From 020204a972d9be8a3b2b9e75c2e8abea36d787e9 Mon Sep 17 00:00:00 2001 From: Daniel Fuchs Date: Fri, 19 May 2017 11:18:49 +0100 Subject: [PATCH 01/26] 8180024: Improve construction of objects during deserialization Reviewed-by: rriggs, skoivu, ahgross, rhalade --- .../classes/java/io/ObjectStreamClass.java | 103 +++++++++++++++++- .../corba/se/impl/io/ObjectStreamClass.java | 71 +++++++++++- .../share/classes/sun/corba/Bridge.java | 36 +++++- .../sun/reflect/ReflectionFactory.java | 66 ++++++++++- 4 files changed, 270 insertions(+), 6 deletions(-) diff --git a/src/java.base/share/classes/java/io/ObjectStreamClass.java b/src/java.base/share/classes/java/io/ObjectStreamClass.java index e5a323830ee..ebca26e2761 100644 --- a/src/java.base/share/classes/java/io/ObjectStreamClass.java +++ b/src/java.base/share/classes/java/io/ObjectStreamClass.java @@ -32,14 +32,19 @@ import java.lang.ref.WeakReference; import java.lang.reflect.Constructor; import java.lang.reflect.Field; import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.UndeclaredThrowableException; import java.lang.reflect.Member; import java.lang.reflect.Method; import java.lang.reflect.Modifier; import java.lang.reflect.Proxy; +import java.security.AccessControlContext; import java.security.AccessController; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.security.PermissionCollection; +import java.security.Permissions; import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; @@ -53,7 +58,8 @@ import jdk.internal.reflect.CallerSensitive; import jdk.internal.reflect.Reflection; import jdk.internal.reflect.ReflectionFactory; import sun.reflect.misc.ReflectUtil; - +import jdk.internal.misc.SharedSecrets; +import jdk.internal.misc.JavaSecurityAccess; import static java.io.ObjectStreamField.*; /** @@ -176,6 +182,9 @@ public class ObjectStreamClass implements Serializable { /** serialization-appropriate constructor, or null if none */ private Constructor cons; + /** protection domains that need to be checked when calling the constructor */ + private ProtectionDomain[] domains; + /** class-defined writeObject method, or null if none */ private Method writeObjectMethod; /** class-defined readObject method, or null if none */ @@ -508,6 +517,7 @@ public class ObjectStreamClass implements Serializable { cl, "readObjectNoData", null, Void.TYPE); hasWriteObjectData = (writeObjectMethod != null); } + domains = getProtectionDomains(cons, cl); writeReplaceMethod = getInheritableMethod( cl, "writeReplace", null, Object.class); readResolveMethod = getInheritableMethod( @@ -550,6 +560,65 @@ public class ObjectStreamClass implements Serializable { ObjectStreamClass() { } + /** + * Creates a PermissionDomain that grants no permission. + */ + private ProtectionDomain noPermissionsDomain() { + PermissionCollection perms = new Permissions(); + perms.setReadOnly(); + return new ProtectionDomain(null, perms); + } + + /** + * Aggregate the ProtectionDomains of all the classes that separate + * a concrete class {@code cl} from its ancestor's class declaring + * a constructor {@code cons}. + * + * If {@code cl} is defined by the boot loader, or the constructor + * {@code cons} is declared by {@code cl}, or if there is no security + * manager, then this method does nothing and {@code null} is returned. + * + * @param cons A constructor declared by {@code cl} or one of its + * ancestors. + * @param cl A concrete class, which is either the class declaring + * the constructor {@code cons}, or a serializable subclass + * of that class. + * @return An array of ProtectionDomain representing the set of + * ProtectionDomain that separate the concrete class {@code cl} + * from its ancestor's declaring {@code cons}, or {@code null}. + */ + private ProtectionDomain[] getProtectionDomains(Constructor cons, + Class cl) { + ProtectionDomain[] domains = null; + if (cons != null && cl.getClassLoader() != null + && System.getSecurityManager() != null) { + Class cls = cl; + Class fnscl = cons.getDeclaringClass(); + Set pds = null; + while (cls != fnscl) { + ProtectionDomain pd = cls.getProtectionDomain(); + if (pd != null) { + if (pds == null) pds = new HashSet<>(); + pds.add(pd); + } + cls = cls.getSuperclass(); + if (cls == null) { + // that's not supposed to happen + // make a ProtectionDomain with no permission. + // should we throw instead? + if (pds == null) pds = new HashSet<>(); + else pds.clear(); + pds.add(noPermissionsDomain()); + break; + } + } + if (pds != null) { + domains = pds.toArray(new ProtectionDomain[0]); + } + } + return domains; + } + /** * Initializes class descriptor representing a proxy class. */ @@ -580,6 +649,7 @@ public class ObjectStreamClass implements Serializable { writeReplaceMethod = localDesc.writeReplaceMethod; readResolveMethod = localDesc.readResolveMethod; deserializeEx = localDesc.deserializeEx; + domains = localDesc.domains; cons = localDesc.cons; } fieldRefl = getReflector(fields, localDesc); @@ -666,6 +736,7 @@ public class ObjectStreamClass implements Serializable { if (deserializeEx == null) { deserializeEx = localDesc.deserializeEx; } + domains = localDesc.domains; cons = localDesc.cons; } @@ -1006,7 +1077,35 @@ public class ObjectStreamClass implements Serializable { requireInitialized(); if (cons != null) { try { - return cons.newInstance(); + if (domains == null || domains.length == 0) { + return cons.newInstance(); + } else { + JavaSecurityAccess jsa = SharedSecrets.getJavaSecurityAccess(); + PrivilegedAction pea = () -> { + try { + return cons.newInstance(); + } catch (InstantiationException + | InvocationTargetException + | IllegalAccessException x) { + throw new UndeclaredThrowableException(x); + } + }; // Can't use PrivilegedExceptionAction with jsa + try { + return jsa.doIntersectionPrivilege(pea, + AccessController.getContext(), + new AccessControlContext(domains)); + } catch (UndeclaredThrowableException x) { + Throwable cause = x.getCause(); + if (cause instanceof InstantiationException) + throw (InstantiationException) cause; + if (cause instanceof InvocationTargetException) + throw (InvocationTargetException) cause; + if (cause instanceof IllegalAccessException) + throw (IllegalAccessException) cause; + // not supposed to happen + throw x; + } + } } catch (IllegalAccessException ex) { // should not occur, as access checks have been suppressed throw new InternalError(ex); diff --git a/src/java.corba/share/classes/com/sun/corba/se/impl/io/ObjectStreamClass.java b/src/java.corba/share/classes/com/sun/corba/se/impl/io/ObjectStreamClass.java index b875d25cb32..62c0a62a227 100644 --- a/src/java.corba/share/classes/com/sun/corba/se/impl/io/ObjectStreamClass.java +++ b/src/java.corba/share/classes/com/sun/corba/se/impl/io/ObjectStreamClass.java @@ -38,7 +38,10 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.DigestOutputStream; import java.security.AccessController; +import java.security.PermissionCollection; +import java.security.Permissions; import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import java.lang.reflect.Modifier; import java.lang.reflect.Field; @@ -57,6 +60,8 @@ import java.io.Serializable; import java.util.Arrays; import java.util.Comparator; +import java.util.HashSet; +import java.util.Set; import com.sun.corba.se.impl.util.RepositoryId; @@ -443,6 +448,65 @@ public class ObjectStreamClass implements java.io.Serializable { private static final PersistentFieldsValue persistentFieldsValue = new PersistentFieldsValue(); + /** + * Creates a PermissionDomain that grants no permission. + */ + private ProtectionDomain noPermissionsDomain() { + PermissionCollection perms = new Permissions(); + perms.setReadOnly(); + return new ProtectionDomain(null, perms); + } + + /** + * Aggregate the ProtectionDomains of all the classes that separate + * a concrete class {@code cl} from its ancestor's class declaring + * a constructor {@code cons}. + * + * If {@code cl} is defined by the boot loader, or the constructor + * {@code cons} is declared by {@code cl}, or if there is no security + * manager, then this method does nothing and {@code null} is returned. + * + * @param cons A constructor declared by {@code cl} or one of its + * ancestors. + * @param cl A concrete class, which is either the class declaring + * the constructor {@code cons}, or a serializable subclass + * of that class. + * @return An array of ProtectionDomain representing the set of + * ProtectionDomain that separate the concrete class {@code cl} + * from its ancestor's declaring {@code cons}, or {@code null}. + */ + private ProtectionDomain[] getProtectionDomains(Constructor cons, + Class cl) { + ProtectionDomain[] domains = null; + if (cons != null && cl.getClassLoader() != null + && System.getSecurityManager() != null) { + Class cls = cl; + Class fnscl = cons.getDeclaringClass(); + Set pds = null; + while (cls != fnscl) { + ProtectionDomain pd = cls.getProtectionDomain(); + if (pd != null) { + if (pds == null) pds = new HashSet<>(); + pds.add(pd); + } + cls = cls.getSuperclass(); + if (cls == null) { + // that's not supposed to happen + // make a ProtectionDomain with no permission. + // should we throw instead? + if (pds == null) pds = new HashSet<>(); + else pds.clear(); + pds.add(noPermissionsDomain()); + break; + } + } + if (pds != null) { + domains = pds.toArray(new ProtectionDomain[0]); + } + } + return domains; + } + /* * Initialize class descriptor. This method is only invoked on class * descriptors created via calls to lookupInternal(). This method is kept @@ -568,11 +632,15 @@ public class ObjectStreamClass implements java.io.Serializable { readResolveObjectMethod = bridge.readResolveForSerialization(cl); + domains = new ProtectionDomain[] {noPermissionsDomain()}; + if (externalizable) cons = getExternalizableConstructor(cl) ; else cons = getSerializableConstructor(cl) ; + domains = getProtectionDomains(cons, cl); + if (serializable && !forProxyClass) { writeObjectMethod = bridge.writeObjectForSerialization(cl) ; readObjectMethod = bridge.readObjectForSerialization(cl); @@ -910,7 +978,7 @@ public class ObjectStreamClass implements java.io.Serializable { { if (cons != null) { try { - return cons.newInstance(); + return bridge.newInstanceForSerialization(cons, domains); } catch (IllegalAccessException ex) { // should not occur, as access checks have been suppressed InternalError ie = new InternalError(); @@ -1506,6 +1574,7 @@ public class ObjectStreamClass implements java.io.Serializable { private transient MethodHandle writeReplaceObjectMethod; private transient MethodHandle readResolveObjectMethod; private transient Constructor cons; + private transient ProtectionDomain[] domains; /** * Beginning in Java to IDL ptc/02-01-12, RMI-IIOP has a diff --git a/src/java.corba/share/classes/sun/corba/Bridge.java b/src/java.corba/share/classes/sun/corba/Bridge.java index e22240e2a9f..38fb8da656c 100644 --- a/src/java.corba/share/classes/sun/corba/Bridge.java +++ b/src/java.corba/share/classes/sun/corba/Bridge.java @@ -27,8 +27,9 @@ package sun.corba ; import java.io.OptionalDataException; import java.lang.invoke.MethodHandle; -import java.lang.reflect.Field ; -import java.lang.reflect.Constructor ; +import java.lang.reflect.Field; +import java.lang.reflect.Constructor; +import java.lang.reflect.InvocationTargetException; import java.lang.StackWalker; import java.lang.StackWalker.StackFrame; import java.util.Optional; @@ -37,6 +38,7 @@ import java.util.stream.Stream; import java.security.AccessController; import java.security.Permission; import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import sun.misc.Unsafe; import sun.reflect.ReflectionFactory; @@ -340,6 +342,36 @@ public final class Bridge return reflectionFactory.newConstructorForExternalization( cl ) ; } + /** + * Invokes the supplied constructor, adding the provided protection domains + * to the invocation stack before invoking {@code Constructor::newInstance}. + * + * This is equivalent to calling + * {@code ReflectionFactory.newInstanceForSerialization(cons,domains)}. + * + * @param cons A constructor obtained from {@code + * newConstructorForSerialization} or {@code + * newConstructorForExternalization}. + * + * @param domains An array of protection domains that limit the privileges + * with which the constructor is invoked. Can be {@code null} + * or empty, in which case privileges are only limited by the + * {@linkplain AccessController#getContext() current context}. + * + * @return A new object built from the provided constructor. + * + * @throws NullPointerException if {@code cons} is {@code null}. + * @throws InstantiationException if thrown by {@code cons.newInstance()}. + * @throws InvocationTargetException if thrown by {@code cons.newInstance()}. + * @throws IllegalAccessException if thrown by {@code cons.newInstance()}. + */ + public final Object newInstanceForSerialization(Constructor cons, + ProtectionDomain[] domains) + throws InstantiationException, InvocationTargetException, IllegalAccessException + { + return reflectionFactory.newInstanceForSerialization(cons, domains); + } + /** * Returns true if the given class defines a static initializer method, * false otherwise. diff --git a/src/jdk.unsupported/share/classes/sun/reflect/ReflectionFactory.java b/src/jdk.unsupported/share/classes/sun/reflect/ReflectionFactory.java index 6ac09603a12..a260cfae28c 100644 --- a/src/jdk.unsupported/share/classes/sun/reflect/ReflectionFactory.java +++ b/src/jdk.unsupported/share/classes/sun/reflect/ReflectionFactory.java @@ -29,9 +29,14 @@ import java.io.OptionalDataException; import java.lang.invoke.MethodHandle; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.UndeclaredThrowableException; +import java.security.AccessControlContext; import java.security.AccessController; import java.security.Permission; +import java.security.ProtectionDomain; import java.security.PrivilegedAction; +import jdk.internal.misc.SharedSecrets; +import jdk.internal.misc.JavaSecurityAccess; /** * ReflectionFactory supports custom serialization. @@ -139,6 +144,66 @@ public class ReflectionFactory { return delegate.readObjectForSerialization(cl); } + /** + * Invokes the supplied constructor, adding the provided protection domains + * to the invocation stack before invoking {@code Constructor::newInstance}. + * If no {@linkplain System#getSecurityManager() security manager} is present, + * or no domains are provided, then this method simply calls + * {@code cons.newInstance()}. Otherwise, it invokes the provided constructor + * with privileges at the intersection of the current context and the provided + * protection domains. + * + * @param cons A constructor obtained from {@code + * newConstructorForSerialization} or {@code + * newConstructorForExternalization}. + * @param domains An array of protection domains that limit the privileges + * with which the constructor is invoked. Can be {@code null} + * or empty, in which case privileges are only limited by the + * {@linkplain AccessController#getContext() current context}. + * + * @return A new object built from the provided constructor. + * + * @throws NullPointerException if {@code cons} is {@code null}. + * @throws InstantiationException if thrown by {@code cons.newInstance()}. + * @throws InvocationTargetException if thrown by {@code cons.newInstance()}. + * @throws IllegalAccessException if thrown by {@code cons.newInstance()}. + */ + public final Object newInstanceForSerialization(Constructor cons, + ProtectionDomain[] domains) + throws InstantiationException, InvocationTargetException, IllegalAccessException + { + SecurityManager sm = System.getSecurityManager(); + if (sm == null || domains == null || domains.length == 0) { + return cons.newInstance(); + } else { + JavaSecurityAccess jsa = SharedSecrets.getJavaSecurityAccess(); + PrivilegedAction pea = () -> { + try { + return cons.newInstance(); + } catch (InstantiationException + | InvocationTargetException + | IllegalAccessException x) { + throw new UndeclaredThrowableException(x); + } + }; // Can't use PrivilegedExceptionAction with jsa + try { + return jsa.doIntersectionPrivilege(pea, + AccessController.getContext(), + new AccessControlContext(domains)); + } catch (UndeclaredThrowableException x) { + Throwable cause = x.getCause(); + if (cause instanceof InstantiationException) + throw (InstantiationException) cause; + if (cause instanceof InvocationTargetException) + throw (InvocationTargetException) cause; + if (cause instanceof IllegalAccessException) + throw (IllegalAccessException) cause; + // not supposed to happen + throw x; + } + } + } + /** * Returns a direct MethodHandle for the {@code readObjectNoData} method on * a Serializable class. @@ -224,4 +289,3 @@ public class ReflectionFactory { } } } - From 4dc1883cb741dd0688036b6ccacee7ab10c89d9f Mon Sep 17 00:00:00 2001 From: Harold Seigel Date: Wed, 26 Jul 2017 11:45:53 -0400 Subject: [PATCH 02/26] 8180711: Better invokespecial checks Reviewed-by: acorn, ahgross, rhalade --- .../share/interpreter/linkResolver.cpp | 22 +++++++++---------- .../share/interpreter/linkResolver.hpp | 7 +++--- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/src/hotspot/share/interpreter/linkResolver.cpp b/src/hotspot/share/interpreter/linkResolver.cpp index f386ca2fc0a..f0cbe034502 100644 --- a/src/hotspot/share/interpreter/linkResolver.cpp +++ b/src/hotspot/share/interpreter/linkResolver.cpp @@ -1074,11 +1074,7 @@ void LinkResolver::resolve_special_call(CallInfo& result, const LinkInfo& link_info, TRAPS) { methodHandle resolved_method = linktime_resolve_special_method(link_info, CHECK); - runtime_resolve_special_method(result, resolved_method, - link_info.resolved_klass(), - link_info.current_klass(), - recv, - link_info.check_access(), CHECK); + runtime_resolve_special_method(result, link_info, resolved_method, recv, CHECK); } // throws linktime exceptions @@ -1162,11 +1158,11 @@ methodHandle LinkResolver::linktime_resolve_special_method(const LinkInfo& link_ // throws runtime exceptions void LinkResolver::runtime_resolve_special_method(CallInfo& result, + const LinkInfo& link_info, const methodHandle& resolved_method, - Klass* resolved_klass, - Klass* current_klass, - Handle recv, - bool check_access, TRAPS) { + Handle recv, TRAPS) { + + Klass* resolved_klass = link_info.resolved_klass(); // resolved method is selected method unless we have an old-style lookup // for a superclass method @@ -1174,12 +1170,13 @@ void LinkResolver::runtime_resolve_special_method(CallInfo& result, // no checks for shadowing methodHandle sel_method(THREAD, resolved_method()); - if (check_access && + if (link_info.check_access() && // check if the method is not resolved_method->name() != vmSymbols::object_initializer_name()) { - // check if this is an old-style super call and do a new lookup if so + // check if this is an old-style super call and do a new lookup if so // a) check if ACC_SUPER flag is set for the current class + Klass* current_klass = link_info.current_klass(); if ((current_klass->is_super() || !AllowNonVirtualCalls) && // b) check if the class of the resolved_klass is a superclass // (not supertype in order to exclude interface classes) of the current class. @@ -1199,6 +1196,9 @@ void LinkResolver::runtime_resolve_special_method(CallInfo& result, Method::name_and_sig_as_C_string(resolved_klass, resolved_method->name(), resolved_method->signature())); + // check loader constraints if found a different method + } else if (sel_method() != resolved_method()) { + check_method_loader_constraints(link_info, sel_method, "method", CHECK); } } diff --git a/src/hotspot/share/interpreter/linkResolver.hpp b/src/hotspot/share/interpreter/linkResolver.hpp index 1664f1bbf09..6ca18a8ae54 100644 --- a/src/hotspot/share/interpreter/linkResolver.hpp +++ b/src/hotspot/share/interpreter/linkResolver.hpp @@ -233,11 +233,10 @@ class LinkResolver: AllStatic { static methodHandle linktime_resolve_interface_method (const LinkInfo& link_info, TRAPS); static void runtime_resolve_special_method (CallInfo& result, + const LinkInfo& link_info, const methodHandle& resolved_method, - Klass* resolved_klass, - Klass* current_klass, - Handle recv, - bool check_access, TRAPS); + Handle recv, TRAPS); + static void runtime_resolve_virtual_method (CallInfo& result, const methodHandle& resolved_method, Klass* resolved_klass, From 7ec06eee41a9a83dc9ab107c73657adb96a6c229 Mon Sep 17 00:00:00 2001 From: Joe Wang Date: Tue, 13 Jun 2017 11:13:56 -0700 Subject: [PATCH 03/26] 8181327: Better X processing Reviewed-by: dfuchs, lancea --- .../apache/xpath/internal/axes/PredicatedNodeTest.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/axes/PredicatedNodeTest.java b/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/axes/PredicatedNodeTest.java index 6b86ab556f8..a0cf90f3219 100644 --- a/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/axes/PredicatedNodeTest.java +++ b/src/java.xml/share/classes/com/sun/org/apache/xpath/internal/axes/PredicatedNodeTest.java @@ -71,6 +71,14 @@ public abstract class PredicatedNodeTest extends NodeTest implements SubContextL { stream.defaultReadObject(); m_predicateIndex = -1; + + /** + * Initialize to the declared value. + * As noted at declaration, this variable is used only for clones for getLastPos, + * it should have been excluded from serialization. For compatibility, we'll + * keep it as is but initializing to the declared value. + */ + m_predCount = -1; resetProximityPositions(); } catch (ClassNotFoundException cnfe) From fea6f71dae9228cc652268dbad20c6c11089a2da Mon Sep 17 00:00:00 2001 From: Roman Grigoriadi Date: Mon, 19 Jun 2017 22:51:35 +0100 Subject: [PATCH 04/26] 8181100: Better Base Exceptions Reviewed-by: dfuchs, rhalade, skoivu --- .../ws/util/exception/JAXWSExceptionBase.java | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/java.xml.ws/share/classes/com/sun/xml/internal/ws/util/exception/JAXWSExceptionBase.java b/src/java.xml.ws/share/classes/com/sun/xml/internal/ws/util/exception/JAXWSExceptionBase.java index e7977c05e77..9052598c052 100644 --- a/src/java.xml.ws/share/classes/com/sun/xml/internal/ws/util/exception/JAXWSExceptionBase.java +++ b/src/java.xml.ws/share/classes/com/sun/xml/internal/ws/util/exception/JAXWSExceptionBase.java @@ -34,6 +34,8 @@ import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; +import java.util.ArrayList; +import java.util.List; import java.util.Locale; import java.util.ResourceBundle; import javax.xml.ws.WebServiceException; @@ -122,13 +124,21 @@ public abstract class JAXWSExceptionBase String resourceBundleName = (String) in.readObject(); String key = (String) in.readObject(); int len = in.readInt(); - if (len == -1) { + if (len < -1) { + throw new NegativeArraySizeException(); + } else if (len == -1) { args = null; - } else { + } else if (len < 255) { args = new Object[len]; for (int i = 0; i < args.length; i++) { args[i] = in.readObject(); } + } else { + List argList = new ArrayList<>(Math.min(len, 1024)); + for (int i = 0; i < len; i++) { + argList.add(in.readObject()); + } + args = argList.toArray(new Object[argList.size()]); } msg = new LocalizableMessageFactory(resourceBundleName).getMessage(key,args); } From 2b71ce6a4669a4c7d8ea10b8ec9f17039957336e Mon Sep 17 00:00:00 2001 From: Sergey Bylokhov Date: Fri, 28 Oct 2016 21:33:09 +0300 Subject: [PATCH 05/26] 8165543: Better window framing Reviewed-by: prr, ssadetsky, mschoene --- .../windows/native/libawt/windows/awt.h | 48 +++++++----- .../native/libawt/windows/awt_Button.cpp | 10 +-- .../native/libawt/windows/awt_Canvas.cpp | 11 +-- .../native/libawt/windows/awt_Checkbox.cpp | 11 ++- .../native/libawt/windows/awt_Choice.cpp | 13 +--- .../native/libawt/windows/awt_Component.cpp | 69 ++++++++++------ .../native/libawt/windows/awt_Component.h | 1 + .../native/libawt/windows/awt_Dialog.cpp | 5 +- .../native/libawt/windows/awt_FileDialog.cpp | 2 +- .../native/libawt/windows/awt_Frame.cpp | 10 +-- .../native/libawt/windows/awt_Label.cpp | 5 +- .../native/libawt/windows/awt_List.cpp | 9 +-- .../native/libawt/windows/awt_ScrollPane.cpp | 6 +- .../native/libawt/windows/awt_Scrollbar.cpp | 78 +++++++++++++++---- .../native/libawt/windows/awt_Scrollbar.h | 2 + .../native/libawt/windows/awt_TextArea.cpp | 3 - .../libawt/windows/awt_TextComponent.cpp | 3 +- .../native/libawt/windows/awt_TextField.cpp | 3 - .../native/libawt/windows/awt_Window.cpp | 3 - 19 files changed, 167 insertions(+), 125 deletions(-) diff --git a/src/java.desktop/windows/native/libawt/windows/awt.h b/src/java.desktop/windows/native/libawt/windows/awt.h index 1aae25a7219..5b6d121cd87 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt.h +++ b/src/java.desktop/windows/native/libawt/windows/awt.h @@ -57,15 +57,6 @@ typedef AwtObject* PDATA; } \ } -#define JNI_CHECK_PEER_GOTO(peer, where) { \ - JNI_CHECK_NULL_GOTO(peer, "peer", where); \ - pData = JNI_GET_PDATA(peer); \ - if (pData == NULL) { \ - THROW_NULL_PDATA_IF_NOT_DESTROYED(peer); \ - goto where; \ - } \ -} - #define JNI_CHECK_NULL_RETURN(obj, msg) { \ if (obj == NULL) { \ env->ExceptionClear(); \ @@ -74,15 +65,6 @@ typedef AwtObject* PDATA; } \ } -#define JNI_CHECK_PEER_RETURN(peer) { \ - JNI_CHECK_NULL_RETURN(peer, "peer"); \ - pData = JNI_GET_PDATA(peer); \ - if (pData == NULL) { \ - THROW_NULL_PDATA_IF_NOT_DESTROYED(peer); \ - return; \ - } \ -} - #define JNI_CHECK_PEER_CREATION_RETURN(peer) { \ if (peer == NULL ) { \ return; \ @@ -109,6 +91,33 @@ typedef AwtObject* PDATA; } \ } +/** + * This macros must be used under SyncCall or on the Toolkit thread. + */ +#define JNI_CHECK_PEER_GOTO(peer, where) { \ + JNI_CHECK_NULL_GOTO(peer, "peer", where); \ + pData = JNI_GET_PDATA(peer); \ + if (pData == NULL) { \ + THROW_NULL_PDATA_IF_NOT_DESTROYED(peer); \ + goto where; \ + } \ +} + +/** + * This macros must be used under SyncCall or on the Toolkit thread. + */ +#define JNI_CHECK_PEER_RETURN(peer) { \ + JNI_CHECK_NULL_RETURN(peer, "peer"); \ + pData = JNI_GET_PDATA(peer); \ + if (pData == NULL) { \ + THROW_NULL_PDATA_IF_NOT_DESTROYED(peer); \ + return; \ + } \ +} + +/** + * This macros must be used under SyncCall or on the Toolkit thread. + */ #define JNI_CHECK_PEER_RETURN_NULL(peer) { \ JNI_CHECK_NULL_RETURN_NULL(peer, "peer"); \ pData = JNI_GET_PDATA(peer); \ @@ -118,6 +127,9 @@ typedef AwtObject* PDATA; } \ } +/** + * This macros must be used under SyncCall or on the Toolkit thread. + */ #define JNI_CHECK_PEER_RETURN_VAL(peer, val) { \ JNI_CHECK_NULL_RETURN_VAL(peer, "peer", val); \ pData = JNI_GET_PDATA(peer); \ diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Button.cpp b/src/java.desktop/windows/native/libawt/windows/awt_Button.cpp index e76582bf363..1a7a89fdef4 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Button.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_Button.cpp @@ -65,6 +65,7 @@ LPCTSTR AwtButton::GetClassName() { /* Create a new AwtButton object and window. */ AwtButton* AwtButton::Create(jobject self, jobject parent) { + DASSERT(AwtToolkit::IsMainThread()); JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2); /* the result */ @@ -88,7 +89,6 @@ AwtButton* AwtButton::Create(jobject self, jobject parent) JNI_CHECK_PEER_GOTO(parent, done); awtParent = (AwtCanvas*)pData; - JNI_CHECK_NULL_GOTO(awtParent, "awtParent", done); target = env->GetObjectField(self, AwtObject::targetID); JNI_CHECK_NULL_GOTO(target, "target", done); @@ -375,9 +375,6 @@ Java_sun_awt_windows_WButtonPeer_setLabel(JNIEnv *env, jobject self, { TRY; - PDATA pData; - JNI_CHECK_PEER_RETURN(self); - SetLabelStruct *sls = new SetLabelStruct; sls->button = env->NewGlobalRef(self); sls->label = (label != NULL) ? (jstring)env->NewGlobalRef(label) : NULL; @@ -399,14 +396,9 @@ Java_sun_awt_windows_WButtonPeer_create(JNIEnv *env, jobject self, { TRY; - PDATA pData; - JNI_CHECK_PEER_RETURN(parent); - AwtToolkit::CreateComponent( self, parent, (AwtToolkit::ComponentFactory)AwtButton::Create); - JNI_CHECK_PEER_CREATION_RETURN(self); - CATCH_BAD_ALLOC; } diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Canvas.cpp b/src/java.desktop/windows/native/libawt/windows/awt_Canvas.cpp index fba055cb498..a152b8ebbd7 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Canvas.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_Canvas.cpp @@ -59,6 +59,7 @@ LPCTSTR AwtCanvas::GetClassName() { */ AwtCanvas* AwtCanvas::Create(jobject self, jobject hParent) { + DASSERT(AwtToolkit::IsMainThread()); TRY; JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2); @@ -74,12 +75,11 @@ AwtCanvas* AwtCanvas::Create(jobject self, jobject hParent) return NULL; } + PDATA pData; AwtComponent* parent; - JNI_CHECK_NULL_GOTO(hParent, "null hParent", done); - - parent = (AwtComponent*)JNI_GET_PDATA(hParent); - JNI_CHECK_NULL_GOTO(parent, "null parent", done); + JNI_CHECK_PEER_GOTO(hParent, done); + parent = (AwtCanvas*)pData; target = env->GetObjectField(self, AwtObject::targetID); JNI_CHECK_NULL_GOTO(target, "null target", done); @@ -236,12 +236,9 @@ Java_sun_awt_windows_WCanvasPeer_create(JNIEnv *env, jobject self, { TRY; - PDATA pData; - JNI_CHECK_PEER_RETURN(parent); AwtToolkit::CreateComponent(self, parent, (AwtToolkit::ComponentFactory) AwtCanvas::Create); - JNI_CHECK_PEER_CREATION_RETURN(self); CATCH_BAD_ALLOC; } diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Checkbox.cpp b/src/java.desktop/windows/native/libawt/windows/awt_Checkbox.cpp index 8e18d79eaa1..d77ebb74a3e 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Checkbox.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_Checkbox.cpp @@ -70,6 +70,7 @@ LPCTSTR AwtCheckbox::GetClassName() { AwtCheckbox* AwtCheckbox::Create(jobject peer, jobject parent) { + DASSERT(AwtToolkit::IsMainThread()); JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2); jstring label = NULL; @@ -81,11 +82,10 @@ AwtCheckbox* AwtCheckbox::Create(jobject peer, jobject parent) return NULL; } + PDATA pData; AwtComponent* awtParent; - JNI_CHECK_NULL_GOTO(parent, "null parent", done); - - awtParent = (AwtComponent*)JNI_GET_PDATA(parent); - JNI_CHECK_NULL_GOTO(awtParent, "null awtParent", done); + JNI_CHECK_PEER_GOTO(parent, done); + awtParent = (AwtCanvas*)pData; target = env->GetObjectField(peer, AwtObject::targetID); JNI_CHECK_NULL_GOTO(target, "null target", done); @@ -669,11 +669,10 @@ Java_sun_awt_windows_WCheckboxPeer_create(JNIEnv *env, jobject self, { TRY; - PDATA pData; - JNI_CHECK_PEER_RETURN(parent); AwtToolkit::CreateComponent(self, parent, (AwtToolkit::ComponentFactory) AwtCheckbox::Create); + PDATA pData; JNI_CHECK_PEER_CREATION_RETURN(self); #ifdef DEBUG diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Choice.cpp b/src/java.desktop/windows/native/libawt/windows/awt_Choice.cpp index 8376f0abc2b..bfdf76f272c 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Choice.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_Choice.cpp @@ -104,7 +104,7 @@ void AwtChoice::Dispose() { } AwtChoice* AwtChoice::Create(jobject peer, jobject parent) { - + DASSERT(AwtToolkit::IsMainThread()); JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2); jobject target = NULL; @@ -115,12 +115,10 @@ AwtChoice* AwtChoice::Create(jobject peer, jobject parent) { if (env->EnsureLocalCapacity(1) < 0) { return NULL; } + PDATA pData; AwtCanvas* awtParent; - - JNI_CHECK_NULL_GOTO(parent, "null parent", done); - - awtParent = (AwtCanvas*)JNI_GET_PDATA(parent); - JNI_CHECK_NULL_GOTO(awtParent, "null awtParent", done); + JNI_CHECK_PEER_GOTO(parent, done); + awtParent = (AwtCanvas*)pData; target = env->GetObjectField(peer, AwtObject::targetID); JNI_CHECK_NULL_GOTO(target, "null target", done); @@ -830,12 +828,9 @@ Java_sun_awt_windows_WChoicePeer_create(JNIEnv *env, jobject self, { TRY; - PDATA pData; - JNI_CHECK_PEER_RETURN(parent); AwtToolkit::CreateComponent(self, parent, (AwtToolkit::ComponentFactory) AwtChoice::Create); - JNI_CHECK_PEER_CREATION_RETURN(self); CATCH_BAD_ALLOC; } diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Component.cpp b/src/java.desktop/windows/native/libawt/windows/awt_Component.cpp index 8eb09ff3173..eb5c20ef286 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Component.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_Component.cpp @@ -151,6 +151,11 @@ struct SetFocusStruct { jobject component; jboolean doSetFocus; }; +// Struct for _SetParent function +struct SetParentStruct { + jobject component; + jobject parentComp; +}; /************************************************************************/ ////////////////////////////////////////////////////////////////////////// @@ -269,9 +274,6 @@ AwtComponent::~AwtComponent() { DASSERT(AwtToolkit::IsMainThread()); - /* Disconnect all links. */ - UnlinkObjects(); - /* * All the messages for this component are processed, native * resources are freed, and Java object is not connected to @@ -283,6 +285,8 @@ AwtComponent::~AwtComponent() void AwtComponent::Dispose() { + DASSERT(AwtToolkit::IsMainThread()); + // NOTE: in case the component/toplevel was focused, Java should // have already taken care of proper transferring it or clearing. @@ -301,8 +305,10 @@ void AwtComponent::Dispose() /* Release global ref to input method */ SetInputMethod(NULL, TRUE); - if (m_childList != NULL) + if (m_childList != NULL) { delete m_childList; + m_childList = NULL; + } DestroyDropTarget(); ReleaseDragCapture(0); @@ -325,6 +331,9 @@ void AwtComponent::Dispose() m_brushBackground = NULL; } + /* Disconnect all links. */ + UnlinkObjects(); + if (m_bPauseDestroy) { // AwtComponent::WmNcDestroy could be released now m_bPauseDestroy = FALSE; @@ -6288,21 +6297,36 @@ ret: return result; } -void AwtComponent::SetParent(void * param) { +void AwtComponent::_SetParent(void * param) +{ if (AwtToolkit::IsMainThread()) { - AwtComponent** comps = (AwtComponent**)param; - if ((comps[0] != NULL) && (comps[1] != NULL)) { - HWND selfWnd = comps[0]->GetHWnd(); - HWND parentWnd = comps[1]->GetHWnd(); - if (::IsWindow(selfWnd) && ::IsWindow(parentWnd)) { - // Shouldn't trigger native focus change - // (only the proxy may be the native focus owner). - ::SetParent(selfWnd, parentWnd); - } + JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2); + SetParentStruct *data = (SetParentStruct*) param; + jobject self = data->component; + jobject parent = data->parentComp; + + AwtComponent *awtComponent = NULL; + AwtComponent *awtParent = NULL; + + PDATA pData; + JNI_CHECK_PEER_GOTO(self, ret); + awtComponent = (AwtComponent *)pData; + JNI_CHECK_PEER_GOTO(parent, ret); + awtParent = (AwtComponent *)pData; + + HWND selfWnd = awtComponent->GetHWnd(); + HWND parentWnd = awtParent->GetHWnd(); + if (::IsWindow(selfWnd) && ::IsWindow(parentWnd)) { + // Shouldn't trigger native focus change + // (only the proxy may be the native focus owner). + ::SetParent(selfWnd, parentWnd); } - delete[] comps; +ret: + env->DeleteGlobalRef(self); + env->DeleteGlobalRef(parent); + delete data; } else { - AwtToolkit::GetInstance().InvokeFunction(AwtComponent::SetParent, param); + AwtToolkit::GetInstance().InvokeFunction(AwtComponent::_SetParent, param); } } @@ -7129,15 +7153,12 @@ JNIEXPORT void JNICALL Java_sun_awt_windows_WComponentPeer_pSetParent(JNIEnv* env, jobject self, jobject parent) { TRY; - typedef AwtComponent* PComponent; - AwtComponent** comps = new PComponent[2]; - AwtComponent* comp = (AwtComponent*)JNI_GET_PDATA(self); - AwtComponent* parentComp = (AwtComponent*)JNI_GET_PDATA(parent); - comps[0] = comp; - comps[1] = parentComp; + SetParentStruct * data = new SetParentStruct; + data->component = env->NewGlobalRef(self); + data->parentComp = env->NewGlobalRef(parent); - AwtToolkit::GetInstance().SyncCall(AwtComponent::SetParent, comps); - // comps is deleted in SetParent + AwtToolkit::GetInstance().SyncCall(AwtComponent::_SetParent, data); + // global refs and data are deleted in SetParent CATCH_BAD_ALLOC; } diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Component.h b/src/java.desktop/windows/native/libawt/windows/awt_Component.h index 0bf23a596c2..69006d4993e 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Component.h +++ b/src/java.desktop/windows/native/libawt/windows/awt_Component.h @@ -672,6 +672,7 @@ public: static void _RemoveNativeDropTarget(void *param); static jintArray _CreatePrintedPixels(void *param); static jboolean _NativeHandlesWheelScrolling(void *param); + static void _SetParent(void * param); static void _SetRectangularShape(void *param); static void _SetZOrder(void *param); diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Dialog.cpp b/src/java.desktop/windows/native/libawt/windows/awt_Dialog.cpp index e3413714b62..47b80a4ea04 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Dialog.