ .../sun/security/jgss/ExtendedGSSContext.java | 12 ++++ .../com/sun/security/jgss/InquireType.java | 20 +++++- .../jgss/krb5/InitSecContextToken.java | 24 ++++++- .../sun/security/jgss/krb5/Krb5Context.java | 43 +++++++++--- .../sun/security/krb5/Credentials.java | 22 +++++- .../classes/sun/security/krb5/KrbApReq.java | 7 +- .../krb5/internal/AuthorizationData.java | 8 +++ .../sun/security/tools/PolicyTool.java | 5 +- jdk/test/sun/security/krb5/auto/Context.java | 18 +++++ 10 files changed, 210 insertions(+), 17 deletions(-) create mode 100644 jdk/src/share/classes/com/sun/security/jgss/AuthorizationDataEntry.java diff --git a/jdk/src/share/classes/com/sun/security/jgss/AuthorizationDataEntry.java b/jdk/src/share/classes/com/sun/security/jgss/AuthorizationDataEntry.java new file mode 100644 index 00000000000..0386792a7c2 --- /dev/null +++ b/jdk/src/share/classes/com/sun/security/jgss/AuthorizationDataEntry.java @@ -0,0 +1,68 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Sun designates this + * particular file as subject to the "Classpath" exception as provided + * by Sun in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +package com.sun.security.jgss; + +/** + * Kerberos 5 AuthorizationData entry. + */ +final public class AuthorizationDataEntry { + + private final int type; + private final byte[] data; + + /** + * Create an AuthorizationDataEntry object. + * @param type the ad-type + * @param data the ad-data, a copy of the data will be saved + * inside the object. + */ + public AuthorizationDataEntry(int type, byte[] data) { + this.type = type; + this.data = data.clone(); + } + + /** + * Get the ad-type field. + * @return ad-type + */ + public int getType() { + return type; + } + + /** + * Get a copy of the ad-data field. + * @return ad-data + */ + public byte[] getData() { + return data.clone(); + } + + public String toString() { + return "AuthorizationDataEntry: type="+type+", data=" + + data.length + " bytes:\n" + + new sun.misc.HexDumpEncoder().encode(data); + } +} diff --git a/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java b/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java index ed1ab747136..dc7a3556d7d 100644 --- a/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java +++ b/jdk/src/share/classes/com/sun/security/jgss/ExtendedGSSContext.java @@ -39,6 +39,11 @@ public interface ExtendedGSSContext extends GSSContext { * For each supported attribute type, the type for the output are * defined below. *

