stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package

Browse Source 
Reviewed-by: mchung
This commit is contained in:
Sean Mullan 2011-10-13 13:50:17 -04:00
parent e83fde21ff
commit 4bc227715b
16 changed files with 439 additions and 568 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
jdk/make/sun/security/other/Makefile
View File

@ -38,6 +38,7 @@ AUTO_FILES_JAVA_DIRS = \
sun/security/acl \
sun/security/jca \
sun/security/pkcs \
sun/security/pkcs10 \
sun/security/pkcs12 \
sun/security/provider \
sun/security/rsa \

45
jdk/src/share/classes/sun/security/pkcs/EncodingException.java
View File

@ -1,45 +0,0 @@
/*
* Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* Generic PKCS Encoding exception.
*
* @author Benjamin Renaud
*/
package sun.security.pkcs;
public class EncodingException extends Exception {
private static final long serialVersionUID = 4060198374240668325L;
public EncodingException() {
super();
}
public EncodingException(String s) {
super(s);
}
}

2
jdk/src/share/classes/sun/security/pkcs/PKCS10.java → jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
View File

@ -24,7 +24,7 @@
*/
package sun.security.pkcs;
package sun.security.pkcs10;
import java.io.PrintStream;
import java.io.IOException;

5
jdk/src/share/classes/sun/security/pkcs/PKCS10Attribute.java → jdk/src/share/classes/sun/security/pkcs10/PKCS10Attribute.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,11 +23,12 @@
* questions.
*/
package sun.security.pkcs;
package sun.security.pkcs10;
import java.io.OutputStream;
import java.io.IOException;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.util.*;
/**

4
jdk/src/share/classes/sun/security/pkcs/PKCS10Attributes.java → jdk/src/share/classes/sun/security/pkcs10/PKCS10Attributes.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
* questions.
*/
package sun.security.pkcs;
package sun.security.pkcs10;
import java.io.IOException;
import java.io.OutputStream;

68
jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,32 +27,86 @@ package sun.security.provider.certpath;
import java.net.URI;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.security.AccessController;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.CertStore;
import java.security.cert.X509CertSelector;
import java.security.cert.X509CRLSelector;
import javax.security.auth.x500.X500Principal;
import java.io.IOException;
import sun.security.util.Cache;
/**
* Helper used by URICertStore when delegating to another CertStore to
* fetch certs and CRLs.
* Helper used by URICertStore and others when delegating to another CertStore
* to fetch certs and CRLs.
*/
public interface CertStoreHelper {
public abstract class CertStoreHelper {
private static final int NUM_TYPES = 2;
private final static Map<String,String> classMap = new HashMap<>(NUM_TYPES);
static {
classMap.put(
"LDAP",
"sun.security.provider.certpath.ldap.LDAPCertStoreHelper");
classMap.put(
"SSLServer",
"sun.security.provider.certpath.ssl.SSLServerCertStoreHelper");
};
private static Cache cache = Cache.newSoftMemoryCache(NUM_TYPES);
public static CertStoreHelper getInstance(final String type)
throws NoSuchAlgorithmException
{
CertStoreHelper helper = (CertStoreHelper)cache.get(type);
if (helper != null) {
return helper;
}
final String cl = classMap.get(type);
if (cl == null) {
throw new NoSuchAlgorithmException(type + " not available");
}
try {
helper = AccessController.doPrivileged(
new PrivilegedExceptionAction<CertStoreHelper>() {
public CertStoreHelper run() throws ClassNotFoundException {
try {
Class<?> c = Class.forName(cl, true, null);
CertStoreHelper csh
= (CertStoreHelper)c.newInstance();
cache.put(type, csh);
return csh;
} catch (InstantiationException e) {
throw new AssertionError(e);
} catch (IllegalAccessException e) {
throw new AssertionError(e);
}
}
});
return helper;
} catch (PrivilegedActionException e) {
throw new NoSuchAlgorithmException(type + " not available",
e.getException());
}
}
/**
* Returns a CertStore using the given URI as parameters.
*/
CertStore getCertStore(URI uri)
public abstract CertStore getCertStore(URI uri)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
/**
* Wraps an existing X509CertSelector when needing to avoid DN matching
* issues.
*/
X509CertSelector wrap(X509CertSelector selector,
public abstract X509CertSelector wrap(X509CertSelector selector,
X500Principal certSubject,
String dn)
throws IOException;
@ -61,7 +115,7 @@ public interface CertStoreHelper {
* Wraps an existing X509CRLSelector when needing to avoid DN matching
* issues.
*/
X509CRLSelector wrap(X509CRLSelector selector,
public abstract X509CRLSelector wrap(X509CRLSelector selector,
Collection<X500Principal> certIssuers,
String dn)
throws IOException;

