6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package
Reviewed-by: mchung
This commit is contained in:
parent
e83fde21ff
commit
4bc227715b
@ -38,6 +38,7 @@ AUTO_FILES_JAVA_DIRS = \
|
|||||||
sun/security/acl \
|
sun/security/acl \
|
||||||
sun/security/jca \
|
sun/security/jca \
|
||||||
sun/security/pkcs \
|
sun/security/pkcs \
|
||||||
|
sun/security/pkcs10 \
|
||||||
sun/security/pkcs12 \
|
sun/security/pkcs12 \
|
||||||
sun/security/provider \
|
sun/security/provider \
|
||||||
sun/security/rsa \
|
sun/security/rsa \
|
||||||
|
@ -1,45 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved.
|
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
||||||
*
|
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
|
||||||
* under the terms of the GNU General Public License version 2 only, as
|
|
||||||
* published by the Free Software Foundation. Oracle designates this
|
|
||||||
* particular file as subject to the "Classpath" exception as provided
|
|
||||||
* by Oracle in the LICENSE file that accompanied this code.
|
|
||||||
*
|
|
||||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
||||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
||||||
* version 2 for more details (a copy is included in the LICENSE file that
|
|
||||||
* accompanied this code).
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License version
|
|
||||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
||||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
||||||
*
|
|
||||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
||||||
* or visit www.oracle.com if you need additional information or have any
|
|
||||||
* questions.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Generic PKCS Encoding exception.
|
|
||||||
*
|
|
||||||
* @author Benjamin Renaud
|
|
||||||
*/
|
|
||||||
|
|
||||||
package sun.security.pkcs;
|
|
||||||
|
|
||||||
public class EncodingException extends Exception {
|
|
||||||
|
|
||||||
private static final long serialVersionUID = 4060198374240668325L;
|
|
||||||
|
|
||||||
public EncodingException() {
|
|
||||||
super();
|
|
||||||
}
|
|
||||||
|
|
||||||
public EncodingException(String s) {
|
|
||||||
super(s);
|
|
||||||
}
|
|
||||||
}
|
|
@ -24,7 +24,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
package sun.security.pkcs;
|
package sun.security.pkcs10;
|
||||||
|
|
||||||
import java.io.PrintStream;
|
import java.io.PrintStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997, 1998, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -23,11 +23,12 @@
|
|||||||
* questions.
|
* questions.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package sun.security.pkcs;
|
package sun.security.pkcs10;
|
||||||
|
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import sun.security.pkcs.PKCS9Attribute;
|
||||||
import sun.security.util.*;
|
import sun.security.util.*;
|
||||||
|
|
||||||
/**
|
/**
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -23,7 +23,7 @@
|
|||||||
* questions.
|
* questions.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package sun.security.pkcs;
|
package sun.security.pkcs10;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -27,32 +27,86 @@ package sun.security.provider.certpath;
|
|||||||
|
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.security.AccessController;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
|
import java.security.PrivilegedActionException;
|
||||||
|
import java.security.PrivilegedExceptionAction;
|
||||||
import java.security.cert.CertStore;
|
import java.security.cert.CertStore;
|
||||||
import java.security.cert.X509CertSelector;
|
import java.security.cert.X509CertSelector;
|
||||||
import java.security.cert.X509CRLSelector;
|
import java.security.cert.X509CRLSelector;
|
||||||
import javax.security.auth.x500.X500Principal;
|
import javax.security.auth.x500.X500Principal;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import sun.security.util.Cache;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Helper used by URICertStore when delegating to another CertStore to
|
* Helper used by URICertStore and others when delegating to another CertStore
|
||||||
* fetch certs and CRLs.
|
* to fetch certs and CRLs.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public interface CertStoreHelper {
|
public abstract class CertStoreHelper {
|
||||||
|
|
||||||
|
private static final int NUM_TYPES = 2;
|
||||||
|
private final static Map<String,String> classMap = new HashMap<>(NUM_TYPES);
|
||||||
|
static {
|
||||||
|
classMap.put(
|
||||||
|
"LDAP",
|
||||||
|
"sun.security.provider.certpath.ldap.LDAPCertStoreHelper");
|
||||||
|
classMap.put(
|
||||||
|
"SSLServer",
|
||||||
|
"sun.security.provider.certpath.ssl.SSLServerCertStoreHelper");
|
||||||
|
};
|
||||||
|
private static Cache cache = Cache.newSoftMemoryCache(NUM_TYPES);
|
||||||
|
|
||||||
|
public static CertStoreHelper getInstance(final String type)
|
||||||
|
throws NoSuchAlgorithmException
|
||||||
|
{
|
||||||
|
CertStoreHelper helper = (CertStoreHelper)cache.get(type);
|
||||||
|
if (helper != null) {
|
||||||
|
return helper;
|
||||||
|
}
|
||||||
|
final String cl = classMap.get(type);
|
||||||
|
if (cl == null) {
|
||||||
|
throw new NoSuchAlgorithmException(type + " not available");
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
helper = AccessController.doPrivileged(
|
||||||
|
new PrivilegedExceptionAction<CertStoreHelper>() {
|
||||||
|
public CertStoreHelper run() throws ClassNotFoundException {
|
||||||
|
try {
|
||||||
|
Class<?> c = Class.forName(cl, true, null);
|
||||||
|
CertStoreHelper csh
|
||||||
|
= (CertStoreHelper)c.newInstance();
|
||||||
|
cache.put(type, csh);
|
||||||
|
return csh;
|
||||||
|
} catch (InstantiationException e) {
|
||||||
|
throw new AssertionError(e);
|
||||||
|
} catch (IllegalAccessException e) {
|
||||||
|
throw new AssertionError(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
return helper;
|
||||||
|
} catch (PrivilegedActionException e) {
|
||||||
|
throw new NoSuchAlgorithmException(type + " not available",
|
||||||
|
e.getException());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a CertStore using the given URI as parameters.
|
* Returns a CertStore using the given URI as parameters.
|
||||||
*/
|
*/
|
||||||
CertStore getCertStore(URI uri)
|
public abstract CertStore getCertStore(URI uri)
|
||||||
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
|
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Wraps an existing X509CertSelector when needing to avoid DN matching
|
* Wraps an existing X509CertSelector when needing to avoid DN matching
|
||||||
* issues.
|
* issues.
|
||||||
*/
|
*/
|
||||||
X509CertSelector wrap(X509CertSelector selector,
|
public abstract X509CertSelector wrap(X509CertSelector selector,
|
||||||
X500Principal certSubject,
|
X500Principal certSubject,
|
||||||
String dn)
|
String dn)
|
||||||
throws IOException;
|
throws IOException;
|
||||||
@ -61,7 +115,7 @@ public interface CertStoreHelper {
|
|||||||
* Wraps an existing X509CRLSelector when needing to avoid DN matching
|
* Wraps an existing X509CRLSelector when needing to avoid DN matching
|
||||||
* issues.