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_Dialog.cpp @@ -111,12 +111,13 @@ AwtDialog* AwtDialog::Create(jobject peer, jobject parent) PDATA pData; AwtWindow* awtParent = NULL; HWND hwndParent = NULL; + target = env->GetObjectField(peer, AwtObject::targetID); JNI_CHECK_NULL_GOTO(target, "null target", done); if (parent != NULL) { JNI_CHECK_PEER_GOTO(parent, done); - awtParent = (AwtWindow *)(JNI_GET_PDATA(parent)); + awtParent = (AwtWindow *)pData; hwndParent = awtParent->GetHWnd(); } else { // There is no way to prevent a parentless dialog from showing on @@ -775,11 +776,9 @@ Java_sun_awt_windows_WDialogPeer_createAwtDialog(JNIEnv *env, jobject self, { TRY; - PDATA pData; AwtToolkit::CreateComponent(self, parent, (AwtToolkit::ComponentFactory) AwtDialog::Create); - JNI_CHECK_PEER_CREATION_RETURN(self); CATCH_BAD_ALLOC; } diff --git a/src/java.desktop/windows/native/libawt/windows/awt_FileDialog.cpp b/src/java.desktop/windows/native/libawt/windows/awt_FileDialog.cpp index 7b2d703bb6a..f5ce9015d04 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_FileDialog.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_FileDialog.cpp @@ -691,7 +691,7 @@ Java_sun_awt_windows_WFileDialogPeer_getLocationOnScreen(JNIEnv *env, jobject peerRef = env->NewGlobalRef(peer); jobject resultRef = (jobject)AwtToolkit::GetInstance().SyncCall( (void*(*)(void*))AwtFileDialog::_GetLocationOnScreen, (void *)peerRef); - env->DeleteLocalRef(peerRef); + env->DeleteGlobalRef(peerRef); if (resultRef != NULL) { diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Frame.cpp b/src/java.desktop/windows/native/libawt/windows/awt_Frame.cpp index 9bc6366d17b..788ece47354 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Frame.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_Frame.cpp @@ -1580,12 +1580,12 @@ void AwtFrame::_NotifyModalBlocked(void *param) PDATA pData; - pData = JNI_GET_PDATA(peer); + JNI_CHECK_PEER_GOTO(peer, ret); AwtFrame *f = (AwtFrame *)pData; // dialog here may be NULL, for example, if the blocker is a native dialog // however, we need to install/unistall modal hooks anyway - pData = JNI_GET_PDATA(blockerPeer); + JNI_CHECK_PEER_GOTO(blockerPeer, ret); AwtDialog *d = (AwtDialog *)pData; if ((f != NULL) && ::IsWindow(f->GetHWnd())) @@ -1637,7 +1637,7 @@ void AwtFrame::_NotifyModalBlocked(void *param) } } } - +ret: env->DeleteGlobalRef(self); env->DeleteGlobalRef(peer); env->DeleteGlobalRef(blockerPeer); @@ -1809,8 +1809,6 @@ Java_sun_awt_windows_WFramePeer_createAwtFrame(JNIEnv *env, jobject self, AwtToolkit::CreateComponent(self, parent, (AwtToolkit::ComponentFactory) AwtFrame::Create); - PDATA pData; - JNI_CHECK_PEER_CREATION_RETURN(self); CATCH_BAD_ALLOC; } @@ -1924,8 +1922,6 @@ Java_sun_awt_windows_WEmbeddedFramePeer_create(JNIEnv *env, jobject self, AwtToolkit::CreateComponent(self, parent, (AwtToolkit::ComponentFactory) AwtFrame::Create); - PDATA pData; - JNI_CHECK_PEER_CREATION_RETURN(self); CATCH_BAD_ALLOC; } diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Label.cpp b/src/java.desktop/windows/native/libawt/windows/awt_Label.cpp index 722151cd864..4f43e0e3d09 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Label.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_Label.cpp @@ -80,7 +80,7 @@ AwtLabel* AwtLabel::Create(jobject labelPeer, jobject parent) JNI_CHECK_PEER_GOTO(parent, done); awtParent = (AwtCanvas*)pData; - JNI_CHECK_NULL_GOTO(awtParent, "awtParent", done); + target = env->GetObjectField(labelPeer, AwtObject::targetID); JNI_CHECK_NULL_GOTO(target, "target", done); @@ -392,12 +392,9 @@ Java_sun_awt_windows_WLabelPeer_create(JNIEnv *env, jobject self, { TRY; - PDATA pData; - JNI_CHECK_PEER_RETURN(parent); AwtToolkit::CreateComponent(self, parent, (AwtToolkit::ComponentFactory) AwtLabel::Create); - JNI_CHECK_PEER_CREATION_RETURN(self); CATCH_BAD_ALLOC; } diff --git a/src/java.desktop/windows/native/libawt/windows/awt_List.cpp b/src/java.desktop/windows/native/libawt/windows/awt_List.cpp index 4c32a472996..071ab2a0ded 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_List.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_List.cpp @@ -89,10 +89,9 @@ AwtList* AwtList::Create(jobject peer, jobject parent) PDATA pData; AwtCanvas* awtParent; - JNI_CHECK_PEER_GOTO(parent, done); + JNI_CHECK_PEER_GOTO(parent, done); awtParent = (AwtCanvas*)pData; - JNI_CHECK_NULL_GOTO(awtParent, "null awtParent", done); /* target is Hjava_awt_List * */ target = env->GetObjectField(peer, AwtObject::targetID); @@ -928,9 +927,6 @@ Java_sun_awt_windows_WListPeer_deselect(JNIEnv *env, jobject self, { TRY; - PDATA pData; - JNI_CHECK_PEER_RETURN(self); - SelectElementStruct *ses = new SelectElementStruct; ses->list = env->NewGlobalRef(self); ses->index = pos; @@ -994,11 +990,8 @@ Java_sun_awt_windows_WListPeer_create(JNIEnv *env, jobject self, { TRY; - PDATA pData; - JNI_CHECK_PEER_RETURN(parent); AwtToolkit::CreateComponent(self, parent, (AwtToolkit::ComponentFactory)AwtList::Create); - JNI_CHECK_PEER_CREATION_RETURN(self); CATCH_BAD_ALLOC; } diff --git a/src/java.desktop/windows/native/libawt/windows/awt_ScrollPane.cpp b/src/java.desktop/windows/native/libawt/windows/awt_ScrollPane.cpp index 04f463e642c..7e351e134b7 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_ScrollPane.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_ScrollPane.cpp @@ -96,10 +96,9 @@ AwtScrollPane* AwtScrollPane::Create(jobject self, jobject parent) PDATA pData; AwtComponent* awtParent; - JNI_CHECK_PEER_GOTO(parent, done); + JNI_CHECK_PEER_GOTO(parent, done); awtParent = (AwtComponent*)pData; - JNI_CHECK_NULL_GOTO(awtParent, "null awtParent", done); target = env->GetObjectField(self, AwtObject::targetID); JNI_CHECK_NULL_GOTO(target, "null target", done); @@ -679,11 +678,10 @@ Java_sun_awt_windows_WScrollPanePeer_create(JNIEnv *env, jobject self, DTRACE_PRINTLN2("%x: WScrollPanePeer.create(%x)", self, parent); - PDATA pData; - JNI_CHECK_PEER_RETURN(parent); AwtToolkit::CreateComponent(self, parent, (AwtToolkit::ComponentFactory) AwtScrollPane::Create); + PDATA pData; JNI_CHECK_PEER_CREATION_RETURN(self); ((AwtScrollPane*)pData)->VerifyState(); diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.cpp b/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.cpp index 1e58f2ceb8d..502b9a0d236 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.cpp @@ -38,7 +38,11 @@ struct SetValuesStruct { jint value; jint visible; jint min, max; - +}; +// struct for _SetLineIncrement()/_SetPageIncrement() methods +struct SetIncrementStruct { + jobject scrollbar; + jint increment; }; /************************************************************************ * AwtScrollbar fields @@ -108,10 +112,9 @@ AwtScrollbar::Create(jobject peer, jobject parent) PDATA pData; AwtCanvas* awtParent; - JNI_CHECK_PEER_GOTO(parent, done); + JNI_CHECK_PEER_GOTO(parent, done); awtParent = (AwtCanvas*)pData; - JNI_CHECK_NULL_GOTO(awtParent, "null awtParent", done); target = env->GetObjectField(peer, AwtObject::targetID); JNI_CHECK_NULL_GOTO(target, "null target", done); @@ -471,6 +474,52 @@ ret: delete svs; } +void AwtScrollbar::_SetLineIncrement(void *param) +{ + JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2); + + SetIncrementStruct *sis = (SetIncrementStruct *)param; + jobject self = sis->scrollbar; + jint increment = sis->increment; + + AwtScrollbar *sb = NULL; + + PDATA pData; + JNI_CHECK_PEER_GOTO(self, ret); + sb = (AwtScrollbar *)pData; + if (::IsWindow(sb->GetHWnd())) + { + sb->SetLineIncrement(increment); + } +ret: + env->DeleteGlobalRef(self); + + delete sis; +} + +void AwtScrollbar::_SetPageIncrement(void *param) +{ + JNIEnv *env = (JNIEnv *)JNU_GetEnv(jvm, JNI_VERSION_1_2); + + SetIncrementStruct *sis = (SetIncrementStruct *)param; + jobject self = sis->scrollbar; + jint increment = sis->increment; + + AwtScrollbar *sb = NULL; + + PDATA pData; + JNI_CHECK_PEER_GOTO(self, ret); + sb = (AwtScrollbar *)pData; + if (::IsWindow(sb->GetHWnd())) + { + sb->SetPageIncrement(increment); + } +ret: + env->DeleteGlobalRef(self); + + delete sis; +} + /************************************************************************ * Scrollbar native methods */ @@ -546,10 +595,12 @@ Java_sun_awt_windows_WScrollbarPeer_setLineIncrement(JNIEnv *env, jobject self, { TRY; - PDATA pData; - JNI_CHECK_PEER_RETURN(self); - AwtScrollbar* c = (AwtScrollbar*)pData; - c->SetLineIncrement(increment); + SetIncrementStruct *sis = new SetIncrementStruct; + sis->scrollbar = env->NewGlobalRef(self); + sis->increment = increment; + + AwtToolkit::GetInstance().SyncCall(AwtScrollbar::_SetLineIncrement, sis); + // global ref and svs are deleted in _SetValues CATCH_BAD_ALLOC; } @@ -565,10 +616,12 @@ Java_sun_awt_windows_WScrollbarPeer_setPageIncrement(JNIEnv *env, jobject self, { TRY; - PDATA pData; - JNI_CHECK_PEER_RETURN(self); - AwtScrollbar* c = (AwtScrollbar*)pData; - c->SetPageIncrement(increment); + SetIncrementStruct *sis = new SetIncrementStruct; + sis->scrollbar = env->NewGlobalRef(self); + sis->increment = increment; + + AwtToolkit::GetInstance().SyncCall(AwtScrollbar::_SetPageIncrement, sis); + // global ref and svs are deleted in _SetValues CATCH_BAD_ALLOC; } @@ -584,12 +637,9 @@ Java_sun_awt_windows_WScrollbarPeer_create(JNIEnv *env, jobject self, { TRY; - PDATA pData; - JNI_CHECK_PEER_RETURN(parent); AwtToolkit::CreateComponent(self, parent, (AwtToolkit::ComponentFactory) AwtScrollbar::Create); - JNI_CHECK_PEER_CREATION_RETURN(self); CATCH_BAD_ALLOC; } diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.h b/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.h index 2a6b03a6714..9369cab0e58 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.h +++ b/src/java.desktop/windows/native/libawt/windows/awt_Scrollbar.h @@ -77,6 +77,8 @@ public: INLINE virtual BOOL IsScrollbar() { return TRUE; } + static void _SetLineIncrement(void *param); + static void _SetPageIncrement(void *param); // invoked on Toolkit thread static void _SetValues(void *param); diff --git a/src/java.desktop/windows/native/libawt/windows/awt_TextArea.cpp b/src/java.desktop/windows/native/libawt/windows/awt_TextArea.cpp index cd40b1f237f..6dc21c5adda 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_TextArea.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_TextArea.cpp @@ -505,12 +505,9 @@ Java_sun_awt_windows_WTextAreaPeer_create(JNIEnv *env, jobject self, { TRY; - PDATA pData; - JNI_CHECK_PEER_RETURN(parent); AwtToolkit::CreateComponent(self, parent, (AwtToolkit::ComponentFactory) AwtTextArea::Create); - JNI_CHECK_PEER_CREATION_RETURN(self); CATCH_BAD_ALLOC; } diff --git a/src/java.desktop/windows/native/libawt/windows/awt_TextComponent.cpp b/src/java.desktop/windows/native/libawt/windows/awt_TextComponent.cpp index de60f0ed702..38272959d73 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_TextComponent.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_TextComponent.cpp @@ -95,10 +95,9 @@ AwtTextComponent* AwtTextComponent::Create(jobject peer, jobject parent, BOOL is PDATA pData; AwtCanvas* awtParent; - JNI_CHECK_PEER_GOTO(parent, done); + JNI_CHECK_PEER_GOTO(parent, done); awtParent = (AwtCanvas*)pData; - JNI_CHECK_NULL_GOTO(awtParent, "null awtParent", done); target = env->GetObjectField(peer, AwtObject::targetID); JNI_CHECK_NULL_GOTO(target, "null target", done); diff --git a/src/java.desktop/windows/native/libawt/windows/awt_TextField.cpp b/src/java.desktop/windows/native/libawt/windows/awt_TextField.cpp index 01c73f068ee..5518ab91145 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_TextField.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_TextField.cpp @@ -260,12 +260,9 @@ Java_sun_awt_windows_WTextFieldPeer_create(JNIEnv *env, jobject self, { TRY; - PDATA pData; - JNI_CHECK_PEER_RETURN(parent); AwtToolkit::CreateComponent(self, parent, (AwtToolkit::ComponentFactory) AwtTextField::Create); - JNI_CHECK_PEER_CREATION_RETURN(self); CATCH_BAD_ALLOC; } diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Window.cpp b/src/java.desktop/windows/native/libawt/windows/awt_Window.cpp index 56f2bfdd0ea..b1cb6ad2ce9 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Window.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_Window.cpp @@ -3400,12 +3400,9 @@ Java_sun_awt_windows_WWindowPeer_createAwtWindow(JNIEnv *env, jobject self, { TRY; - PDATA pData; -// JNI_CHECK_PEER_RETURN(parent); AwtToolkit::CreateComponent(self, parent, (AwtToolkit::ComponentFactory) AwtWindow::Create); - JNI_CHECK_PEER_CREATION_RETURN(self); CATCH_BAD_ALLOC; } From 1a211262239ccc20adabb3ff485d911e3d7914cc Mon Sep 17 00:00:00 2001 From: Ivan Gerasimov Date: Thu, 17 Nov 2016 22:01:02 +0300 Subject: [PATCH 06/26] 8169026: Handle smartcard clean up better Reviewed-by: valeriep, ahgross --- .../share/classes/sun/security/smartcardio/CardImpl.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/java.smartcardio/share/classes/sun/security/smartcardio/CardImpl.java b/src/java.smartcardio/share/classes/sun/security/smartcardio/CardImpl.java index d7e8f49fa83..019ea781a3c 100644 --- a/src/java.smartcardio/share/classes/sun/security/smartcardio/CardImpl.java +++ b/src/java.smartcardio/share/classes/sun/security/smartcardio/CardImpl.java @@ -270,7 +270,7 @@ final class CardImpl extends Card { } public String toString() { - return "PC/SC card in " + terminal.getName() + return "PC/SC card in " + terminal.name + ", protocol " + getProtocol() + ", state " + state; } @@ -278,6 +278,7 @@ final class CardImpl extends Card { protected void finalize() throws Throwable { try { if (state == State.OK) { + state = State.DISCONNECTED; SCardDisconnect(cardId, SCARD_LEAVE_CARD); } } finally { From ab51d9296c6eb96cbaecb79461a1bbae5043200a Mon Sep 17 00:00:00 2001 From: Sergey Bylokhov Date: Tue, 21 Feb 2017 02:23:00 +0300 Subject: [PATCH 07/26] 8169966: Larger AWT menus Reviewed-by: azvegint, prr, rhalade, mschoene --- .../native/libawt/windows/CmdIDList.cpp | 39 +++++++++++-------- .../windows/native/libawt/windows/CmdIDList.h | 3 +- .../native/libawt/windows/awt_MenuItem.cpp | 6 ++- .../native/libawt/windows/awt_Toolkit.cpp | 7 +++- .../native/libawt/windows/awt_Toolkit.h | 4 +- 5 files changed, 39 insertions(+), 20 deletions(-) diff --git a/src/java.desktop/windows/native/libawt/windows/CmdIDList.cpp b/src/java.desktop/windows/native/libawt/windows/CmdIDList.cpp index a71ede3d381..138f3e98075 100644 --- a/src/java.desktop/windows/native/libawt/windows/CmdIDList.cpp +++ b/src/java.desktop/windows/native/libawt/windows/CmdIDList.cpp @@ -61,29 +61,36 @@ INLINE void AwtCmdIDList::BuildFreeList(UINT first_index) m_first_free = first_index; // head of the free list } + +jboolean AwtCmdIDList::isFreeIDAvailable() { + CriticalSection::Lock l(m_lock); + + if (m_first_free == -1) { // out of free ids + if (m_capacity == ARRAY_MAXIMUM_SIZE) { + return JNI_FALSE; + } + } + return JNI_TRUE; +} + // Assign an id to the object. Recycle the first free entry from the // head of the free list or allocate more memory for a new free list. UINT AwtCmdIDList::Add(AwtObject* obj) { CriticalSection::Lock l(m_lock); + if (!isFreeIDAvailable()) { + throw std::bad_alloc(); // fatal error + } if (m_first_free == -1) { // out of free ids - if (m_capacity == ARRAY_MAXIMUM_SIZE) { - // Really bad - out of ids. Since we hardly can have *so* - // many items simultaneously in existence, we have an id - // leak somewhere. - DASSERT(FALSE); - return 0; - } - else { // snarf a bigger arena - UINT old_capacity = m_capacity; // will be the first free entry - m_capacity += ARRAY_SIZE_INCREMENT; - if (m_capacity > ARRAY_MAXIMUM_SIZE) - m_capacity = ARRAY_MAXIMUM_SIZE; - m_array = (CmdIDEntry *)SAFE_SIZE_ARRAY_REALLOC(safe_Realloc, m_array, - m_capacity, sizeof(CmdIDEntry*)); - BuildFreeList(old_capacity); - } + // snarf a bigger arena + UINT old_capacity = m_capacity; // will be the first free entry + m_capacity += ARRAY_SIZE_INCREMENT; + if (m_capacity > ARRAY_MAXIMUM_SIZE) + m_capacity = ARRAY_MAXIMUM_SIZE; + m_array = (CmdIDEntry *)SAFE_SIZE_ARRAY_REALLOC(safe_Realloc, m_array, + m_capacity, sizeof(CmdIDEntry*)); + BuildFreeList(old_capacity); } DASSERT(m_first_free != -1); diff --git a/src/java.desktop/windows/native/libawt/windows/CmdIDList.h b/src/java.desktop/windows/native/libawt/windows/CmdIDList.h index 3677b6dcf04..15b032e625d 100644 --- a/src/java.desktop/windows/native/libawt/windows/CmdIDList.h +++ b/src/java.desktop/windows/native/libawt/windows/CmdIDList.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1999, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,6 +38,7 @@ public: UINT Add(AwtObject* obj); AwtObject* Lookup(UINT id); void Remove(UINT id); + jboolean isFreeIDAvailable(); CriticalSection m_lock; diff --git a/src/java.desktop/windows/native/libawt/windows/awt_MenuItem.cpp b/src/java.desktop/windows/native/libawt/windows/awt_MenuItem.cpp index f00d5ba31c7..095db63eb3d 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_MenuItem.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_MenuItem.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -217,6 +217,10 @@ AwtMenuItem* AwtMenuItem::Create(jobject peer, jobject menuPeer) if (env->EnsureLocalCapacity(1) < 0) { return NULL; } + if (!AwtToolkit::GetInstance().isFreeIDAvailable()) { + return NULL; + } + JNI_CHECK_NULL_RETURN_NULL(menuPeer, "peer"); /* target is a java.awt.MenuItem */ diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.cpp b/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.cpp index db5745ea297..bf0122ab6f3 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -1869,6 +1869,11 @@ void AwtToolkit::SyncCall(void (*ftn)(void)) { } } +jboolean AwtToolkit::isFreeIDAvailable() +{ + return m_cmdIDs->isFreeIDAvailable(); +} + UINT AwtToolkit::CreateCmdID(AwtObject* object) { return m_cmdIDs->Add(object); diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.h b/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.h index 778132ccf11..b22f685b2b3 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.h +++ b/src/java.desktop/windows/native/libawt/windows/awt_Toolkit.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -373,6 +373,8 @@ public: BOOL PreProcessMouseMsg(class AwtComponent* p, MSG& msg); BOOL PreProcessKeyMsg(class AwtComponent* p, MSG& msg); + /* Checks that an free ID exists. */ + jboolean isFreeIDAvailable(); /* Create an ID which maps to an AwtObject pointer, such as a menu. */ UINT CreateCmdID(AwtObject* object); From 2473f1cf4135707e89f7f37991f62f04cea01f1b Mon Sep 17 00:00:00 2001 From: Valerie Peng Date: Wed, 22 Feb 2017 00:14:32 +0000 Subject: [PATCH 08/26] 8171252: Improve exception checking Reviewed-by: ascarpino, mschoene --- .../com/sun/crypto/provider/AESCipher.java | 10 +- .../sun/crypto/provider/AESWrapCipher.java | 8 +- .../sun/crypto/provider/ARCFOURCipher.java | 4 +- .../sun/crypto/provider/BlowfishCipher.java | 4 +- .../com/sun/crypto/provider/CipherCore.java | 42 +- .../sun/crypto/provider/DESedeWrapCipher.java | 8 +- .../sun/crypto/provider/ISO10126Padding.java | 12 +- .../sun/crypto/provider/PBECipherCore.java | 535 ------------------ .../com/sun/crypto/provider/PBES1Core.java | 4 +- .../com/sun/crypto/provider/PKCS5Padding.java | 21 +- 10 files changed, 58 insertions(+), 590 deletions(-) delete mode 100644 src/java.base/share/classes/com/sun/crypto/provider/PBECipherCore.java diff --git a/src/java.base/share/classes/com/sun/crypto/provider/AESCipher.java b/src/java.base/share/classes/com/sun/crypto/provider/AESCipher.java index 9d11f0091df..1fefe6e1adf 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/AESCipher.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/AESCipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -156,7 +156,7 @@ abstract class AESCipher extends CipherSpi { throw new InvalidKeyException("Key encoding must not be null"); } else if (value.length != fixedKeySize) { throw new InvalidKeyException("The key must be " + - fixedKeySize*8 + " bits"); + fixedKeySize + " bytes"); } } } @@ -509,7 +509,7 @@ abstract class AESCipher extends CipherSpi { throw new InvalidKeyException("Invalid AES key length: " + encoded.length + " bytes"); } - return encoded.length * 8; + return Math.multiplyExact(encoded.length, 8); } /** @@ -628,9 +628,9 @@ abstract class AESCipher extends CipherSpi { } if (src != null) { int aadLen = src.limit() - src.position(); - if (aadLen != 0) { + if (aadLen > 0) { if (src.hasArray()) { - int aadOfs = src.arrayOffset() + src.position(); + int aadOfs = Math.addExact(src.arrayOffset(), src.position()); core.updateAAD(src.array(), aadOfs, aadLen); src.position(src.limit()); } else { diff --git a/src/java.base/share/classes/com/sun/crypto/provider/AESWrapCipher.java b/src/java.base/share/classes/com/sun/crypto/provider/AESWrapCipher.java index 29a22ad64b6..95a8c5a6fac 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/AESWrapCipher.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/AESWrapCipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -156,7 +156,7 @@ abstract class AESWrapCipher extends CipherSpi { if (decrypting) { result = inputLen - 8; } else { - result = inputLen + 8; + result = Math.addExact(inputLen, 8); } return (result < 0? 0:result); } @@ -378,7 +378,7 @@ abstract class AESWrapCipher extends CipherSpi { throw new InvalidKeyException("Invalid key length: " + encoded.length + " bytes"); } - return encoded.length * 8; + return Math.multiplyExact(encoded.length, 8); } /** @@ -404,7 +404,7 @@ abstract class AESWrapCipher extends CipherSpi { throw new InvalidKeyException("Cannot get an encoding of " + "the key to be wrapped"); } - byte[] out = new byte[keyVal.length + 8]; + byte[] out = new byte[Math.addExact(keyVal.length, 8)]; if (keyVal.length == 8) { System.arraycopy(IV, 0, out, 0, IV.length); diff --git a/src/java.base/share/classes/com/sun/crypto/provider/ARCFOURCipher.java b/src/java.base/share/classes/com/sun/crypto/provider/ARCFOURCipher.java index f5b99c1ae51..cfa48358831 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/ARCFOURCipher.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/ARCFOURCipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -257,7 +257,7 @@ public final class ARCFOURCipher extends CipherSpi { // see JCE spec protected int engineGetKeySize(Key key) throws InvalidKeyException { byte[] encodedKey = getEncodedKey(key); - return encodedKey.length << 3; + return Math.multiplyExact(encodedKey.length, 8); } } diff --git a/src/java.base/share/classes/com/sun/crypto/provider/BlowfishCipher.java b/src/java.base/share/classes/com/sun/crypto/provider/BlowfishCipher.java index 54de9984ebf..e991108e8e8 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/BlowfishCipher.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/BlowfishCipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -373,7 +373,7 @@ public final class BlowfishCipher extends CipherSpi { * @exception InvalidKeyException if key is invalid. */ protected int engineGetKeySize(Key key) throws InvalidKeyException { - return (key.getEncoded().length * 8); + return Math.multiplyExact(key.getEncoded().length, 8); } /** diff --git a/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java b/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java index 106ee91392c..87f47722e48 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/CipherCore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -324,13 +324,14 @@ final class CipherCore { } private int getOutputSizeByOperation(int inputLen, boolean isDoFinal) { - int totalLen = buffered + inputLen + cipher.getBufferedLength(); + int totalLen = Math.addExact(buffered, cipher.getBufferedLength()); + totalLen = Math.addExact(totalLen, inputLen); switch (cipherMode) { case GCM_MODE: if (isDoFinal) { int tagLen = ((GaloisCounterMode) cipher).getTagLen(); if (!decrypting) { - totalLen += tagLen; + totalLen = Math.addExact(totalLen, tagLen); } else { totalLen -= tagLen; } @@ -346,10 +347,10 @@ final class CipherCore { totalLen = diffBlocksize; } else { int residue = (totalLen - diffBlocksize) % blockSize; - totalLen += (blockSize - residue); + totalLen = Math.addExact(totalLen, (blockSize - residue)); } } else { - totalLen += padding.padLength(totalLen); + totalLen = Math.addExact(totalLen, padding.padLength(totalLen)); } } break; @@ -711,7 +712,8 @@ final class CipherCore { } // figure out how much can be sent to crypto function - int len = buffered + inputLen - minBytes; + int len = Math.addExact(buffered, inputLen); + len -= minBytes; if (padding != null && decrypting) { // do not include the padding bytes when decrypting len -= blockSize; @@ -730,12 +732,12 @@ final class CipherCore { int outLen = 0; if (len != 0) { // there is some work to do if ((input == output) - && (outputOffset < (inputOffset + inputLen)) - && (inputOffset < (outputOffset + buffer.length))) { + && (outputOffset - inputOffset < inputLen) + && (inputOffset - outputOffset < buffer.length)) { // copy 'input' out to avoid its content being // overwritten prematurely. input = Arrays.copyOfRange(input, inputOffset, - inputOffset + inputLen); + Math.addExact(inputOffset, inputLen)); inputOffset = 0; } if (len <= buffered) { @@ -757,13 +759,13 @@ final class CipherCore { if (bufferCapacity != 0) { temp = Math.min(bufferCapacity, inputConsumed); if (unitBytes != blockSize) { - temp -= ((buffered + temp) % unitBytes); + temp -= (Math.addExact(buffered, temp) % unitBytes); } System.arraycopy(input, inputOffset, buffer, buffered, temp); - inputOffset += temp; + inputOffset = Math.addExact(inputOffset, temp); inputConsumed -= temp; inputLen -= temp; - buffered += temp; + buffered = Math.addExact(buffered, temp); } // process 'buffer' if (decrypting) { @@ -771,7 +773,7 @@ final class CipherCore { } else { outLen = cipher.encrypt(buffer, 0, buffered, output, outputOffset); } - outputOffset += outLen; + outputOffset = Math.addExact(outputOffset, outLen); buffered = 0; } if (inputConsumed > 0) { // still has input to process @@ -802,7 +804,7 @@ final class CipherCore { if (inputLen > 0) { System.arraycopy(input, inputOffset, buffer, buffered, inputLen); - buffered += inputLen; + buffered = Math.addExact(buffered, inputLen); } return outLen; } @@ -912,10 +914,10 @@ final class CipherCore { } // calculate total input length - int len = buffered + inputLen; + int len = Math.addExact(buffered, inputLen); // calculate padding length - int totalLen = len + cipher.getBufferedLength(); + int totalLen = Math.addExact(len, cipher.getBufferedLength()); int paddingLen = 0; // will the total input length be a multiple of blockSize? if (unitBytes != blockSize) { @@ -948,12 +950,12 @@ final class CipherCore { int finalBufLen = inputLen; if ((buffered != 0) || (!decrypting && padding != null) || ((input == output) - && (outputOffset < (inputOffset + inputLen)) - && (inputOffset < (outputOffset + buffer.length)))) { + && (outputOffset - inputOffset < inputLen) + && (inputOffset - outputOffset < buffer.length))) { if (decrypting || padding == null) { paddingLen = 0; } - finalBuf = new byte[len + paddingLen]; + finalBuf = new byte[Math.addExact(len, paddingLen)]; finalOffset = 0; if (buffered != 0) { System.arraycopy(buffer, 0, finalBuf, 0, buffered); @@ -963,7 +965,7 @@ final class CipherCore { buffered, inputLen); } if (paddingLen != 0) { - padding.padWithLen(finalBuf, (buffered+inputLen), paddingLen); + padding.padWithLen(finalBuf, Math.addExact(buffered, inputLen), paddingLen); } finalBufLen = finalBuf.length; } diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java b/src/java.base/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java index 68b2cbac64d..df00ec2736c 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -140,7 +140,7 @@ public final class DESedeWrapCipher extends CipherSpi { if (decrypting) { result = inputLen - 16; // CHECKSUM_LEN + IV_LEN; } else { - result = inputLen + 16; + result = Math.addExact(inputLen, 16); } return (result < 0? 0:result); } @@ -449,11 +449,11 @@ public final class DESedeWrapCipher extends CipherSpi { } byte[] cks = getChecksum(keyVal); - byte[] in = new byte[keyVal.length + CHECKSUM_LEN]; + byte[] in = new byte[Math.addExact(keyVal.length, CHECKSUM_LEN)]; System.arraycopy(keyVal, 0, in, 0, keyVal.length); System.arraycopy(cks, 0, in, keyVal.length, CHECKSUM_LEN); - byte[] out = new byte[iv.length + in.length]; + byte[] out = new byte[Math.addExact(iv.length, in.length)]; System.arraycopy(iv, 0, out, 0, iv.length); cipher.encrypt(in, 0, in.length, out, iv.length); diff --git a/src/java.base/share/classes/com/sun/crypto/provider/ISO10126Padding.java b/src/java.base/share/classes/com/sun/crypto/provider/ISO10126Padding.java index a7134238e14..6562a107607 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/ISO10126Padding.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/ISO10126Padding.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,7 +63,8 @@ final class ISO10126Padding implements Padding { if (in == null) return; - if ((off + len) > in.length) { + int idx = Math.addExact(off, len); + if (idx > in.length) { throw new ShortBufferException("Buffer too small to hold padding"); } @@ -71,7 +72,7 @@ final class ISO10126Padding implements Padding { byte[] padding = new byte[len - 1]; SunJCE.getRandom().nextBytes(padding); System.arraycopy(padding, 0, in, off, len - 1); - in[off + len - 1] = paddingOctet; + in[idx - 1] = paddingOctet; return; } @@ -94,14 +95,15 @@ final class ISO10126Padding implements Padding { return 0; } - byte lastByte = in[off + len - 1]; + int idx = Math.addExact(off, len); + byte lastByte = in[idx - 1]; int padValue = (int)lastByte & 0x0ff; if ((padValue < 0x01) || (padValue > blockSize)) { return -1; } - int start = off + len - padValue; + int start = idx - padValue; if (start < off) { return -1; } diff --git a/src/java.base/share/classes/com/sun/crypto/provider/PBECipherCore.java b/src/java.base/share/classes/com/sun/crypto/provider/PBECipherCore.java deleted file mode 100644 index 98f85cf04bd..00000000000 --- a/src/java.base/share/classes/com/sun/crypto/provider/PBECipherCore.java +++ /dev/null @@ -1,535 +0,0 @@ -/* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package com.sun.crypto.provider; - -import java.security.*; -import java.security.spec.*; -import javax.crypto.*; -import javax.crypto.spec.*; - -/** - * This class represents password-based encryption as defined by the PKCS #5 - * standard. - * - * @author Jan Luehe - * - * - * @see javax.crypto.Cipher - */ -final class PBECipherCore { - - // the encapsulated DES cipher - private CipherCore cipher; - private MessageDigest md; - private int blkSize; - private String algo = null; - private byte[] salt = null; - private int iCount = 10; - - /** - * Creates an instance of PBE Cipher using the specified CipherSpi - * instance. - * - */ - PBECipherCore(String cipherAlg) throws NoSuchAlgorithmException, - NoSuchPaddingException { - algo = cipherAlg; - if (algo.equals("DES")) { - cipher = new CipherCore(new DESCrypt(), - DESConstants.DES_BLOCK_SIZE); - } else if (algo.equals("DESede")) { - - cipher = new CipherCore(new DESedeCrypt(), - DESConstants.DES_BLOCK_SIZE); - } else { - throw new NoSuchAlgorithmException("No Cipher implementation " + - "for PBEWithMD5And" + algo); - } - cipher.setMode("CBC"); - cipher.setPadding("PKCS5Padding"); - // get instance of MD5 - md = MessageDigest.getInstance("MD5"); - } - - /** - * Sets the mode of this cipher. This algorithm can only be run in CBC - * mode. - * - * @param mode the cipher mode - * - * @exception NoSuchAlgorithmException if the requested cipher mode is - * invalid - */ - void setMode(String mode) throws NoSuchAlgorithmException { - cipher.setMode(mode); - } - - /** - * Sets the padding mechanism of this cipher. This algorithm only uses - * PKCS #5 padding. - * - * @param padding the padding mechanism - * - * @exception NoSuchPaddingException if the requested padding mechanism - * is invalid - */ - void setPadding(String paddingScheme) throws NoSuchPaddingException { - cipher.setPadding(paddingScheme); - } - - /** - * Returns the block size (in bytes). - * - * @return the block size (in bytes) - */ - int getBlockSize() { - return DESConstants.DES_BLOCK_SIZE; - } - - /** - * Returns the length in bytes that an output buffer would need to be in - * order to hold the result of the next update or - * doFinal operation, given the input length - * inputLen (in bytes). - * - *