    + *
  1. {@code KRB5_GET_TKT_FLAGS}: + * the returned object is a boolean array for the service ticket flags, + * which is long enough to contain all true bits. This means if + * the user wants to get the n'th bit but the length of the + * returned array is less than n, it is regarded as false. *
  2. {@code KRB5_GET_SESSION_KEY}: * the returned object is an instance of {@link java.security.Key}, * which has the following properties: @@ -48,6 +53,13 @@ public interface ExtendedGSSContext extends GSSContext { *
  3. Format: "RAW" *
  4. Encoded form: the raw key bytes, not in any ASN.1 encoding * + *
  5. {@code KRB5_GET_AUTHZ_DATA}: + * the returned object is an array of + * {@link com.sun.security.jgss.AuthorizationDataEntry}, or null if the + * optional field is missing in the service ticket. + *
  6. {@code KRB5_GET_AUTHTIME}: + * the returned object is a String object in the standard KerberosTime + * format defined in RFC 4120 5.2.3 *
* * If there is a security manager, an {@link InquireSecContextPermission} diff --git a/jdk/src/share/classes/com/sun/security/jgss/InquireType.java b/jdk/src/share/classes/com/sun/security/jgss/InquireType.java index 2b1d8172e72..b9ea04098b5 100644 --- a/jdk/src/share/classes/com/sun/security/jgss/InquireType.java +++ b/jdk/src/share/classes/com/sun/security/jgss/InquireType.java @@ -32,7 +32,23 @@ package com.sun.security.jgss; public enum InquireType { /** * Attribute type for retrieving the session key of an - * established security context. + * established Kerberos 5 security context. */ - KRB5_GET_SESSION_KEY + KRB5_GET_SESSION_KEY, + /** + * Attribute type for retrieving the service ticket flags of an + * established Kerberos 5 security context. + */ + KRB5_GET_TKT_FLAGS, + /** + * Attribute type for retrieving the authorization data in the + * service ticket of an established Kerberos 5 security context. + * Only supported on the acceptor side. + */ + KRB5_GET_AUTHZ_DATA, + /** + * Attribute type for retrieving the authtime in the service ticket + * of an established Kerberos 5 security context. + */ + KRB5_GET_AUTHTIME } diff --git a/jdk/src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java b/jdk/src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java index 6706e8e4a4c..5f88068ccec 100644 --- a/jdk/src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java +++ b/jdk/src/share/classes/sun/security/jgss/krb5/InitSecContextToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,12 +25,14 @@ package sun.security.jgss.krb5; +import com.sun.security.jgss.AuthorizationDataEntry; import org.ietf.jgss.*; import java.io.InputStream; -import java.io.OutputStream; import java.io.IOException; import sun.security.krb5.*; import java.net.InetAddress; +import sun.security.krb5.internal.AuthorizationData; +import sun.security.krb5.internal.KerberosTime; class InitSecContextToken extends InitialToken { @@ -59,6 +61,9 @@ class InitSecContextToken extends InitialToken { Checksum checksum = gssChecksum.getChecksum(); + context.setTktFlags(serviceTicket.getFlags()); + context.setAuthTime( + new KerberosTime(serviceTicket.getAuthTime()).toString()); apReq = new KrbApReq(serviceTicket, mutualRequired, useSubkey, @@ -143,6 +148,21 @@ class InitSecContextToken extends InitialToken { // Use the same sequence number as the peer // (Behaviour exhibited by the Windows SSPI server) context.resetMySequenceNumber(peerSeqNumber); + context.setAuthTime( + new KerberosTime(apReq.getCreds().getAuthTime()).toString()); + context.setTktFlags(apReq.getCreds().getFlags()); + AuthorizationData ad = apReq.getCreds().getAuthzData(); + if (ad == null) { + context.setAuthzData(null); + } else { + AuthorizationDataEntry[] authzData = + new AuthorizationDataEntry[ad.count()]; + for (int i=0; i>> KrbApReq: authenticate succeed."); } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java b/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java index 269edec71a1..13c89dec7d8 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java @@ -174,4 +174,12 @@ public class AuthorizationData implements Cloneable { } return retVal; } + + public int count() { + return entry.length; + } + + public AuthorizationDataEntry item(int i) { + return (AuthorizationDataEntry)entry[i].clone(); + } } diff --git a/jdk/src/share/classes/sun/security/tools/PolicyTool.java b/jdk/src/share/classes/sun/security/tools/PolicyTool.java index afc3a9b8988..ce54ba61ca9 100644 --- a/jdk/src/share/classes/sun/security/tools/PolicyTool.java +++ b/jdk/src/share/classes/sun/security/tools/PolicyTool.java @@ -3962,7 +3962,10 @@ class InqSecContextPerm extends Perm { super("InquireSecContextPermission", "com.sun.security.jgss.InquireSecContextPermission", new String[] { - "KRB5_GET_SESSION_KEY" + "KRB5_GET_SESSION_KEY", + "KRB5_GET_TKT_FLAGS", + "KRB5_GET_AUTHZ_DATA", + "KRB5_GET_AUTHTIME" }, null); } diff --git a/jdk/test/sun/security/krb5/auto/Context.java b/jdk/test/sun/security/krb5/auto/Context.java index b8ce532be19..140623f8310 100644 --- a/jdk/test/sun/security/krb5/auto/Context.java +++ b/jdk/test/sun/security/krb5/auto/Context.java @@ -41,6 +41,7 @@ import org.ietf.jgss.MessageProp; import