|
* issues.
|
||||||
*/
|
*/
|
||||||
X509CRLSelector wrap(X509CRLSelector selector,
|
public abstract X509CRLSelector wrap(X509CRLSelector selector,
|
||||||
Collection<X500Principal> certIssuers,
|
Collection<X500Principal> certIssuers,
|
||||||
String dn)
|
String dn)
|
||||||
throws IOException;
|
throws IOException;
|
||||||
|
@ -30,8 +30,6 @@ import java.io.IOException;
|
|||||||
import java.net.HttpURLConnection;
|
import java.net.HttpURLConnection;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.net.URLConnection;
|
import java.net.URLConnection;
|
||||||
import java.security.AccessController;
|
|
||||||
import java.security.PrivilegedAction;
|
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
@ -120,35 +118,10 @@ class URICertStore extends CertStoreSpi {
|
|||||||
|
|
||||||
// true if URI is ldap
|
// true if URI is ldap
|
||||||
private boolean ldap = false;
|
private boolean ldap = false;
|
||||||
|
private CertStoreHelper ldapHelper;
|
||||||
private CertStore ldapCertStore;
|
private CertStore ldapCertStore;
|
||||||
private String ldapPath;
|
private String ldapPath;
|
||||||
|
|
||||||
/**
|
|
||||||
* Holder class to lazily load LDAPCertStoreHelper if present.
|
|
||||||
*/
|
|
||||||
private static class LDAP {
|
|
||||||
private static final String CERT_STORE_HELPER =
|
|
||||||
"sun.security.provider.certpath.ldap.LDAPCertStoreHelper";
|
|
||||||
private static final CertStoreHelper helper =
|
|
||||||
AccessController.doPrivileged(
|
|
||||||
new PrivilegedAction<CertStoreHelper>() {
|
|
||||||
public CertStoreHelper run() {
|
|
||||||
try {
|
|
||||||
Class<?> c = Class.forName(CERT_STORE_HELPER, true, null);
|
|
||||||
return (CertStoreHelper)c.newInstance();
|
|
||||||
} catch (ClassNotFoundException cnf) {
|
|
||||||
return null;
|
|
||||||
} catch (InstantiationException e) {
|
|
||||||
throw new AssertionError(e);
|
|
||||||
} catch (IllegalAccessException e) {
|
|
||||||
throw new AssertionError(e);
|
|
||||||
}
|
|
||||||
}});
|
|
||||||
static CertStoreHelper helper() {
|
|
||||||
return helper;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a URICertStore.
|
* Creates a URICertStore.
|
||||||
*
|
*
|
||||||
@ -164,10 +137,9 @@ class URICertStore extends CertStoreSpi {
|
|||||||
this.uri = ((URICertStoreParameters) params).uri;
|
this.uri = ((URICertStoreParameters) params).uri;
|
||||||
// if ldap URI, use an LDAPCertStore to fetch certs and CRLs
|
// if ldap URI, use an LDAPCertStore to fetch certs and CRLs
|
||||||
if (uri.getScheme().toLowerCase(Locale.ENGLISH).equals("ldap")) {
|
if (uri.getScheme().toLowerCase(Locale.ENGLISH).equals("ldap")) {
|
||||||
if (LDAP.helper() == null)
|
|
||||||
throw new NoSuchAlgorithmException("LDAP not present");
|
|
||||||
ldap = true;
|
ldap = true;
|
||||||
ldapCertStore = LDAP.helper().getCertStore(uri);
|
ldapHelper = CertStoreHelper.getInstance("LDAP");
|
||||||
|
ldapCertStore = ldapHelper.getCertStore(uri);
|
||||||
ldapPath = uri.getPath();
|
ldapPath = uri.getPath();
|
||||||
// strip off leading '/'
|
// strip off leading '/'
|
||||||
if (ldapPath.charAt(0) == '/') {
|
if (ldapPath.charAt(0) == '/') {
|
||||||
@ -251,7 +223,7 @@ class URICertStore extends CertStoreSpi {
|
|||||||
if (ldap) {
|
if (ldap) {
|
||||||
X509CertSelector xsel = (X509CertSelector) selector;
|
X509CertSelector xsel = (X509CertSelector) selector;
|
||||||
try {
|
try {
|
||||||
xsel = LDAP.helper().wrap(xsel, xsel.getSubject(), ldapPath);
|
xsel = ldapHelper.wrap(xsel, xsel.getSubject(), ldapPath);
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
throw new CertStoreException(ioe);
|
throw new CertStoreException(ioe);
|
||||||
}
|
}
|
||||||
@ -273,57 +245,44 @@ class URICertStore extends CertStoreSpi {
|
|||||||
return getMatchingCerts(certs, selector);
|
return getMatchingCerts(certs, selector);
|
||||||
}
|
}
|
||||||
lastChecked = time;
|
lastChecked = time;
|
||||||
InputStream in = null;
|
|
||||||
try {
|
try {
|
||||||
URLConnection connection = uri.toURL().openConnection();
|
URLConnection connection = uri.toURL().openConnection();
|
||||||
if (lastModified != 0) {
|
if (lastModified != 0) {
|
||||||
connection.setIfModifiedSince(lastModified);
|
connection.setIfModifiedSince(lastModified);
|
||||||
}
|
}
|
||||||
in = connection.getInputStream();
|
|
||||||
long oldLastModified = lastModified;
|
long oldLastModified = lastModified;
|
||||||
lastModified = connection.getLastModified();
|
try (InputStream in = connection.getInputStream()) {
|
||||||
if (oldLastModified != 0) {
|
lastModified = connection.getLastModified();
|
||||||
if (oldLastModified == lastModified) {
|
if (oldLastModified != 0) {
|
||||||
if (debug != null) {
|
if (oldLastModified == lastModified) {
|
||||||
debug.println("Not modified, using cached copy");
|
|
||||||
}
|
|
||||||
return getMatchingCerts(certs, selector);
|
|
||||||
} else if (connection instanceof HttpURLConnection) {
|
|
||||||
// some proxy servers omit last modified
|
|
||||||
HttpURLConnection hconn = (HttpURLConnection) connection;
|
|
||||||
if (hconn.getResponseCode()
|
|
||||||
== HttpURLConnection.HTTP_NOT_MODIFIED) {
|
|
||||||
if (debug != null) {
|
if (debug != null) {
|
||||||
debug.println("Not modified, using cached copy");
|
debug.println("Not modified, using cached copy");
|
||||||
}
|
}
|
||||||
return getMatchingCerts(certs, selector);
|
return getMatchingCerts(certs, selector);
|
||||||
|
} else if (connection instanceof HttpURLConnection) {
|
||||||
|
// some proxy servers omit last modified
|
||||||
|
HttpURLConnection hconn = (HttpURLConnection)connection;
|
||||||
|
if (hconn.getResponseCode()
|
||||||
|
== HttpURLConnection.HTTP_NOT_MODIFIED) {
|
||||||
|
if (debug != null) {
|
||||||
|
debug.println("Not modified, using cached copy");
|
||||||
|
}
|
||||||
|
return getMatchingCerts(certs, selector);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
if (debug != null) {
|
||||||
if (debug != null) {
|
debug.println("Downloading new certificates...");
|
||||||
debug.println("Downloading new certificates...");
|
|
||||||
}
|
|
||||||
// Safe cast since factory is an X.509 certificate factory
|
|
||||||
certs = (Collection<X509Certificate>)
|
|
||||||