163
jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java
View File

@ -30,8 +30,6 @@ import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URLConnection;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
@ -120,35 +118,10 @@ class URICertStore extends CertStoreSpi {
// true if URI is ldap
private boolean ldap = false;
private CertStoreHelper ldapHelper;
private CertStore ldapCertStore;
private String ldapPath;
/**
* Holder class to lazily load LDAPCertStoreHelper if present.
*/
private static class LDAP {
private static final String CERT_STORE_HELPER =
"sun.security.provider.certpath.ldap.LDAPCertStoreHelper";
private static final CertStoreHelper helper =
AccessController.doPrivileged(
new PrivilegedAction<CertStoreHelper>() {
public CertStoreHelper run() {
try {
Class<?> c = Class.forName(CERT_STORE_HELPER, true, null);
return (CertStoreHelper)c.newInstance();
} catch (ClassNotFoundException cnf) {
return null;
} catch (InstantiationException e) {
throw new AssertionError(e);
} catch (IllegalAccessException e) {
throw new AssertionError(e);
}
}});
static CertStoreHelper helper() {
return helper;
}
}
/**
* Creates a URICertStore.
*
@ -164,10 +137,9 @@ class URICertStore extends CertStoreSpi {
this.uri = ((URICertStoreParameters) params).uri;
// if ldap URI, use an LDAPCertStore to fetch certs and CRLs
if (uri.getScheme().toLowerCase(Locale.ENGLISH).equals("ldap")) {
if (LDAP.helper() == null)
throw new NoSuchAlgorithmException("LDAP not present");
ldap = true;
ldapCertStore = LDAP.helper().getCertStore(uri);
ldapHelper = CertStoreHelper.getInstance("LDAP");
ldapCertStore = ldapHelper.getCertStore(uri);
ldapPath = uri.getPath();
// strip off leading '/'
if (ldapPath.charAt(0) == '/') {
@ -251,7 +223,7 @@ class URICertStore extends CertStoreSpi {
if (ldap) {
X509CertSelector xsel = (X509CertSelector) selector;
try {
xsel = LDAP.helper().wrap(xsel, xsel.getSubject(), ldapPath);
xsel = ldapHelper.wrap(xsel, xsel.getSubject(), ldapPath);
} catch (IOException ioe) {
throw new CertStoreException(ioe);
}
@ -273,57 +245,44 @@ class URICertStore extends CertStoreSpi {
return getMatchingCerts(certs, selector);
}
lastChecked = time;
InputStream in = null;
try {
URLConnection connection = uri.toURL().openConnection();
if (lastModified != 0) {
connection.setIfModifiedSince(lastModified);
}
in = connection.getInputStream();
long oldLastModified = lastModified;
lastModified = connection.getLastModified();
if (oldLastModified != 0) {
if (oldLastModified == lastModified) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCerts(certs, selector);
} else if (connection instanceof HttpURLConnection) {
// some proxy servers omit last modified
HttpURLConnection hconn = (HttpURLConnection) connection;
if (hconn.getResponseCode()
== HttpURLConnection.HTTP_NOT_MODIFIED) {
try (InputStream in = connection.getInputStream()) {
lastModified = connection.getLastModified();
if (oldLastModified != 0) {
if (oldLastModified == lastModified) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCerts(certs, selector);
} else if (connection instanceof HttpURLConnection) {
// some proxy servers omit last modified
HttpURLConnection hconn = (HttpURLConnection)connection;
if (hconn.getResponseCode()
== HttpURLConnection.HTTP_NOT_MODIFIED) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCerts(certs, selector);
}
}
}
}
if (debug != null) {
debug.println("Downloading new certificates...");
}
// Safe cast since factory is an X.509 certificate factory
certs = (Collection<X509Certificate>)
factory.generateCertificates(in);