org.ietf.jgss.Oid; import com.sun.security.jgss.ExtendedGSSContext; import com.sun.security.jgss.InquireType; +import com.sun.security.jgss.AuthorizationDataEntry; /** * Context of a JGSS subject, encapsulating Subject and GSSContext. @@ -288,6 +289,23 @@ public class Context { throw new Exception("Session key cannot be null"); } System.out.println("Session key is: " + k); + boolean[] flags = (boolean[])ex.inquireSecContext( + InquireType.KRB5_GET_TKT_FLAGS); + if (flags == null) { + throw new Exception("Ticket flags cannot be null"); + } + System.out.println("Ticket flags is: " + Arrays.toString(flags)); + String authTime = (String)ex.inquireSecContext( + InquireType.KRB5_GET_AUTHTIME); + if (authTime == null) { + throw new Exception("Auth time cannot be null"); + } + System.out.println("AuthTime is: " + authTime); + if (!x.isInitiator()) { + AuthorizationDataEntry[] ad = (AuthorizationDataEntry[])ex.inquireSecContext( + InquireType.KRB5_GET_AUTHZ_DATA); + System.out.println("AuthzData is: " + Arrays.toString(ad)); + } } } } From aa514761f5d1ad1d0346ea6530c58abe4914a31d Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Tue, 11 Aug 2009 15:36:52 +0800 Subject: [PATCH 4/8] 6868867: Test: sun/security/tools/keytool/standard.sh fails under windows/cygwin Reviewed-by: wetmore --- .../classes/sun/security/tools/KeyTool.java | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/jdk/src/share/classes/sun/security/tools/KeyTool.java b/jdk/src/share/classes/sun/security/tools/KeyTool.java index 892e86447e9..8f9e86ee063 100644 --- a/jdk/src/share/classes/sun/security/tools/KeyTool.java +++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java @@ -880,41 +880,41 @@ public final class KeyTool { // might not work properly, since -gencert is slow // and there's no data in the pipe at the beginning. ByteArrayOutputStream bout = new ByteArrayOutputStream(); - byte[] b = new byte[4096]; - while (true) { - int len = inStream.read(b); - if (len < 0) break; - bout.write(b, 0, len); - } - inStream = new ByteArrayInputStream(bout.toByteArray()); try { - String importAlias = (alias!=null)?alias:keyAlias; - if (keyStore.entryInstanceOf(importAlias, KeyStore.PrivateKeyEntry.class)) { - kssave = installReply(importAlias, inStream); - if (kssave) { - System.err.println(rb.getString - ("Certificate reply was installed in keystore")); - } else { - System.err.println(rb.getString - ("Certificate reply was not installed in keystore")); - } - } else if (!keyStore.containsAlias(importAlias) || - keyStore.entryInstanceOf(importAlias, - KeyStore.TrustedCertificateEntry.class)) { - kssave = addTrustedCert(importAlias, inStream); - if (kssave) { - System.err.println(rb.getString - ("Certificate was added to keystore")); - } else { - System.err.println(rb.getString - ("Certificate was not added to keystore")); - } + byte[] b = new byte[4096]; + while (true) { + int len = inStream.read(b); + if (len < 0) break; + bout.write(b, 0, len); } } finally { if (inStream != System.in) { inStream.close(); } } + inStream = new ByteArrayInputStream(bout.toByteArray()); + String importAlias = (alias!=null)?alias:keyAlias; + if (keyStore.entryInstanceOf(importAlias, KeyStore.PrivateKeyEntry.class)) { + kssave = installReply(importAlias, inStream); + if (kssave) { + System.err.println(rb.getString + ("Certificate reply was installed in keystore")); + } else { + System.err.println(rb.getString + ("Certificate reply was not installed in keystore")); + } + } else if (!keyStore.containsAlias(importAlias) || + keyStore.entryInstanceOf(importAlias, + KeyStore.TrustedCertificateEntry.class)) { + kssave = addTrustedCert(importAlias, inStream); + if (kssave) { + System.err.println(rb.getString + ("Certificate was added to keystore")); + } else { + System.err.println(rb.getString + ("Certificate was not added to keystore")); + } + } } else if (command == IMPORTKEYSTORE) { doImportKeyStore(); kssave = true; From 3db64bc897b13ee0225f79c700626a0c0be987af Mon Sep 17 00:00:00 2001 From: Xue-Lei Andrew Fan Date: Tue, 11 Aug 2009 18:27:01 +0800 Subject: [PATCH 5/8] 6585239: Regression: 2 DNS tests fail with JDK 5.0u13 b01 and pass with 5.0u12fcs Reviewed-by: vinnie --- jdk/src/share/classes/com/sun/jndi/dns/DnsContext.java | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/jdk/src/share/classes/com/sun/jndi/dns/DnsContext.java b/jdk/src/share/classes/com/sun/jndi/dns/DnsContext.java index 3b30bb96a6e..4375af2db55 100644 --- a/jdk/src/share/classes/com/sun/jndi/dns/DnsContext.java +++ b/jdk/src/share/classes/com/sun/jndi/dns/DnsContext.java @@ -972,14 +972,11 @@ class NameClassPairEnumeration implements NamingEnumeration { } /* - * ctx will be closed when no longer needed by the enumeration. + * ctx will be set to null when no longer needed by the enumeration. */ - public void close () { + public void close() { nodes = null; - if (ctx != null) { - ctx.close(); - ctx = null; - } + ctx = null; } public boolean hasMore() { From 90b1aee14250684e2bf4941dbb515613b6da2f90 Mon Sep 17 00:00:00 2001 From: Alan Bateman Date: Tue, 11 Aug 2009 12:37:02 +0100 Subject: [PATCH 6/8] 4516760: (so) Intermittent SocketException: Transport endpoint is not connected (lnx) Reviewed-by: sherman --- jdk/src/solaris/native/sun/nio/ch/Net.c | 2 +- .../nio/channels/SocketChannel/Shutdown.java | 69 +++++++++++++++---- 2 files changed, 55 insertions(+), 16 deletions(-) diff --git a/jdk/src/solaris/native/sun/nio/ch/Net.c b/jdk/src/solaris/native/sun/nio/ch/Net.c index 14ef8d14305..79031de6b59 100644 --- a/jdk/src/solaris/native/sun/nio/ch/Net.c +++ b/jdk/src/solaris/native/sun/nio/ch/Net.c @@ -541,7 +541,7 @@ Java_sun_nio_ch_Net_shutdown(JNIEnv *env, jclass cl, jobject fdo, jint jhow) { int how = (jhow == sun_nio_ch_Net_SHUT_RD) ? SHUT_RD : (jhow == sun_nio_ch_Net_SHUT_WR) ? SHUT_WR : SHUT_RDWR; - if (shutdown(fdval(env, fdo), how) < 0) + if ((shutdown(fdval(env, fdo), how) < 0) && (errno != ENOTCONN)) handleSocketError(env, errno); } diff --git a/jdk/test/java/nio/channels/SocketChannel/Shutdown.java b/jdk/test/java/nio/channels/SocketChannel/Shutdown.java index 16bd7a011ad..c2e579304f0 100644 --- a/jdk/test/java/nio/channels/SocketChannel/Shutdown.java +++ b/jdk/test/java/nio/channels/SocketChannel/Shutdown.java @@ -1,5 +1,5 @@ /* - * Copyright 2002 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,26 +22,65 @@ */ /* @test - * @bug 4618960 - * @summary Test isInputShutdown - * @library .. + * @bug 4618960 4516760 + * @summary Test shutdownXXX and isInputShutdown */ +import java.io.IOException; import java.net.*; -import java.nio.*; +import java.nio.ByteBuffer; import java.nio.channels.*; public class Shutdown { - public static void main(String args[]) throws Exception { - InetSocketAddress sa = new InetSocketAddress( - InetAddress.getByName(TestUtil.HOST), 23); - SocketChannel sc = SocketChannel.open(sa); - boolean before = sc.socket().isInputShutdown(); - sc.socket().shutdownInput(); - boolean after = sc.socket().isInputShutdown(); - sc.close(); - if (before || !after) - throw new Exception("Test failed"); + /** + * Accept a connection, and close it immediately causing a hard reset. + */ + static void acceptAndReset(ServerSocketChannel ssc) throws IOException { + SocketChannel peer = ssc.accept(); + try { + peer.setOption(StandardSocketOption.SO_LINGER, 0); + peer.configureBlocking(false); + peer.write(ByteBuffer.wrap(new byte[128*1024])); + } finally { + peer.close(); + } + } + + public static void main(String[] args) throws Exception { + ServerSocketChannel ssc = ServerSocketChannel.open() + .bind(new InetSocketAddress(0)); + try { + InetAddress lh = InetAddress.getLocalHost(); + int port = ((InetSocketAddress)(ssc.getLocalAddress())).getPort(); + SocketAddress remote = new InetSocketAddress(lh, port); + + // Test SocketChannel shutdownXXX + SocketChannel sc; + sc = SocketChannel.open(remote); + try { + acceptAndReset(ssc); + sc.shutdownInput(); + sc.shutdownOutput(); + } finally { + sc.close(); + } + + // Test Socket adapter shutdownXXX and isShutdownInput + sc = SocketChannel.open(remote); + try { + acceptAndReset(ssc); + boolean before = sc.socket().isInputShutdown(); + sc.socket().shutdownInput(); + boolean after = sc.socket().isInputShutdown(); + if (before || !after) + throw new RuntimeException("Before and after test failed"); + sc.socket().shutdownOutput(); + } finally { + sc.close(); + } + } finally { + ssc.close(); + } } } From c583b690e31a11739b3fcbab219762f7296e8f93 Mon Sep 17 00:00:00 2001 From: Alan Bateman Date: Tue, 11 Aug 2009 12:38:43 +0100 Subject: [PATCH 7/8] 6867781: (file) Examples in javadoc use newFileAttributeView instead of getFileAttributeView Reviewed-by: sherman --- .../classes/java/nio/file/attribute/AclFileAttributeView.java | 2 +- .../classes/java/nio/file/attribute/PosixFileAttributeView.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jdk/src/share/classes/java/nio/file/attribute/AclFileAttributeView.java b/jdk/src/share/classes/java/nio/file/attribute/AclFileAttributeView.java index 4127a78e942..13583381cbb 100644 --- a/jdk/src/share/classes/java/nio/file/attribute/AclFileAttributeView.java +++ b/jdk/src/share/classes/java/nio/file/attribute/AclFileAttributeView.java @@ -75,7 +75,7 @@ import java.io.IOException; * .lookupPrincipalByName("joe"); * * // get view - * AclFileAttributeView view = file.newFileAttributeView(AclFileAttributeView.class); + * AclFileAttributeView view = file.getFileAttributeView(AclFileAttributeView.class); * * // create ACE to give "joe" read access * AclEntry entry = AclEntry.newBuilder() diff --git a/jdk/src/share/classes/java/nio/file/attribute/PosixFileAttributeView.java b/jdk/src/share/classes/java/nio/file/attribute/PosixFileAttributeView.java index aeec36a941a..2dfb2c92eac 100644 --- a/jdk/src/share/classes/java/nio/file/attribute/PosixFileAttributeView.java +++ b/jdk/src/share/classes/java/nio/file/attribute/PosixFileAttributeView.java @@ -61,7 +61,7 @@ import java.io.IOException; * Suppose we need to print out the owner and access permissions of a file: * 
  *     FileRef file = ...
- *     PosixFileAttributes attrs = file.newFileAttributeView(PosixFileAttributeView.class)
+ *     PosixFileAttributes attrs = file.getFileAttributeView(PosixFileAttributeView.class)
  *         .readAttributes();
  *     System.out.format("%s %s%n",
  *         attrs.owner().getName(),