factory.generateCertificates(in);
|
|
||||||
return getMatchingCerts(certs, selector);
|
|
||||||
} catch (IOException e) {
|
|
||||||
if (debug != null) {
|
|
||||||
debug.println("Exception fetching certificates:");
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
} catch (CertificateException e) {
|
|
||||||
if (debug != null) {
|
|
||||||
debug.println("Exception fetching certificates:");
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
} finally {
|
|
||||||
if (in != null) {
|
|
||||||
try {
|
|
||||||
in.close();
|
|
||||||
} catch (IOException e) {
|
|
||||||
// ignore
|
|
||||||
}
|
}
|
||||||
|
// Safe cast since factory is an X.509 certificate factory
|
||||||
|
certs = (Collection<X509Certificate>)
|
||||||
|
factory.generateCertificates(in);
|
||||||
|
}
|
||||||
|
return getMatchingCerts(certs, selector);
|
||||||
|
} catch (IOException | CertificateException e) {
|
||||||
|
if (debug != null) {
|
||||||
|
debug.println("Exception fetching certificates:");
|
||||||
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// exception, forget previous values
|
// exception, forget previous values
|
||||||
@ -343,8 +302,7 @@ class URICertStore extends CertStoreSpi {
|
|||||||
if (selector == null) {
|
if (selector == null) {
|
||||||
return certs;
|
return certs;
|
||||||
}
|
}
|
||||||
List<X509Certificate> matchedCerts =
|
List<X509Certificate> matchedCerts = new ArrayList<>(certs.size());
|
||||||
new ArrayList<X509Certificate>(certs.size());
|
|
||||||
for (X509Certificate cert : certs) {
|
for (X509Certificate cert : certs) {
|
||||||
if (selector.match(cert)) {
|
if (selector.match(cert)) {
|
||||||
matchedCerts.add(cert);
|
matchedCerts.add(cert);
|
||||||
@ -374,7 +332,7 @@ class URICertStore extends CertStoreSpi {
|
|||||||
if (ldap) {
|
if (ldap) {
|
||||||
X509CRLSelector xsel = (X509CRLSelector) selector;
|
X509CRLSelector xsel = (X509CRLSelector) selector;
|
||||||
try {
|
try {
|
||||||
xsel = LDAP.helper().wrap(xsel, null, ldapPath);
|
xsel = ldapHelper.wrap(xsel, null, ldapPath);
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
throw new CertStoreException(ioe);
|
throw new CertStoreException(ioe);
|
||||||
}
|
}
|
||||||
@ -395,55 +353,42 @@ class URICertStore extends CertStoreSpi {
|
|||||||
return getMatchingCRLs(crl, selector);
|
return getMatchingCRLs(crl, selector);
|
||||||
}
|
}
|
||||||
lastChecked = time;
|
lastChecked = time;
|
||||||
InputStream in = null;
|
|
||||||
try {
|
try {
|
||||||
URLConnection connection = uri.toURL().openConnection();
|
URLConnection connection = uri.toURL().openConnection();
|
||||||
if (lastModified != 0) {
|
if (lastModified != 0) {
|
||||||
connection.setIfModifiedSince(lastModified);
|
connection.setIfModifiedSince(lastModified);
|
||||||
}
|
}
|
||||||
in = connection.getInputStream();
|
|
||||||
long oldLastModified = lastModified;
|
long oldLastModified = lastModified;
|
||||||
lastModified = connection.getLastModified();
|
try (InputStream in = connection.getInputStream()) {
|
||||||
if (oldLastModified != 0) {
|
lastModified = connection.getLastModified();
|
||||||
if (oldLastModified == lastModified) {
|
if (oldLastModified != 0) {
|
||||||
if (debug != null) {
|
if (oldLastModified == lastModified) {
|
||||||
debug.println("Not modified, using cached copy");
|
|
||||||
}
|
|
||||||
return getMatchingCRLs(crl, selector);
|
|
||||||
} else if (connection instanceof HttpURLConnection) {
|
|
||||||
// some proxy servers omit last modified
|
|
||||||
HttpURLConnection hconn = (HttpURLConnection) connection;
|
|
||||||
if (hconn.getResponseCode()
|
|
||||||
== HttpURLConnection.HTTP_NOT_MODIFIED) {
|
|
||||||
if (debug != null) {
|
if (debug != null) {
|
||||||
debug.println("Not modified, using cached copy");
|
debug.println("Not modified, using cached copy");
|
||||||
}
|
}
|
||||||
return getMatchingCRLs(crl, selector);
|
return getMatchingCRLs(crl, selector);
|
||||||
|
} else if (connection instanceof HttpURLConnection) {
|
||||||
|
// some proxy servers omit last modified
|
||||||
|
HttpURLConnection hconn = (HttpURLConnection)connection;
|
||||||
|
if (hconn.getResponseCode()
|
||||||
|
== HttpURLConnection.HTTP_NOT_MODIFIED) {
|
||||||
|
if (debug != null) {
|
||||||
|
debug.println("Not modified, using cached copy");
|
||||||
|
}
|
||||||
|
return getMatchingCRLs(crl, selector);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
if (debug != null) {
|
||||||
if (debug != null) {
|
debug.println("Downloading new CRL...");
|
||||||
debug.println("Downloading new CRL...");
|
|
||||||
}
|
|
||||||
crl = (X509CRL) factory.generateCRL(in);
|
|
||||||
return getMatchingCRLs(crl, selector);
|
|
||||||
} catch (IOException e) {
|
|
||||||
if (debug != null) {
|
|
||||||
debug.println("Exception fetching CRL:");
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
} catch (CRLException e) {
|
|
||||||
if (debug != null) {
|
|
||||||
debug.println("Exception fetching CRL:");
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
} finally {
|
|
||||||
if (in != null) {
|
|
||||||
try {
|
|
||||||
in.close();
|
|
||||||
} catch (IOException e) {
|
|
||||||
// ignore
|
|
||||||
}
|
}
|
||||||
|
crl = (X509CRL) factory.generateCRL(in);
|
||||||
|
}
|
||||||
|
return getMatchingCRLs(crl, selector);
|
||||||
|
} catch (IOException | CRLException e) {
|
||||||
|
if (debug != null) {
|
||||||
|
debug.println("Exception fetching CRL:");
|
||||||
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// exception, forget previous values
|
// exception, forget previous values
|
||||||
|
@ -103,7 +103,7 @@ import sun.security.action.GetPropertyAction;
|
|||||||
* @author Steve Hanna
|
* @author Steve Hanna
|
||||||
* @author Andreas Sterbenz
|
* @author Andreas Sterbenz
|
||||||
*/
|
*/
|
||||||
public class LDAPCertStore extends CertStoreSpi {
|
public final class LDAPCertStore extends CertStoreSpi {
|
||||||
|
|
||||||
private static final Debug debug = Debug.getInstance("certpath");
|
private static final Debug debug = Debug.getInstance("certpath");
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -41,11 +41,9 @@ import sun.security.provider.certpath.CertStoreHelper;
|
|||||||
* LDAP implementation of CertStoreHelper.