return getMatchingCerts(certs, selector);
} catch (IOException e) {
if (debug != null) {
debug.println("Exception fetching certificates:");
e.printStackTrace();
}
} catch (CertificateException e) {
if (debug != null) {
debug.println("Exception fetching certificates:");
e.printStackTrace();
}
} finally {
if (in != null) {
try {
in.close();
} catch (IOException e) {
// ignore
if (debug != null) {
debug.println("Downloading new certificates...");
}
// Safe cast since factory is an X.509 certificate factory
certs = (Collection<X509Certificate>)
factory.generateCertificates(in);
}
return getMatchingCerts(certs, selector);
} catch (IOException | CertificateException e) {
if (debug != null) {
debug.println("Exception fetching certificates:");
e.printStackTrace();
}
}
// exception, forget previous values
@ -343,8 +302,7 @@ class URICertStore extends CertStoreSpi {
if (selector == null) {
return certs;
}
List<X509Certificate> matchedCerts =
new ArrayList<X509Certificate>(certs.size());
List<X509Certificate> matchedCerts = new ArrayList<>(certs.size());
for (X509Certificate cert : certs) {
if (selector.match(cert)) {
matchedCerts.add(cert);
@ -374,7 +332,7 @@ class URICertStore extends CertStoreSpi {
if (ldap) {
X509CRLSelector xsel = (X509CRLSelector) selector;
try {
xsel = LDAP.helper().wrap(xsel, null, ldapPath);
xsel = ldapHelper.wrap(xsel, null, ldapPath);
} catch (IOException ioe) {
throw new CertStoreException(ioe);
}
@ -395,55 +353,42 @@ class URICertStore extends CertStoreSpi {
return getMatchingCRLs(crl, selector);
}
lastChecked = time;
InputStream in = null;
try {
URLConnection connection = uri.toURL().openConnection();
if (lastModified != 0) {
connection.setIfModifiedSince(lastModified);
}
in = connection.getInputStream();
long oldLastModified = lastModified;
lastModified = connection.getLastModified();
if (oldLastModified != 0) {
if (oldLastModified == lastModified) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCRLs(crl, selector);
} else if (connection instanceof HttpURLConnection) {
// some proxy servers omit last modified
HttpURLConnection hconn = (HttpURLConnection) connection;
if (hconn.getResponseCode()
== HttpURLConnection.HTTP_NOT_MODIFIED) {
try (InputStream in = connection.getInputStream()) {
lastModified = connection.getLastModified();
if (oldLastModified != 0) {
if (oldLastModified == lastModified) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCRLs(crl, selector);
} else if (connection instanceof HttpURLConnection) {
// some proxy servers omit last modified
HttpURLConnection hconn = (HttpURLConnection)connection;
if (hconn.getResponseCode()
== HttpURLConnection.HTTP_NOT_MODIFIED) {
if (debug != null) {
debug.println("Not modified, using cached copy");
}
return getMatchingCRLs(crl, selector);
}
}
}
}
if (debug != null) {
debug.println("Downloading new CRL...");
}
crl = (X509CRL) factory.generateCRL(in);
return getMatchingCRLs(crl, selector);
} catch (IOException e) {
if (debug != null) {
debug.println("Exception fetching CRL:");
e.printStackTrace();
}
} catch (CRLException e) {
if (debug != null) {
debug.println("Exception fetching CRL:");
e.printStackTrace();
}
} finally {
if (in != null) {
try {
in.close();
} catch (IOException e) {
// ignore
if (debug != null) {
debug.println("Downloading new CRL...");
}
crl = (X509CRL) factory.generateCRL(in);
}
return getMatchingCRLs(crl, selector);
} catch (IOException | CRLException e) {
if (debug != null) {
debug.println("Exception fetching CRL:");
e.printStackTrace();
}
}
// exception, forget previous values