This call takes into account any unprocessed (buffered) data from a - * previous update call, and padding. - * - *

The actual output length of the next update or - * doFinal call may be smaller than the length returned by - * this method. - * - * @param inputLen the input length (in bytes) - * - * @return the required output buffer size (in bytes) - * - */ - int getOutputSize(int inputLen) { - return cipher.getOutputSize(inputLen); - } - - /** - * Returns the initialization vector (IV) in a new buffer. - * - *

This is useful in the case where a random IV has been created - * (see init), - * or in the context of password-based encryption or - * decryption, where the IV is derived from a user-supplied password. - * - * @return the initialization vector in a new buffer, or null if the - * underlying algorithm does not use an IV, or if the IV has not yet - * been set. - */ - byte[] getIV() { - return cipher.getIV(); - } - - /** - * Returns the parameters used with this cipher. - * - *

The returned parameters may be the same that were used to initialize - * this cipher, or may contain the default set of parameters or a set of - * randomly generated parameters used by the underlying cipher - * implementation (provided that the underlying cipher implementation - * uses a default set of parameters or creates new parameters if it needs - * parameters but was not initialized with any). - * - * @return the parameters used with this cipher, or null if this cipher - * does not use any parameters. - */ - AlgorithmParameters getParameters() { - AlgorithmParameters params = null; - if (salt == null) { - salt = new byte[8]; - SunJCE.getRandom().nextBytes(salt); - } - PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount); - try { - params = AlgorithmParameters.getInstance("PBEWithMD5And" + - (algo.equalsIgnoreCase("DES")? "DES":"TripleDES"), - SunJCE.getInstance()); - params.init(pbeSpec); - } catch (NoSuchAlgorithmException nsae) { - // should never happen - throw new RuntimeException("SunJCE called, but not configured"); - } catch (InvalidParameterSpecException ipse) { - // should never happen - throw new RuntimeException("PBEParameterSpec not supported"); - } - return params; - } - - /** - * Initializes this cipher with a key, a set of - * algorithm parameters, and a source of randomness. - * The cipher is initialized for one of the following four operations: - * encryption, decryption, key wrapping or key unwrapping, depending on - * the value of opmode. - * - *

If this cipher (including its underlying feedback or padding scheme) - * requires any random bytes, it will get them from random. - * - * @param opmode the operation mode of this cipher (this is one of - * the following: - * ENCRYPT_MODE, DECRYPT_MODE), - * WRAP_MODE or UNWRAP_MODE) - * @param key the encryption key - * @param params the algorithm parameters - * @param random the source of randomness - * - * @exception InvalidKeyException if the given key is inappropriate for - * initializing this cipher - * @exception InvalidAlgorithmParameterException if the given algorithm - * parameters are inappropriate for this cipher - */ - void init(int opmode, Key key, AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException { - if (((opmode == Cipher.DECRYPT_MODE) || - (opmode == Cipher.UNWRAP_MODE)) && (params == null)) { - throw new InvalidAlgorithmParameterException("Parameters " - + "missing"); - } - if ((key == null) || - (key.getEncoded() == null) || - !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) { - throw new InvalidKeyException("Missing password"); - } - - if (params == null) { - // create random salt and use default iteration count - salt = new byte[8]; - random.nextBytes(salt); - } else { - if (!(params instanceof PBEParameterSpec)) { - throw new InvalidAlgorithmParameterException - ("Wrong parameter type: PBE expected"); - } - salt = ((PBEParameterSpec) params).getSalt(); - // salt must be 8 bytes long (by definition) - if (salt.length != 8) { - throw new InvalidAlgorithmParameterException - ("Salt must be 8 bytes long"); - } - iCount = ((PBEParameterSpec) params).getIterationCount(); - if (iCount <= 0) { - throw new InvalidAlgorithmParameterException - ("IterationCount must be a positive number"); - } - } - - byte[] derivedKey = deriveCipherKey(key); - // use all but the last 8 bytes as the key value - SecretKeySpec cipherKey = new SecretKeySpec(derivedKey, 0, - derivedKey.length-8, algo); - // use the last 8 bytes as the IV - IvParameterSpec ivSpec = new IvParameterSpec(derivedKey, - derivedKey.length-8, - 8); - // initialize the underlying cipher - cipher.init(opmode, cipherKey, ivSpec, random); - } - - private byte[] deriveCipherKey(Key key) { - - byte[] result = null; - byte[] passwdBytes = key.getEncoded(); - - if (algo.equals("DES")) { - // P || S (password concatenated with salt) - byte[] concat = new byte[passwdBytes.length + salt.length]; - System.arraycopy(passwdBytes, 0, concat, 0, passwdBytes.length); - java.util.Arrays.fill(passwdBytes, (byte)0x00); - System.arraycopy(salt, 0, concat, passwdBytes.length, salt.length); - - // digest P || S with c iterations - byte[] toBeHashed = concat; - for (int i = 0; i < iCount; i++) { - md.update(toBeHashed); - toBeHashed = md.digest(); // this resets the digest - } - java.util.Arrays.fill(concat, (byte)0x00); - result = toBeHashed; - } else if (algo.equals("DESede")) { - // if the 2 salt halves are the same, invert one of them - int i; - for (i=0; i<4; i++) { - if (salt[i] != salt[i+4]) - break; - } - if (i==4) { // same, invert 1st half - for (i=0; i<2; i++) { - byte tmp = salt[i]; - salt[i] = salt[3-i]; - salt[3-1] = tmp; - } - } - - // Now digest each half (concatenated with password). For each - // half, go through the loop as many times as specified by the - // iteration count parameter (inner for loop). - // Concatenate the output from each digest round with the - // password, and use the result as the input to the next digest - // operation. - byte[] kBytes = null; - IvParameterSpec iv = null; - byte[] toBeHashed = null; - result = new byte[DESedeKeySpec.DES_EDE_KEY_LEN + - DESConstants.DES_BLOCK_SIZE]; - for (i = 0; i < 2; i++) { - toBeHashed = new byte[salt.length/2]; - System.arraycopy(salt, i*(salt.length/2), toBeHashed, 0, - toBeHashed.length); - for (int j=0; j < iCount; j++) { - md.update(toBeHashed); - md.update(passwdBytes); - toBeHashed = md.digest(); // this resets the digest - } - System.arraycopy(toBeHashed, 0, result, i*16, - toBeHashed.length); - } - } - return result; - } - - void init(int opmode, Key key, AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException { - PBEParameterSpec pbeSpec = null; - if (params != null) { - try { - pbeSpec = params.getParameterSpec(PBEParameterSpec.class); - } catch (InvalidParameterSpecException ipse) { - throw new InvalidAlgorithmParameterException("Wrong parameter " - + "type: PBE " - + "expected"); - } - } - init(opmode, key, pbeSpec, random); - } - - /** - * Continues a multiple-part encryption or decryption operation - * (depending on how this cipher was initialized), processing another data - * part. - * - *

The first inputLen bytes in the input - * buffer, starting at inputOffset, are processed, and the - * result is stored in a new buffer. - * - * @param input the input buffer - * @param inputOffset the offset in input where the input - * starts - * @param inputLen the input length - * - * @return the new buffer with the result - * - */ - byte[] update(byte[] input, int inputOffset, int inputLen) { - return cipher.update(input, inputOffset, inputLen); - } - - /** - * Continues a multiple-part encryption or decryption operation - * (depending on how this cipher was initialized), processing another data - * part. - * - *

The first inputLen bytes in the input - * buffer, starting at inputOffset, are processed, and the - * result is stored in the output buffer, starting at - * outputOffset. - * - * @param input the input buffer - * @param inputOffset the offset in input where the input - * starts - * @param inputLen the input length - * @param output the buffer for the result - * @param outputOffset the offset in output where the result - * is stored - * - * @return the number of bytes stored in output - * - * @exception ShortBufferException if the given output buffer is too small - * to hold the result - */ - int update(byte[] input, int inputOffset, int inputLen, - byte[] output, int outputOffset) - throws ShortBufferException { - return cipher.update(input, inputOffset, inputLen, - output, outputOffset); - } - - /** - * Encrypts or decrypts data in a single-part operation, - * or finishes a multiple-part operation. - * The data is encrypted or decrypted, depending on how this cipher was - * initialized. - * - *

The first inputLen bytes in the input - * buffer, starting at inputOffset, and any input bytes that - * may have been buffered during a previous update operation, - * are processed, with padding (if requested) being applied. - * The result is stored in a new buffer. - * - *

The cipher is reset to its initial state (uninitialized) after this - * call. - * - * @param input the input buffer - * @param inputOffset the offset in input where the input - * starts - * @param inputLen the input length - * - * @return the new buffer with the result - * - * @exception IllegalBlockSizeException if this cipher is a block cipher, - * no padding has been requested (only in encryption mode), and the total - * input length of the data processed by this cipher is not a multiple of - * block size - * @exception BadPaddingException if decrypting and padding is chosen, - * but the last input data does not have proper padding bytes. - */ - byte[] doFinal(byte[] input, int inputOffset, int inputLen) - throws IllegalBlockSizeException, BadPaddingException { - return cipher.doFinal(input, inputOffset, inputLen); - } - - /** - * Encrypts or decrypts data in a single-part operation, - * or finishes a multiple-part operation. - * The data is encrypted or decrypted, depending on how this cipher was - * initialized. - * - *

The first inputLen bytes in the input - * buffer, starting at inputOffset, and any input bytes that - * may have been buffered during a previous update operation, - * are processed, with padding (if requested) being applied. - * The result is stored in the output buffer, starting at - * outputOffset. - * - *