|
* LDAP implementation of CertStoreHelper.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public class LDAPCertStoreHelper
|
public final class LDAPCertStoreHelper
|
||||||
implements CertStoreHelper
|
extends CertStoreHelper
|
||||||
{
|
{
|
||||||
public LDAPCertStoreHelper() { }
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public CertStore getCertStore(URI uri)
|
public CertStore getCertStore(URI uri)
|
||||||
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
|
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
|
||||||
|
@ -0,0 +1,153 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation. Oracle designates this
|
||||||
|
* particular file as subject to the "Classpath" exception as provided
|
||||||
|
* by Oracle in the LICENSE file that accompanied this code.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package sun.security.provider.certpath.ssl;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.net.URI;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.List;
|
||||||
|
import java.security.GeneralSecurityException;
|
||||||
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
|
import java.security.Provider;
|
||||||
|
import java.security.cert.CertificateException;
|
||||||
|
import java.security.cert.CertSelector;
|
||||||
|
import java.security.cert.CertStore;
|
||||||
|
import java.security.cert.CertStoreException;
|
||||||
|
import java.security.cert.CertStoreParameters;
|
||||||
|
import java.security.cert.CertStoreSpi;
|
||||||
|
import java.security.cert.CRLSelector;
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
|
import java.security.cert.X509CRL;
|
||||||
|
import javax.net.ssl.HostnameVerifier;
|
||||||
|
import javax.net.ssl.HttpsURLConnection;
|
||||||
|
import javax.net.ssl.SSLContext;
|
||||||
|
import javax.net.ssl.SSLSession;
|
||||||
|
import javax.net.ssl.TrustManager;
|
||||||
|
import javax.net.ssl.X509TrustManager;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A CertStore that retrieves an SSL server's certificate chain.
|
||||||
|
*/
|
||||||
|
public final class SSLServerCertStore extends CertStoreSpi {
|
||||||
|
|
||||||
|
private final URI uri;
|
||||||
|
|
||||||
|
SSLServerCertStore(URI uri) throws InvalidAlgorithmParameterException {
|
||||||
|
super(null);
|
||||||
|
this.uri = uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
public synchronized Collection<X509Certificate> engineGetCertificates
|
||||||
|
(CertSelector selector) throws CertStoreException
|
||||||
|
{
|
||||||
|
try {
|
||||||
|
SSLContext sc = SSLContext.getInstance("SSL");
|
||||||
|
GetChainTrustManager xtm = new GetChainTrustManager();
|
||||||
|
sc.init(null, new TrustManager[] { xtm }, null);
|
||||||
|
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
|
||||||
|
HttpsURLConnection.setDefaultHostnameVerifier(
|
||||||
|
new HostnameVerifier() {
|
||||||
|
public boolean verify(String hostname, SSLSession session) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
uri.toURL().openConnection().connect();
|
||||||
|
return getMatchingCerts(xtm.serverChain, selector);
|
||||||
|
} catch (GeneralSecurityException | IOException e) {
|
||||||
|
throw new CertStoreException(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static List<X509Certificate> getMatchingCerts
|
||||||
|
(List<X509Certificate> certs, CertSelector selector)
|
||||||
|
{
|
||||||
|
// if selector not specified, all certs match
|
||||||
|
if (selector == null) {
|
||||||
|
return certs;
|
||||||
|
}
|
||||||
|
List<X509Certificate> matchedCerts = new ArrayList<>(certs.size());
|
||||||
|
for (X509Certificate cert : certs) {
|
||||||
|
if (selector.match(cert)) {
|
||||||
|
matchedCerts.add(cert);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return matchedCerts;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Collection<X509CRL> engineGetCRLs(CRLSelector selector)
|
||||||
|
throws CertStoreException
|
||||||
|
{
|
||||||
|
throw new UnsupportedOperationException();
|
||||||
|
}
|
||||||
|
|
||||||
|
static synchronized CertStore getInstance(URI uri)
|
||||||
|
throws InvalidAlgorithmParameterException
|
||||||
|
{
|
||||||
|
return new CS(new SSLServerCertStore(uri), null, "SSLServer", null);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* An X509TrustManager that simply stores a reference to the server's
|
||||||
|
* certificate chain.
|
||||||
|
*/
|
||||||
|
private static class GetChainTrustManager implements X509TrustManager {
|
||||||
|
private List<X509Certificate> serverChain;
|
||||||
|
|
||||||
|
public X509Certificate[] getAcceptedIssuers() {
|
||||||
|
throw new UnsupportedOperationException();
|
||||||
|
}
|
||||||
|
|
||||||
|
public void checkClientTrusted(X509Certificate[] chain,
|
||||||
|
String authType)
|
||||||
|
throws CertificateException
|
||||||
|
{
|
||||||
|
throw new UnsupportedOperationException();
|
||||||
|
}
|
||||||
|
|
||||||
|
public void checkServerTrusted(X509Certificate[] chain,
|
||||||
|
String authType)
|
||||||
|
throws CertificateException
|
||||||
|
{
|
||||||
|
this.serverChain = (chain == null)
|
||||||
|
? Collections.<X509Certificate>emptyList()
|
||||||
|
: Arrays.asList(chain);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class allows the SSLServerCertStore to be accessed as a CertStore.
|
||||||
|
*/
|
||||||
|
private static class CS extends CertStore {
|
||||||
|
protected CS(CertStoreSpi spi, Provider p, String type,
|
||||||
|
CertStoreParameters params)
|
||||||
|
{
|
||||||
|
super(spi, p, type, params);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,69 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation. Oracle designates this
|
||||||
|
* particular file as subject to the "Classpath" exception as provided
|
||||||
|
* by Oracle in the LICENSE file that accompanied this code.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package sun.security.provider.certpath.ssl;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
|
import java.security.cert.CertStore;
|
||||||
|
import java.security.cert.X509CertSelector;
|
||||||
|
import java.security.cert.X509CRLSelector;
|
||||||
|
import javax.security.auth.x500.X500Principal;
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import sun.security.provider.certpath.CertStoreHelper;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SSL implementation of CertStoreHelper.