2
jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java
View File

@ -103,7 +103,7 @@ import sun.security.action.GetPropertyAction;
* @author Steve Hanna
* @author Andreas Sterbenz
*/
public class LDAPCertStore extends CertStoreSpi {
public final class LDAPCertStore extends CertStoreSpi {
private static final Debug debug = Debug.getInstance("certpath");

8
jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -41,11 +41,9 @@ import sun.security.provider.certpath.CertStoreHelper;
* LDAP implementation of CertStoreHelper.
*/
public class LDAPCertStoreHelper
implements CertStoreHelper
public final class LDAPCertStoreHelper
extends CertStoreHelper
{
public LDAPCertStoreHelper() { }
@Override
public CertStore getCertStore(URI uri)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException

153
jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStore.java Normal file
View File

@ -0,0 +1,153 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.provider.certpath.ssl;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertStoreParameters;
import java.security.cert.CertStoreSpi;
import java.security.cert.CRLSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509CRL;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
/**
* A CertStore that retrieves an SSL server's certificate chain.
*/
public final class SSLServerCertStore extends CertStoreSpi {
private final URI uri;
SSLServerCertStore(URI uri) throws InvalidAlgorithmParameterException {
super(null);
this.uri = uri;
}
public synchronized Collection<X509Certificate> engineGetCertificates
(CertSelector selector) throws CertStoreException
{
try {
SSLContext sc = SSLContext.getInstance("SSL");
GetChainTrustManager xtm = new GetChainTrustManager();
sc.init(null, new TrustManager[] { xtm }, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(
new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
uri.toURL().openConnection().connect();
return getMatchingCerts(xtm.serverChain, selector);
} catch (GeneralSecurityException | IOException e) {
throw new CertStoreException(e);
}
}
private static List<X509Certificate> getMatchingCerts
(List<X509Certificate> certs, CertSelector selector)
{
// if selector not specified, all certs match
if (selector == null) {
return certs;
}
List<X509Certificate> matchedCerts = new ArrayList<>(certs.size());
for (X509Certificate cert : certs) {
if (selector.match(cert)) {
matchedCerts.add(cert);
}
}
return matchedCerts;
}
public Collection<X509CRL> engineGetCRLs(CRLSelector selector)
throws CertStoreException
{
throw new UnsupportedOperationException();
}
static synchronized CertStore getInstance(URI uri)
throws InvalidAlgorithmParameterException
{
return new CS(new SSLServerCertStore(uri), null, "SSLServer", null);
}
/*
* An X509TrustManager that simply stores a reference to the server's
* certificate chain.
*/
private static class GetChainTrustManager implements X509TrustManager {
private List<X509Certificate> serverChain;
public X509Certificate[] getAcceptedIssuers() {
throw new UnsupportedOperationException();
}
public void checkClientTrusted(X509Certificate[] chain,
String authType)
throws CertificateException
{
throw new UnsupportedOperationException();
}
public void checkServerTrusted(X509Certificate[] chain,
String authType)
throws CertificateException
{
this.serverChain = (chain == null)
? Collections.<X509Certificate>emptyList()
: Arrays.asList(chain);
}
}
/**
* This class allows the SSLServerCertStore to be accessed as a CertStore.
*/
private static class CS extends CertStore {
protected CS(CertStoreSpi spi, Provider p, String type,
CertStoreParameters params)
{
super(spi, p, type, params);
}
}
}

69
jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java Normal file
View File