The cipher is reset to its initial state (uninitialized) after this - * call. - * - * @param input the input buffer - * @param inputOffset the offset in input where the input - * starts - * @param inputLen the input length - * @param output the buffer for the result - * @param outputOffset the offset in output where the result - * is stored - * - * @return the number of bytes stored in output - * - * @exception IllegalBlockSizeException if this cipher is a block cipher, - * no padding has been requested (only in encryption mode), and the total - * input length of the data processed by this cipher is not a multiple of - * block size - * @exception ShortBufferException if the given output buffer is too small - * to hold the result - * @exception BadPaddingException if decrypting and padding is chosen, - * but the last input data does not have proper padding bytes. - */ - int doFinal(byte[] input, int inputOffset, int inputLen, - byte[] output, int outputOffset) - throws ShortBufferException, IllegalBlockSizeException, - BadPaddingException { - return cipher.doFinal(input, inputOffset, inputLen, - output, outputOffset); - } - - /** - * Wrap a key. - * - * @param key the key to be wrapped. - * - * @return the wrapped key. - * - * @exception IllegalBlockSizeException if this cipher is a block - * cipher, no padding has been requested, and the length of the - * encoding of the key to be wrapped is not a - * multiple of the block size. - * - * @exception InvalidKeyException if it is impossible or unsafe to - * wrap the key with this cipher (e.g., a hardware protected key is - * being passed to a software only cipher). - */ - byte[] wrap(Key key) - throws IllegalBlockSizeException, InvalidKeyException { - byte[] result = null; - - try { - byte[] encodedKey = key.getEncoded(); - if ((encodedKey == null) || (encodedKey.length == 0)) { - throw new InvalidKeyException("Cannot get an encoding of " + - "the key to be wrapped"); - } - - result = doFinal(encodedKey, 0, encodedKey.length); - } catch (BadPaddingException e) { - // Should never happen - } - - return result; - } - - /** - * Unwrap a previously wrapped key. - * - * @param wrappedKey the key to be unwrapped. - * - * @param wrappedKeyAlgorithm the algorithm the wrapped key is for. - * - * @param wrappedKeyType the type of the wrapped key. - * This is one of Cipher.SECRET_KEY, - * Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY. - * - * @return the unwrapped key. - * - * @exception NoSuchAlgorithmException if no installed providers - * can create keys of type wrappedKeyType for the - * wrappedKeyAlgorithm. - * - * @exception InvalidKeyException if wrappedKey does not - * represent a wrapped key of type wrappedKeyType for - * the wrappedKeyAlgorithm. - */ - Key unwrap(byte[] wrappedKey, - String wrappedKeyAlgorithm, - int wrappedKeyType) - throws InvalidKeyException, NoSuchAlgorithmException { - byte[] encodedKey; - try { - encodedKey = doFinal(wrappedKey, 0, wrappedKey.length); - } catch (BadPaddingException ePadding) { - throw new InvalidKeyException("The wrapped key is not padded " + - "correctly"); - } catch (IllegalBlockSizeException eBlockSize) { - throw new InvalidKeyException("The wrapped key does not have " + - "the correct length"); - } - return ConstructKeys.constructKey(encodedKey, wrappedKeyAlgorithm, - wrappedKeyType); - } -} diff --git a/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java b/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java index d5389ac40ac..c54fa2d86e5 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -260,7 +260,7 @@ final class PBES1Core { if (algo.equals("DES")) { // P || S (password concatenated with salt) - byte[] concat = new byte[passwdBytes.length + salt.length]; + byte[] concat = new byte[Math.addExact(passwdBytes.length, salt.length)]; System.arraycopy(passwdBytes, 0, concat, 0, passwdBytes.length); java.util.Arrays.fill(passwdBytes, (byte)0x00); System.arraycopy(salt, 0, concat, passwdBytes.length, salt.length); diff --git a/src/java.base/share/classes/com/sun/crypto/provider/PKCS5Padding.java b/src/java.base/share/classes/com/sun/crypto/provider/PKCS5Padding.java index ef6190e980b..191d7308eba 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/PKCS5Padding.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/PKCS5Padding.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ package com.sun.crypto.provider; import javax.crypto.ShortBufferException; +import java.util.Arrays; /** * This class implements padding as specified in the PKCS#5 standard. @@ -63,14 +64,13 @@ final class PKCS5Padding implements Padding { if (in == null) return; - if ((off + len) > in.length) { + int idx = Math.addExact(off, len); + if (idx > in.length) { throw new ShortBufferException("Buffer too small to hold padding"); } byte paddingOctet = (byte) (len & 0xff); - for (int i = 0; i < len; i++) { - in[i + off] = paddingOctet; - } + Arrays.fill(in, off, idx, paddingOctet); return; } @@ -92,25 +92,24 @@ final class PKCS5Padding implements Padding { (len == 0)) { // this can happen if input is really a padded buffer return 0; } - - byte lastByte = in[off + len - 1]; + int idx = Math.addExact(off, len); + byte lastByte = in[idx - 1]; int padValue = (int)lastByte & 0x0ff; if ((padValue < 0x01) || (padValue > blockSize)) { return -1; } - int start = off + len - ((int)lastByte & 0x0ff); + int start = idx - padValue; if (start < off) { return -1; } - for (int i = 0; i < ((int)lastByte & 0x0ff); i++) { - if (in[start+i] != lastByte) { + for (int i = start; i < idx; i++) { + if (in[i] != lastByte) { return -1; } } - return start; } From 640238256c2d9bc07059a7b81ab0b790ea51afd6 Mon Sep 17 00:00:00 2001 From: Phil Race Date: Thu, 23 Feb 2017 03:43:29 -0800 Subject: [PATCH 09/26] 8170218: Improved Font Metrics Reviewed-by: vadim, serb, mschoene --- .../native/libawt/windows/awt_Font.cpp | 29 +++++++++++++------ 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/src/java.desktop/windows/native/libawt/windows/awt_Font.cpp b/src/java.desktop/windows/native/libawt/windows/awt_Font.cpp index b7e63628c2a..dc64430b195 100644 --- a/src/java.desktop/windows/native/libawt/windows/awt_Font.cpp +++ b/src/java.desktop/windows/native/libawt/windows/awt_Font.cpp @@ -878,11 +878,16 @@ Java_sun_awt_windows_WFontMetrics_charsWidth(JNIEnv *env, jobject self, if (str == NULL) { JNU_ThrowNullPointerException(env, "str argument"); - return NULL; + return 0; } - if ((len < 0) || (off < 0) || (len + off > (env->GetArrayLength(str)))) { + if ((len < 0) || (off < 0) || (len + off < 0) || + (len + off > (env->GetArrayLength(str)))) { JNU_ThrowArrayIndexOutOfBoundsException(env, "off/len argument"); - return NULL; + return 0; + } + + if (off == env->GetArrayLength(str)) { + return 0; } jchar *strp = new jchar[len]; @@ -914,12 +919,18 @@ Java_sun_awt_windows_WFontMetrics_bytesWidth(JNIEnv *env, jobject self, if (str == NULL) { JNU_ThrowNullPointerException(env, "bytes argument"); - return NULL; + return 0; } - if ((len < 0) || (off < 0) || (len + off > (env->GetArrayLength(str)))) { + if ((len < 0) || (off < 0) || (len + off < 0) || + (len + off > (env->GetArrayLength(str)))) { JNU_ThrowArrayIndexOutOfBoundsException(env, "off or len argument"); - return NULL; + return 0; } + + if (off == env->GetArrayLength(str)) { + return 0; + } + char *pStrBody = NULL; jint result = 0; try { @@ -927,12 +938,12 @@ Java_sun_awt_windows_WFontMetrics_bytesWidth(JNIEnv *env, jobject self, AwtFont::widthsID); if (array == NULL) { JNU_ThrowNullPointerException(env, "Can't access widths array."); - return NULL; + return 0; } pStrBody = (char *)env->GetPrimitiveArrayCritical(str, 0); if (pStrBody == NULL) { JNU_ThrowNullPointerException(env, "Can't access str bytes."); - return NULL; + return 0; } char *pStr = pStrBody + off; @@ -942,7 +953,7 @@ Java_sun_awt_windows_WFontMetrics_bytesWidth(JNIEnv *env, jobject self, if (widths == NULL) { env->ReleasePrimitiveArrayCritical(str, pStrBody, 0); JNU_ThrowNullPointerException(env, "Can't access widths."); - return NULL; + return 0; } for (; len; len--) { result += widths[*pStr++]; From 547745b881ac99f2bd2c9212643c347043161605 Mon Sep 17 00:00:00 2001 From: Phil Race Date: Fri, 24 Feb 2017 05:32:16 -0800 Subject: [PATCH 10/26] 8171261: Stability fixes for lcms Reviewed-by: serb, vadim, mschoene --- src/java.desktop/share/native/liblcms/cmscgats.c | 14 +++++++++----- src/java.desktop/share/native/liblcms/cmsnamed.c | 13 ++++++++++--- src/java.desktop/share/native/liblcms/cmsopt.c | 1 + src/java.desktop/share/native/liblcms/cmstypes.c | 9 ++++++++- src/java.desktop/share/native/liblcms/lcms2.h | 2 +- 5 files changed, 29 insertions(+), 10 deletions(-) diff --git a/src/java.desktop/share/native/liblcms/cmscgats.c b/src/java.desktop/share/native/liblcms/cmscgats.c index 9e033168f81..c4f4fb5d31a 100644 --- a/src/java.desktop/share/native/liblcms/cmscgats.c +++ b/src/java.desktop/share/native/liblcms/cmscgats.c @@ -900,7 +900,7 @@ void InSymbol(cmsIT8* it8) k = 0; NextCh(it8); - while (k < MAXSTR && it8->ch != sng) { + while (k < (MAXSTR-1) && it8->ch != sng) { if (it8->ch == '\n'|| it8->ch == '\r') k = MAXSTR+1; else { @@ -2053,14 +2053,18 @@ cmsBool HeaderSection(cmsIT8* it8) static void ReadType(cmsIT8* it8, char* SheetTypePtr) { + cmsInt32Number cnt = 0; + // First line is a very special case. while (isseparator(it8->ch)) NextCh(it8); - while (it8->ch != '\r' && it8 ->ch != '\n' && it8->ch != '\t' && it8 -> ch != -1) { + while (it8->ch != '\r' && it8 ->ch != '\n' && it8->ch != '\t' && it8 -> ch != 0) { *SheetTypePtr++= (char) it8 ->ch; + if (cnt++ < MAXSTR) + *SheetTypePtr++= (char) it8 ->ch; NextCh(it8); } @@ -2253,7 +2257,7 @@ void CookPointers(cmsIT8* it8) // that should be something like some printable characters plus a \n // returns 0 if this is not like a CGATS, or an integer otherwise. This integer is the number of words in first line? static -int IsMyBlock(cmsUInt8Number* Buffer, int n) +int IsMyBlock(const cmsUInt8Number* Buffer, int n) { int words = 1, space = 0, quot = 0; int i; @@ -2317,7 +2321,7 @@ cmsBool IsMyFile(const char* FileName) // ---------------------------------------------------------- Exported routines -cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt32Number len) +cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cmsUInt32Number len) { cmsHANDLE hIT8; cmsIT8* it8; @@ -2326,7 +2330,7 @@ cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt3 _cmsAssert(Ptr != NULL); _cmsAssert(len != 0); - type = IsMyBlock((cmsUInt8Number*)Ptr, len); + type = IsMyBlock((const cmsUInt8Number*)Ptr, len); if (type == 0) return NULL; hIT8 = cmsIT8Alloc(ContextID); diff --git a/src/java.desktop/share/native/liblcms/cmsnamed.c b/src/java.desktop/share/native/liblcms/cmsnamed.c index 870936fddf6..d1edeb4ce12 100644 --- a/src/java.desktop/share/native/liblcms/cmsnamed.c +++ b/src/java.desktop/share/native/liblcms/cmsnamed.c @@ -546,7 +546,11 @@ cmsBool GrowNamedColorList(cmsNAMEDCOLORLIST* v) size = v ->Allocated * 2; // Keep a maximum color lists can grow, 100K entries seems reasonable - if (size > 1024*100) return FALSE; + if (size > 1024 * 100) { + _cmsFree(v->ContextID, (void*) v->List); + v->List = NULL; + return FALSE; + } NewPtr = (_cmsNAMEDCOLOR*) _cmsRealloc(v ->ContextID, v ->List, size * sizeof(_cmsNAMEDCOLOR)); if (NewPtr == NULL) @@ -568,8 +572,11 @@ cmsNAMEDCOLORLIST* CMSEXPORT cmsAllocNamedColorList(cmsContext ContextID, cmsUIn v ->nColors = 0; v ->ContextID = ContextID; - while (v -> Allocated < n){ - if (!GrowNamedColorList(v)) return NULL; + while (v -> Allocated < n) { + if (!GrowNamedColorList(v)) { + _cmsFree(ContextID, (void*) v); + return NULL; + } } strncpy(v ->Prefix, Prefix, sizeof(v ->Prefix)-1); diff --git a/src/java.desktop/share/native/liblcms/cmsopt.c b/src/java.desktop/share/native/liblcms/cmsopt.c index d40993b083f..a3ff2fc10e3 100644 --- a/src/java.desktop/share/native/liblcms/cmsopt.c +++ b/src/java.desktop/share/native/liblcms/cmsopt.c @@ -1483,6 +1483,7 @@ cmsBool OptimizeByJoiningCurves(cmsPipeline** Lut, cmsUInt32Number Intent, cmsUI // LUT optimizes to nothing. Set the identity LUT cmsStageFree(ObtainedCurves); + ObtainedCurves = NULL; if (!cmsPipelineInsertStage(Dest, cmsAT_BEGIN, cmsStageAllocIdentity(Dest ->ContextID, Src ->InputChannels))) goto Error; diff --git a/src/java.desktop/share/native/liblcms/cmstypes.c b/src/java.desktop/share/native/liblcms/cmstypes.c index 3f8999f23f6..61ea3a631e5 100644 --- a/src/java.desktop/share/native/liblcms/cmstypes.c +++ b/src/java.desktop/share/native/liblcms/cmstypes.c @@ -4460,7 +4460,8 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU NewLUT = cmsPipelineAlloc(self ->ContextID, InputChans, OutputChans); if (NewLUT == NULL) return NULL; - if (!_cmsReadUInt32Number(io, &ElementCount)) return NULL; + if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error; + if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error; if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) { if (NewLUT != NULL) cmsPipelineFree(NewLUT); @@ -4472,6 +4473,12 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU *nItems = 1; return NewLUT; + // Error +Error: + if (NewLUT != NULL) cmsPipelineFree(NewLUT); + *nItems = 0; + return NULL; + cmsUNUSED_PARAMETER(SizeOfTag); } diff --git a/src/java.desktop/share/native/liblcms/lcms2.h b/src/java.desktop/share/native/liblcms/lcms2.h index 9f148e54d1b..cbca89421a5 100644 --- a/src/java.desktop/share/native/liblcms/lcms2.h +++ b/src/java.desktop/share/native/liblcms/lcms2.h @@ -1836,7 +1836,7 @@ CMSAPI cmsInt32Number CMSEXPORT cmsIT8SetTable(cmsHANDLE hIT8, cmsUInt32Number // Persistence CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromFile(cmsContext ContextID, const char* cFileName); -CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, void *Ptr, cmsUInt32Number len); +CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromMem(cmsContext ContextID, const void *Ptr, cmsUInt32Number len); // CMSAPI cmsHANDLE CMSEXPORT cmsIT8LoadFromIOhandler(cmsContext ContextID, cmsIOHANDLER* io); CMSAPI cmsBool CMSEXPORT cmsIT8SaveToFile(cmsHANDLE hIT8, const char* cFileName); From f92a0509486e185f11a411399285a12e2fca3989 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Wed, 15 Mar 2017 22:27:12 +0800 Subject: [PATCH 11/26] 8175940: More certificate subject checking Reviewed-by: ahgross, mullan --- .../classes/sun/security/x509/DNSName.java | 64 +++++++++++-------- 1 file changed, 39 insertions(+), 25 deletions(-) diff --git a/src/java.base/share/classes/sun/security/x509/DNSName.java b/src/java.base/share/classes/sun/security/x509/DNSName.java index c9aa54aa73e..181e45a4c2d 100644 --- a/src/java.base/share/classes/sun/security/x509/DNSName.java +++ b/src/java.base/share/classes/sun/security/x509/DNSName.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -194,31 +194,45 @@ public class DNSName implements GeneralNameInterface { */ public int constrains(GeneralNameInterface inputName) throws UnsupportedOperationException { int constraintType; - if (inputName == null) - constraintType = NAME_DIFF_TYPE; - else if (inputName.getType() != NAME_DNS) - constraintType = NAME_DIFF_TYPE; - else { - String inName = - (((DNSName)inputName).getName()).toLowerCase(Locale.ENGLISH); - String thisName = name.toLowerCase(Locale.ENGLISH); - if (inName.equals(thisName)) - constraintType = NAME_MATCH; - else if (thisName.endsWith(inName)) { - int inNdx = thisName.lastIndexOf(inName); - if (thisName.charAt(inNdx-1) == '.' ) - constraintType = NAME_WIDENS; - else - constraintType = NAME_SAME_TYPE; - } else if (inName.endsWith(thisName)) { - int ndx = inName.lastIndexOf(thisName); - if (inName.charAt(ndx-1) == '.' ) - constraintType = NAME_NARROWS; - else - constraintType = NAME_SAME_TYPE; - } else { + if (inputName == null) { + return NAME_DIFF_TYPE; + } + String inName; + switch (inputName.getType()) { + case NAME_DNS: + inName = ((DNSName)inputName).getName(); + break; + case NAME_DIRECTORY: + try { + inName = ((X500Name) inputName).getCommonName(); + if (inName == null) { + return NAME_DIFF_TYPE; + } + } catch (IOException ioe) { + return NAME_DIFF_TYPE; + } + break; + default: + return NAME_DIFF_TYPE; + } + inName = inName.toLowerCase(Locale.ENGLISH); + String thisName = name.toLowerCase(Locale.ENGLISH); + if (inName.equals(thisName)) + constraintType = NAME_MATCH; + else if (thisName.endsWith(inName)) { + int inNdx = thisName.lastIndexOf(inName); + if (thisName.charAt(inNdx-1) == '.' ) + constraintType = NAME_WIDENS; + else constraintType = NAME_SAME_TYPE; - } + } else if (inName.endsWith(thisName)) { + int ndx = inName.lastIndexOf(thisName); + if (inName.charAt(ndx-1) == '.' ) + constraintType = NAME_NARROWS; + else + constraintType = NAME_SAME_TYPE; + } else { + constraintType = NAME_SAME_TYPE; } return constraintType; } From c8812e460aef351789bbf74903c899f265f46c0a Mon Sep 17 00:00:00 2001 From: Daniel Fuchs Date: Thu, 23 Mar 2017 15:07:26 +0000 Subject: [PATCH 12/26] 8176751: Better URL connections Reviewed-by: chegar, michaelm, rhalade, rpatil, vtewari --- .../https/HttpsURLConnectionOldImpl.java | 11 +++++++- .../www/protocol/http/HttpURLConnection.java | 28 +++++++++++++++---- .../https/HttpsURLConnectionImpl.java | 11 +++++++- 3 files changed, 43 insertions(+), 7 deletions(-) diff --git a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java b/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java index fc9f7ce861b..eb7c11b21f9 100644 --- a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java +++ b/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java @@ -38,6 +38,7 @@ package com.sun.net.ssl.internal.www.protocol.https; import java.net.URL; import java.net.Proxy; import java.net.ProtocolException; +import java.net.MalformedURLException; import java.io.*; import java.net.Authenticator; import javax.net.ssl.*; @@ -78,10 +79,18 @@ public class HttpsURLConnectionOldImpl this(u, null, handler); } + static URL checkURL(URL u) throws IOException { + if (u != null) { + if (u.toExternalForm().indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in URL"); + } + } + return u; + } // For both copies of the file, uncomment one line and comment the other // HttpsURLConnectionImpl(URL u, Handler handler) throws IOException { HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException { - super(u); + super(checkURL(u)); delegate = new DelegateHttpsURLConnection(url, p, handler, this); } diff --git a/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java index 5e23b043a69..17e158541cc 100644 --- a/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +++ b/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java @@ -843,18 +843,36 @@ public class HttpURLConnection extends java.net.HttpURLConnection { this(u, null, handler); } - public HttpURLConnection(URL u, String host, int port) { - this(u, new Proxy(Proxy.Type.HTTP, InetSocketAddress.createUnresolved(host, port))); + private static String checkHost(String h) throws IOException { + if (h != null) { + if (h.indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in host"); + } + } + return h; + } + public HttpURLConnection(URL u, String host, int port) throws IOException { + this(u, new Proxy(Proxy.Type.HTTP, + InetSocketAddress.createUnresolved(checkHost(host), port))); } /** this constructor is used by other protocol handlers such as ftp that want to use http to fetch urls on their behalf.*/ - public HttpURLConnection(URL u, Proxy p) { + public HttpURLConnection(URL u, Proxy p) throws IOException { this(u, p, new Handler()); } - protected HttpURLConnection(URL u, Proxy p, Handler handler) { - super(u); + private static URL checkURL(URL u) throws IOException { + if (u != null) { + if (u.toExternalForm().indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in URL"); + } + } + return u; + } + protected HttpURLConnection(URL u, Proxy p, Handler handler) + throws IOException { + super(checkURL(u)); requests = new MessageHeader(); responses = new MessageHeader(); userHeaders = new MessageHeader(); diff --git a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java index 792af78675c..8b49800c78b 100644 --- a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java +++ b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java @@ -38,6 +38,7 @@ package sun.net.www.protocol.https; import java.net.URL; import java.net.Proxy; import java.net.ProtocolException; +import java.net.MalformedURLException; import java.io.*; import java.net.Authenticator; import javax.net.ssl.*; @@ -80,10 +81,18 @@ public class HttpsURLConnectionImpl this(u, null, handler); } + static URL checkURL(URL u) throws IOException { + if (u != null) { + if (u.toExternalForm().indexOf('\n') > -1) { + throw new MalformedURLException("Illegal character in URL"); + } + } + return u; + } // For both copies of the file, uncomment one line and comment the other HttpsURLConnectionImpl(URL u, Proxy p, Handler handler) throws IOException { // HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException { - super(u); + super(checkURL(u)); delegate = new DelegateHttpsURLConnection(url, p, handler, this); } From 8c6afbd3da945e8abbd0b3837b6af7f19a5cbb06 Mon Sep 17 00:00:00 2001 From: Stuart Marks Date: Tue, 28 Mar 2017 12:10:20 -0700 Subject: [PATCH 13/26] 8174966: Unreferenced references Reviewed-by: rriggs, skoivu, rhalade, robm --- .../classes/sun/rmi/transport/Target.java | 33 +++++++------------ 1 file changed, 11 insertions(+), 22 deletions(-) diff --git a/src/java.rmi/share/classes/sun/rmi/transport/Target.java b/src/java.rmi/share/classes/sun/rmi/transport/Target.java index 82c849e2696..e9150ed62aa 100644 --- a/src/java.rmi/share/classes/sun/rmi/transport/Target.java +++ b/src/java.rmi/share/classes/sun/rmi/transport/Target.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,6 +31,7 @@ import java.rmi.server.ObjID; import java.rmi.server.Unreferenced; import java.security.AccessControlContext; import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.*; import sun.rmi.runtime.Log; import sun.rmi.runtime.NewThreadAction; @@ -322,27 +323,15 @@ public final class Target { Remote obj = getImpl(); if (obj instanceof Unreferenced) { final Unreferenced unrefObj = (Unreferenced) obj; - final Thread t = - java.security.AccessController.doPrivileged( - new NewThreadAction(new Runnable() { - public void run() { - unrefObj.unreferenced(); - } - }, "Unreferenced-" + nextThreadNum++, false, true)); - // REMIND: access to nextThreadNum not synchronized; you care? - /* - * We must manually set the context class loader appropriately - * for threads that may invoke user code (see bugid 4171278). - */ - java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { - public Void run() { - t.setContextClassLoader(ccl); - return null; - } - }); - - t.start(); + AccessController.doPrivileged( + new NewThreadAction(() -> { + Thread.currentThread().setContextClassLoader(ccl); + AccessController.doPrivileged((PrivilegedAction) () -> { + unrefObj.unreferenced(); + return null; + }, acc); + }, "Unreferenced-" + nextThreadNum++, false, true)).start(); + // REMIND: access to nextThreadNum not synchronized; you care? } unpinImpl(); From e7fdfdb7e7646c58290e3047a2837f8ca99c87ad Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Thu, 18 May 2017 08:52:50 +0800 Subject: [PATCH 14/26] 8178714: PKIX validator nameConstraints check failing after change 8175940 Reviewed-by: mullan, ahgross --- .../classes/sun/security/x509/DNSName.java | 64 +++++-------- .../x509/NameConstraintsExtension.java | 93 +++++++++++-------- 2 files changed, 81 insertions(+), 76 deletions(-) diff --git a/src/java.base/share/classes/sun/security/x509/DNSName.java b/src/java.base/share/classes/sun/security/x509/DNSName.java index 181e45a4c2d..c9aa54aa73e 100644 --- a/src/java.base/share/classes/sun/security/x509/DNSName.java +++ b/src/java.base/share/classes/sun/security/x509/DNSName.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -194,45 +194,31 @@ public class DNSName implements GeneralNameInterface { */ public int constrains(GeneralNameInterface inputName) throws UnsupportedOperationException { int constraintType; - if (inputName == null) { - return NAME_DIFF_TYPE; - } - String inName; - switch (inputName.getType()) { - case NAME_DNS: - inName = ((DNSName)inputName).getName(); - break; - case NAME_DIRECTORY: - try { - inName = ((X500Name) inputName).getCommonName(); - if (inName == null) { - return NAME_DIFF_TYPE; - } - } catch (IOException ioe) { - return NAME_DIFF_TYPE; - } - break; - default: - return NAME_DIFF_TYPE; - } - inName = inName.toLowerCase(Locale.ENGLISH); - String thisName = name.toLowerCase(Locale.ENGLISH); - if (inName.equals(thisName)) - constraintType = NAME_MATCH; - else if (thisName.endsWith(inName)) { - int inNdx = thisName.lastIndexOf(inName); - if (thisName.charAt(inNdx-1) == '.' ) - constraintType = NAME_WIDENS; - else + if (inputName == null) + constraintType = NAME_DIFF_TYPE; + else if (inputName.getType() != NAME_DNS) + constraintType = NAME_DIFF_TYPE; + else { + String inName = + (((DNSName)inputName).getName()).toLowerCase(Locale.ENGLISH); + String thisName = name.toLowerCase(Locale.ENGLISH); + if (inName.equals(thisName)) + constraintType = NAME_MATCH; + else if (thisName.endsWith(inName)) { + int inNdx = thisName.lastIndexOf(inName); + if (thisName.charAt(inNdx-1) == '.' ) + constraintType = NAME_WIDENS; + else + constraintType = NAME_SAME_TYPE; + } else if (inName.endsWith(thisName)) { + int ndx = inName.lastIndexOf(thisName); + if (inName.charAt(ndx-1) == '.' ) + constraintType = NAME_NARROWS; + else + constraintType = NAME_SAME_TYPE; + } else { constraintType = NAME_SAME_TYPE; - } else if (inName.endsWith(thisName)) { - int ndx = inName.lastIndexOf(thisName); - if (inName.charAt(ndx-1) == '.' ) - constraintType = NAME_NARROWS; - else - constraintType = NAME_SAME_TYPE; - } else { - constraintType = NAME_SAME_TYPE; + } } return constraintType; } diff --git a/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java b/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java index eafe3eefe78..88f787e0704 100644 --- a/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java +++ b/src/java.base/share/classes/sun/security/x509/NameConstraintsExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,6 +33,7 @@ import java.util.*; import javax.security.auth.x500.X500Principal; +import sun.net.util.IPAddressUtil; import sun.security.util.*; import sun.security.pkcs.PKCS9Attribute; @@ -440,6 +441,7 @@ implements CertAttrSet, Cloneable { X500Principal subjectPrincipal = cert.getSubjectX500Principal(); X500Name subject = X500Name.asX500Name(subjectPrincipal); + // Check subject as an X500Name if (subject.isEmpty() == false) { if (verify(subject) == false) { return false; @@ -465,12 +467,51 @@ implements CertAttrSet, Cloneable { "certificate: " + ce.getMessage()); } - // If there are no subjectAlternativeNames, perform the special-case - // check where if the subjectName contains any EMAILADDRESS - // attributes, they must be checked against RFC822 constraints. - // If that passes, we're fine. if (altNames == null) { - return verifyRFC822SpecialCase(subject); + altNames = new GeneralNames(); + + // RFC 5280 4.2.1.10: + // When constraints are imposed on the rfc822Name name form, + // but the certificate does not include a subject alternative name, + // the rfc822Name constraint MUST be applied to the attribute of + // type emailAddress in the subject distinguished name. + for (AVA ava : subject.allAvas()) { + ObjectIdentifier attrOID = ava.getObjectIdentifier(); + if (attrOID.equals(PKCS9Attribute.EMAIL_ADDRESS_OID)) { + String attrValue = ava.getValueString(); + if (attrValue != null) { + try { + altNames.add(new GeneralName( + new RFC822Name(attrValue))); + } catch (IOException ioe) { + continue; + } + } + } + } + } + + // If there is no IPAddressName or DNSName in subjectAlternativeNames, + // see if the last CN inside subjectName can be used instead. + DerValue derValue = subject.findMostSpecificAttribute + (X500Name.commonName_oid); + String cn = derValue == null ? null : derValue.getAsString(); + + if (cn != null) { + try { + if (IPAddressUtil.isIPv4LiteralAddress(cn) || + IPAddressUtil.isIPv6LiteralAddress(cn)) { + if (!hasNameType(altNames, GeneralNameInterface.NAME_IP)) { + altNames.add(new GeneralName(new IPAddressName(cn))); + } + } else { + if (!hasNameType(altNames, GeneralNameInterface.NAME_DNS)) { + altNames.add(new GeneralName(new DNSName(cn))); + } + } + } catch (IOException ioe) { + // OK, cn is neither IP nor DNS + } } // verify each subjectAltName @@ -485,6 +526,15 @@ implements CertAttrSet, Cloneable { return true; } + private static boolean hasNameType(GeneralNames names, int type) { + for (GeneralName name : names.names()) { + if (name.getType() == type) { + return true; + } + } + return false; + } + /** * check whether a name conforms to these NameConstraints. * This involves verifying that the name is consistent with the @@ -566,37 +616,6 @@ implements CertAttrSet, Cloneable { return true; } - /** - * Perform the RFC 822 special case check. We have a certificate - * that does not contain any subject alternative names. Check that - * any EMAILADDRESS attributes in its subject name conform to these - * NameConstraints. - * - * @param subject the certificate's subject name - * @return true if certificate verifies successfully - * @throws IOException on error - */ - public boolean verifyRFC822SpecialCase(X500Name subject) throws IOException { - for (AVA ava : subject.allAvas()) { - ObjectIdentifier attrOID = ava.getObjectIdentifier(); - if (attrOID.equals(PKCS9Attribute.EMAIL_ADDRESS_OID)) { - String attrValue = ava.getValueString(); - if (attrValue != null) { - RFC822Name emailName; - try { - emailName = new RFC822Name(attrValue); - } catch (IOException ioe) { - continue; - } - if (!verify(emailName)) { - return(false); - } - } - } - } - return true; - } - /** * Clone all objects that may be modified during certificate validation. */ From 89b8d98d1962c32a3e28e705be87eea40f2f438d Mon Sep 17 00:00:00 2001 From: Naoto Sato Date: Thu, 15 Jun 2017 09:57:15 -0700 Subject: [PATCH 15/26] 8181323: Better timezone processing Reviewed-by: rriggs --- .../classes/java/util/SimpleTimeZone.java | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/src/java.base/share/classes/java/util/SimpleTimeZone.java b/src/java.base/share/classes/java/util/SimpleTimeZone.java index d7555a0db0c..7ed6e71753f 100644 --- a/src/java.base/share/classes/java/util/SimpleTimeZone.java +++ b/src/java.base/share/classes/java/util/SimpleTimeZone.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,6 +41,7 @@ package java.util; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.IOException; +import java.io.InvalidObjectException; import sun.util.calendar.CalendarSystem; import sun.util.calendar.CalendarUtils; import sun.util.calendar.BaseCalendar; @@ -1278,6 +1279,9 @@ public class SimpleTimeZone extends TimeZone { */ private int serialVersionOnStream = currentSerialVersion; + // Maximum number of rules. + private static final int MAX_RULE_NUM = 6; + private synchronized void invalidateCache() { cacheYear = startYear - 1; cacheStart = cacheEnd = 0; @@ -1569,7 +1573,7 @@ public class SimpleTimeZone extends TimeZone { */ private byte[] packRules() { - byte[] rules = new byte[6]; + byte[] rules = new byte[MAX_RULE_NUM]; rules[0] = (byte)startDay; rules[1] = (byte)startDayOfWeek; rules[2] = (byte)endDay; @@ -1594,7 +1598,7 @@ public class SimpleTimeZone extends TimeZone { endDayOfWeek = rules[3]; // As of serial version 2, include time modes - if (rules.length >= 6) { + if (rules.length >= MAX_RULE_NUM) { startTimeMode = rules[4]; endTimeMode = rules[5]; } @@ -1691,9 +1695,13 @@ public class SimpleTimeZone extends TimeZone { // store the actual rules (which have not be made compatible with 1.1) // in the optional area. Read them in here and parse them. int length = stream.readInt(); - byte[] rules = new byte[length]; - stream.readFully(rules); - unpackRules(rules); + if (length <= MAX_RULE_NUM) { + byte[] rules = new byte[length]; + stream.readFully(rules); + unpackRules(rules); + } else { + throw new InvalidObjectException("Too many rules: " + length); + } } if (serialVersionOnStream >= 2) { From 74b07b599ee8e848211fe87bb71461b1b526c36b Mon Sep 17 00:00:00 2001 From: Roger Riggs Date: Mon, 19 Jun 2017 17:38:33 -0400 Subject: [PATCH 16/26] 8181597: Process Proxy presentation Reviewed-by: dfuchs, ahgross, rhalade, skoivu --- src/java.base/share/classes/java/io/ObjectInputStream.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/java.base/share/classes/java/io/ObjectInputStream.java b/src/java.base/share/classes/java/io/ObjectInputStream.java index bffc5a81ee8..11e33b4e5d2 100644 --- a/src/java.base/share/classes/java/io/ObjectInputStream.java +++ b/src/java.base/share/classes/java/io/ObjectInputStream.java @@ -1770,6 +1770,10 @@ public class ObjectInputStream passHandle = NULL_HANDLE; int numIfaces = bin.readInt(); + if (numIfaces > 65535) { + throw new InvalidObjectException("interface limit exceeded: " + + numIfaces); + } String[] ifaces = new String[numIfaces]; for (int i = 0; i < numIfaces; i++) { ifaces[i] = bin.readUTF(); From e4945e6c6677eaa271770a7d38dae8d679ce132b Mon Sep 17 00:00:00 2001 From: Vinnie Ryan Date: Wed, 28 Jun 2017 16:52:36 +0100 Subject: [PATCH 17/26] 8181370: Better keystore handling Reviewed-by: weijun, igerasim --- .../com/sun/crypto/provider/JceKeyStore.java | 44 ++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java b/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java index ccf49b7a802..f3190b39a29 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/JceKeyStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,12 +27,14 @@ package com.sun.crypto.provider; import java.io.*; import java.util.*; +import java.security.AccessController; import java.security.DigestInputStream; import java.security.DigestOutputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.Key; import java.security.PrivateKey; +import java.security.PrivilegedAction; import java.security.KeyStoreSpi; import java.security.KeyStoreException; import java.security.UnrecoverableKeyException; @@ -835,11 +837,21 @@ public final class JceKeyStore extends KeyStoreSpi { // read the sealed key try { ois = new ObjectInputStream(dis); + final ObjectInputStream ois2 = ois; + // Set a deserialization checker + AccessController.doPrivileged( + (PrivilegedAction)() -> { + ois2.setObjectInputFilter( + new DeserializationChecker()); + return null; + }); entry.sealedKey = (SealedObject)ois.readObject(); // NOTE: don't close ois here since we are still // using dis!!! } catch (ClassNotFoundException cnfe) { throw new IOException(cnfe.getMessage()); + } catch (InvalidClassException ice) { + throw new IOException("Invalid secret key format"); } // Add the entry to the list @@ -916,4 +928,34 @@ public final class JceKeyStore extends KeyStoreSpi { return JCEKS_MAGIC == dataStream.readInt(); } + + /* + * An ObjectInputFilter that checks the format of the secret key being + * deserialized. + */ + private static class DeserializationChecker implements ObjectInputFilter { + private static final int MAX_NESTED_DEPTH = 2; + + @Override + public ObjectInputFilter.Status + checkInput(ObjectInputFilter.FilterInfo info) { + + // First run a custom filter + long nestedDepth = info.depth(); + if ((nestedDepth == 1 && + info.serialClass() != SealedObjectForKeyProtector.class) || + nestedDepth > MAX_NESTED_DEPTH) { + return Status.REJECTED; + } + + // Next run the default filter, if available + ObjectInputFilter defaultFilter = + ObjectInputFilter.Config.getSerialFilter(); + if (defaultFilter != null) { + return defaultFilter.checkInput(info); + } + + return Status.UNDECIDED; + } + } } From 47efefa42ffd0b7629b2346da84e15cb4c92d426 Mon Sep 17 00:00:00 2001 From: Vinnie Ryan Date: Wed, 5 Jul 2017 17:27:46 +0100 Subject: [PATCH 18/26] 8181692: Update storage implementations Reviewed-by: weijun, igerasim --- .../com/sun/crypto/provider/KeyProtector.java | 21 ++- .../com/sun/crypto/provider/PBES1Core.java | 2 +- .../sun/security/pkcs12/PKCS12KeyStore.java | 125 ++++++++++++------ 3 files changed, 106 insertions(+), 42 deletions(-) diff --git a/src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java b/src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java index 53fea3053cc..823d7bdb8d1 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,6 +38,7 @@ import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.UnrecoverableKeyException; import java.security.AlgorithmParameters; +import java.security.spec.InvalidParameterSpecException; import java.security.spec.PKCS8EncodedKeySpec; import javax.crypto.Cipher; @@ -74,6 +75,8 @@ final class KeyProtector { // keys in the keystore implementation that comes with JDK 1.2) private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1"; + private static final int MAX_ITERATION_COUNT = 5000000; + private static final int ITERATION_COUNT = 200000; private static final int SALT_LEN = 20; // the salt length private static final int DIGEST_LEN = 20; @@ -100,7 +103,7 @@ final class KeyProtector { SunJCE.getRandom().nextBytes(salt); // create PBE parameters from salt and iteration count - PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20); + PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT); // create PBE key from password PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password); @@ -155,6 +158,9 @@ final class KeyProtector { pbeParams.init(encodedParams); PBEParameterSpec pbeSpec = pbeParams.getParameterSpec(PBEParameterSpec.class); + if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) { + throw new IOException("PBE iteration count too large"); + } // create PBE key from password PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password); @@ -285,7 +291,7 @@ final class KeyProtector { SunJCE.getRandom().nextBytes(salt); // create PBE parameters from salt and iteration count - PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20); + PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT); // create PBE key from password PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password); @@ -326,6 +332,15 @@ final class KeyProtector { throw new UnrecoverableKeyException("Cannot get " + "algorithm parameters"); } + PBEParameterSpec pbeSpec; + try { + pbeSpec = params.getParameterSpec(PBEParameterSpec.class); + } catch (InvalidParameterSpecException ipse) { + throw new IOException("Invalid PBE algorithm parameters"); + } + if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) { + throw new IOException("PBE iteration count too large"); + } PBEWithMD5AndTripleDESCipher cipherSpi; cipherSpi = new PBEWithMD5AndTripleDESCipher(); Cipher cipher = new CipherForKeyProtector(cipherSpi, diff --git a/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java b/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java index c54fa2d86e5..86ea35c8b01 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java @@ -284,7 +284,7 @@ final class PBES1Core { for (i=0; i<2; i++) { byte tmp = salt[i]; salt[i] = salt[3-i]; - salt[3-1] = tmp; + salt[3-i] = tmp; } } diff --git a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java index 9c0e0b7dc05..23f8df52e30 100644 --- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java +++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java @@ -46,6 +46,7 @@ import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.cert.CertificateException; import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; import java.security.spec.KeySpec; import java.security.spec.PKCS8EncodedKeySpec; import java.util.