|
||||||
|
*/
|
||||||
|
public final class SSLServerCertStoreHelper extends CertStoreHelper {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public CertStore getCertStore(URI uri)
|
||||||
|
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
|
||||||
|
{
|
||||||
|
return SSLServerCertStore.getInstance(uri);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public X509CertSelector wrap(X509CertSelector selector,
|
||||||
|
X500Principal certSubject,
|
||||||
|
String ldapDN)
|
||||||
|
throws IOException
|
||||||
|
{
|
||||||
|
throw new UnsupportedOperationException();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public X509CRLSelector wrap(X509CRLSelector selector,
|
||||||
|
Collection<X500Principal> certIssuers,
|
||||||
|
String ldapDN)
|
||||||
|
throws IOException
|
||||||
|
{
|
||||||
|
throw new UnsupportedOperationException();
|
||||||
|
}
|
||||||
|
}
|
@ -23,7 +23,7 @@
|
|||||||
* questions.
|
* questions.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package sun.security.x509;
|
package sun.security.tools;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
@ -32,7 +32,19 @@ import java.security.cert.CertificateEncodingException;
|
|||||||
import java.security.*;
|
import java.security.*;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
|
||||||
import sun.security.pkcs.PKCS10;
|
import sun.security.pkcs10.PKCS10;
|
||||||
|
import sun.security.x509.AlgorithmId;
|
||||||
|
import sun.security.x509.CertificateAlgorithmId;
|
||||||
|
import sun.security.x509.CertificateIssuerName;
|
||||||
|
import sun.security.x509.CertificateSerialNumber;
|
||||||
|
import sun.security.x509.CertificateSubjectName;
|
||||||
|
import sun.security.x509.CertificateValidity;
|
||||||
|
import sun.security.x509.CertificateVersion;
|
||||||
|
import sun.security.x509.CertificateX509Key;
|
||||||
|
import sun.security.x509.X500Name;
|
||||||
|
import sun.security.x509.X509CertImpl;
|
||||||
|
import sun.security.x509.X509CertInfo;
|
||||||
|
import sun.security.x509.X509Key;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
@ -38,10 +38,12 @@ import java.security.Signature;
|
|||||||
import java.security.Timestamp;
|
import java.security.Timestamp;
|
||||||
import java.security.UnrecoverableEntryException;
|
import java.security.UnrecoverableEntryException;
|
||||||
import java.security.UnrecoverableKeyException;
|
import java.security.UnrecoverableKeyException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
import java.security.cert.Certificate;
|
import java.security.cert.Certificate;
|
||||||
import java.security.cert.CertificateFactory;
|
import java.security.cert.CertificateFactory;
|
||||||
|
import java.security.cert.CertStoreException;
|
||||||
import java.security.cert.CRL;
|
import java.security.cert.CRL;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
@ -63,23 +65,16 @@ import java.security.cert.X509CRLSelector;
|
|||||||
import javax.security.auth.x500.X500Principal;
|
import javax.security.auth.x500.X500Principal;
|
||||||
import sun.misc.BASE64Encoder;
|
import sun.misc.BASE64Encoder;
|
||||||
import sun.security.util.ObjectIdentifier;
|
import sun.security.util.ObjectIdentifier;
|
||||||
import sun.security.pkcs.PKCS10;
|
import sun.security.pkcs10.PKCS10;
|
||||||
|
import sun.security.pkcs10.PKCS10Attribute;
|
||||||
import sun.security.provider.X509Factory;
|
import sun.security.provider.X509Factory;
|
||||||
|
import sun.security.provider.certpath.CertStoreHelper;
|
||||||
import sun.security.util.Password;
|
import sun.security.util.Password;
|
||||||
import sun.security.util.PathList;
|
|
||||||
import javax.crypto.KeyGenerator;
|
import javax.crypto.KeyGenerator;
|
||||||
import javax.crypto.SecretKey;
|
import javax.crypto.SecretKey;
|
||||||
|
|
||||||
import javax.net.ssl.HostnameVerifier;
|
|
||||||
import javax.net.ssl.HttpsURLConnection;
|
|
||||||
import javax.net.ssl.SSLContext;
|
|
||||||
import javax.net.ssl.SSLSession;
|
|
||||||
import javax.net.ssl.TrustManager;
|
|
||||||
import javax.net.ssl.X509TrustManager;
|
|
||||||
import sun.misc.BASE64Decoder;
|
import sun.misc.BASE64Decoder;
|
||||||
import sun.security.pkcs.PKCS10Attribute;
|
|
||||||
import sun.security.pkcs.PKCS9Attribute;
|
import sun.security.pkcs.PKCS9Attribute;
|
||||||
import sun.security.provider.certpath.ldap.LDAPCertStoreHelper;
|
|
||||||
import sun.security.util.DerValue;
|
import sun.security.util.DerValue;
|
||||||
import sun.security.x509.*;
|
import sun.security.x509.*;
|
||||||
|
|
||||||
@ -917,18 +912,13 @@ public final class KeyTool {
|
|||||||
|
|
||||||
// Perform the specified command
|
// Perform the specified command
|
||||||
if (command == CERTREQ) {
|
if (command == CERTREQ) {
|
||||||
PrintStream ps = null;
|
|
||||||
if (filename != null) {
|
if (filename != null) {
|
||||||
ps = new PrintStream(new FileOutputStream
|
try (PrintStream ps = new PrintStream(new FileOutputStream
|
||||||
(filename));
|
(filename))) {
|
||||||
out = ps;
|
doCertReq(alias, sigAlgName, ps);
|
||||||
}
|
|
||||||
try {
|
|
||||||
doCertReq(alias, sigAlgName, out);
|
|
||||||
} finally {
|
|
||||||
if (ps != null) {
|
|
||||||
ps.close();
|
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
doCertReq(alias, sigAlgName, out);
|
||||||
}
|
}
|
||||||
if (verbose && filename != null) {
|
if (verbose && filename != null) {
|
||||||
MessageFormat form = new MessageFormat(rb.getString
|
MessageFormat form = new MessageFormat(rb.getString
|
||||||
@ -941,18 +931,13 @@ public final class KeyTool {
|
|||||||
doDeleteEntry(alias);
|
doDeleteEntry(alias);
|
||||||
kssave = true;
|
kssave = true;
|
||||||
} else if (command == EXPORTCERT) {
|
} else if (command == EXPORTCERT) {
|
||||||
PrintStream ps = null;
|
|
||||||
if (filename != null) {
|
if (filename != null) {
|
||||||
ps = new PrintStream(new FileOutputStream
|
try (PrintStream ps = new PrintStream(new FileOutputStream
|
||||||
(filename));
|
(filename))) {
|
||||||
out = ps;
|
doExportCert(alias, ps);
|
||||||
}
|
|
||||||
try {
|
|
||||||
doExportCert(alias, out);
|
|
||||||
} finally {
|
|
||||||
if (ps != null) {
|
|
||||||
ps.close();
|
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
doExportCert(alias, out);
|
||||||
}
|
}
|
||||||
if (filename != null) {
|
if (filename != null) {
|
||||||
MessageFormat form = new MessageFormat(rb.getString
|
MessageFormat form = new MessageFormat(rb.getString
|
||||||
@ -973,16 +958,12 @@ public final class KeyTool {