@ -0,0 +1,69 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.provider.certpath.ssl;
import java.net.URI;
import java.util.Collection;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.CertStore;
import java.security.cert.X509CertSelector;
import java.security.cert.X509CRLSelector;
import javax.security.auth.x500.X500Principal;
import java.io.IOException;
import sun.security.provider.certpath.CertStoreHelper;
/**
* SSL implementation of CertStoreHelper.
*/
public final class SSLServerCertStoreHelper extends CertStoreHelper {
@Override
public CertStore getCertStore(URI uri)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
{
return SSLServerCertStore.getInstance(uri);
}
@Override
public X509CertSelector wrap(X509CertSelector selector,
X500Principal certSubject,
String ldapDN)
throws IOException
{
throw new UnsupportedOperationException();
}
@Override
public X509CRLSelector wrap(X509CRLSelector selector,
Collection<X500Principal> certIssuers,
String ldapDN)
throws IOException
{
throw new UnsupportedOperationException();
}
}

16
jdk/src/share/classes/sun/security/x509/CertAndKeyGen.java → jdk/src/share/classes/sun/security/tools/CertAndKeyGen.java
View File

@ -23,7 +23,7 @@
* questions.
*/
package sun.security.x509;
package sun.security.tools;
import java.io.IOException;
import java.security.cert.X509Certificate;
@ -32,7 +32,19 @@ import java.security.cert.CertificateEncodingException;
import java.security.*;
import java.util.Date;
import sun.security.pkcs.PKCS10;
import sun.security.pkcs10.PKCS10;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
import sun.security.x509.X509Key;
/**