*; @@ -147,6 +148,11 @@ public final class PKCS12KeyStore extends KeyStoreSpi { "keystore.PKCS12.keyProtectionAlgorithm" }; + private static final int MAX_ITERATION_COUNT = 5000000; + private static final int PBE_ITERATION_COUNT = 50000; // default + private static final int MAC_ITERATION_COUNT = 100000; // default + private static final int SALT_LEN = 20; + // friendlyName, localKeyId, trustedKeyUsage private static final String[] CORE_ATTRIBUTES = { "1.2.840.113549.1.9.20", @@ -192,8 +198,6 @@ public final class PKCS12KeyStore extends KeyStoreSpi { private static ObjectIdentifier[] AnyUsage; private int counter = 0; - private static final int iterationCount = 1024; - private static final int SALT_LEN = 20; // private key count // Note: This is a workaround to allow null localKeyID attribute @@ -327,6 +331,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { byte[] encryptedKey; AlgorithmParameters algParams; ObjectIdentifier algOid; + try { // get the encrypted private key EncryptedPrivateKeyInfo encrInfo = @@ -347,7 +352,24 @@ public final class PKCS12KeyStore extends KeyStoreSpi { throw uke; } - try { + try { + PBEParameterSpec pbeSpec; + int ic = 0; + + if (algParams != null) { + try { + pbeSpec = + algParams.getParameterSpec(PBEParameterSpec.class); + } catch (InvalidParameterSpecException ipse) { + throw new IOException("Invalid PBE algorithm parameters"); + } + ic = pbeSpec.getIterationCount(); + + if (ic > MAX_ITERATION_COUNT) { + throw new IOException("PBE iteration count too large"); + } + } + byte[] keyInfo; while (true) { try { @@ -387,9 +409,10 @@ public final class PKCS12KeyStore extends KeyStoreSpi { key = kfac.generatePrivate(kspec); if (debug != null) { - debug.println("Retrieved a protected private key (" + - key.getClass().getName() + ") at alias '" + alias + - "'"); + debug.println("Retrieved a protected private key at alias" + + " '" + alias + "' (" + + new AlgorithmId(algOid).getName() + + " iterations: " + ic + ")"); } // decode secret key @@ -410,9 +433,10 @@ public final class PKCS12KeyStore extends KeyStoreSpi { } if (debug != null) { - debug.println("Retrieved a protected secret key (" + - key.getClass().getName() + ") at alias '" + alias + - "'"); + debug.println("Retrieved a protected secret key at alias " + + "'" + alias + "' (" + + new AlgorithmId(algOid).getName() + + " iterations: " + ic + ")"); } } } catch (Exception e) { @@ -590,9 +614,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi { (key.getFormat().equals("PKCS8"))) { if (debug != null) { - debug.println("Setting a protected private key (" + - key.getClass().getName() + ") at alias '" + alias + - "'"); + debug.println( + "Setting a protected private key at alias '" + + alias + "'"); } // Encrypt the private key @@ -638,9 +662,8 @@ public final class PKCS12KeyStore extends KeyStoreSpi { encryptPrivateKey(pkcs8.toByteArray(), passwordProtection); if (debug != null) { - debug.println("Setting a protected secret key (" + - key.getClass().getName() + ") at alias '" + alias + - "'"); + debug.println("Setting a protected secret key at alias '" + + alias + "'"); } secretKeyCount++; entry = keyEntry; @@ -761,19 +784,19 @@ public final class PKCS12KeyStore extends KeyStoreSpi { /* * Generate PBE Algorithm Parameters */ - private AlgorithmParameters getAlgorithmParameters(String algorithm) + private AlgorithmParameters getPBEAlgorithmParameters(String algorithm) throws IOException { AlgorithmParameters algParams = null; // create PBE parameters from salt and iteration count PBEParameterSpec paramSpec = - new PBEParameterSpec(getSalt(), iterationCount); + new PBEParameterSpec(getSalt(), PBE_ITERATION_COUNT); try { algParams = AlgorithmParameters.getInstance(algorithm); algParams.init(paramSpec); } catch (Exception e) { - throw new IOException("getAlgorithmParameters failed: " + + throw new IOException("getPBEAlgorithmParameters failed: " + e.getMessage(), e); } return algParams; @@ -859,7 +882,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { algParams = AlgorithmParameters.getInstance(algorithm); algParams.init(algParamSpec); } else { - algParams = getAlgorithmParameters(algorithm); + algParams = getPBEAlgorithmParameters(algorithm); } } else { // Check default key protection algorithm for PKCS12 keystores @@ -879,7 +902,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { if (algorithm == null || algorithm.isEmpty()) { algorithm = "PBEWithSHA1AndDESede"; } - algParams = getAlgorithmParameters(algorithm); + algParams = getPBEAlgorithmParameters(algorithm); } ObjectIdentifier pbeOID = mapPBEAlgorithmToOID(algorithm); @@ -1194,7 +1217,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { if (debug != null) { debug.println("Storing " + (privateKeyCount + secretKeyCount) + - " protected key(s) in a PKCS#7 data content-type"); + " protected key(s) in a PKCS#7 data"); } byte[] safeContentData = createSafeContent(); @@ -1207,7 +1230,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { if (debug != null) { debug.println("Storing " + certificateCount + - " certificate(s) in a PKCS#7 encryptedData content-type"); + " certificate(s) in a PKCS#7 encryptedData"); } byte[] encrData = createEncryptedData(password); @@ -1478,7 +1501,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { // generate MAC (MAC key is generated within JCE) Mac m = Mac.getInstance("HmacPBESHA1"); PBEParameterSpec params = - new PBEParameterSpec(salt, iterationCount); + new PBEParameterSpec(salt, MAC_ITERATION_COUNT); SecretKey key = getPBEKey(passwd); m.init(key, params); m.update(data); @@ -1486,7 +1509,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { // encode as MacData MacData macData = new MacData(algName, macResult, salt, - iterationCount); + MAC_ITERATION_COUNT); DerOutputStream bytes = new DerOutputStream(); bytes.write(macData.getEncoded()); mData = bytes.toByteArray(); @@ -1878,7 +1901,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { // create AlgorithmParameters AlgorithmParameters algParams = - getAlgorithmParameters("PBEWithSHA1AndRC2_40"); + getPBEAlgorithmParameters("PBEWithSHA1AndRC2_40"); DerOutputStream bytes = new DerOutputStream(); AlgorithmId algId = new AlgorithmId(pbeWithSHAAnd40BitRC2CBC_OID, algParams); @@ -1998,7 +2021,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { if (contentType.equals(ContentInfo.DATA_OID)) { if (debug != null) { - debug.println("Loading PKCS#7 data content-type"); + debug.println("Loading PKCS#7 data"); } safeContentsData = safeContents.getData(); @@ -2007,15 +2030,11 @@ public final class PKCS12KeyStore extends KeyStoreSpi { if (debug != null) { debug.println("Warning: skipping PKCS#7 encryptedData" + - " content-type - no password was supplied"); + " - no password was supplied"); } continue; } - if (debug != null) { - debug.println("Loading PKCS#7 encryptedData content-type"); - } - DerInputStream edi = safeContents.getContent().toDerInputStream(); int edVersion = edi.getInteger(); @@ -2036,6 +2055,30 @@ public final class PKCS12KeyStore extends KeyStoreSpi { ObjectIdentifier algOid = in.getOID(); AlgorithmParameters algParams = parseAlgParameters(algOid, in); + PBEParameterSpec pbeSpec; + int ic = 0; + + if (algParams != null) { + try { + pbeSpec = + algParams.getParameterSpec(PBEParameterSpec.class); + } catch (InvalidParameterSpecException ipse) { + throw new IOException( + "Invalid PBE algorithm parameters"); + } + ic = pbeSpec.getIterationCount(); + + if (ic > MAX_ITERATION_COUNT) { + throw new IOException("PBE iteration count too large"); + } + } + + if (debug != null) { + debug.println("Loading PKCS#7 encryptedData " + + "(" + new AlgorithmId(algOid).getName() + + " iterations: " + ic + ")"); + } + while (true) { try { // Use JCE @@ -2066,8 +2109,15 @@ public final class PKCS12KeyStore extends KeyStoreSpi { // The MacData is optional. if (password != null && s.available() > 0) { - MacData macData = new MacData(s); - try { + MacData macData = new MacData(s); + int ic = macData.getIterations(); + + try { + if (ic > MAX_ITERATION_COUNT) { + throw new InvalidAlgorithmParameterException( + "MAC iteration count too large: " + ic); + } + String algName = macData.getDigestAlgName().toUpperCase(Locale.ENGLISH); @@ -2077,8 +2127,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi { // generate MAC (MAC key is created within JCE) Mac m = Mac.getInstance("HmacPBE" + algName); PBEParameterSpec params = - new PBEParameterSpec(macData.getSalt(), - macData.getIterations()); + new PBEParameterSpec(macData.getSalt(), ic); SecretKey key = getPBEKey(password); m.init(key, params); m.update(authSafeData); @@ -2086,16 +2135,16 @@ public final class PKCS12KeyStore extends KeyStoreSpi { if (debug != null) { debug.println("Checking keystore integrity " + - "(MAC algorithm: " + m.getAlgorithm() + ")"); + "(" + m.getAlgorithm() + " iterations: " + ic + ")"); } if (!MessageDigest.isEqual(macData.getDigest(), macResult)) { throw new UnrecoverableKeyException("Failed PKCS12" + " integrity checking"); } - } catch (Exception e) { + } catch (Exception e) { throw new IOException("Integrity check failed: " + e, e); - } + } } /* From 3232ef5897c281b3dac395f54c24305e9dc6449b Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Thu, 6 Jul 2017 09:20:21 +0800 Subject: [PATCH 19/26] 8181432: Better processing of unresolved permissions Reviewed-by: mullan --- .../classes/java/security/CodeSource.java | 11 +++----- .../java/security/UnresolvedPermission.java | 25 +++++++++++-------- .../cert/CertificateRevokedException.java | 11 ++++---- .../classes/sun/security/util/IOUtils.java | 20 ++++++++++++++- .../sun/security/util/ObjectIdentifier.java | 8 ++++-- 5 files changed, 50 insertions(+), 25 deletions(-) diff --git a/src/java.base/share/classes/java/security/CodeSource.java b/src/java.base/share/classes/java/security/CodeSource.java index 818716fa392..a1f98eeb557 100644 --- a/src/java.base/share/classes/java/security/CodeSource.java +++ b/src/java.base/share/classes/java/security/CodeSource.java @@ -35,6 +35,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.cert.*; import sun.net.util.URLUtil; +import sun.security.util.IOUtils; /** * @@ -571,6 +572,8 @@ public class CodeSource implements java.io.Serializable { // could all be present in the stream at the same time cfs = new Hashtable<>(3); certList = new ArrayList<>(size > 20 ? 20 : size); + } else if (size < 0) { + throw new IOException("size cannot be negative"); } for (int i = 0; i < size; i++) { @@ -592,13 +595,7 @@ public class CodeSource implements java.io.Serializable { cfs.put(certType, cf); } // parse the certificate - byte[] encoded = null; - try { - encoded = new byte[ois.readInt()]; - } catch (OutOfMemoryError oome) { - throw new IOException("Certificate too big"); - } - ois.readFully(encoded); + byte[] encoded = IOUtils.readNBytes(ois, ois.readInt()); ByteArrayInputStream bais = new ByteArrayInputStream(encoded); try { certList.add(cf.generateCertificate(bais)); diff --git a/src/java.base/share/classes/java/security/UnresolvedPermission.java b/src/java.base/share/classes/java/security/UnresolvedPermission.java index b5dc02dcb38..d75c24cbf7e 100644 --- a/src/java.base/share/classes/java/security/UnresolvedPermission.java +++ b/src/java.base/share/classes/java/security/UnresolvedPermission.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,12 +25,16 @@ package java.security; +import sun.security.util.IOUtils; + import java.io.IOException; import java.io.ByteArrayInputStream; +import java.security.cert.Certificate; import java.util.ArrayList; import java.util.Hashtable; import java.lang.reflect.*; import java.security.cert.*; +import java.util.List; /** * The UnresolvedPermission class is used to hold Permissions that @@ -550,6 +554,7 @@ implements java.io.Serializable { CertificateFactory cf; Hashtable cfs = null; + List certList = null; ois.defaultReadObject(); @@ -562,7 +567,9 @@ implements java.io.Serializable // we know of 3 different cert types: X.509, PGP, SDSI, which // could all be present in the stream at the same time cfs = new Hashtable<>(3); - this.certs = new java.security.cert.Certificate[size]; + certList = new ArrayList<>(size > 20 ? 20 : size); + } else if (size < 0) { + throw new IOException("size cannot be negative"); } for (int i=0; i(size); + extensions = new HashMap<>(size > 20 ? 20 : size); } // Read in the extensions and put the mappings in the extensions map for (int i = 0; i < size; i++) { String oid = (String) ois.readObject(); boolean critical = ois.readBoolean(); - int length = ois.readInt(); - byte[] extVal = new byte[length]; - ois.readFully(extVal); + byte[] extVal = IOUtils.readNBytes(ois, ois.readInt()); Extension ext = sun.security.x509.Extension.newExtension (new ObjectIdentifier(oid), critical, extVal); extensions.put(oid, ext); diff --git a/src/java.base/share/classes/sun/security/util/IOUtils.java b/src/java.base/share/classes/sun/security/util/IOUtils.java index cd4de12bf69..6cf900d8ec1 100644 --- a/src/java.base/share/classes/sun/security/util/IOUtils.java +++ b/src/java.base/share/classes/sun/security/util/IOUtils.java @@ -37,7 +37,7 @@ import java.util.Arrays; public class IOUtils { /** - * Read up to length of bytes from in + * Read up to {@code length} of bytes from {@code in} * until EOF is detected. * @param is input stream, must not be null * @param length number of bytes to read @@ -78,4 +78,22 @@ public class IOUtils { } return output; } + + /** + * Read {@code length} of bytes from {@code in}. An exception is + * thrown if there are not enough bytes in the stream. + * + * @param is input stream, must not be null + * @param length number of bytes to read, must not be negative + * @return bytes read + * @throws IOException if any IO error or a premature EOF is detected, or + * if {@code length} is negative since this length is usually also + * read from {@code is}. + */ + public static byte[] readNBytes(InputStream is, int length) throws IOException { + if (length < 0) { + throw new IOException("length cannot be negative: " + length); + } + return readFully(is, length, true); + } } diff --git a/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java b/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java index 12aabe6f071..514b993849a 100644 --- a/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java +++ b/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -111,7 +111,11 @@ class ObjectIdentifier implements Serializable is.defaultReadObject(); if (encoding == null) { // from an old version - init((int[])components, componentLen); + int[] comp = (int[])components; + if (componentLen > comp.length) { + componentLen = comp.length; + } + init(comp, componentLen); } } From bbfbe9af7109c0916cec6c513d920bd41035e8a2 Mon Sep 17 00:00:00 2001 From: Phil Race Date: Thu, 6 Jul 2017 09:43:27 -0700 Subject: [PATCH 20/26] 8183028: Improve CMS header processing Reviewed-by: serb, rhalade, mschoene --- src/java.desktop/share/native/liblcms/cmstypes.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/java.desktop/share/native/liblcms/cmstypes.c b/src/java.desktop/share/native/liblcms/cmstypes.c index 61ea3a631e5..95fe4d1a5a6 100644 --- a/src/java.desktop/share/native/liblcms/cmstypes.c +++ b/src/java.desktop/share/native/liblcms/cmstypes.c @@ -1489,6 +1489,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU // Check for overflow if (Offset < (SizeOfHeader + 8)) goto Error; + if (((Offset + Len) < Len) || ((Offset + Len) > SizeOfTag + 8)) goto Error; // True begin of the string BeginOfThisString = Offset - SizeOfHeader - 8; From 7cf3c0ff1482d23494f88a0eaf13a821adc0bc47 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Wed, 12 Jul 2017 10:55:40 +0800 Subject: [PATCH 21/26] 8182879: Add warnings to keytool when using JKS and JCEKS Reviewed-by: vinnie, ahgross, mullan --- .../sun/security/tools/keytool/Main.java | 187 ++++++++++++++---- .../sun/security/tools/keytool/Resources.java | 6 +- .../sun/security/tools/keytool/WeakAlg.java | 181 +++++++++++++++-- 3 files changed, 319 insertions(+), 55 deletions(-) diff --git a/src/java.base/share/classes/sun/security/tools/keytool/Main.java b/src/java.base/share/classes/sun/security/tools/keytool/Main.java index dac650b1451..65675435fc1 100644 --- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java +++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java @@ -26,6 +26,8 @@ package sun.security.tools.keytool; import java.io.*; +import java.nio.file.Files; +import java.nio.file.Paths; import java.security.CodeSigner; import java.security.CryptoPrimitive; import java.security.KeyStore; @@ -168,7 +170,12 @@ public final class Main { private List ids = new ArrayList<>(); // used in GENCRL private List v3ext = new ArrayList<>(); - // Warnings on weak algorithms + // In-place importkeystore is special. + // A backup is needed, and no need to prompt for deststorepass. + private boolean inplaceImport = false; + private String inplaceBackupName = null; + + // Warnings on weak algorithms etc private List weakWarnings = new ArrayList<>(); private static final DisabledAlgorithmConstraints DISABLED_CHECK = @@ -846,37 +853,52 @@ public final class Main { ("New.password.must.be.at.least.6.characters")); } + // Set this before inplaceImport check so we can compare name. + if (ksfname == null) { + ksfname = System.getProperty("user.home") + File.separator + + ".keystore"; + } + + KeyStore srcKeyStore = null; + if (command == IMPORTKEYSTORE) { + inplaceImport = inplaceImportCheck(); + if (inplaceImport) { + // We load srckeystore first so we have srcstorePass that + // can be assigned to storePass + srcKeyStore = loadSourceKeyStore(); + if (storePass == null) { + storePass = srcstorePass; + } + } + } + // Check if keystore exists. // If no keystore has been specified at the command line, try to use // the default, which is located in $HOME/.keystore. // If the command is "genkey", "identitydb", "import", or "printcert", // it is OK not to have a keystore. - if (isKeyStoreRelated(command)) { - if (ksfname == null) { - ksfname = System.getProperty("user.home") + File.separator - + ".keystore"; - } - if (!nullStream) { - try { - ksfile = new File(ksfname); - // Check if keystore file is empty - if (ksfile.exists() && ksfile.length() == 0) { - throw new Exception(rb.getString - ("Keystore.file.exists.but.is.empty.") + ksfname); - } - ksStream = new FileInputStream(ksfile); - } catch (FileNotFoundException e) { - if (command != GENKEYPAIR && + // DO NOT open the existing keystore if this is an in-place import. + // The keystore should be created as brand new. + if (isKeyStoreRelated(command) && !nullStream && !inplaceImport) { + try { + ksfile = new File(ksfname); + // Check if keystore file is empty + if (ksfile.exists() && ksfile.length() == 0) { + throw new Exception(rb.getString + ("Keystore.file.exists.but.is.empty.") + ksfname); + } + ksStream = new FileInputStream(ksfile); + } catch (FileNotFoundException e) { + if (command != GENKEYPAIR && command != GENSECKEY && command != IDENTITYDB && command != IMPORTCERT && command != IMPORTPASS && command != IMPORTKEYSTORE && command != PRINTCRL) { - throw new Exception(rb.getString - ("Keystore.file.does.not.exist.") + ksfname); - } + throw new Exception(rb.getString + ("Keystore.file.does.not.exist.") + ksfname); } } } @@ -900,7 +922,7 @@ public final class Main { // Create new keystore // Probe for keystore type when filename is available if (ksfile != null && ksStream != null && providerName == null && - hasStoretypeOption == false) { + hasStoretypeOption == false && !inplaceImport) { keyStore = KeyStore.getInstance(ksfile, storePass); } else { if (providerName == null) { @@ -930,7 +952,11 @@ public final class Main { * Null stream keystores are loaded later. */ if (!nullStream) { - keyStore.load(ksStream, storePass); + if (inplaceImport) { + keyStore.load(null, storePass); + } else { + keyStore.load(ksStream, storePass); + } if (ksStream != null) { ksStream.close(); } @@ -1167,7 +1193,11 @@ public final class Main { } } } else if (command == IMPORTKEYSTORE) { - doImportKeyStore(); + // When not in-place import, srcKeyStore is not loaded yet. + if (srcKeyStore == null) { + srcKeyStore = loadSourceKeyStore(); + } + doImportKeyStore(srcKeyStore); kssave = true; } else if (command == KEYCLONE) { keyPassNew = newPass; @@ -1298,6 +1328,51 @@ public final class Main { } } } + + if (isKeyStoreRelated(command) + && !token && !nullStream && ksfname != null) { + + // JKS storetype warning on the final result keystore + File f = new File(ksfname); + char[] pass = (storePassNew!=null) ? storePassNew : storePass; + if (f.exists()) { + // Probe for real type. A JKS can be loaded as PKCS12 because + // DualFormat support, vice versa. + keyStore = KeyStore.getInstance(f, pass); + String realType = keyStore.getType(); + if (realType.equalsIgnoreCase("JKS") + || realType.equalsIgnoreCase("JCEKS")) { + boolean allCerts = true; + for (String a : Collections.list(keyStore.aliases())) { + if (!keyStore.entryInstanceOf( + a, TrustedCertificateEntry.class)) { + allCerts = false; + break; + } + } + // Don't warn for "cacerts" style keystore. + if (!allCerts) { + weakWarnings.add(String.format( + rb.getString("jks.storetype.warning"), + realType, ksfname)); + } + } + if (inplaceImport) { + String realSourceStoreType = KeyStore.getInstance( + new File(inplaceBackupName), srcstorePass).getType(); + String format = + realType.equalsIgnoreCase(realSourceStoreType) ? + rb.getString("backup.keystore.warning") : + rb.getString("migrate.keystore.warning"); + weakWarnings.add( + String.format(format, + srcksfname, + realSourceStoreType, + inplaceBackupName, + realType)); + } + } + } } /** @@ -1989,12 +2064,40 @@ public final class Main { } } + boolean inplaceImportCheck() throws Exception { + if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) || + KeyStoreUtil.isWindowsKeyStore(srcstoretype)) { + return false; + } + + if (srcksfname != null) { + File srcksfile = new File(srcksfname); + if (srcksfile.exists() && srcksfile.length() == 0) { + throw new Exception(rb.getString + ("Source.keystore.file.exists.but.is.empty.") + + srcksfname); + } + if (srcksfile.getCanonicalFile() + .equals(new File(ksfname).getCanonicalFile())) { + return true; + } else { + // Informational, especially if destkeystore is not + // provided, which default to ~/.keystore. + System.err.println(String.format(rb.getString( + "importing.keystore.status"), srcksfname, ksfname)); + return false; + } + } else { + throw new Exception(rb.getString + ("Please.specify.srckeystore")); + } + } + /** * Load the srckeystore from a stream, used in -importkeystore * @return the src KeyStore */ KeyStore loadSourceKeyStore() throws Exception { - boolean isPkcs11 = false; InputStream is = null; File srcksfile = null; @@ -2007,20 +2110,9 @@ public final class Main { System.err.println(); tinyHelp(); } - isPkcs11 = true; } else { - if (srcksfname != null) { - srcksfile = new File(srcksfname); - if (srcksfile.exists() && srcksfile.length() == 0) { - throw new Exception(rb.getString - ("Source.keystore.file.exists.but.is.empty.") + - srcksfname); - } - is = new FileInputStream(srcksfile); - } else { - throw new Exception(rb.getString - ("Please.specify.srckeystore")); - } + srcksfile = new File(srcksfname); + is = new FileInputStream(srcksfile); } KeyStore store; @@ -2087,17 +2179,32 @@ public final class Main { * keep alias unchanged if no name conflict, otherwise, prompt. * keep keypass unchanged for keys */ - private void doImportKeyStore() throws Exception { + private void doImportKeyStore(KeyStore srcKS) throws Exception { if (alias != null) { - doImportKeyStoreSingle(loadSourceKeyStore(), alias); + doImportKeyStoreSingle(srcKS, alias); } else { if (dest != null || srckeyPass != null) { throw new Exception(rb.getString( "if.alias.not.specified.destalias.and.srckeypass.must.not.be.specified")); } - doImportKeyStoreAll(loadSourceKeyStore()); + doImportKeyStoreAll(srcKS); } + + if (inplaceImport) { + // Backup to file.old or file.old2... + // The keystore is not rewritten yet now. + for (int n = 1; /* forever */; n++) { + inplaceBackupName = srcksfname + ".old" + (n == 1 ? "" : n); + File bkFile = new File(inplaceBackupName); + if (!bkFile.exists()) { + Files.copy(Paths.get(srcksfname), bkFile.toPath()); + break; + } + } + + } + /* * Information display rule of -importkeystore * 1. inside single, shows failure diff --git a/src/java.base/share/classes/sun/security/tools/keytool/Resources.java b/src/java.base/share/classes/sun/security/tools/keytool/Resources.java index 9bdd95cbda0..5213b1a7903 100644 --- a/src/java.base/share/classes/sun/security/tools/keytool/Resources.java +++ b/src/java.base/share/classes/sun/security/tools/keytool/Resources.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -471,6 +471,10 @@ public class Resources extends java.util.ListResourceBundle { {"verified.by.s.in.s.weak", "Verified by %s in %s with a %s"}, {"whose.sigalg.risk", "%s uses the %s signature algorithm which is considered a security risk."}, {"whose.key.risk", "%s uses a %s which is considered a security risk."}, + {"jks.storetype.warning", "The %1$s keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using \"keytool -importkeystore -srckeystore %2$s -destkeystore %2$s -deststoretype pkcs12\"."}, + {"migrate.keystore.warning", "Migrated \"%1$s\" to %4$s. The %2$s keystore is backed up as \"%3$s\"."}, + {"backup.keystore.warning", "The original keystore \"%1$s\" is backed up as \"%3$s\"..."}, + {"importing.keystore.status", "Importing keystore %1$s to %2$s..."}, }; diff --git a/test/jdk/sun/security/tools/keytool/WeakAlg.java b/test/jdk/sun/security/tools/keytool/WeakAlg.java index c9cefb1a4a7..2a7216bc21d 100644 --- a/test/jdk/sun/security/tools/keytool/WeakAlg.java +++ b/test/jdk/sun/security/tools/keytool/WeakAlg.java @@ -23,7 +23,7 @@ /* * @test - * @bug 8171319 8177569 + * @bug 8171319 8177569 8182879 * @summary keytool should print out warnings when reading or generating * cert/cert req using weak algorithms * @library /test/lib @@ -40,6 +40,7 @@ * @run main/othervm/timeout=600 -Duser.language=en -Duser.country=US WeakAlg */ +import jdk.test.lib.Asserts; import jdk.test.lib.SecurityTools; import jdk.test.lib.process.OutputAnalyzer; import sun.security.tools.KeyStoreUtil; @@ -47,6 +48,7 @@ import sun.security.util.DisabledAlgorithmConstraints; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; +import java.io.File; import java.io.IOException; import java.io.InputStream; import java.io.PrintStream; @@ -141,25 +143,164 @@ public class WeakAlg { kt("-delete -alias b"); kt("-printcrl -file b.crl") .shouldContain("WARNING: not verified"); + + jksTypeCheck(); + + checkInplaceImportKeyStore(); + } + + static void jksTypeCheck() throws Exception { + + // No warning for cacerts, all certs + kt0("-cacerts -list -storepass changeit") + .shouldNotContain("Warning:"); + + rm("ks"); + rm("ks2"); + + kt("-genkeypair -alias a -dname CN=A") + .shouldNotContain("Warning:"); + kt("-list") + .shouldNotContain("Warning:"); + kt("-list -storetype jks") // no warning if PKCS12 used as JKS + .shouldNotContain("Warning:"); + kt("-exportcert -alias a -file a.crt") + .shouldNotContain("Warning:"); + + // warn if migrating to JKS + importkeystore("ks", "ks2", "-deststoretype jks") + .shouldContain("JKS keystore uses a proprietary format"); + + rm("ks"); + rm("ks2"); + rm("ks3"); + + // no warning if all certs + kt("-importcert -alias b -file a.crt -storetype jks -noprompt") + .shouldNotContain("Warning:"); + kt("-genkeypair -alias a -dname CN=A") + .shouldContain("JKS keystore uses a proprietary format"); + kt("-list") + .shouldContain("JKS keystore uses a proprietary format"); + kt("-list -storetype pkcs12") // warn if JKS used as PKCS12 + .shouldContain("JKS keystore uses a proprietary format"); + kt("-exportcert -alias a -file a.crt") + .shouldContain("JKS keystore uses a proprietary format"); + kt("-printcert -file a.crt") // no warning if keystore not touched + .shouldNotContain("Warning:"); + kt("-certreq -alias a -file a.req") + .shouldContain("JKS keystore uses a proprietary format"); + kt("-printcertreq -file a.req") // no warning if keystore not touched + .shouldNotContain("Warning:"); + + // No warning if migrating from JKS + importkeystore("ks", "ks2", "") + .shouldNotContain("Warning:"); + + importkeystore("ks", "ks3", "-deststoretype pkcs12") + .shouldNotContain("Warning:"); + + rm("ks"); + + kt("-genkeypair -alias a -dname CN=A -storetype jceks") + .shouldContain("JCEKS keystore uses a proprietary format"); + kt("-list") + .shouldContain("JCEKS keystore uses a proprietary format"); + kt("-importcert -alias b -file a.crt -noprompt") + .shouldContain("JCEKS keystore uses a proprietary format"); + kt("-exportcert -alias a -file a.crt") + .shouldContain("JCEKS keystore uses a proprietary format"); + kt("-printcert -file a.crt") + .shouldNotContain("Warning:"); + kt("-certreq -alias a -file a.req") + .shouldContain("JCEKS keystore uses a proprietary format"); + kt("-printcertreq -file a.req") + .shouldNotContain("Warning:"); + kt("-genseckey -alias c -keyalg AES -keysize 128") + .shouldContain("JCEKS keystore uses a proprietary format"); } static void checkImportKeyStore() throws Exception { - saveStore(); + rm("ks2"); + rm("ks3"); - rm("ks"); - kt("-importkeystore -srckeystore ks2 -srcstorepass changeit") + importkeystore("ks", "ks2", "") .shouldContain("3 entries successfully imported") .shouldContain("Warning") .shouldMatch(".*512-bit RSA key.*risk") .shouldMatch(".*MD5withRSA.*risk"); - rm("ks"); - kt("-importkeystore -srckeystore ks2 -srcstorepass changeit -srcalias a") + importkeystore("ks", "ks3", "-srcalias a") .shouldContain("Warning") .shouldMatch(".*MD5withRSA.*risk"); + } - reStore(); + static void checkInplaceImportKeyStore() throws Exception { + + rm("ks"); + genkeypair("a", ""); + + // Same type backup + importkeystore("ks", "ks", "") + .shouldContain("Warning:") + .shouldMatch("original.*ks.old"); + + importkeystore("ks", "ks", "") + .shouldContain("Warning:") + .shouldMatch("original.*ks.old2"); + + importkeystore("ks", "ks", "-srcstoretype jks") // it knows real type + .shouldContain("Warning:") + .shouldMatch("original.*ks.old3"); + + String cPath = new File("ks").getCanonicalPath(); + + importkeystore("ks", cPath, "") + .shouldContain("Warning:") + .shouldMatch("original.*ks.old4"); + + // Migration + importkeystore("ks", "ks", "-deststoretype jks") + .shouldContain("Warning:") + .shouldContain("JKS keystore uses a proprietary format") + .shouldMatch("Migrated.*JKS.*PKCS12.*ks.old5"); + + Asserts.assertEQ( + KeyStore.getInstance( + new File("ks"), "changeit".toCharArray()).getType(), + "JKS"); + + importkeystore("ks", "ks", "-srcstoretype PKCS12") + .shouldContain("Warning:") + .shouldNotContain("proprietary format") + .shouldMatch("Migrated.*PKCS12.*JKS.*ks.old6"); + + Asserts.assertEQ( + KeyStore.getInstance( + new File("ks"), "changeit".toCharArray()).getType(), + "PKCS12"); + + Asserts.assertEQ( + KeyStore.getInstance( + new File("ks.old6"), "changeit".toCharArray()).getType(), + "JKS"); + + // One password prompt is enough for migration + kt0("-importkeystore -srckeystore ks -destkeystore ks", "changeit") + .shouldMatch("original.*ks.old7"); + + // But three if importing to a different keystore + rm("ks2"); + kt0("-importkeystore -srckeystore ks -destkeystore ks2", + "changeit") + .shouldContain("Keystore password is too short"); + + kt0("-importkeystore -srckeystore ks -destkeystore ks2", + "changeit", "changeit", "changeit") + .shouldContain("Importing keystore ks to ks2...") + .shouldNotContain("original") + .shouldNotContain("Migrated"); } static void checkImport() throws Exception { @@ -525,17 +666,22 @@ public class WeakAlg { } } - // Fast keytool execution by directly calling its main() method static OutputAnalyzer kt(String cmd, String... input) { + return kt0("-keystore ks -storepass changeit " + + "-keypass changeit " + cmd, input); + } + + // Fast keytool execution by directly calling its main() method + static OutputAnalyzer kt0(String cmd, String... input) { PrintStream out = System.out; PrintStream err = System.err; InputStream ins = System.in; ByteArrayOutputStream bout = new ByteArrayOutputStream(); ByteArrayOutputStream berr = new ByteArrayOutputStream(); boolean succeed = true; + String sout; + String serr; try { - cmd = "-keystore ks -storepass changeit " + - "-keypass changeit " + cmd; System.out.println("---------------------------------------------"); System.out.println("$ keytool " + cmd); System.out.println(); @@ -559,19 +705,26 @@ public class WeakAlg { System.setOut(out); System.setErr(err); System.setIn(ins); + sout = new String(bout.toByteArray()); + serr = new String(berr.toByteArray()); + System.out.println("STDOUT:\n" + sout + "\nSTDERR:\n" + serr); } - String sout = new String(bout.toByteArray()); - String serr = new String(berr.toByteArray()); - System.out.println("STDOUT:\n" + sout + "\nSTDERR:\n" + serr); if (!succeed) { throw new RuntimeException(); } return new OutputAnalyzer(sout, serr); } + static OutputAnalyzer importkeystore(String src, String dest, + String options) { + return kt0("-importkeystore " + + "-srckeystore " + src + " -destkeystore " + dest + + " -srcstorepass changeit -deststorepass changeit " + options); + } + static OutputAnalyzer genkeypair(String alias, String options) { return kt("-genkeypair -alias " + alias + " -dname CN=" + alias - + " -storetype JKS " + options); + + " -storetype PKCS12 " + options); } static OutputAnalyzer certreq(String alias, String options) { From b3f1165f7d77aa55647907356e4e6d5c7ddd7caa Mon Sep 17 00:00:00 2001 From: Valerie Peng Date: Thu, 13 Jul 2017 20:41:59 +0000 Subject: [PATCH 22/26] 8181048: Refactor existing providers to refer to the same constants for default values for key length Reviewed-by: mullan, ahgross --- .../crypto/provider/DHKeyPairGenerator.java | 8 +- .../crypto/provider/DHParameterGenerator.java | 7 +- .../provider/DSAKeyPairGenerator.java | 139 ++++++++++-------- .../provider/DSAParameterGenerator.java | 46 +++--- .../sun/security/provider/SunEntries.java | 12 +- .../sun/security/rsa/RSAKeyPairGenerator.java | 5 +- .../sun/security/tools/keytool/Main.java | 10 +- .../util/SecurityProviderConstants.java | 131 +++++++++++++++++ .../security/pkcs11/P11KeyPairGenerator.java | 16 +- .../sun/security/ec/ECKeyPairGenerator.java | 4 +- .../security/mscapi/RSAKeyPairGenerator.java | 8 +- test/jdk/java/security/Signature/Offsets.java | 9 +- .../jdk/java/security/SignedObject/Chain.java | 23 ++- .../DSA/TestAlgParameterGenerator.java | 5 +- .../provider/DSA/TestKeyPairGenerator.java | 7 +- .../DSA/TestLegacyDSAKeyPairGenerator.java | 84 +++++++++++ 16 files changed, 378 insertions(+), 136 deletions(-) create mode 100644 src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java create mode 100644 test/jdk/sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java b/src/java.base/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java index 2322741110a..3399cc5a3a8 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,6 +33,7 @@ import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.DHGenParameterSpec; import sun.security.provider.ParameterCache; +import static sun.security.util.SecurityProviderConstants.DEF_DH_KEY_SIZE; /** * This class represents the key pair generator for Diffie-Hellman key pairs. @@ -42,8 +43,7 @@ import sun.security.provider.ParameterCache; *