From a3af9140c99c387a7c94ddf479ea1f3466f90664 Mon Sep 17 00:00:00 2001
From: Alan Bateman 
Date: Tue, 11 Aug 2009 12:49:16 +0100
Subject: [PATCH 8/8] 6865748: (file) SimpleFileVisitor methods ignore null
 arguments

Reviewed-by: sherman
---
 .../java/nio/file/SimpleFileVisitor.java      | 16 +++++++++++
 jdk/test/java/nio/file/Files/Misc.java        | 27 ++++++++++++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/jdk/src/share/classes/java/nio/file/SimpleFileVisitor.java b/jdk/src/share/classes/java/nio/file/SimpleFileVisitor.java
index 36852392327..761773513ed 100644
--- a/jdk/src/share/classes/java/nio/file/SimpleFileVisitor.java
+++ b/jdk/src/share/classes/java/nio/file/SimpleFileVisitor.java
@@ -47,6 +47,14 @@ public class SimpleFileVisitor implements FileVisitor {
     protected SimpleFileVisitor() {
     }
 
+    /**
+     * Throws NullPointerException if obj is null.
+     */
+    private static void checkNotNull(Object obj) {
+        if (obj == null)
+            throw new NullPointerException();
+    }
+
     /**
      * Invoked for a directory before entries in the directory are visited.
      *
@@ -55,6 +63,7 @@ public class SimpleFileVisitor implements FileVisitor {
      */
     @Override
     public FileVisitResult preVisitDirectory(T dir) {
+        checkNotNull(dir);
         return FileVisitResult.CONTINUE;
     }
 