223
jdk/src/share/classes/sun/security/tools/KeyTool.java
View File

@ -38,10 +38,12 @@ import java.security.Signature;
import java.security.Timestamp;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertStoreException;
import java.security.cert.CRL;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
@ -63,23 +65,16 @@ import java.security.cert.X509CRLSelector;
import javax.security.auth.x500.X500Principal;
import sun.misc.BASE64Encoder;
import sun.security.util.ObjectIdentifier;
import sun.security.pkcs.PKCS10;
import sun.security.pkcs10.PKCS10;
import sun.security.pkcs10.PKCS10Attribute;
import sun.security.provider.X509Factory;
import sun.security.provider.certpath.CertStoreHelper;
import sun.security.util.Password;
import sun.security.util.PathList;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import sun.misc.BASE64Decoder;
import sun.security.pkcs.PKCS10Attribute;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.provider.certpath.ldap.LDAPCertStoreHelper;
import sun.security.util.DerValue;
import sun.security.x509.*;
@ -917,18 +912,13 @@ public final class KeyTool {
// Perform the specified command
if (command == CERTREQ) {
PrintStream ps = null;
if (filename != null) {
ps = new PrintStream(new FileOutputStream
(filename));
out = ps;
}
try {
doCertReq(alias, sigAlgName, out);
} finally {
if (ps != null) {
ps.close();
try (PrintStream ps = new PrintStream(new FileOutputStream
(filename))) {
doCertReq(alias, sigAlgName, ps);
}
} else {
doCertReq(alias, sigAlgName, out);
}
if (verbose && filename != null) {
MessageFormat form = new MessageFormat(rb.getString
@ -941,18 +931,13 @@ public final class KeyTool {
doDeleteEntry(alias);
kssave = true;
} else if (command == EXPORTCERT) {
PrintStream ps = null;
if (filename != null) {
ps = new PrintStream(new FileOutputStream
(filename));
out = ps;
}
try {
doExportCert(alias, out);
} finally {
if (ps != null) {
ps.close();
try (PrintStream ps = new PrintStream(new FileOutputStream
(filename))) {
doExportCert(alias, ps);
}
} else {
doExportCert(alias, out);
}
if (filename != null) {
MessageFormat form = new MessageFormat(rb.getString
@ -973,16 +958,12 @@ public final class KeyTool {
doGenSecretKey(alias, keyAlgName, keysize);
kssave = true;
} else if (command == IDENTITYDB) {
InputStream inStream = System.in;
if (filename != null) {
inStream = new FileInputStream(filename);
}
try {
doImportIdentityDatabase(inStream);
} finally {
if (inStream != System.in) {
inStream.close();
try (InputStream inStream = new FileInputStream(filename)) {
doImportIdentityDatabase(inStream);
}
} else {
doImportIdentityDatabase(System.in);
}
} else if (command == IMPORTCERT) {
InputStream inStream = System.in;
@ -1101,29 +1082,21 @@ public final class KeyTool {
if (alias == null) {
alias = keyAlias;
}
PrintStream ps = null;
if (filename != null) {
ps = new PrintStream(new FileOutputStream(filename));
out = ps;
}
try {
doGenCRL(out);
} finally {
if (ps != null) {
ps.close();
try (PrintStream ps =
new PrintStream(new FileOutputStream(filename))) {
doGenCRL(ps);
}
} else {
doGenCRL(out);
}
} else if (command == PRINTCERTREQ) {
InputStream inStream = System.in;
if (filename != null) {
inStream = new FileInputStream(filename);
}
try {
doPrintCertReq(inStream, out);
} finally {
if (inStream != System.in) {
inStream.close();
try (InputStream inStream = new FileInputStream(filename)) {
doPrintCertReq(inStream, out);
}
} else {
doPrintCertReq(System.in, out);
}
} else if (command == PRINTCRL) {
doPrintCRL(filename, out);
@ -2070,12 +2043,13 @@ public final class KeyTool {
}
}
} else { // must be LDAP, and uri is not null
// Lazily load LDAPCertStoreHelper if present
CertStoreHelper helper = CertStoreHelper.getInstance("LDAP");
String path = uri.getPath();
if (path.charAt(0) == '/') path = path.substring(1);
LDAPCertStoreHelper h = new LDAPCertStoreHelper();
CertStore s = h.getCertStore(uri);
CertStore s = helper.getCertStore(uri);
X509CRLSelector sel =
h.wrap(new X509CRLSelector(), null, path);
helper.wrap(new X509CRLSelector(), null, path);