* @@ -68,7 +68,7 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi { public DHKeyPairGenerator() { super(); - initialize(2048, null); + initialize(DEF_DH_KEY_SIZE, null); } private static void checkKeySize(int keysize) diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DHParameterGenerator.java b/src/java.base/share/classes/com/sun/crypto/provider/DHParameterGenerator.java index f8001b5ab20..293dfd895a3 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/DHParameterGenerator.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/DHParameterGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,6 +31,8 @@ import java.security.spec.*; import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.DHGenParameterSpec; +import static sun.security.util.SecurityProviderConstants.DEF_DH_KEY_SIZE; + /* * This class generates parameters for the Diffie-Hellman algorithm. * The parameters are a prime, a base, and optionally the length in bits of @@ -38,7 +40,6 @@ import javax.crypto.spec.DHGenParameterSpec; * *

The Diffie-Hellman parameter generation accepts the size in bits of the * prime modulus and the size in bits of the random exponent as input. - * The size of the prime modulus defaults to 2048 bits. * * @author Jan Luehe * @@ -50,7 +51,7 @@ import javax.crypto.spec.DHGenParameterSpec; public final class DHParameterGenerator extends AlgorithmParameterGeneratorSpi { // The size in bits of the prime modulus - private int primeSize = 2048; + private int primeSize = DEF_DH_KEY_SIZE; // The size in bits of the random exponent (private value) private int exponentSize = 0; diff --git a/src/java.base/share/classes/sun/security/provider/DSAKeyPairGenerator.java b/src/java.base/share/classes/sun/security/provider/DSAKeyPairGenerator.java index f162b595f4b..50d9bcc2bce 100644 --- a/src/java.base/share/classes/sun/security/provider/DSAKeyPairGenerator.java +++ b/src/java.base/share/classes/sun/security/provider/DSAKeyPairGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,6 +35,8 @@ import java.security.spec.InvalidParameterSpecException; import java.security.spec.DSAParameterSpec; import sun.security.jca.JCAUtil; +import static sun.security.util.SecurityProviderConstants.DEF_DSA_KEY_SIZE; +import static sun.security.util.SecurityProviderConstants.getDefDSASubprimeSize; /** * This class generates DSA key parameters and public/private key @@ -45,15 +47,14 @@ import sun.security.jca.JCAUtil; * @author Andreas Sterbenz * */ -public class DSAKeyPairGenerator extends KeyPairGenerator - implements java.security.interfaces.DSAKeyPairGenerator { +class DSAKeyPairGenerator extends KeyPairGenerator { /* Length for prime P and subPrime Q in bits */ private int plen; private int qlen; /* whether to force new parameters to be generated for each KeyPair */ - private boolean forceNewParameters; + boolean forceNewParameters; /* preset algorithm parameters. */ private DSAParameterSpec params; @@ -61,9 +62,9 @@ public class DSAKeyPairGenerator extends KeyPairGenerator /* The source of random bits to use */ private SecureRandom random; - public DSAKeyPairGenerator() { + DSAKeyPairGenerator(int defaultKeySize) { super("DSA"); - initialize(1024, null); + initialize(defaultKeySize, null); } private static void checkStrength(int sizeP, int sizeQ) { @@ -84,61 +85,7 @@ public class DSAKeyPairGenerator extends KeyPairGenerator } public void initialize(int modlen, SecureRandom random) { - // generate new parameters when no precomputed ones available. - initialize(modlen, true, random); - this.forceNewParameters = false; - } - - /** - * Initializes the DSA key pair generator. If genParams - * is false, a set of pre-computed parameters is used. - */ - @Override - public void initialize(int modlen, boolean genParams, SecureRandom random) - throws InvalidParameterException { - - int subPrimeLen = -1; - if (modlen <= 1024) { - subPrimeLen = 160; - } else if (modlen == 2048) { - subPrimeLen = 224; - } else if (modlen == 3072) { - subPrimeLen = 256; - } - checkStrength(modlen, subPrimeLen); - if (genParams) { - params = null; - } else { - params = ParameterCache.getCachedDSAParameterSpec(modlen, - subPrimeLen); - if (params == null) { - throw new InvalidParameterException - ("No precomputed parameters for requested modulus size " - + "available"); - } - - } - this.plen = modlen; - this.qlen = subPrimeLen; - this.random = random; - this.forceNewParameters = genParams; - } - - /** - * Initializes the DSA object using a DSA parameter object. - * - * @param params a fully initialized DSA parameter object. - */ - @Override - public void initialize(DSAParams params, SecureRandom random) - throws InvalidParameterException { - - if (params == null) { - throw new InvalidParameterException("Params must not be null"); - } - DSAParameterSpec spec = new DSAParameterSpec - (params.getP(), params.getQ(), params.getG()); - initialize0(spec, random); + init(modlen, random, false); } /** @@ -157,10 +104,21 @@ public class DSAKeyPairGenerator extends KeyPairGenerator throw new InvalidAlgorithmParameterException ("Inappropriate parameter"); } - initialize0((DSAParameterSpec)params, random); + init((DSAParameterSpec)params, random, false); } - private void initialize0(DSAParameterSpec params, SecureRandom random) { + void init(int modlen, SecureRandom random, boolean forceNew) { + int subPrimeLen = getDefDSASubprimeSize(modlen); + checkStrength(modlen, subPrimeLen); + this.plen = modlen; + this.qlen = subPrimeLen; + this.params = null; + this.random = random; + this.forceNewParameters = forceNew; + } + + void init(DSAParameterSpec params, SecureRandom random, + boolean forceNew) { int sizeP = params.getP().bitLength(); int sizeQ = params.getQ().bitLength(); checkStrength(sizeP, sizeQ); @@ -168,7 +126,7 @@ public class DSAKeyPairGenerator extends KeyPairGenerator this.qlen = sizeQ; this.params = params; this.random = random; - this.forceNewParameters = false; + this.forceNewParameters = forceNew; } /** @@ -197,7 +155,7 @@ public class DSAKeyPairGenerator extends KeyPairGenerator return generateKeyPair(spec.getP(), spec.getQ(), spec.getG(), random); } - public KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g, + private KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g, SecureRandom random) { BigInteger x = generateX(random, q); @@ -252,4 +210,55 @@ public class DSAKeyPairGenerator extends KeyPairGenerator return y; } + public static final class Current extends DSAKeyPairGenerator { + public Current() { + super(DEF_DSA_KEY_SIZE); + } + } + + public static final class Legacy extends DSAKeyPairGenerator + implements java.security.interfaces.DSAKeyPairGenerator { + + public Legacy() { + super(1024); + } + + /** + * Initializes the DSA key pair generator. If genParams + * is false, a set of pre-computed parameters is used. + */ + @Override + public void initialize(int modlen, boolean genParams, + SecureRandom random) throws InvalidParameterException { + if (genParams) { + super.init(modlen, random, true); + } else { + DSAParameterSpec cachedParams = + ParameterCache.getCachedDSAParameterSpec(modlen, + getDefDSASubprimeSize(modlen)); + if (cachedParams == null) { + throw new InvalidParameterException + ("No precomputed parameters for requested modulus" + + " size available"); + } + super.init(cachedParams, random, false); + } + } + + /** + * Initializes the DSA object using a DSA parameter object. + * + * @param params a fully initialized DSA parameter object. + */ + @Override + public void initialize(DSAParams params, SecureRandom random) + throws InvalidParameterException { + if (params == null) { + throw new InvalidParameterException("Params must not be null"); + } + DSAParameterSpec spec = new DSAParameterSpec + (params.getP(), params.getQ(), params.getG()); + super.init(spec, random, false); + } + } } diff --git a/src/java.base/share/classes/sun/security/provider/DSAParameterGenerator.java b/src/java.base/share/classes/sun/security/provider/DSAParameterGenerator.java index 220b5989f52..8c8ca9b42d4 100644 --- a/src/java.base/share/classes/sun/security/provider/DSAParameterGenerator.java +++ b/src/java.base/share/classes/sun/security/provider/DSAParameterGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,15 +34,18 @@ import java.security.NoSuchProviderException; import java.security.InvalidParameterException; import java.security.MessageDigest; import java.security.SecureRandom; +import java.security.ProviderException; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidParameterSpecException; import java.security.spec.DSAParameterSpec; import java.security.spec.DSAGenParameterSpec; +import static sun.security.util.SecurityProviderConstants.DEF_DSA_KEY_SIZE; +import static sun.security.util.SecurityProviderConstants.getDefDSASubprimeSize; + + /** - * This class generates parameters for the DSA algorithm. It uses a default - * prime modulus size of 1024 bits, which can be overwritten during - * initialization. + * This class generates parameters for the DSA algorithm. * * @author Jan Luehe * @@ -56,10 +59,6 @@ import java.security.spec.DSAGenParameterSpec; public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { - // the default parameters - private static final DSAGenParameterSpec DEFAULTS = - new DSAGenParameterSpec(1024, 160, 160); - // the length of prime P, subPrime Q, and seed in bits private int valueL = -1; private int valueN = -1; @@ -80,18 +79,14 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { */ @Override protected void engineInit(int strength, SecureRandom random) { - if ((strength >= 512) && (strength <= 1024) && (strength % 64 == 0)) { - this.valueN = 160; - } else if (strength == 2048) { - this.valueN = 224; - } else if (strength == 3072) { - this.valueN = 256; - } else { + if ((strength != 2048) && (strength != 3072) && + ((strength < 512) || (strength > 1024) || (strength % 64 != 0))) { throw new InvalidParameterException( - "Unexpected strength (size of prime): " + strength + ". " + - "Prime size should be 512 - 1024, or 2048, 3072"); + "Unexpected strength (size of prime): " + strength + + ". Prime size should be 512-1024, 2048, or 3072"); } this.valueL = strength; + this.valueN = getDefDSASubprimeSize(strength); this.seedLen = valueN; this.random = random; } @@ -110,7 +105,6 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { @Override protected void engineInit(AlgorithmParameterSpec genParamSpec, SecureRandom random) throws InvalidAlgorithmParameterException { - if (!(genParamSpec instanceof DSAGenParameterSpec)) { throw new InvalidAlgorithmParameterException("Invalid parameter"); } @@ -136,11 +130,7 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { this.random = new SecureRandom(); } if (valueL == -1) { - try { - engineInit(DEFAULTS, this.random); - } catch (InvalidAlgorithmParameterException iape) { - // should never happen - } + engineInit(DEF_DSA_KEY_SIZE, this.random); } BigInteger[] pAndQ = generatePandQ(this.random, valueL, valueN, seedLen); @@ -206,13 +196,17 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { int b = (valueL - 1) % outLen; byte[] seedBytes = new byte[seedLen/8]; BigInteger twoSl = BigInteger.TWO.pow(seedLen); - int primeCertainty = 80; // for 1024-bit prime P - if (valueL == 2048) { + int primeCertainty = -1; + if (valueL <= 1024) { + primeCertainty = 80; + } else if (valueL == 2048) { primeCertainty = 112; } else if (valueL == 3072) { primeCertainty = 128; } - + if (primeCertainty < 0) { + throw new ProviderException("Invalid valueL: " + valueL); + } BigInteger resultP, resultQ, seed = null; int counter; while (true) { diff --git a/src/java.base/share/classes/sun/security/provider/SunEntries.java b/src/java.base/share/classes/sun/security/provider/SunEntries.java index 31164695ecc..f440f1556ce 100644 --- a/src/java.base/share/classes/sun/security/provider/SunEntries.java +++ b/src/java.base/share/classes/sun/security/provider/SunEntries.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ import java.io.*; import java.net.*; import java.util.Map; import java.security.*; +import sun.security.action.GetPropertyAction; /** * Defines the entries of the SUN provider. @@ -74,6 +75,10 @@ import java.security.*; final class SunEntries { + private static final boolean useLegacyDSA = + Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty + ("jdk.security.legacyDSAKeyPairGenerator")); + private SunEntries() { // empty } @@ -174,8 +179,9 @@ final class SunEntries { /* * Key Pair Generator engines */ - map.put("KeyPairGenerator.DSA", - "sun.security.provider.DSAKeyPairGenerator"); + String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; + dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); + map.put("KeyPairGenerator.DSA", dsaKPGImplClass); map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); diff --git a/src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java b/src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java index 0901e4c7af6..6ad77b52361 100644 --- a/src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java +++ b/src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,6 +32,7 @@ import java.security.spec.AlgorithmParameterSpec; import java.security.spec.RSAKeyGenParameterSpec; import sun.security.jca.JCAUtil; +import static sun.security.util.SecurityProviderConstants.DEF_RSA_KEY_SIZE; /** * RSA keypair generation. Standard algorithm, minimum key length 512 bit. @@ -55,7 +56,7 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi { public RSAKeyPairGenerator() { // initialize to default in case the app does not call initialize() - initialize(2048, null); + initialize(DEF_RSA_KEY_SIZE, null); } // initialize the generator. See JCA doc diff --git a/src/java.base/share/classes/sun/security/tools/keytool/Main.java b/src/java.base/share/classes/sun/security/tools/keytool/Main.java index 65675435fc1..c881da60d44 100644 --- a/src/java.base/share/classes/sun/security/tools/keytool/Main.java +++ b/src/java.base/share/classes/sun/security/tools/keytool/Main.java @@ -74,6 +74,7 @@ import sun.security.pkcs10.PKCS10Attribute; import sun.security.provider.X509Factory; import sun.security.provider.certpath.ssl.SSLServerCertStore; import sun.security.util.Password; +import sun.security.util.SecurityProviderConstants; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; @@ -1817,9 +1818,12 @@ public final class Main { { if (keysize == -1) { if ("EC".equalsIgnoreCase(keyAlgName)) { - keysize = 256; - } else { - keysize = 2048; // RSA and DSA + keysize = SecurityProviderConstants.DEF_EC_KEY_SIZE; + } else if ("RSA".equalsIgnoreCase(keyAlgName)) { + keysize = SecurityProviderConstants.DEF_RSA_KEY_SIZE; + } else if ("DSA".equalsIgnoreCase(keyAlgName)) { + // hardcode for now as DEF_DSA_KEY_SIZE is still 1024 + keysize = 2048; // SecurityProviderConstants.DEF_DSA_KEY_SIZE; } } diff --git a/src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java b/src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java new file mode 100644 index 00000000000..16499519b58 --- /dev/null +++ b/src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java @@ -0,0 +1,131 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.util; + +import java.util.regex.PatternSyntaxException; +import java.security.InvalidParameterException; +import sun.security.action.GetPropertyAction; + +/** + * Various constants such as version number, default key length, used by + * the JDK security/crypto providers. + */ +public final class SecurityProviderConstants { + private static final Debug debug = + Debug.getInstance("jca", "ProviderConfig"); + + // Cannot create one of these + private SecurityProviderConstants () { + } + + public static final int getDefDSASubprimeSize(int primeSize) { + if (primeSize <= 1024) { + return 160; + } else if (primeSize == 2048) { + return 224; + } else if (primeSize == 3072) { + return 256; + } else { + throw new InvalidParameterException("Invalid DSA Prime Size: " + + primeSize); + } + } + + public static final int DEF_DSA_KEY_SIZE; + public static final int DEF_RSA_KEY_SIZE; + public static final int DEF_DH_KEY_SIZE; + public static final int DEF_EC_KEY_SIZE; + + private static final String KEY_LENGTH_PROP = + "jdk.security.defaultKeySize"; + static { + String keyLengthStr = GetPropertyAction.privilegedGetProperty + (KEY_LENGTH_PROP); + int dsaKeySize = 1024; + int rsaKeySize = 2048; + int dhKeySize = 2048; + int ecKeySize = 256; + + if (keyLengthStr != null) { + try { + String[] pairs = keyLengthStr.split(","); + for (String p : pairs) { + String[] algoAndValue = p.split(":"); + if (algoAndValue.length != 2) { + // invalid pair, skip to next pair + if (debug != null) { + debug.println("Ignoring invalid pair in " + + KEY_LENGTH_PROP + " property: " + p); + } + continue; + } + String algoName = algoAndValue[0].trim().toUpperCase(); + int value = -1; + try { + value = Integer.parseInt(algoAndValue[1].trim()); + } catch (NumberFormatException nfe) { + // invalid value, skip to next pair + if (debug != null) { + debug.println("Ignoring invalid value in " + + KEY_LENGTH_PROP + " property: " + p); + } + continue; + } + if (algoName.equals("DSA")) { + dsaKeySize = value; + } else if (algoName.equals("RSA")) { + rsaKeySize = value; + } else if (algoName.equals("DH")) { + dhKeySize = value; + } else if (algoName.equals("EC")) { + ecKeySize = value; + } else { + if (debug != null) { + debug.println("Ignoring unsupported algo in " + + KEY_LENGTH_PROP + " property: " + p); + } + continue; + } + if (debug != null) { + debug.println("Overriding default " + algoName + + " keysize with value from " + + KEY_LENGTH_PROP + " property: " + value); + } + } + } catch (PatternSyntaxException pse) { + // if property syntax is not followed correctly + if (debug != null) { + debug.println("Unexpected exception while parsing " + + KEY_LENGTH_PROP + " property: " + pse); + } + } + } + DEF_DSA_KEY_SIZE = dsaKeySize; + DEF_RSA_KEY_SIZE = rsaKeySize; + DEF_DH_KEY_SIZE = dhKeySize; + DEF_EC_KEY_SIZE = ecKeySize; + } +} diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java index 3aa2e69103f..e3f867248b1 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,11 +33,13 @@ import java.security.spec.*; import javax.crypto.spec.DHParameterSpec; import sun.security.provider.ParameterCache; +import static sun.security.util.SecurityProviderConstants.*; import static sun.security.pkcs11.TemplateManager.*; import sun.security.pkcs11.wrapper.*; import static sun.security.pkcs11.wrapper.PKCS11Constants.*; + import sun.security.rsa.RSAKeyFactory; /** @@ -98,7 +100,7 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { // override lower limit to disallow unsecure keys being generated // override upper limit to deter DOS attack if (algorithm.equals("EC")) { - keySize = 256; + keySize = DEF_EC_KEY_SIZE; if ((minKeyLen == -1) || (minKeyLen < 112)) { minKeyLen = 112; } @@ -107,13 +109,11 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { } } else { if (algorithm.equals("DSA")) { - // keep default keysize at 1024 since larger keysizes may be - // incompatible with SHA1withDSA and SHA-2 Signature algs - // may not be supported by native pkcs11 implementations - keySize = 1024; + keySize = DEF_DSA_KEY_SIZE; + } else if (algorithm.equals("RSA")) { + keySize = DEF_RSA_KEY_SIZE; } else { - // RSA and DH - keySize = 2048; + keySize = DEF_DH_KEY_SIZE; } if ((minKeyLen == -1) || (minKeyLen < 512)) { minKeyLen = 512; diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/ECKeyPairGenerator.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/ECKeyPairGenerator.java index 9ffeff9d7d2..f8cd24c9b14 100644 --- a/src/jdk.crypto.ec/share/classes/sun/security/ec/ECKeyPairGenerator.java +++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/ECKeyPairGenerator.java @@ -39,6 +39,7 @@ import sun.security.ec.ECPublicKeyImpl; import sun.security.jca.JCAUtil; import sun.security.util.ECParameters; import sun.security.util.ECUtil; +import static sun.security.util.SecurityProviderConstants.DEF_EC_KEY_SIZE; /** * EC keypair generator. @@ -50,7 +51,6 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi { private static final int KEY_SIZE_MIN = 112; // min bits (see ecc_impl.h) private static final int KEY_SIZE_MAX = 571; // max bits (see ecc_impl.h) - private static final int KEY_SIZE_DEFAULT = 256; // used to seed the keypair generator private SecureRandom random; @@ -66,7 +66,7 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi { */ public ECKeyPairGenerator() { // initialize to default in case the app does not call initialize() - initialize(KEY_SIZE_DEFAULT, null); + initialize(DEF_EC_KEY_SIZE, null); } // initialize the generator. See JCA doc diff --git a/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java b/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java index f28e5cb5138..d4f509058fc 100644 --- a/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java +++ b/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,6 +31,7 @@ import java.security.spec.AlgorithmParameterSpec; import java.security.spec.RSAKeyGenParameterSpec; import sun.security.rsa.RSAKeyFactory; +import static sun.security.util.SecurityProviderConstants.DEF_RSA_KEY_SIZE; /** * RSA keypair generator. @@ -45,14 +46,13 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi { // Supported by Microsoft Base, Strong and Enhanced Cryptographic Providers static final int KEY_SIZE_MIN = 512; // disallow MSCAPI min. of 384 static final int KEY_SIZE_MAX = 16384; - private static final int KEY_SIZE_DEFAULT = 2048; // size of the key to generate, KEY_SIZE_MIN <= keySize <= KEY_SIZE_MAX private int keySize; public RSAKeyPairGenerator() { // initialize to default in case the app does not call initialize() - initialize(KEY_SIZE_DEFAULT, null); + initialize(DEF_RSA_KEY_SIZE, null); } // initialize the generator. See JCA doc @@ -76,7 +76,7 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi { int tmpSize; if (params == null) { - tmpSize = KEY_SIZE_DEFAULT; + tmpSize = DEF_RSA_KEY_SIZE; } else if (params instanceof RSAKeyGenParameterSpec) { if (((RSAKeyGenParameterSpec) params).getPublicExponent() != null) { diff --git a/test/jdk/java/security/Signature/Offsets.java b/test/jdk/java/security/Signature/Offsets.java index a21a7b313e8..5d1277d947b 100644 --- a/test/jdk/java/security/Signature/Offsets.java +++ b/test/jdk/java/security/Signature/Offsets.java @@ -34,7 +34,7 @@ import jdk.test.lib.RandomFactory; /* * @test - * @bug 8050374 + * @bug 8050374 8181048 * @key randomness * @summary This test validates signature verification * Signature.verify(byte[], int, int). The test uses RandomFactory to @@ -106,18 +106,25 @@ public class Offsets { Signature signature = Signature.getInstance(algorithm, provider); String keyAlgo; + int keySize = 2048; if (algorithm.contains("RSA")) { keyAlgo = "RSA"; } else if (algorithm.contains("ECDSA")) { keyAlgo = "EC"; + keySize = 256; } else if (algorithm.contains("DSA")) { keyAlgo = "DSA"; + if (algorithm.startsWith("SHAwith") || + algorithm.startsWith("SHA1with")) { + keySize = 1024; + } } else { throw new RuntimeException("Test doesn't support this signature " + "algorithm: " + algorithm); } KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo, provider); + kpg.initialize(keySize); KeyPair kp = kpg.generateKeyPair(); PublicKey pubkey = kp.getPublic(); PrivateKey privkey = kp.getPrivate(); diff --git a/test/jdk/java/security/SignedObject/Chain.java b/test/jdk/java/security/SignedObject/Chain.java index 65e1ebbd7f3..3c9bad3dd18 100644 --- a/test/jdk/java/security/SignedObject/Chain.java +++ b/test/jdk/java/security/SignedObject/Chain.java @@ -32,7 +32,7 @@ import java.util.Arrays; /* * @test - * @bug 8050374 + * @bug 8050374 8181048 * @summary Verify a chain of signed objects */ public class Chain { @@ -97,22 +97,28 @@ public class Chain { final Provider provider; final KeyAlg keyAlg; final SigAlg sigAlg; + final int keySize; - Test(SigAlg sigAlg, KeyAlg keyAlg, Provider privider) { - this.provider = privider; + Test(SigAlg sigAlg, KeyAlg keyAlg, Provider provider) { + this(sigAlg, keyAlg, provider, -1); + } + + Test(SigAlg sigAlg, KeyAlg keyAlg, Provider provider, int keySize) { + this.provider = provider; this.keyAlg = keyAlg; this.sigAlg = sigAlg; + this.keySize = keySize; } } private static final Test[] tests = { - new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default), + new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default, 1024), new Test(SigAlg.MD2withRSA, KeyAlg.RSA, Provider.Default), new Test(SigAlg.MD5withRSA, KeyAlg.RSA, Provider.Default), new Test(SigAlg.SHA1withRSA, KeyAlg.RSA, Provider.Default), - new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Sun), - new Test(SigAlg.SHA224withDSA, KeyAlg.DSA, Provider.Sun), - new Test(SigAlg.SHA256withDSA, KeyAlg.DSA, Provider.Sun), + new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Sun, 1024), + new Test(SigAlg.SHA224withDSA, KeyAlg.DSA, Provider.Sun, 2048), + new Test(SigAlg.SHA256withDSA, KeyAlg.DSA, Provider.Sun, 2048), }; private static final String str = "to-be-signed"; @@ -148,6 +154,9 @@ public class Chain { kpg = KeyPairGenerator.getInstance(test.keyAlg.name); } for (int j=0; j < N; j++) { + if (test.keySize != -1) { + kpg.initialize(test.keySize); + } KeyPair kp = kpg.genKeyPair(); KeyPair anotherKp = kpg.genKeyPair(); privKeys[j] = kp.getPrivate(); diff --git a/test/jdk/sun/security/provider/DSA/TestAlgParameterGenerator.java b/test/jdk/sun/security/provider/DSA/TestAlgParameterGenerator.java index 10af6794866..cf39a5bab5e 100644 --- a/test/jdk/sun/security/provider/DSA/TestAlgParameterGenerator.java +++ b/test/jdk/sun/security/provider/DSA/TestAlgParameterGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 7044060 8055351 + * @bug 7044060 8055351 8181048 * @summary verify that DSA parameter generation works * @run main/timeout=600 TestAlgParameterGenerator */ @@ -81,7 +81,6 @@ public class TestAlgParameterGenerator { AlgorithmParameters param = apg.generateParameters(); stop = System.currentTimeMillis(); System.out.println("Time: " + (stop - start) + " ms."); - checkParamStrength(param, 1024); // make sure the old model works int[] strengths = {512, 768, 1024}; diff --git a/test/jdk/sun/security/provider/DSA/TestKeyPairGenerator.java b/test/jdk/sun/security/provider/DSA/TestKeyPairGenerator.java index bfd47b23adf..105c50015da 100644 --- a/test/jdk/sun/security/provider/DSA/TestKeyPairGenerator.java +++ b/test/jdk/sun/security/provider/DSA/TestKeyPairGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 4800108 8072452 + * @bug 4800108 8072452 8181048 * @summary verify that precomputed DSA parameters are always used (512, 768, * 1024, 2048, 3072 bit) * @run main/othervm/timeout=15 TestKeyPairGenerator @@ -59,15 +59,12 @@ public class TestKeyPairGenerator { // on JDKs that do not have the fix kpg = KeyPairGenerator.getInstance("DSA", "SUN"); kp = kpg.generateKeyPair(); - checkKeyLength(kp, 1024); kpg = KeyPairGenerator.getInstance("DSA", "SUN"); kp = kpg.generateKeyPair(); - checkKeyLength(kp, 1024); // some other basic tests kp = kpg.generateKeyPair(); - checkKeyLength(kp, 1024); kpg.initialize(1024); kp = kpg.generateKeyPair(); diff --git a/test/jdk/sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java b/test/jdk/sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java new file mode 100644 index 00000000000..5b4f902aff4 --- /dev/null +++ b/test/jdk/sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java @@ -0,0 +1,84 @@ +/* + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8181048 + * @summary verify that when the returned DSA KeyPairGenerator is + * an instance of java.security.interfaces.DSAKeyPairGenerator, + * the behavior is compliant with the javadoc spec. + * @run main/othervm -Djdk.security.legacyDSAKeyPairGenerator=tRUe TestLegacyDSAKeyPairGenerator + */ + +import java.security.*; +import java.security.interfaces.*; + +public class TestLegacyDSAKeyPairGenerator { + + private static void checkKeyLength(KeyPair kp, int len) throws Exception { + DSAPublicKey key = (DSAPublicKey)kp.getPublic(); + int n = key.getParams().getP().bitLength(); + System.out.println("Key length: " + n); + if (len != n) { + throw new Exception("Wrong key length"); + } + } + + public static void main(String[] args) throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", "SUN"); + // check the returned object implements the legacy interface + if (!(kpg instanceof DSAKeyPairGenerator)) { + throw new Exception("Should be an instance of DSAKeyPairGenerator"); + } + System.out.println("Returned an instance of DSAKeyPairGenerator"); + // check the default key size is 1024 when initiaize(..) is not called + KeyPair kp1 = kpg.generateKeyPair(); + checkKeyLength(kp1, 1024); + KeyPair kp2 = kpg.generateKeyPair(); + checkKeyLength(kp2, 1024); + System.out.println("Used 1024 default key size"); + + // check kp1 and kp2 uses the same DSA parameters p, q, g + DSAParams param1 = ((DSAPublicKey)kp1.getPublic()).getParams(); + DSAParams param2 = ((DSAPublicKey)kp2.getPublic()).getParams(); + if ((param1.getP().compareTo(param2.getP()) != 0) || + (param1.getQ().compareTo(param2.getQ()) != 0) || + (param1.getG().compareTo(param2.getG()) != 0)) { + throw new RuntimeException("Key params mismatch"); + } + System.out.println("Used same default params"); + + // check that the documented exception is thrown if no cached parameters + int sizeNotInCache = (1024 - 64); + try { + ((DSAKeyPairGenerator)kpg).initialize(sizeNotInCache, false, null); + throw new RuntimeException("Expected IPE not thrown"); + } catch (InvalidParameterException ipe) { + System.out.println("Throwed expected IPE"); + } + ((DSAKeyPairGenerator)kpg).initialize(sizeNotInCache, true, null); + KeyPair kp = kpg.generateKeyPair(); + checkKeyLength(kp, sizeNotInCache); + System.out.println("Generated requested key size"); + } +} From 05331dc72f224091067f20aa66b64bda0316fbe4 Mon Sep 17 00:00:00 2001 From: Pavel Rappo Date: Wed, 26 Jul 2017 17:44:06 +0100 Subject: [PATCH 23/26] 8181612: More stable connection processing Reviewed-by: chegar, coffeys, ahgross, joehw, rhalade --- src/java.base/share/classes/sun/net/ftp/impl/FtpClient.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/java.base/share/classes/sun/net/ftp/impl/FtpClient.java b/src/java.base/share/classes/sun/net/ftp/impl/FtpClient.java index 7180884ec69..21994bde722 100644 --- a/src/java.base/share/classes/sun/net/ftp/impl/FtpClient.java +++ b/src/java.base/share/classes/sun/net/ftp/impl/FtpClient.java @@ -115,8 +115,8 @@ public class FtpClient extends sun.net.ftp.FtpClient { new PrivilegedAction() { public Object run() { - vals[0] = Integer.getInteger("sun.net.client.defaultReadTimeout", 0).intValue(); - vals[1] = Integer.getInteger("sun.net.client.defaultConnectTimeout", 0).intValue(); + vals[0] = Integer.getInteger("sun.net.client.defaultReadTimeout", 300_000).intValue(); + vals[1] = Integer.getInteger("sun.net.client.defaultConnectTimeout", 300_000).intValue(); encs[0] = System.getProperty("file.encoding", "ISO8859_1"); return null; } From 7d547d0ee43ef0c5d4ced6bcc33060e67f3c3082 Mon Sep 17 00:00:00 2001 From: Stuart Marks Date: Wed, 2 Aug 2017 10:34:35 -0700 Subject: [PATCH 24/26] 8174109: Better queuing priorities Reviewed-by: chegar, dfuchs, rriggs, alanb, robm, rhalade, jeff, ahgross --- .../classes/java/io/ObjectInputStream.java | 31 ++++++++++++++ .../share/classes/java/util/ArrayDeque.java | 2 + .../share/classes/java/util/ArrayList.java | 4 +- .../share/classes/java/util/HashMap.java | 7 +++- .../share/classes/java/util/HashSet.java | 10 ++++- .../share/classes/java/util/Hashtable.java | 7 +++- .../classes/java/util/IdentityHashMap.java | 7 +++- .../java/util/ImmutableCollections.java | 2 + .../classes/java/util/PriorityQueue.java | 4 +- .../share/classes/java/util/Properties.java | 11 +++++ .../util/concurrent/CopyOnWriteArrayList.java | 2 + .../misc/JavaObjectInputStreamAccess.java | 15 +++---- .../misc/ObjectStreamClassValidator.java | 42 ------------------- .../serialFilter/SerialFilterTest.java | 10 ++++- 14 files changed, 94 insertions(+), 60 deletions(-) delete mode 100644 src/java.base/share/classes/jdk/internal/misc/ObjectStreamClassValidator.java diff --git a/src/java.base/share/classes/java/io/ObjectInputStream.java b/src/java.base/share/classes/java/io/ObjectInputStream.java index 11e33b4e5d2..f3d6925c185 100644 --- a/src/java.base/share/classes/java/io/ObjectInputStream.java +++ b/src/java.base/share/classes/java/io/ObjectInputStream.java @@ -1282,6 +1282,33 @@ public class ObjectInputStream } } + /** + * Checks the given array type and length to ensure that creation of such + * an array is permitted by this ObjectInputStream. The arrayType argument + * must represent an actual array type. + * + * This private method is called via SharedSecrets. + * + * @param arrayType the array type + * @param arrayLength the array length + * @throws NullPointerException if arrayType is null + * @throws IllegalArgumentException if arrayType isn't actually an array type + * @throws NegativeArraySizeException if arrayLength is negative + * @throws InvalidClassException if the filter rejects creation + */ + private void checkArray(Class arrayType, int arrayLength) throws InvalidClassException { + Objects.requireNonNull(arrayType); + if (! arrayType.isArray()) { + throw new IllegalArgumentException("not an array type"); + } + + if (arrayLength < 0) { + throw new NegativeArraySizeException(); + } + + filterCheck(arrayType, arrayLength); + } + /** * Provide access to the persistent fields read from the input stream. */ @@ -3982,6 +4009,10 @@ public class ObjectInputStream } } + static { + SharedSecrets.setJavaObjectInputStreamAccess(ObjectInputStream::checkArray); + } + private void validateDescriptor(ObjectStreamClass descriptor) { ObjectStreamClassValidator validating = validator; if (validating != null) { diff --git a/src/java.base/share/classes/java/util/ArrayDeque.java b/src/java.base/share/classes/java/util/ArrayDeque.java index f900f10fb25..47488806283 100644 --- a/src/java.base/share/classes/java/util/ArrayDeque.java +++ b/src/java.base/share/classes/java/util/ArrayDeque.java @@ -38,6 +38,7 @@ import java.io.Serializable; import java.util.function.Consumer; import java.util.function.Predicate; import java.util.function.UnaryOperator; +import jdk.internal.misc.SharedSecrets; /** * Resizable-array implementation of the {@link Deque} interface. Array @@ -1194,6 +1195,7 @@ public class ArrayDeque extends AbstractCollection // Read in size and allocate array int size = s.readInt(); + SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Object[].class, size + 1); elements = new Object[size + 1]; this.tail = size; diff --git a/src/java.base/share/classes/java/util/ArrayList.java b/src/java.base/share/classes/java/util/ArrayList.java index e3ff8049cac..53d2a05f61b 100644 --- a/src/java.base/share/classes/java/util/ArrayList.java +++ b/src/java.base/share/classes/java/util/ArrayList.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,6 +28,7 @@ package java.util; import java.util.function.Consumer; import java.util.function.Predicate; import java.util.function.UnaryOperator; +import jdk.internal.misc.SharedSecrets; /** * Resizable-array implementation of the {@code List} interface. Implements @@ -814,6 +815,7 @@ public class ArrayList extends AbstractList if (size > 0) { // like clone(), allocate array based upon size not capacity + SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Object[].class, size); Object[] elements = new Object[size]; // Read in all elements in the proper order. diff --git a/src/java.base/share/classes/java/util/HashMap.java b/src/java.base/share/classes/java/util/HashMap.java index 4534656cd97..5a87c5820cc 100644 --- a/src/java.base/share/classes/java/util/HashMap.java +++ b/src/java.base/share/classes/java/util/HashMap.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,6 +34,7 @@ import java.util.function.BiConsumer; import java.util.function.BiFunction; import java.util.function.Consumer; import java.util.function.Function; +import jdk.internal.misc.SharedSecrets; /** * Hash table based implementation of the {@code Map} interface. This @@ -1448,6 +1449,10 @@ public class HashMap extends AbstractMap float ft = (float)cap * lf; threshold = ((cap < MAXIMUM_CAPACITY && ft < MAXIMUM_CAPACITY) ? (int)ft : Integer.MAX_VALUE); + + // Check Map.Entry[].class since it's the nearest public type to + // what we're actually creating. + SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Map.Entry[].class, cap); @SuppressWarnings({"rawtypes","unchecked"}) Node[] tab = (Node[])new Node[cap]; table = tab; diff --git a/src/java.base/share/classes/java/util/HashSet.java b/src/java.base/share/classes/java/util/HashSet.java index 360de8119d6..ec47b914b66 100644 --- a/src/java.base/share/classes/java/util/HashSet.java +++ b/src/java.base/share/classes/java/util/HashSet.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ package java.util; import java.io.InvalidObjectException; +import jdk.internal.misc.SharedSecrets; /** * This class implements the {@code Set} interface, backed by a hash table @@ -322,6 +323,13 @@ public class HashSet capacity = (int) Math.min(size * Math.min(1 / loadFactor, 4.0f), HashMap.MAXIMUM_CAPACITY); + // Constructing the backing map will lazily create an array when the first element is + // added, so check it before construction. Call HashMap.tableSizeFor to compute the + // actual allocation size. Check Map.Entry[].class since it's the nearest public type to + // what is actually created. + SharedSecrets.getJavaObjectInputStreamAccess() + .checkArray(s, Map.Entry[].class, HashMap.tableSizeFor(capacity)); + // Create backing HashMap map = (((HashSet)this) instanceof LinkedHashSet ? new LinkedHashMap<>(capacity, loadFactor) : diff --git a/src/java.base/share/classes/java/util/Hashtable.java b/src/java.base/share/classes/java/util/Hashtable.java index f97303be2b3..77f0facc511 100644 --- a/src/java.base/share/classes/java/util/Hashtable.java +++ b/src/java.base/share/classes/java/util/Hashtable.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1994, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ import java.io.*; import java.util.function.BiConsumer; import java.util.function.Function; import java.util.function.BiFunction; +import jdk.internal.misc.SharedSecrets; /** * This class implements a hash table, which maps keys to values. Any @@ -1291,6 +1292,10 @@ public class Hashtable if (length > elements && (length & 1) == 0) length--; length = Math.min(length, origlength); + + // Check Map.Entry[].class since it's the nearest public type to + // what we're actually creating. + SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Map.Entry[].class, length); table = new Entry[length]; threshold = (int)Math.min(length * loadFactor, MAX_ARRAY_SIZE + 1); count = 0; diff --git a/src/java.base/share/classes/java/util/IdentityHashMap.java b/src/java.base/share/classes/java/util/IdentityHashMap.java index f749774e78e..e48cb354c6e 100644 --- a/src/java.base/share/classes/java/util/IdentityHashMap.java +++ b/src/java.base/share/classes/java/util/IdentityHashMap.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ import java.lang.reflect.Array; import java.util.function.BiConsumer; import java.util.function.BiFunction; import java.util.function.Consumer; +import jdk.internal.misc.SharedSecrets; /** * This class implements the {@code Map} interface with a hash table, using @@ -1304,7 +1305,9 @@ public class IdentityHashMap if (size < 0) throw new java.io.StreamCorruptedException ("Illegal mappings count: " + size); - init(capacity(size)); + int cap = capacity(size); + SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Object[].class, cap); + init(cap); // Read the keys and values, and put the mappings in the table for (int i=0; i extends AbstractQueue // Read in (and discard) array length s.readInt(); + SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Object[].class, size); queue = new Object[size]; // Read in all elements. diff --git a/src/java.base/share/classes/java/util/Properties.java b/src/java.base/share/classes/java/util/Properties.java index 1ade481e7d1..fd7ee9ce6b3 100644 --- a/src/java.base/share/classes/java/util/Properties.java +++ b/src/java.base/share/classes/java/util/Properties.java @@ -42,6 +42,7 @@ import java.util.function.BiConsumer; import java.util.function.BiFunction; import java.util.function.Function; +import jdk.internal.misc.SharedSecrets; import jdk.internal.util.xml.PropertiesDefaultHandler; /** @@ -1441,6 +1442,16 @@ class Properties extends Hashtable { throw new StreamCorruptedException("Illegal # of Elements: " + elements); } + // Constructing the backing map will lazily create an array when the first element is + // added, so check it before construction. Note that CHM's constructor takes a size + // that is the number of elements to be stored -- not the table size -- so it must be + // inflated by the default load factor of 0.75, then inflated to the next power of two. + // (CHM uses the same power-of-two computation as HashMap, and HashMap.tableSizeFor is + // accessible here.) Check Map.Entry[].class since it's the nearest public type to + // what is actually created. + SharedSecrets.getJavaObjectInputStreamAccess() + .checkArray(s, Map.Entry[].class, HashMap.tableSizeFor((int)(elements / 0.75))); + // create CHM of appropriate capacity map = new ConcurrentHashMap<>(elements); diff --git a/src/java.base/share/classes/java/util/concurrent/CopyOnWriteArrayList.java b/src/java.base/share/classes/java/util/concurrent/CopyOnWriteArrayList.java index 592f9a51cd2..ad66f47e277 100644 --- a/src/java.base/share/classes/java/util/concurrent/CopyOnWriteArrayList.java +++ b/src/java.base/share/classes/java/util/concurrent/CopyOnWriteArrayList.java @@ -51,6 +51,7 @@ import java.util.Spliterators; import java.util.function.Consumer; import java.util.function.Predicate; import java.util.function.UnaryOperator; +import jdk.internal.misc.SharedSecrets; /** * A thread-safe variant of {@link java.util.ArrayList} in which all mutative @@ -933,6 +934,7 @@ public class CopyOnWriteArrayList // Read in array length and allocate array int len = s.readInt(); + SharedSecrets.getJavaObjectInputStreamAccess().checkArray(s, Object[].class, len); Object[] elements = new Object[len]; // Read in all elements in the proper order. diff --git a/src/java.base/share/classes/jdk/internal/misc/JavaObjectInputStreamAccess.java b/src/java.base/share/classes/jdk/internal/misc/JavaObjectInputStreamAccess.java index c344f8adc7c..4c734670da7 100644 --- a/src/java.base/share/classes/jdk/internal/misc/JavaObjectInputStreamAccess.java +++ b/src/java.base/share/classes/jdk/internal/misc/JavaObjectInputStreamAccess.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,17 +25,14 @@ package jdk.internal.misc; +import java.io.InvalidClassException; import java.io.ObjectInputStream; /** - * The interface to specify methods for accessing {@code ObjectInputStream} - * @author sjiang + * Interface to specify methods for accessing {@code ObjectInputStream}. */ +@FunctionalInterface public interface JavaObjectInputStreamAccess { - /** - * Sets a descriptor validating. - * @param ois stream to have the descriptors validated - * @param validator validator used to validate a descriptor. - */ - public void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator); + void checkArray(ObjectInputStream ois, Class arrayType, int arrayLength) + throws InvalidClassException; } diff --git a/src/java.base/share/classes/jdk/internal/misc/ObjectStreamClassValidator.java b/src/java.base/share/classes/jdk/internal/misc/ObjectStreamClassValidator.java deleted file mode 100644 index 2b543a30721..00000000000 --- a/src/java.base/share/classes/jdk/internal/misc/ObjectStreamClassValidator.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ -package jdk.internal.misc; - -import java.io.ObjectStreamClass; - -/** - * A callback used by {@code ObjectInputStream} to do descriptor validation. - * - * @author sjiang - */ -public interface ObjectStreamClassValidator { - /** - * This method will be called by ObjectInputStream to - * check a descriptor just before creating an object described by this descriptor. - * The object will not be created if this method throws a {@code RuntimeException}. - * @param descriptor descriptor to be checked. - */ - public void validateDescriptor(ObjectStreamClass descriptor); -} diff --git a/test/jdk/java/io/Serializable/serialFilter/SerialFilterTest.java b/test/jdk/java/io/Serializable/serialFilter/SerialFilterTest.java index 5ce44eba568..362df997675 100644 --- a/test/jdk/java/io/Serializable/serialFilter/SerialFilterTest.java +++ b/test/jdk/java/io/Serializable/serialFilter/SerialFilterTest.java @@ -36,9 +36,11 @@ import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Proxy; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.HashSet; import java.util.Hashtable; import java.util.List; +import java.util.Map; import java.util.concurrent.atomic.LongAdder; import javax.net.ssl.SSLEngineResult; @@ -165,6 +167,11 @@ public class SerialFilterTest implements Serializable { interfaces, (p, m, args) -> p); Runnable runnable = (Runnable & Serializable) SerialFilterTest::noop; + + List> classList = new ArrayList<>(); + classList.add(HashSet.class); + classList.addAll(Collections.nCopies(21, Map.Entry[].class)); + Object[][] objects = { { null, 0, -1, 0, 0, 0, Arrays.asList()}, // no callback, no values @@ -184,8 +191,7 @@ public class SerialFilterTest implements Serializable { objArray.getClass(), SerialFilterTest.class, java.lang.invoke.SerializedLambda.class)}, - { deepHashSet(10), 48, -1, 50, 11, 619, - Arrays.asList(HashSet.class)}, + { deepHashSet(10), 69, 4, 50, 11, 619, classList }, { proxy.getClass(), 3, -1, 2, 2, 112, Arrays.asList(Runnable.class, java.lang.reflect.Proxy.class, From 8d9060c1a6137b33b9320273504ec994eb09d0bd Mon Sep 17 00:00:00 2001 From: Sreeprakash Sreedharan Date: Mon, 14 Aug 2017 15:32:25 +0530 Subject: [PATCH 25/26] 8184937: LCMS error 13: Couldn't link the profiles Reviewed-by: prr --- src/java.desktop/share/native/liblcms/cmstypes.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/java.desktop/share/native/liblcms/cmstypes.c b/src/java.desktop/share/native/liblcms/cmstypes.c index 95fe4d1a5a6..ebf81c83b39 100644 --- a/src/java.desktop/share/native/liblcms/cmstypes.c +++ b/src/java.desktop/share/native/liblcms/cmstypes.c @@ -4464,12 +4464,6 @@ void *Type_MPE_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU if (!_cmsReadUInt32Number(io, &ElementCount)) goto Error; if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) goto Error; - if (!ReadPositionTable(self, io, ElementCount, BaseOffset, NewLUT, ReadMPEElem)) { - if (NewLUT != NULL) cmsPipelineFree(NewLUT); - *nItems = 0; - return NULL; - } - // Success *nItems = 1; return NewLUT; From 65db4f42d021444a7cff0f83a86a407a41b16da5 Mon Sep 17 00:00:00 2001 From: Jesper Wilhelmsson Date: Thu, 14 Sep 2017 22:57:36 +0200 Subject: [PATCH 26/26] 8187556: Backout of a fix reintroduced a dependency that had since been removed Reviewed-by: duke --- .../classes/java/io/ObjectInputStream.java | 20 -- .../jmx/remote/internal/rmi/RMIExporter.java | 6 +- .../remote/rmi/RMIConnectorServer.java | 59 +++- .../remote/rmi/RMIJRMPServerImpl.java | 163 ++++----- .../sun/rmi/server/MarshalInputStream.java | 36 -- .../sun/rmi/server/UnicastServerRef.java | 90 +---- .../jmxremote/ConnectorBootstrap.java | 34 +- .../share/conf/management.properties | 39 ++ .../connection/DefaultAgentFilterTest.java | 333 ++++++++++++++++++ .../connection/NewRMIClientFilterTest.java | 147 ++++++++ .../mandatory/connection/mgmt1.properties | 38 ++ .../mandatory/connection/mgmt2.properties | 38 ++ .../connectorServer/RMIExporterTest.java | 6 +- 13 files changed, 755 insertions(+), 254 deletions(-) create mode 100644 test/jdk/javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java create mode 100644 test/jdk/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java create mode 100644 test/jdk/javax/management/remote/mandatory/connection/mgmt1.properties create mode 100644 test/jdk/javax/management/remote/mandatory/connection/mgmt2.properties diff --git a/src/java.base/share/classes/java/io/ObjectInputStream.java b/src/java.base/share/classes/java/io/ObjectInputStream.java index f3d6925c185..359305d8d81 100644 --- a/src/java.base/share/classes/java/io/ObjectInputStream.java +++ b/src/java.base/share/classes/java/io/ObjectInputStream.java @@ -44,7 +44,6 @@ import java.util.concurrent.ConcurrentMap; import static java.io.ObjectStreamClass.processQueue; -import jdk.internal.misc.ObjectStreamClassValidator; import jdk.internal.misc.SharedSecrets; import jdk.internal.misc.Unsafe; import sun.reflect.misc.ReflectUtil; @@ -1767,9 +1766,6 @@ public class ObjectInputStream throw new StreamCorruptedException( String.format("invalid type code: %02X", tc)); } - if (descriptor != null) { - validateDescriptor(descriptor); - } return descriptor; } @@ -4013,20 +4009,4 @@ public class ObjectInputStream SharedSecrets.setJavaObjectInputStreamAccess(ObjectInputStream::checkArray); } - private void validateDescriptor(ObjectStreamClass descriptor) { - ObjectStreamClassValidator validating = validator; - if (validating != null) { - validating.validateDescriptor(descriptor); - } - } - - // controlled access to ObjectStreamClassValidator - private volatile ObjectStreamClassValidator validator; - - private static void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) { - ois.validator = validator; - } - static { - SharedSecrets.setJavaObjectInputStreamAccess(ObjectInputStream::setValidator); - } } diff --git a/src/java.management.rmi/share/classes/com/sun/jmx/remote/internal/rmi/RMIExporter.java b/src/java.management.rmi/share/classes/com/sun/jmx/remote/internal/rmi/RMIExporter.java index cd292850a2b..333c8f4a735 100644 --- a/src/java.management.rmi/share/classes/com/sun/jmx/remote/internal/rmi/RMIExporter.java +++ b/src/java.management.rmi/share/classes/com/sun/jmx/remote/internal/rmi/RMIExporter.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,7 @@ package com.sun.jmx.remote.internal.rmi; +import java.io.ObjectInputFilter; import java.rmi.NoSuchObjectException; import java.rmi.Remote; import java.rmi.RemoteException; @@ -51,7 +52,8 @@ public interface RMIExporter { public Remote exportObject(Remote obj, int port, RMIClientSocketFactory csf, - RMIServerSocketFactory ssf) + RMIServerSocketFactory ssf, + ObjectInputFilter filter) throws RemoteException; public boolean unexportObject(Remote obj, boolean force) diff --git a/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectorServer.java b/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectorServer.java index a71bef5b403..0cda57065f7 100644 --- a/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectorServer.java +++ b/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectorServer.java @@ -32,6 +32,7 @@ import com.sun.jmx.remote.util.EnvHelp; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.io.ObjectInputFilter; import java.io.ObjectOutputStream; import java.net.MalformedURLException; import java.rmi.server.RMIClientSocketFactory; @@ -101,19 +102,59 @@ public class RMIConnectorServer extends JMXConnectorServer { "jmx.remote.rmi.server.socket.factory"; /** - * Name of the attribute that specifies a list of class names acceptable - * as parameters to the {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()} + * Name of the attribute that specifies an + * {@link ObjectInputFilter} pattern string to filter classes acceptable + * for {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()} * remote method call. *