|
|||||||
doGenSecretKey(alias, keyAlgName, keysize);
|
doGenSecretKey(alias, keyAlgName, keysize);
|
||||||
kssave = true;
|
kssave = true;
|
||||||
} else if (command == IDENTITYDB) {
|
} else if (command == IDENTITYDB) {
|
||||||
InputStream inStream = System.in;
|
|
||||||
if (filename != null) {
|
if (filename != null) {
|
||||||
inStream = new FileInputStream(filename);
|
try (InputStream inStream = new FileInputStream(filename)) {
|
||||||
}
|
doImportIdentityDatabase(inStream);
|
||||||
try {
|
|
||||||
doImportIdentityDatabase(inStream);
|
|
||||||
} finally {
|
|
||||||
if (inStream != System.in) {
|
|
||||||
inStream.close();
|
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
doImportIdentityDatabase(System.in);
|
||||||
}
|
}
|
||||||
} else if (command == IMPORTCERT) {
|
} else if (command == IMPORTCERT) {
|
||||||
InputStream inStream = System.in;
|
InputStream inStream = System.in;
|
||||||
@ -1101,29 +1082,21 @@ public final class KeyTool {
|
|||||||
if (alias == null) {
|
if (alias == null) {
|
||||||
alias = keyAlias;
|
alias = keyAlias;
|
||||||
}
|
}
|
||||||
PrintStream ps = null;
|
|
||||||
if (filename != null) {
|
if (filename != null) {
|
||||||
ps = new PrintStream(new FileOutputStream(filename));
|
try (PrintStream ps =
|
||||||
out = ps;
|
new PrintStream(new FileOutputStream(filename))) {
|
||||||
}
|
doGenCRL(ps);
|
||||||
try {
|
|
||||||
doGenCRL(out);
|
|
||||||
} finally {
|
|
||||||
if (ps != null) {
|
|
||||||
ps.close();
|
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
doGenCRL(out);
|
||||||
}
|
}
|
||||||
} else if (command == PRINTCERTREQ) {
|
} else if (command == PRINTCERTREQ) {
|
||||||
InputStream inStream = System.in;
|
|
||||||
if (filename != null) {
|
if (filename != null) {
|
||||||
inStream = new FileInputStream(filename);
|
try (InputStream inStream = new FileInputStream(filename)) {
|
||||||
}
|
doPrintCertReq(inStream, out);
|
||||||
try {
|
|
||||||
doPrintCertReq(inStream, out);
|
|
||||||
} finally {
|
|
||||||
if (inStream != System.in) {
|
|
||||||
inStream.close();
|
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
doPrintCertReq(System.in, out);
|
||||||
}
|
}
|
||||||
} else if (command == PRINTCRL) {
|
} else if (command == PRINTCRL) {
|
||||||
doPrintCRL(filename, out);
|
doPrintCRL(filename, out);
|
||||||
@ -2070,12 +2043,13 @@ public final class KeyTool {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else { // must be LDAP, and uri is not null
|
} else { // must be LDAP, and uri is not null
|
||||||
|
// Lazily load LDAPCertStoreHelper if present
|
||||||
|
CertStoreHelper helper = CertStoreHelper.getInstance("LDAP");
|
||||||
String path = uri.getPath();
|
String path = uri.getPath();
|
||||||
if (path.charAt(0) == '/') path = path.substring(1);
|
if (path.charAt(0) == '/') path = path.substring(1);
|
||||||
LDAPCertStoreHelper h = new LDAPCertStoreHelper();
|
CertStore s = helper.getCertStore(uri);
|
||||||
CertStore s = h.getCertStore(uri);
|
|
||||||
X509CRLSelector sel =
|
X509CRLSelector sel =
|
||||||
h.wrap(new X509CRLSelector(), null, path);
|
helper.wrap(new X509CRLSelector(), null, path);
|
||||||
return s.getCRLs(sel);
|
return s.getCRLs(sel);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2259,18 +2233,12 @@ public final class KeyTool {
|
|||||||
int pos = 0;
|
int pos = 0;
|
||||||
while (entries.hasMoreElements()) {
|
while (entries.hasMoreElements()) {
|
||||||
JarEntry je = entries.nextElement();
|
JarEntry je = entries.nextElement();
|
||||||
InputStream is = null;
|
try (InputStream is = jf.getInputStream(je)) {
|
||||||
try {
|
|
||||||
is = jf.getInputStream(je);
|
|
||||||
while (is.read(buffer) != -1) {
|
while (is.read(buffer) != -1) {
|
||||||
// we just read. this will throw a SecurityException
|
// we just read. this will throw a SecurityException
|
||||||
// if a signature/digest check fails. This also
|
// if a signature/digest check fails. This also
|
||||||
// populate the signers
|
// populate the signers
|
||||||
}
|
}
|
||||||
} finally {
|
|
||||||
if (is != null) {
|
|
||||||
is.close();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
CodeSigner[] signers = je.getCodeSigners();
|
CodeSigner[] signers = je.getCodeSigners();
|
||||||
if (signers != null) {
|
if (signers != null) {
|
||||||
@ -2316,85 +2284,52 @@ public final class KeyTool {
|
|||||||
out.println(rb.getString("Not.a.signed.jar.file"));
|
out.println(rb.getString("Not.a.signed.jar.file"));
|
||||||
}
|
}
|
||||||
} else if (sslserver != null) {
|
} else if (sslserver != null) {
|
||||||
SSLContext sc = SSLContext.getInstance("SSL");
|
// Lazily load SSLCertStoreHelper if present
|
||||||
final boolean[] certPrinted = new boolean[1];
|
CertStoreHelper helper = CertStoreHelper.getInstance("SSLServer");
|
||||||
sc.init(null, new TrustManager[] {
|
CertStore cs = helper.getCertStore(new URI("https://" + sslserver));
|
||||||
new X509TrustManager() {
|
Collection<? extends Certificate> chain;
|
||||||
|
|
||||||
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void checkClientTrusted(
|
|
||||||
java.security.cert.X509Certificate[] certs, String authType) {
|
|
||||||
}
|
|
||||||
|
|
||||||
public void checkServerTrusted(
|
|
||||||
java.security.cert.X509Certificate[] certs, String authType) {
|
|
||||||
for (int i=0; i<certs.length; i++) {
|
|
||||||
X509Certificate cert = certs[i];
|
|
||||||
try {
|
|
||||||
if (rfc) {
|
|
||||||
dumpCert(cert, out);
|
|
||||||
} else {
|
|
||||||
out.println("Certificate #" + i);
|
|
||||||
out.println("====================================");
|
|
||||||
printX509Cert(cert, out);
|
|
||||||
out.println();
|
|
||||||
}
|
|
||||||
} catch (Exception e) {
|
|
||||||
if (debug) {
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Set to true where there's something to print
|
|
||||||
if (certs.length > 0) {
|
|
||||||
certPrinted[0] = true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}, null);
|
|
||||||
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
|
|
||||||
HttpsURLConnection.setDefaultHostnameVerifier(
|
|
||||||
new HostnameVerifier() {
|
|
||||||
public boolean verify(String hostname, SSLSession session) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
});
|
|
||||||
// HTTPS instead of raw SSL, so that -Dhttps.proxyHost and
|
|
||||||
// -Dhttps.proxyPort can be used. Since we only go through
|
|
||||||
// the handshake process, an HTTPS server is not needed.