return s.getCRLs(sel);
}
}
@ -2259,18 +2233,12 @@ public final class KeyTool {
int pos = 0;
while (entries.hasMoreElements()) {
JarEntry je = entries.nextElement();
InputStream is = null;
try {
is = jf.getInputStream(je);
try (InputStream is = jf.getInputStream(je)) {
while (is.read(buffer) != -1) {
// we just read. this will throw a SecurityException
// if a signature/digest check fails. This also
// populate the signers
}
} finally {
if (is != null) {
is.close();
}
}
CodeSigner[] signers = je.getCodeSigners();
if (signers != null) {
@ -2316,85 +2284,52 @@ public final class KeyTool {
out.println(rb.getString("Not.a.signed.jar.file"));
}
} else if (sslserver != null) {
SSLContext sc = SSLContext.getInstance("SSL");
final boolean[] certPrinted = new boolean[1];
sc.init(null, new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
for (int i=0; i<certs.length; i++) {
X509Certificate cert = certs[i];
try {
if (rfc) {
dumpCert(cert, out);
} else {
out.println("Certificate #" + i);
out.println("====================================");
printX509Cert(cert, out);
out.println();
}
} catch (Exception e) {
if (debug) {
e.printStackTrace();
}
}
}
// Set to true where there's something to print
if (certs.length > 0) {
certPrinted[0] = true;
}
}
}
}, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(
new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
// HTTPS instead of raw SSL, so that -Dhttps.proxyHost and
// -Dhttps.proxyPort can be used. Since we only go through
// the handshake process, an HTTPS server is not needed.
// This program should be able to deal with any SSL-based
// network service.
Exception ex = null;
// Lazily load SSLCertStoreHelper if present
CertStoreHelper helper = CertStoreHelper.getInstance("SSLServer");
CertStore cs = helper.getCertStore(new URI("https://" + sslserver));
Collection<? extends Certificate> chain;
try {
new URL("https://" + sslserver).openConnection().connect();
} catch (Exception e) {
ex = e;
}
// If the certs are not printed out, we consider it an error even
// if the URL connection is successful.
if (!certPrinted[0]) {
Exception e = new Exception(
rb.getString("No.certificate.from.the.SSL.server"));
if (ex != null) {
e.initCause(ex);
chain = cs.getCertificates(null);
if (chain.isEmpty()) {
// If the certs are not retrieved, we consider it an error
// even if the URL connection is successful.
throw new Exception(rb.getString(
"No.certificate.from.the.SSL.server"));
}
} catch (CertStoreException cse) {
if (cse.getCause() instanceof IOException) {
throw new Exception(rb.getString(
"No.certificate.from.the.SSL.server"),
cse.getCause());
} else {
throw cse;
}
}
int i = 0;
for (Certificate cert : chain) {
try {
if (rfc) {
dumpCert(cert, out);
} else {
out.println("Certificate #" + i++);
out.println("====================================");
printX509Cert((X509Certificate)cert, out);
out.println();
}
} catch (Exception e) {
if (debug) {
e.printStackTrace();
}
}
throw e;
}
} else {
InputStream inStream = System.in;
if (filename != null) {
inStream = new FileInputStream(filename);
}
try {
printCertFromStream(inStream, out);
} finally {
if (inStream != System.in) {
inStream.close();
try (FileInputStream inStream = new FileInputStream(filename)) {
printCertFromStream(inStream, out);
}
} else {
printCertFromStream(System.in, out);
}
}
}
@ -2590,9 +2525,7 @@ public final class KeyTool {
X509Certificate cert = null;
try {
cert = (X509Certificate)cf.generateCertificate(in);
} catch (ClassCastException cce) {
throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
} catch (CertificateException ce) {
} catch (ClassCastException | CertificateException ce) {
throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
}
@ -3441,16 +3374,10 @@ public final class KeyTool {
if (!file.exists()) {
return null;
}
FileInputStream fis = null;
KeyStore caks = null;
try {
fis = new FileInputStream(file);
try (FileInputStream fis = new FileInputStream(file)) {
caks = KeyStore.getInstance(JKS);
caks.load(fis, null);
} finally {
if (fis != null) {
fis.close();
}
}
return caks;
}