- * This list of classes should correspond to the transitive closure of the - * credentials class (or classes) used by the installed {@linkplain JMXAuthenticator} - * associated with the {@linkplain RMIServer} implementation. + * The filter pattern must be in same format as used in + * {@link java.io.ObjectInputFilter.Config#createFilter} *

- * If the attribute is not set, or is null, then any class is - * deemed acceptable. + * This list of classes allowed by filter should correspond to the + * transitive closure of the credentials class (or classes) used by the + * installed {@linkplain JMXAuthenticator} associated with the + * {@linkplain RMIServer} implementation. + * If the attribute is not set then any class is deemed acceptable. + * @see ObjectInputFilter */ - public static final String CREDENTIAL_TYPES = - "jmx.remote.rmi.server.credential.types"; + public static final String CREDENTIALS_FILTER_PATTERN = + "jmx.remote.rmi.server.credentials.filter.pattern"; + + /** + * This attribute defines a pattern from which to create a + * {@link java.io.ObjectInputFilter} that will be used when deserializing + * objects sent to the {@code JMXConnectorServer} by any client. + *

+ * The filter will be called for any class found in the serialized + * stream sent to server by client, including all JMX defined classes + * (such as {@link javax.management.ObjectName}), all method parameters, + * and, if present in the stream, all classes transitively referred by + * the serial form of any deserialized object. + * The pattern must be in same format as used in + * {@link java.io.ObjectInputFilter.Config#createFilter}. + * It may define a white list of permitted classes, a black list of + * rejected classes, a maximum depth for the deserialized objects, + * etc. + *

+ * To be functional, the filter should allow at least all the + * concrete types in the transitive closure of all objects that + * might get serialized when serializing all JMX classes referred + * as parameters in the {@link + * javax.management.remote.rmi.RMIConnection} interface, + * plus all classes that a {@link javax.management.remote.rmi.RMIConnector client} + * might need to transmit wrapped in {@linkplain java.rmi.MarshalledObject + * marshalled objects} in order to interoperate with the MBeans registered + * in the {@code MBeanServer}. That would potentially include all the + * concrete {@linkplain javax.management.openmbean JMX OpenTypes} and the + * classes they use in their serial form. + *

+ * Care must be taken when defining such a filter, as defining + * a white list too restrictive or a too wide a black list may + * prevent legitimate clients from interoperating with the + * {@code JMXConnectorServer}. + */ + public static final String SERIAL_FILTER_PATTERN = + "jmx.remote.rmi.server.serial.filter.pattern"; /** *

Makes an RMIConnectorServer. diff --git a/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java b/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java index 8bcbe1919ad..e6787692ee7 100644 --- a/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java +++ b/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java @@ -26,6 +26,7 @@ package javax.management.remote.rmi; import java.io.IOException; +import java.io.ObjectInputFilter; import java.rmi.NoSuchObjectException; import java.rmi.Remote; import java.rmi.RemoteException; @@ -39,15 +40,13 @@ import javax.security.auth.Subject; import com.sun.jmx.remote.internal.rmi.RMIExporter; import com.sun.jmx.remote.util.EnvHelp; -import java.io.ObjectStreamClass; -import java.lang.reflect.Method; -import java.util.ArrayList; import java.util.Arrays; -import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; import sun.reflect.misc.ReflectUtil; -import sun.rmi.server.DeserializationChecker; import sun.rmi.server.UnicastServerRef; import sun.rmi.server.UnicastServerRef2; +import sun.rmi.transport.LiveRef; /** *

An {@link RMIServer} object that is exported through JRMP and that @@ -60,8 +59,6 @@ import sun.rmi.server.UnicastServerRef2; */ public class RMIJRMPServerImpl extends RMIServerImpl { - private final ExportedWrapper exportedWrapper; - /** *

Creates a new {@link RMIServer} object that will be exported * on the given port using the given socket factories.