|
|
||||||
// This program should be able to deal with any SSL-based
|
|
||||||
// network service.
|
|
||||||
Exception ex = null;
|
|
||||||
try {
|
try {
|
||||||
new URL("https://" + sslserver).openConnection().connect();
|
chain = cs.getCertificates(null);
|
||||||
} catch (Exception e) {
|
if (chain.isEmpty()) {
|
||||||
ex = e;
|
// If the certs are not retrieved, we consider it an error
|
||||||
}
|
// even if the URL connection is successful.
|
||||||
// If the certs are not printed out, we consider it an error even
|
throw new Exception(rb.getString(
|
||||||
// if the URL connection is successful.
|
"No.certificate.from.the.SSL.server"));
|
||||||
if (!certPrinted[0]) {
|
}
|
||||||
Exception e = new Exception(
|
} catch (CertStoreException cse) {
|
||||||
rb.getString("No.certificate.from.the.SSL.server"));
|
if (cse.getCause() instanceof IOException) {
|
||||||
if (ex != null) {
|
throw new Exception(rb.getString(
|
||||||
e.initCause(ex);
|
"No.certificate.from.the.SSL.server"),
|
||||||
|
cse.getCause());
|
||||||
|
} else {
|
||||||
|
throw cse;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int i = 0;
|
||||||
|
for (Certificate cert : chain) {
|
||||||
|
try {
|
||||||
|
if (rfc) {
|
||||||
|
dumpCert(cert, out);
|
||||||
|
} else {
|
||||||
|
out.println("Certificate #" + i++);
|
||||||
|
out.println("====================================");
|
||||||
|
printX509Cert((X509Certificate)cert, out);
|
||||||
|
out.println();
|
||||||
|
}
|
||||||
|
} catch (Exception e) {
|
||||||
|
if (debug) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
throw e;
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
InputStream inStream = System.in;
|
|
||||||
if (filename != null) {
|
if (filename != null) {
|
||||||
inStream = new FileInputStream(filename);
|
try (FileInputStream inStream = new FileInputStream(filename)) {
|
||||||
}
|
printCertFromStream(inStream, out);
|
||||||
try {
|
|
||||||
printCertFromStream(inStream, out);
|
|
||||||
} finally {
|
|
||||||
if (inStream != System.in) {
|
|
||||||
inStream.close();
|
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
printCertFromStream(System.in, out);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2590,9 +2525,7 @@ public final class KeyTool {
|
|||||||
X509Certificate cert = null;
|
X509Certificate cert = null;
|
||||||
try {
|
try {
|
||||||
cert = (X509Certificate)cf.generateCertificate(in);
|
cert = (X509Certificate)cf.generateCertificate(in);
|
||||||
} catch (ClassCastException cce) {
|
} catch (ClassCastException | CertificateException ce) {
|
||||||
throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
|
|
||||||
} catch (CertificateException ce) {
|
|
||||||
throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
|
throw new Exception(rb.getString("Input.not.an.X.509.certificate"));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3441,16 +3374,10 @@ public final class KeyTool {
|
|||||||
if (!file.exists()) {
|
if (!file.exists()) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
FileInputStream fis = null;
|
|
||||||
KeyStore caks = null;
|
KeyStore caks = null;
|
||||||
try {
|
try (FileInputStream fis = new FileInputStream(file)) {
|
||||||
fis = new FileInputStream(file);
|
|
||||||
caks = KeyStore.getInstance(JKS);
|
caks = KeyStore.getInstance(JKS);
|
||||||
caks.load(fis, null);
|
caks.load(fis, null);
|
||||||
} finally {
|
|
||||||
if (fis != null) {
|
|
||||||
fis.close();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return caks;
|
return caks;
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -23,7 +23,7 @@
|
|||||||
* questions.
|
* questions.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package sun.security.util;
|
package sun.security.tools;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
@ -1,198 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
|
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
||||||
*
|
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
|
||||||
* under the terms of the GNU General Public License version 2 only, as
|
|
||||||
* published by the Free Software Foundation. Oracle designates this
|
|
||||||
* particular file as subject to the "Classpath" exception as provided
|
|
||||||
* by Oracle in the LICENSE file that accompanied this code.
|
|
||||||
*
|
|
||||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
||||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
||||||
* version 2 for more details (a copy is included in the LICENSE file that
|
|
||||||
* accompanied this code).
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License version
|
|
||||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
||||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
||||||
*
|
|
||||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
||||||
* or visit www.oracle.com if you need additional information or have any
|
|
||||||
* questions.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package sun.security.util;
|
|
||||||
|
|
||||||
import java.math.BigInteger;
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* A low-overhead arbitrary-precision <em>unsigned</em> integer.
|
|
||||||
* This is intended for use with ASN.1 parsing, and printing of
|
|
||||||
* such parsed values. Convert to "BigInteger" if you need to do
|
|
||||||
* arbitrary precision arithmetic, rather than just represent
|
|
||||||
* the number as a wrapped array of bytes.
|
|
||||||
*
|
|
||||||
* <P><em><b>NOTE:</b> This class may eventually disappear, to
|
|
||||||
* be supplanted by big-endian byte arrays which hold both signed
|
|
||||||
* and unsigned arbitrary-precision integers.</em>
|
|
||||||
*
|
|
||||||
* @author David Brownell
|
|
||||||
*/
|
|
||||||
public final class BigInt {
|
|
||||||
|
|
||||||
// Big endian -- MSB first.
|
|
||||||
private byte[] places;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructs a "Big" integer from a set of (big-endian) bytes.
|
|
||||||
* Leading zeroes should be stripped off.
|
|
||||||
*
|
|
||||||
* @param data a sequence of bytes, most significant bytes/digits
|
|
||||||
* first. CONSUMED.
|
|
||||||
*/
|
|
||||||
public BigInt(byte[] data) { places = data.clone(); }
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructs a "Big" integer from a "BigInteger", which must be
|
|
||||||
* positive (or zero) in value.