4
jdk/src/share/classes/sun/security/util/PathList.java → jdk/src/share/classes/sun/security/tools/PathList.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
* questions.
*/
package sun.security.util;
package sun.security.tools;
import java.io.File;
import java.io.IOException;

198
jdk/src/share/classes/sun/security/util/BigInt.java
View File

@ -1,198 +0,0 @@
/*
* Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.util;
import java.math.BigInteger;
/**
* A low-overhead arbitrary-precision <em>unsigned</em> integer.
* This is intended for use with ASN.1 parsing, and printing of
* such parsed values. Convert to "BigInteger" if you need to do
* arbitrary precision arithmetic, rather than just represent
* the number as a wrapped array of bytes.
*
* <P><em><b>NOTE:</b> This class may eventually disappear, to
* be supplanted by big-endian byte arrays which hold both signed
* and unsigned arbitrary-precision integers.</em>
*
* @author David Brownell
*/
public final class BigInt {
// Big endian -- MSB first.
private byte[] places;
/**
* Constructs a "Big" integer from a set of (big-endian) bytes.
* Leading zeroes should be stripped off.
*
* @param data a sequence of bytes, most significant bytes/digits
* first. CONSUMED.
*/
public BigInt(byte[] data) { places = data.clone(); }
/**
* Constructs a "Big" integer from a "BigInteger", which must be
* positive (or zero) in value.
*/
public BigInt(BigInteger i) {
byte[] temp = i.toByteArray();
if ((temp[0] & 0x80) != 0)
throw new IllegalArgumentException("negative BigInteger");
// XXX we assume exactly _one_ sign byte is used...
if (temp[0] != 0)
places = temp;
else {
places = new byte[temp.length - 1];
for (int j = 1; j < temp.length; j++)
places[j - 1] = temp[j];
}
}
/**
* Constructs a "Big" integer from a normal Java integer.
*
* @param i the java primitive integer
*/
public BigInt(int i) {
if (i < (1 << 8)) {
places = new byte[1];
places[0] = (byte) i;
} else if (i < (1 << 16)) {
places = new byte[2];
places[0] = (byte) (i >> 8);
places[1] = (byte) i;
} else if (i < (1 << 24)) {
places = new byte[3];
places[0] = (byte) (i >> 16);
places[1] = (byte) (i >> 8);
places[2] = (byte) i;
} else {
places = new byte[4];
places[0] = (byte) (i >> 24);
places[1] = (byte) (i >> 16);
places[2] = (byte) (i >> 8);
places[3] = (byte) i;
}
}
/**
* Converts the "big" integer to a java primitive integer.
*
* @excpet NumberFormatException if 32 bits is insufficient.
*/
public int toInt() {
if (places.length > 4)
throw new NumberFormatException("BigInt.toLong, too big");
int retval = 0, i = 0;
for (; i < places.length; i++)
retval = (retval << 8) + ((int)places[i] & 0xff);
return retval;
}
/**
* Returns a hexadecimal printed representation. The value is
* formatted to fit on lines of at least 75 characters, with
* embedded newlines. Words are separated for readability,
* with eight words (32 bytes) per line.
*/
public String toString() { return hexify(); }
/**
* Returns a BigInteger value which supports many arithmetic
* operations. Assumes negative values will never occur.
*/
public BigInteger toBigInteger()
{ return new BigInteger(1, places); }
/**
* Returns the data as a byte array. The most significant bit
* of the array is bit zero (as in <code>java.math.BigInteger</code>).
*/
public byte[] toByteArray() { return places.clone(); }
private static final String digits = "0123456789abcdef";
private String hexify() {
if (places.length == 0)
return " 0 ";
StringBuffer buf = new StringBuffer(places.length * 2);
buf.append(" "); // four spaces
for (int i = 0; i < places.length; i++) {
buf.append(digits.charAt((places[i] >> 4) & 0x0f));
buf.append(digits.charAt(places[i] & 0x0f));
if (((i + 1) % 32) == 0) {
if ((i + 1) != places.length)
buf.append("\n "); // line after four words
} else if (((i + 1) % 4) == 0)
buf.append(' '); // space between words
}
return buf.toString();
}
/**
* Returns true iff the parameter is a numerically equivalent
* BigInt.
*
* @param other the object being compared with this one.
*/
public boolean equals(Object other) {
if (other instanceof BigInt)
return equals((BigInt) other);
return false;
}
/**
* Returns true iff the parameter is numerically equivalent.
*
* @param other the BigInt being compared with this one.
*/
public boolean equals(BigInt other) {
if (this == other)
return true;
byte[] otherPlaces = other.toByteArray();
if (places.length != otherPlaces.length)
return false;
for (int i = 0; i < places.length; i++)
if (places[i] != otherPlaces[i])
return false;
return true;
}
/**
* Returns a hashcode for this BigInt.
*
* @return a hashcode for this BigInt.
*/
public int hashCode() {
return hexify().hashCode();
}
}

46
jdk/test/sun/security/util/BigInt/BigIntEqualsHashCode.java
View File

@ -1,46 +0,0 @@
/*
* Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @author Gary Ellison
* @bug 4170635
* @summary Verify equals()/hashCode() contract honored
*/
import java.io.*;
import sun.security.util.*;
public class BigIntEqualsHashCode {
public static void main(String[] args) throws Exception {
BigInt bi1 = new BigInt(12345678);
BigInt bi2 = new BigInt(12345678);
if ( (bi1.equals(bi2)) == (bi1.hashCode()==bi2.hashCode()) )
System.out.println("PASSED");
else
throw new Exception ("FAILED equals()/hashCode() contract");
}
}