@@ -70,6 +79,8 @@ public class SimpleFileVisitor implements FileVisitor {
      */
     @Override
     public FileVisitResult preVisitDirectoryFailed(T dir, IOException exc) {
+        checkNotNull(dir);
+        checkNotNull(exc);
         throw new IOError(exc);
     }
 
@@ -81,6 +92,8 @@ public class SimpleFileVisitor implements FileVisitor {
      */
     @Override
     public FileVisitResult visitFile(T file, BasicFileAttributes attrs) {
+        checkNotNull(file);
+        checkNotNull(attrs);
         return FileVisitResult.CONTINUE;
     }
 
@@ -96,6 +109,8 @@ public class SimpleFileVisitor implements FileVisitor {
      */
     @Override
     public FileVisitResult visitFileFailed(T file, IOException exc) {
+        checkNotNull(file);
+        checkNotNull(exc);
         throw new IOError(exc);
     }
 
@@ -114,6 +129,7 @@ public class SimpleFileVisitor implements FileVisitor {
      */
     @Override
     public FileVisitResult postVisitDirectory(T dir, IOException exc) {
+        checkNotNull(dir);
         if (exc != null)
             throw new IOError(exc);
         return FileVisitResult.CONTINUE;
diff --git a/jdk/test/java/nio/file/Files/Misc.java b/jdk/test/java/nio/file/Files/Misc.java
index cd7e17a4bb8..a262274c436 100644
--- a/jdk/test/java/nio/file/Files/Misc.java
+++ b/jdk/test/java/nio/file/Files/Misc.java
@@ -22,13 +22,14 @@
  */
 
 /* @test
- * @bug 4313887 6838333
+ * @bug 4313887 6838333 6865748
  * @summary Unit test for java.nio.file.Files for miscellenous cases not
  *   covered by other tests
  * @library ..
  */
 
 import java.nio.file.*;
+import java.nio.file.attribute.Attributes;
 import java.io.IOException;
 import java.util.*;
 
@@ -113,5 +114,29 @@ public class Misc {
             npeExpected();
         } catch (NullPointerException e) {
         }
+
+        SimpleFileVisitor visitor = new SimpleFileVisitor() { };
+        boolean ranTheGauntlet = false;
+        try { visitor.preVisitDirectory(null);
+        } catch (NullPointerException x0) {
+        try { visitor.preVisitDirectoryFailed(null, new IOException());
+        } catch (NullPointerException x1) {
+        try { visitor.preVisitDirectoryFailed(dir, null);
+        } catch (NullPointerException x2) {
+        try { visitor.visitFile(null, Attributes.readBasicFileAttributes(Paths.get(".")));
+        } catch (NullPointerException x3) {
+        try {  visitor.visitFile(dir, null);
+        } catch (NullPointerException x4) {
+        try { visitor.visitFileFailed(null, new IOException());
+        } catch (NullPointerException x5) {
+        try { visitor.visitFileFailed(dir, null);
+        } catch (NullPointerException x6) {
+        try { visitor.postVisitDirectory(null, new IOException());
+        } catch (NullPointerException x7) {
+            // if we get here then all visit* methods threw NPE as expected
+            ranTheGauntlet = true;
+        }}}}}}}}
+        if (!ranTheGauntlet)
+            throw new RuntimeException("A visit method did not throw NPE");
     }
 }