|
|
||||||
*/
|
|
||||||
public BigInt(BigInteger i) {
|
|
||||||
byte[] temp = i.toByteArray();
|
|
||||||
|
|
||||||
if ((temp[0] & 0x80) != 0)
|
|
||||||
throw new IllegalArgumentException("negative BigInteger");
|
|
||||||
|
|
||||||
// XXX we assume exactly _one_ sign byte is used...
|
|
||||||
|
|
||||||
if (temp[0] != 0)
|
|
||||||
places = temp;
|
|
||||||
else {
|
|
||||||
places = new byte[temp.length - 1];
|
|
||||||
for (int j = 1; j < temp.length; j++)
|
|
||||||
places[j - 1] = temp[j];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructs a "Big" integer from a normal Java integer.
|
|
||||||
*
|
|
||||||
* @param i the java primitive integer
|
|
||||||
*/
|
|
||||||
public BigInt(int i) {
|
|
||||||
if (i < (1 << 8)) {
|
|
||||||
places = new byte[1];
|
|
||||||
places[0] = (byte) i;
|
|
||||||
} else if (i < (1 << 16)) {
|
|
||||||
places = new byte[2];
|
|
||||||
places[0] = (byte) (i >> 8);
|
|
||||||
places[1] = (byte) i;
|
|
||||||
} else if (i < (1 << 24)) {
|
|
||||||
places = new byte[3];
|
|
||||||
places[0] = (byte) (i >> 16);
|
|
||||||
places[1] = (byte) (i >> 8);
|
|
||||||
places[2] = (byte) i;
|
|
||||||
} else {
|
|
||||||
places = new byte[4];
|
|
||||||
places[0] = (byte) (i >> 24);
|
|
||||||
places[1] = (byte) (i >> 16);
|
|
||||||
places[2] = (byte) (i >> 8);
|
|
||||||
places[3] = (byte) i;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Converts the "big" integer to a java primitive integer.
|
|
||||||
*
|
|
||||||
* @excpet NumberFormatException if 32 bits is insufficient.
|
|
||||||
*/
|
|
||||||
public int toInt() {
|
|
||||||
if (places.length > 4)
|
|
||||||
throw new NumberFormatException("BigInt.toLong, too big");
|
|
||||||
int retval = 0, i = 0;
|
|
||||||
for (; i < places.length; i++)
|
|
||||||
retval = (retval << 8) + ((int)places[i] & 0xff);
|
|
||||||
return retval;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns a hexadecimal printed representation. The value is
|
|
||||||
* formatted to fit on lines of at least 75 characters, with
|
|
||||||
* embedded newlines. Words are separated for readability,
|
|
||||||
* with eight words (32 bytes) per line.
|
|
||||||
*/
|
|
||||||
public String toString() { return hexify(); }
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns a BigInteger value which supports many arithmetic
|
|
||||||
* operations. Assumes negative values will never occur.
|
|
||||||
*/
|
|
||||||
public BigInteger toBigInteger()
|
|
||||||
{ return new BigInteger(1, places); }
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns the data as a byte array. The most significant bit
|
|
||||||
* of the array is bit zero (as in <code>java.math.BigInteger</code>).
|
|
||||||
*/
|
|
||||||
public byte[] toByteArray() { return places.clone(); }
|
|
||||||
|
|
||||||
private static final String digits = "0123456789abcdef";
|
|
||||||
private String hexify() {
|
|
||||||
if (places.length == 0)
|
|
||||||
return " 0 ";
|
|
||||||
|
|
||||||
StringBuffer buf = new StringBuffer(places.length * 2);
|
|
||||||
buf.append(" "); // four spaces
|
|
||||||
for (int i = 0; i < places.length; i++) {
|
|
||||||
buf.append(digits.charAt((places[i] >> 4) & 0x0f));
|
|
||||||
buf.append(digits.charAt(places[i] & 0x0f));
|
|
||||||
if (((i + 1) % 32) == 0) {
|
|
||||||
if ((i + 1) != places.length)
|
|
||||||
buf.append("\n "); // line after four words
|
|
||||||
} else if (((i + 1) % 4) == 0)
|
|
||||||
buf.append(' '); // space between words
|
|
||||||
}
|
|
||||||
return buf.toString();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns true iff the parameter is a numerically equivalent
|
|
||||||
* BigInt.
|
|
||||||
*
|
|
||||||
* @param other the object being compared with this one.
|
|
||||||
*/
|
|
||||||
public boolean equals(Object other) {
|
|
||||||
if (other instanceof BigInt)
|
|
||||||
return equals((BigInt) other);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns true iff the parameter is numerically equivalent.
|
|
||||||
*
|
|
||||||
* @param other the BigInt being compared with this one.
|
|
||||||
*/
|
|
||||||
public boolean equals(BigInt other) {
|
|
||||||
if (this == other)
|
|
||||||
return true;
|
|
||||||
|
|
||||||
byte[] otherPlaces = other.toByteArray();
|
|
||||||
if (places.length != otherPlaces.length)
|
|
||||||
return false;
|
|
||||||
for (int i = 0; i < places.length; i++)
|
|
||||||
if (places[i] != otherPlaces[i])
|
|
||||||
return false;
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns a hashcode for this BigInt.
|
|
||||||
*
|
|
||||||
* @return a hashcode for this BigInt.
|
|
||||||
*/
|
|
||||||
public int hashCode() {
|
|
||||||
return hexify().hashCode();
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,46 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved.
|
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
||||||
*
|
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
|
||||||
* under the terms of the GNU General Public License version 2 only, as
|
|
||||||
* published by the Free Software Foundation.
|
|
||||||
*
|
|
||||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
||||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
||||||
* version 2 for more details (a copy is included in the LICENSE file that
|
|
||||||
* accompanied this code).
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License version
|
|
||||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
||||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
||||||
*
|
|
||||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
||||||
* or visit www.oracle.com if you need additional information or have any
|
|
||||||
* questions.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*
|
|
||||||
* @test
|
|
||||||
* @author Gary Ellison
|
|
||||||
* @bug 4170635
|
|
||||||
* @summary Verify equals()/hashCode() contract honored
|
|
||||||
*/
|
|
||||||
|
|
||||||
import java.io.*;
|
|
||||||
import sun.security.util.*;
|
|
||||||
|
|
||||||
|
|
||||||
public class BigIntEqualsHashCode {
|
|
||||||
public static void main(String[] args) throws Exception {
|
|
||||||
BigInt bi1 = new BigInt(12345678);
|
|
||||||
BigInt bi2 = new BigInt(12345678);
|
|
||||||
|
|
||||||
if ( (bi1.equals(bi2)) == (bi1.hashCode()==bi2.hashCode()) )
|
|
||||||
System.out.println("PASSED");
|
|
||||||
else
|
|
||||||
throw new Exception ("FAILED equals()/hashCode() contract");
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
x
Reference in New Issue
Block a user