@@ -100,33 +97,48 @@ public class RMIJRMPServerImpl extends RMIServerImpl { this.ssf = ssf; this.env = (env == null) ? Collections.emptyMap() : env; + // This attribute was represented by RMIConnectorServer.CREDENTIALS_TYPES. + // This attribute is superceded by + // RMIConnectorServer.CREDENTIALS_FILTER_PATTERN. + // Retaining this for backward compatibility. String[] credentialsTypes - = (String[]) this.env.get(RMIConnectorServer.CREDENTIAL_TYPES); - List types = null; - if (credentialsTypes != null) { - types = new ArrayList<>(); - for (String type : credentialsTypes) { - if (type == null) { - throw new IllegalArgumentException("A credential type is null."); - } - ReflectUtil.checkPackageAccess(type); - types.add(type); - } + = (String[]) this.env.get("jmx.remote.rmi.server.credential.types"); + + String credentialsFilter + = (String) this.env.get(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN); + + // It is impossible for both attributes to be specified + if(credentialsTypes != null && credentialsFilter != null) + throw new IllegalArgumentException("Cannot specify both \"" + + "jmx.remote.rmi.server.credential.types" + "\" and \"" + + RMIConnectorServer.CREDENTIALS_FILTER_PATTERN + "\""); + else if(credentialsFilter != null){ + cFilter = ObjectInputFilter.Config.createFilter(credentialsFilter); + allowedTypes = null; } - exportedWrapper = types != null ? - new ExportedWrapper(this, types) : - null; + else if (credentialsTypes != null) { + allowedTypes = Arrays.stream(credentialsTypes).filter( + s -> s!= null).collect(Collectors.toSet()); + allowedTypes.stream().forEach(ReflectUtil::checkPackageAccess); + cFilter = this::newClientCheckInput; + } else { + allowedTypes = null; + cFilter = null; + } + + String userJmxFilter = + (String) this.env.get(RMIConnectorServer.SERIAL_FILTER_PATTERN); + if(userJmxFilter != null && !userJmxFilter.isEmpty()) + jmxRmiFilter = ObjectInputFilter.Config.createFilter(userJmxFilter); + else + jmxRmiFilter = null; } protected void export() throws IOException { - if (exportedWrapper != null) { - export(exportedWrapper); - } else { - export(this); - } + export(this, cFilter); } - private void export(Remote obj) throws RemoteException { + private void export(Remote obj, ObjectInputFilter typeFilter) throws RemoteException { final RMIExporter exporter = (RMIExporter) env.get(RMIExporter.EXPORTER_ATTRIBUTE); final boolean daemon = EnvHelp.isServerDaemon(env); @@ -137,16 +149,14 @@ public class RMIJRMPServerImpl extends RMIServerImpl { " cannot be used to specify an exporter!"); } - if (daemon) { - if (csf == null && ssf == null) { - new UnicastServerRef(port).exportObject(obj, null, true); - } else { - new UnicastServerRef2(port, csf, ssf).exportObject(obj, null, true); - } - } else if (exporter != null) { - exporter.exportObject(obj, port, csf, ssf); + if (exporter != null) { + exporter.exportObject(obj, port, csf, ssf, typeFilter); } else { - UnicastRemoteObject.exportObject(obj, port, csf, ssf); + if (csf == null && ssf == null) { + new UnicastServerRef(new LiveRef(port), typeFilter).exportObject(obj, null, daemon); + } else { + new UnicastServerRef2(port, csf, ssf, typeFilter).exportObject(obj, null, daemon); + } } } @@ -173,11 +183,7 @@ public class RMIJRMPServerImpl extends RMIServerImpl { * RMIJRMPServerImpl has not been exported yet. */ public Remote toStub() throws IOException { - if (exportedWrapper != null) { - return RemoteObject.toStub(exportedWrapper); - } else { - return RemoteObject.toStub(this); - } + return RemoteObject.toStub(this); } /** @@ -207,7 +213,7 @@ public class RMIJRMPServerImpl extends RMIServerImpl { RMIConnection client = new RMIConnectionImpl(this, connectionId, getDefaultClassLoader(), subject, env); - export(client); + export(client, jmxRmiFilter); return client; } @@ -224,56 +230,39 @@ public class RMIJRMPServerImpl extends RMIServerImpl { * server failed. */ protected void closeServer() throws IOException { - if (exportedWrapper != null) { - unexport(exportedWrapper, true); - } else { - unexport(this, true); + unexport(this, true); + } + + /** + * Check that a type in the remote invocation of {@link RMIServerImpl#newClient} + * is one of the {@code allowedTypes}. + * + * @param clazz the class; may be null + * @param size the size for arrays, otherwise is 0 + * @param nObjectRefs the current number of object references + * @param depth the current depth + * @param streamBytes the current number of bytes consumed + * @return {@code ObjectInputFilter.Status.ALLOWED} if the class is allowed, + * otherwise {@code ObjectInputFilter.Status.REJECTED} + */ + ObjectInputFilter.Status newClientCheckInput(ObjectInputFilter.FilterInfo filterInfo) { + ObjectInputFilter.Status status = ObjectInputFilter.Status.UNDECIDED; + if (allowedTypes != null && filterInfo.serialClass() != null) { + // If enabled, check type + String type = filterInfo.serialClass().getName(); + if (allowedTypes.contains(type)) + status = ObjectInputFilter.Status.ALLOWED; + else + status = ObjectInputFilter.Status.REJECTED; } + return status; } private final int port; private final RMIClientSocketFactory csf; private final RMIServerSocketFactory ssf; private final Map env; - - private static class ExportedWrapper implements RMIServer, DeserializationChecker { - private final RMIServer impl; - private final List allowedTypes; - - private ExportedWrapper(RMIServer impl, List credentialsTypes) { - this.impl = impl; - allowedTypes = credentialsTypes; - } - - @Override - public String getVersion() throws RemoteException { - return impl.getVersion(); - } - - @Override - public RMIConnection newClient(Object credentials) throws IOException { - return impl.newClient(credentials); - } - - @Override - public void check(Method method, ObjectStreamClass descriptor, - int paramIndex, int callID) { - String type = descriptor.getName(); - if (!allowedTypes.contains(type)) { - throw new ClassCastException("Unsupported type: " + type); - } - } - - @Override - public void checkProxyClass(Method method, String[] ifaces, - int paramIndex, int callID) { - if (ifaces != null && ifaces.length > 0) { - for (String iface : ifaces) { - if (!allowedTypes.contains(iface)) { - throw new ClassCastException("Unsupported type: " + iface); - } - } - } - } - } + private final Set allowedTypes; + private final ObjectInputFilter jmxRmiFilter; + private final ObjectInputFilter cFilter; } diff --git a/src/java.rmi/share/classes/sun/rmi/server/MarshalInputStream.java b/src/java.rmi/share/classes/sun/rmi/server/MarshalInputStream.java index 2944e5d0f13..d04e9292fd5 100644 --- a/src/java.rmi/share/classes/sun/rmi/server/MarshalInputStream.java +++ b/src/java.rmi/share/classes/sun/rmi/server/MarshalInputStream.java @@ -35,8 +35,6 @@ import java.security.AccessControlException; import java.security.Permission; import java.rmi.server.RMIClassLoader; import java.security.PrivilegedAction; -import jdk.internal.misc.ObjectStreamClassValidator; -import jdk.internal.misc.SharedSecrets; /** * MarshalInputStream is an extension of ObjectInputStream. When resolving @@ -54,11 +52,6 @@ import jdk.internal.misc.SharedSecrets; * @author Peter Jones */ public class MarshalInputStream extends ObjectInputStream { - interface StreamChecker extends ObjectStreamClassValidator { - void checkProxyInterfaceNames(String[] ifaces); - } - - private volatile StreamChecker streamChecker = null; /** * Value of "java.rmi.server.useCodebaseOnly" property, @@ -245,11 +238,6 @@ public class MarshalInputStream extends ObjectInputStream { protected Class resolveProxyClass(String[] interfaces) throws IOException, ClassNotFoundException { - StreamChecker checker = streamChecker; - if (checker != null) { - checker.checkProxyInterfaceNames(interfaces); - } - /* * Always read annotation written by MarshalOutputStream. */ @@ -330,28 +318,4 @@ public class MarshalInputStream extends ObjectInputStream { void useCodebaseOnly() { useCodebaseOnly = true; } - - synchronized void setStreamChecker(StreamChecker checker) { - streamChecker = checker; - SharedSecrets.getJavaObjectInputStreamAccess().setValidator(this, checker); - } - @Override - protected ObjectStreamClass readClassDescriptor() throws IOException, - ClassNotFoundException { - ObjectStreamClass descriptor = super.readClassDescriptor(); - - validateDesc(descriptor); - - return descriptor; - } - - private void validateDesc(ObjectStreamClass descriptor) { - StreamChecker checker; - synchronized (this) { - checker = streamChecker; - } - if (checker != null) { - checker.validateDescriptor(descriptor); - } - } } diff --git a/src/java.rmi/share/classes/sun/rmi/server/UnicastServerRef.java b/src/java.rmi/share/classes/sun/rmi/server/UnicastServerRef.java index f0a4e0f4e00..9dbaed70c59 100644 --- a/src/java.rmi/share/classes/sun/rmi/server/UnicastServerRef.java +++ b/src/java.rmi/share/classes/sun/rmi/server/UnicastServerRef.java @@ -30,7 +30,6 @@ import java.io.ObjectInput; import java.io.ObjectInputFilter; import java.io.ObjectInputStream; import java.io.ObjectOutput; -import java.io.ObjectStreamClass; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.rmi.AccessException; @@ -330,11 +329,16 @@ public class UnicastServerRef extends UnicastRef logCall(obj, method); // unmarshal parameters - Object[] params = null; + Class[] types = method.getParameterTypes(); + Object[] params = new Object[types.length]; try { unmarshalCustomCallData(in); - params = unmarshalParameters(obj, method, marshalStream); + // Unmarshal the parameters + for (int i = 0; i < types.length; i++) { + params[i] = unmarshalValue(types[i], in); + } + } catch (AccessException aex) { // For compatibility, AccessException is not wrapped in UnmarshalException // disable saving any refs in the inputStream for GC @@ -600,84 +604,4 @@ public class UnicastServerRef extends UnicastRef } } - /** - * Unmarshal parameters for the given method of the given instance over - * the given marshalinputstream. Perform any necessary checks. - */ - private Object[] unmarshalParameters(Object obj, Method method, MarshalInputStream in) - throws IOException, ClassNotFoundException { - return (obj instanceof DeserializationChecker) ? - unmarshalParametersChecked((DeserializationChecker)obj, method, in) : - unmarshalParametersUnchecked(method, in); - } - - /** - * Unmarshal parameters for the given method of the given instance over - * the given marshalinputstream. Do not perform any additional checks. - */ - private Object[] unmarshalParametersUnchecked(Method method, ObjectInput in) - throws IOException, ClassNotFoundException { - Class[] types = method.getParameterTypes(); - Object[] params = new Object[types.length]; - for (int i = 0; i < types.length; i++) { - params[i] = unmarshalValue(types[i], in); - } - return params; - } - - /** - * Unmarshal parameters for the given method of the given instance over - * the given marshalinputstream. Do perform all additional checks. - */ - private Object[] unmarshalParametersChecked( - DeserializationChecker checker, - Method method, MarshalInputStream in) - throws IOException, ClassNotFoundException { - int callID = methodCallIDCount.getAndIncrement(); - MyChecker myChecker = new MyChecker(checker, method, callID); - in.setStreamChecker(myChecker); - try { - Class[] types = method.getParameterTypes(); - Object[] values = new Object[types.length]; - for (int i = 0; i < types.length; i++) { - myChecker.setIndex(i); - values[i] = unmarshalValue(types[i], in); - } - myChecker.end(callID); - return values; - } finally { - in.setStreamChecker(null); - } - } - - private static class MyChecker implements MarshalInputStream.StreamChecker { - private final DeserializationChecker descriptorCheck; - private final Method method; - private final int callID; - private int parameterIndex; - - MyChecker(DeserializationChecker descriptorCheck, Method method, int callID) { - this.descriptorCheck = descriptorCheck; - this.method = method; - this.callID = callID; - } - - @Override - public void validateDescriptor(ObjectStreamClass descriptor) { - descriptorCheck.check(method, descriptor, parameterIndex, callID); - } - - @Override - public void checkProxyInterfaceNames(String[] ifaces) { - descriptorCheck.checkProxyClass(method, ifaces, parameterIndex, callID); - } - - void setIndex(int parameterIndex) { - this.parameterIndex = parameterIndex; - } - - void end(int callId) { - descriptorCheck.end(callId); - } - } } diff --git a/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java b/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java index 322b180eab4..dae6b95c8bf 100644 --- a/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java +++ b/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,7 +32,7 @@ import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; -import java.io.Serializable; +import java.io.ObjectInputFilter; import java.lang.management.ManagementFactory; import java.net.InetAddress; import java.net.MalformedURLException; @@ -45,14 +45,12 @@ import java.rmi.RemoteException; import java.rmi.registry.Registry; import java.rmi.server.RMIClientSocketFactory; import java.rmi.server.RMIServerSocketFactory; -import java.rmi.server.RMISocketFactory; import java.rmi.server.RemoteObject; import java.rmi.server.UnicastRemoteObject; import java.security.KeyStore; import java.security.Principal; import java.util.HashMap; import java.util.HashSet; -import java.util.Iterator; import java.util.Map; import java.util.Properties; import java.util.Set; @@ -84,6 +82,7 @@ import jdk.internal.agent.FileSystem; import sun.rmi.server.UnicastRef; import sun.rmi.server.UnicastServerRef; import sun.rmi.server.UnicastServerRef2; +import sun.rmi.transport.LiveRef; /** * This class initializes and starts the RMIConnectorServer for JSR 163 @@ -142,6 +141,8 @@ public final class ConnectorBootstrap { "com.sun.management.jmxremote.ssl.need.client.auth"; public static final String SSL_CONFIG_FILE_NAME = "com.sun.management.jmxremote.ssl.config.file"; + public static final String SERIAL_FILTER_PATTERN = + "com.sun.management.jmxremote.serial.filter.pattern"; } /** @@ -182,7 +183,8 @@ public final class ConnectorBootstrap { public Remote exportObject(Remote obj, int port, RMIClientSocketFactory csf, - RMIServerSocketFactory ssf) + RMIServerSocketFactory ssf, + ObjectInputFilter filter) throws RemoteException { synchronized (this) { @@ -193,9 +195,9 @@ public final class ConnectorBootstrap { final UnicastServerRef ref; if (csf == null && ssf == null) { - ref = new UnicastServerRef(port); + ref = new UnicastServerRef(new LiveRef(port), filter); } else { - ref = new UnicastServerRef2(port, csf, ssf); + ref = new UnicastServerRef2(port, csf, ssf, filter); } return ref.exportObject(obj, null, true); } @@ -435,6 +437,7 @@ public final class ConnectorBootstrap { final String bindAddress = props.getProperty(PropertyNames.HOST); + final String jmxRmiFilter = props.getProperty(PropertyNames.SERIAL_FILTER_PATTERN); if (logger.isLoggable(Level.DEBUG)) { logger.log(Level.DEBUG, "startRemoteConnectorServer", @@ -471,7 +474,7 @@ public final class ConnectorBootstrap { sslConfigFileName, enabledCipherSuitesList, enabledProtocolsList, sslNeedClientAuth, useAuthentication, loginConfigName, - passwordFileName, accessFileName, bindAddress); + passwordFileName, accessFileName, bindAddress, jmxRmiFilter); cs = data.jmxConnectorServer; url = data.jmxRemoteURL; config("startRemoteConnectorServer", @@ -511,9 +514,7 @@ public final class ConnectorBootstrap { // This RMI server should not keep the VM alive Map env = new HashMap<>(); env.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter()); - env.put(RMIConnectorServer.CREDENTIAL_TYPES, new String[]{ - String[].class.getName(), String.class.getName() - }); + env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, String.class.getName() + ";!*"); // The local connector server need only be available via the // loopback connection. @@ -729,7 +730,8 @@ public final class ConnectorBootstrap { String loginConfigName, String passwordFileName, String accessFileName, - String bindAddress) + String bindAddress, + String jmxRmiFilter) throws IOException, MalformedURLException { /* Make sure we use non-guessable RMI object IDs. Otherwise @@ -744,9 +746,11 @@ public final class ConnectorBootstrap { PermanentExporter exporter = new PermanentExporter(); env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter); - env.put(RMIConnectorServer.CREDENTIAL_TYPES, new String[]{ - String[].class.getName(), String.class.getName() - }); + env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, String.class.getName() + ";!*"); + + if(jmxRmiFilter != null && !jmxRmiFilter.isEmpty()) { + env.put(RMIConnectorServer.SERIAL_FILTER_PATTERN, jmxRmiFilter); + } boolean useSocketFactory = bindAddress != null && !useSsl; diff --git a/src/jdk.management.agent/share/conf/management.properties b/src/jdk.management.agent/share/conf/management.properties index 02401d78bec..3bf88daf630 100644 --- a/src/jdk.management.agent/share/conf/management.properties +++ b/src/jdk.management.agent/share/conf/management.properties @@ -329,3 +329,42 @@ # The format of the value for that property is any string accepted # by java.net.InetAddress.getByName(String). # + +# ################ Filter for ObjectInputStream ############################# +# com.sun.management.jmxremote.serial.filter.pattern= +# A filter, if configured, is used by java.io.ObjectInputStream during +# deserialization of parameters sent to the JMX default agent to validate the +# contents of the stream. +# A filter is configured as a sequence of patterns, each pattern is either +# matched against the name of a class in the stream or defines a limit. +# Patterns are separated by ";" (semicolon). +# Whitespace is significant and is considered part of the pattern. +# +# If a pattern includes a "=", it sets a limit. +# If a limit appears more than once the last value is used. +# Limits are checked before classes regardless of the order in the sequence of patterns. +# If any of the limits are exceeded, the filter status is REJECTED. +# +# maxdepth=value - the maximum depth of a graph +# maxrefs=value - the maximum number of internal references +# maxbytes=value - the maximum number of bytes in the input stream +# maxarray=value - the maximum array length allowed +# +# Other patterns, from left to right, match the class or package name as +# returned from Class.getName. +# If the class is an array type, the class or package to be matched is the element type. +# Arrays of any number of dimensions are treated the same as the element type. +# For example, a pattern of "!example.Foo", rejects creation of any instance or +# array of example.Foo. +# +# If the pattern starts with "!", the status is REJECTED if the remaining pattern +# is matched; otherwise the status is ALLOWED if the pattern matches. +# If the pattern contains "/", the non-empty prefix up to the "/" is the module name; +# if the module name matches the module name of the class then +# the remaining pattern is matched with the class name. +# If there is no "/", the module name is not compared. +# If the pattern ends with ".**" it matches any class in the package and all subpackages. +# If the pattern ends with ".*" it matches any class in the package. +# If the pattern ends with "*", it matches any class with the pattern as a prefix. +# If the pattern is equal to the class name, it matches. +# Otherwise, the status is UNDECIDED. diff --git a/test/jdk/javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java b/test/jdk/javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java new file mode 100644 index 00000000000..42165452147 --- /dev/null +++ b/test/jdk/javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java @@ -0,0 +1,333 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + + /* + * @test + * @bug 8159377 + * @library /lib/testlibrary + * @summary Tests ObjectFilter on default agent + * @author Harsha Wardhana B + * @modules java.management + * @build jdk.testlibrary.* DefaultAgentFilterTest + * @run main/othervm/timeout=600 -XX:+UsePerfData DefaultAgentFilterTest + */ +import java.io.EOFException; +import java.io.File; +import java.io.IOException; +import java.io.InvalidClassException; +import java.io.Serializable; +import java.lang.reflect.InvocationTargetException; +import java.net.BindException; +import java.rmi.UnmarshalException; +import java.rmi.registry.LocateRegistry; +import java.rmi.registry.Registry; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.concurrent.atomic.AtomicBoolean; +import javax.management.MBeanServerConnection; +import javax.management.ObjectName; +import javax.management.remote.JMXConnector; +import javax.management.remote.JMXConnectorFactory; +import javax.management.remote.JMXServiceURL; + +import jdk.testlibrary.ProcessTools; +import jdk.testlibrary.Utils; + +public class DefaultAgentFilterTest { + + public static class MyTestObject implements Serializable { + + String a; + int id; + } + + public interface TestMBean { + + public void op1(HashSet params); + + public void op2(String s, HashSet params); + + public void op3(MyTestObject obj, String s, HashMap param); + } + + public static class Test implements TestMBean { + + @Override + public void op1(HashSet params) { + System.out.println("Invoked op1"); + } + + @Override + public void op2(String s, HashSet params) { + System.out.println("Invoked op2"); + } + + @Override + public void op3(MyTestObject obj, String s, HashMap param) { + System.out.println("Invoked op3"); + } + } + + private static class TestAppRun implements AutoCloseable { + + private Process p; + private final ProcessBuilder pb; + private final String name; + private final AtomicBoolean started = new AtomicBoolean(false); + private volatile long pid = -1; + + public TestAppRun(ProcessBuilder pb, String name) { + this.pb = pb; + this.name = name; + } + + public synchronized void start() throws Exception { + if (started.compareAndSet(false, true)) { + try { + AtomicBoolean error = new AtomicBoolean(false); + AtomicBoolean bindError = new AtomicBoolean(false); + p = ProcessTools.startProcess( + TEST_APP_NAME + "{" + name + "}", + pb, + (line) -> { + if (line.toLowerCase().contains("exception") + || line.toLowerCase().contains("error")) { + error.set(true); + } + bindError.set(line.toLowerCase().contains("bindexception")); + return true; + }); + if (bindError.get()) { + throw new BindException("Process could not be started"); + } else if (error.get()) { + throw new RuntimeException(); + } + pid = p.pid(); + } catch (Exception ex) { + if (p != null) { + p.destroy(); + p.waitFor(); + } + throw ex; + } + } + } + + public long getPid() { + return pid; + } + + public synchronized void stop() + throws IOException, InterruptedException { + if (started.compareAndSet(true, false)) { + p.getOutputStream().write(0); + p.getOutputStream().flush(); + int ec = p.waitFor(); + if (ec != 0) { + StringBuilder msg = new StringBuilder(); + msg.append("Test application '").append(name); + msg.append("' failed with exit code: "); + msg.append(ec); + System.err.println(msg); + } + } + } + + @Override + public void close() throws Exception { + stop(); + } + } + + private static final String TEST_APP_NAME = "TestApp"; + + private static void testDefaultAgent(String propertyFile) throws Exception { + int port = Utils.getFreePort(); + String propFile = System.getProperty("test.src") + File.separator + propertyFile; + List pbArgs = new ArrayList<>(Arrays.asList( + "-cp", + System.getProperty("test.class.path"), + "-XX:+UsePerfData" + )); + String[] args = new String[]{ + "-Dcom.sun.management.jmxremote.port=" + port, + "-Dcom.sun.management.jmxremote.authenticate=false", + "-Dcom.sun.management.jmxremote.ssl=false", + "-Dcom.sun.management.config.file=" + propFile + }; + pbArgs.addAll(Arrays.asList(args)); + pbArgs.add(TEST_APP_NAME); + + ProcessBuilder pb = ProcessTools.createJavaProcessBuilder( + pbArgs.toArray(new String[pbArgs.size()]) + ); + + try (TestAppRun s = new TestAppRun(pb, DefaultAgentFilterTest.class.getSimpleName())) { + s.start(); + JMXServiceURL url = testConnect(port); + testMBeanOperations(url); + } + } + + private static JMXServiceURL testConnect(int port) throws Exception { + EOFException lastException = null; + JMXServiceURL url = null; + // factor adjusted timeout (5 seconds) for the RMI to become available + long timeout = System.currentTimeMillis() + Utils.adjustTimeout(5000); + do { + lastException = null; + try { + Registry registry = LocateRegistry.getRegistry(port); + String[] relist = registry.list(); + for (int i = 0; i < relist.length; ++i) { + System.out.println("Got registry: " + relist[i]); + } + String jmxUrlStr = String.format( + "service:jmx:rmi:///jndi/rmi://localhost:%d/jmxrmi", + port); + url = new JMXServiceURL(jmxUrlStr); + + try (JMXConnector c = JMXConnectorFactory.connect(url, null)) { + MBeanServerConnection conn = c.getMBeanServerConnection(); + ObjectName name = new ObjectName("jtreg:type=Test"); + conn.createMBean(Test.class.getName(), name); + } + } catch (Exception ex) { + if (ex instanceof EOFException) { + lastException = (EOFException) ex; + System.out.println("Error establishing RMI connection. Retrying in 500ms."); + Thread.sleep(500); + } else { + throw ex; + } + } + } while (lastException != null && System.currentTimeMillis() < timeout); + if (lastException != null) { + throw lastException; + } + return url; + } + + public static void main(String[] args) throws Exception { + System.out.println("---" + DefaultAgentFilterTest.class.getName() + "-main: starting ..."); + + boolean retry = false; + do { + try { + // blacklist String + testDefaultAgent("mgmt1.properties"); + System.out.println("----\tTest FAILED !!"); + throw new RuntimeException("---" + DefaultAgentFilterTest.class.getName() + " - No exception reported"); + } catch (Exception ex) { + if (ex instanceof InvocationTargetException) { + if (ex.getCause() instanceof BindException + || ex.getCause() instanceof java.rmi.ConnectException) { + System.out.println("Failed to allocate ports. Retrying ..."); + retry = true; + } + } else if (ex instanceof InvalidClassException) { + System.out.println("----\tTest PASSED !!"); + } else if (ex instanceof UnmarshalException + && ((UnmarshalException) ex).getCause() instanceof InvalidClassException) { + System.out.println("----\tTest PASSED !!"); + } else { + System.out.println(ex); + System.out.println("----\tTest FAILED !!"); + throw ex; + } + } + } while (retry); + retry = false; + do { + try { + // blacklist non-existent class + testDefaultAgent("mgmt2.properties"); + System.out.println("----\tTest PASSED !!"); + } catch (Exception ex) { + if (ex instanceof InvocationTargetException) { + if (ex.getCause() instanceof BindException + || ex.getCause() instanceof java.rmi.ConnectException) { + System.out.println("Failed to allocate ports. Retrying ..."); + retry = true; + } + } else { + System.out.println(ex); + System.out.println("----\tTest FAILED !!"); + throw ex; + } + } + } while (retry); + + System.out.println("---" + DefaultAgentFilterTest.class.getName() + "-main: finished ..."); + } + + private static void testMBeanOperations(JMXServiceURL serverUrl) throws Exception { + Map clientEnv = new HashMap<>(1); + ObjectName name = new ObjectName("jtreg:type=Test"); + try (JMXConnector client = JMXConnectorFactory.connect(serverUrl, clientEnv)) { + MBeanServerConnection conn = client.getMBeanServerConnection(); + + HashSet set = new HashSet<>(); + set.add("test1"); + set.add("test2"); + + String a = "A"; + + Object[] params1 = {set}; + String[] sig1 = {HashSet.class.getName()}; + conn.invoke(name, "op1", params1, sig1); + + Object[] params2 = {a, set}; + String[] sig2 = {String.class.getName(), HashSet.class.getName()}; + conn.invoke(name, "op2", params2, sig2); + + HashMap map = new HashMap<>(); + map.put("a", "A"); + map.put("b", "B"); + + Object[] params3 = {new MyTestObject(), a, map}; + String[] sig3 = {MyTestObject.class.getName(), String.class.getName(), + HashMap.class.getName()}; + conn.invoke(name, "op3", params3, sig3); + } + } +} + +class TestApp { + + private static void doSomething() throws IOException { + int r = System.in.read(); + System.out.println("read: " + r); + } + + public static void main(String args[]) throws Exception { + System.out.println("main enter"); + System.out.flush(); + doSomething(); + System.out.println("main exit"); + } +} diff --git a/test/jdk/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java b/test/jdk/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java new file mode 100644 index 00000000000..78ae27bb64e --- /dev/null +++ b/test/jdk/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java @@ -0,0 +1,147 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + + /* + * @test + * @bug 8159377 + * @summary Tests ObjectInputFilter on RMIServer.newClient + * @author Harsha Wardhana B + * @modules java.management + * @run clean NewRMIClientFilterTest + * @run build NewRMIClientFilterTest + * @run main NewRMIClientFilterTest + */ +import java.io.InvalidClassException; +import java.io.Serializable; +import java.lang.management.ManagementFactory; +import java.util.HashMap; +import java.util.Map; +import javax.management.remote.JMXConnector; +import javax.management.remote.JMXConnectorFactory; +import javax.management.remote.JMXConnectorServer; +import javax.management.remote.JMXConnectorServerFactory; +import javax.management.remote.JMXServiceURL; +import javax.management.remote.rmi.RMIConnectorServer; + +public class NewRMIClientFilterTest { + + public static void main(String[] args) throws Exception { + System.out.println("---NewRMIClientFilterTest-main: starting ..."); + String filter1 = java.lang.String.class.getName() + ";!*"; + String filter2 = java.lang.String.class.getName() + ";" + MyCredentials.class.getName() + ";!*"; + + JMXServiceURL url = new JMXServiceURL("rmi", null, 0); + JMXServiceURL serverUrl = null; + Map env = new HashMap<>(1); + JMXConnectorServer server = null; + + System.out.println("\n---NewRMIClientFilterTest-main: testing types = null"); + server = newServer(url, null); + serverUrl = server.getAddress(); + doTest(serverUrl, null); + doTest(serverUrl, new String[]{"toto", "titi"}); + doTest(serverUrl, new Object[]{new MyCredentials(), "toto"}); + server.stop(); + + System.out.println("\n---NewRMIClientFilterTest-main: testing types = String[]"); + env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, + filter1); + server = newServer(url, env); + serverUrl = server.getAddress(); + doTest(serverUrl, null); + doTest(serverUrl, new String[]{"toto", "titi"}); + try { + doTest(serverUrl, new MyCredentials()); + throw new Error("Bad client is not refused!"); + } catch (Exception e) { + isInvalidClassEx(e); + } finally { + server.stop(); + } + + System.out.println("\n---NewRMIClientFilterTest-main: testing user specific types = String, MyCredentials"); + env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, + filter2); + server = newServer(url, env); + serverUrl = server.getAddress(); + doTest(serverUrl, null); + doTest(serverUrl, new String[]{"toto", "titi"}); + doTest(serverUrl, new MyCredentials[]{new MyCredentials(), (MyCredentials) null}); + try { + doTest(serverUrl, new Object[]{"toto", new byte[3]}); + throw new Error("Bad client is not refused!"); + } catch (Exception e) { + isInvalidClassEx(e); + } finally { + server.stop(); + } + + System.out.println("---NewRMIClientFilterTest-main PASSED!!!"); + } + + private static void doTest(JMXServiceURL serverAddr, Object credentials) throws Exception { + System.out.println("---NewRMIClientFilterTest-test:\n\tserver address: " + + serverAddr + "\n\tcredentials: " + credentials); + + Map env = new HashMap<>(1); + env.put("jmx.remote.credentials", credentials); + JMXConnector client = null; + try { + client = JMXConnectorFactory.connect(serverAddr, env); + client.getMBeanServerConnection().getDefaultDomain(); + } finally { + try { + client.close(); + } catch (Exception e) { + } + } + System.out.println("---NewRMIClientFilterTest-test: PASSED!"); + } + + private static JMXConnectorServer newServer(JMXServiceURL url, Map env) + throws Exception { + JMXConnectorServer server = JMXConnectorServerFactory.newJMXConnectorServer( + url, + env, + ManagementFactory.getPlatformMBeanServer()); + + server.start(); + return server; + } + + private static class MyCredentials implements Serializable { + } + + private static void isInvalidClassEx(Exception e) { + Throwable cause = e; + while (cause != null) { + if (cause instanceof InvalidClassException) { + System.out.println("---NewRMIClientFilterTest-InvalidClassException expected: " + cause); + return; + } + cause = cause.getCause(); + } + e.printStackTrace(); + throw new RuntimeException("Did not get expected InvalidClassException!"); + } +} diff --git a/test/jdk/javax/management/remote/mandatory/connection/mgmt1.properties b/test/jdk/javax/management/remote/mandatory/connection/mgmt1.properties new file mode 100644 index 00000000000..17f81fa2eca --- /dev/null +++ b/test/jdk/javax/management/remote/mandatory/connection/mgmt1.properties @@ -0,0 +1,38 @@ +# ################ Filter for ObjectInputStream ############################# +com.sun.management.jmxremote.serial.filter.pattern=!DefaultAgentFilterTest$MyTestObject +# A filter, if configured, is used by java.io.ObjectInputStream during +# deserialization of parameters sent to the JMX default agent to validate the +# contents of the stream. +# A filter is configured as a sequence of patterns, each pattern is either +# matched against the name of a class in the stream or defines a limit. +# Patterns are separated by ";" (semicolon). +# Whitespace is significant and is considered part of the pattern. +# +# If a pattern includes a "=", it sets a limit. +# If a limit appears more than once the last value is used. +# Limits are checked before classes regardless of the order in the sequence of patterns. +# If any of the limits are exceeded, the filter status is REJECTED. +# +# maxdepth=value - the maximum depth of a graph +# maxrefs=value - the maximum number of internal references +# maxbytes=value - the maximum number of bytes in the input stream +# maxarray=value - the maximum array length allowed +# +# Other patterns, from left to right, match the class or package name as +# returned from Class.getName. +# If the class is an array type, the class or package to be matched is the element type. +# Arrays of any number of dimensions are treated the same as the element type. +# For example, a pattern of "!example.Foo", rejects creation of any instance or +# array of example.Foo. +# +# If the pattern starts with "!", the status is REJECTED if the remaining pattern +# is matched; otherwise the status is ALLOWED if the pattern matches. +# If the pattern contains "/", the non-empty prefix up to the "/" is the module name; +# if the module name matches the module name of the class then +# the remaining pattern is matched with the class name. +# If there is no "/", the module name is not compared. +# If the pattern ends with ".**" it matches any class in the package and all subpackages. +# If the pattern ends with ".*" it matches any class in the package. +# If the pattern ends with "*", it matches any class with the pattern as a prefix. +# If the pattern is equal to the class name, it matches. +# Otherwise, the status is UNDECIDED. \ No newline at end of file diff --git a/test/jdk/javax/management/remote/mandatory/connection/mgmt2.properties b/test/jdk/javax/management/remote/mandatory/connection/mgmt2.properties new file mode 100644 index 00000000000..d29d746d92e --- /dev/null +++ b/test/jdk/javax/management/remote/mandatory/connection/mgmt2.properties @@ -0,0 +1,38 @@ +# ################ Filter for ObjectInputStream ############################# +com.sun.management.jmxremote.serial.filter.pattern=!DefaultAgentFilterTest$ThisTypeIsNotUsed +# A filter, if configured, is used by java.io.ObjectInputStream during +# deserialization of parameters sent to the JMX default agent to validate the +# contents of the stream. +# A filter is configured as a sequence of patterns, each pattern is either +# matched against the name of a class in the stream or defines a limit. +# Patterns are separated by ";" (semicolon). +# Whitespace is significant and is considered part of the pattern. +# +# If a pattern includes a "=", it sets a limit. +# If a limit appears more than once the last value is used. +# Limits are checked before classes regardless of the order in the sequence of patterns. +# If any of the limits are exceeded, the filter status is REJECTED. +# +# maxdepth=value - the maximum depth of a graph +# maxrefs=value - the maximum number of internal references +# maxbytes=value - the maximum number of bytes in the input stream +# maxarray=value - the maximum array length allowed +# +# Other patterns, from left to right, match the class or package name as +# returned from Class.getName. +# If the class is an array type, the class or package to be matched is the element type. +# Arrays of any number of dimensions are treated the same as the element type. +# For example, a pattern of "!example.Foo", rejects creation of any instance or +# array of example.Foo. +# +# If the pattern starts with "!", the status is REJECTED if the remaining pattern +# is matched; otherwise the status is ALLOWED if the pattern matches. +# If the pattern contains "/", the non-empty prefix up to the "/" is the module name; +# if the module name matches the module name of the class then +# the remaining pattern is matched with the class name. +# If there is no "/", the module name is not compared. +# If the pattern ends with ".**" it matches any class in the package and all subpackages. +# If the pattern ends with ".*" it matches any class in the package. +# If the pattern ends with "*", it matches any class with the pattern as a prefix. +# If the pattern is equal to the class name, it matches. +# Otherwise, the status is UNDECIDED. \ No newline at end of file diff --git a/test/jdk/javax/management/remote/mandatory/connectorServer/RMIExporterTest.java b/test/jdk/javax/management/remote/mandatory/connectorServer/RMIExporterTest.java index 3b010e38a13..5d79b06fd3a 100644 --- a/test/jdk/javax/management/remote/mandatory/connectorServer/RMIExporterTest.java +++ b/test/jdk/javax/management/remote/mandatory/connectorServer/RMIExporterTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -47,6 +47,7 @@ import javax.management.remote.JMXConnectorServer; import javax.management.remote.JMXConnectorServerFactory; import javax.management.remote.JMXServiceURL; import com.sun.jmx.remote.internal.rmi.RMIExporter; +import java.io.ObjectInputFilter; public class RMIExporterTest { @@ -60,7 +61,8 @@ public class RMIExporterTest { public Remote exportObject(Remote obj, int port, RMIClientSocketFactory csf, - RMIServerSocketFactory ssf) + RMIServerSocketFactory ssf, + ObjectInputFilter unused) throws RemoteException { System.out.println("CustomRMIExporter::exportObject():: " + "Remote = " + obj);