From e6e820c6474e3608abe4e08698097d06dda2900e Mon Sep 17 00:00:00 2001 From: Vinnie Ryan Date: Thu, 13 Oct 2011 12:00:51 +0100 Subject: [PATCH 01/15] 7099228: Use a PKCS11 config attribute to control encoding of an EC point Reviewed-by: valeriep, mullan --- .../classes/sun/security/pkcs11/Config.java | 11 +++++++++ .../sun/security/pkcs11/P11ECKeyFactory.java | 20 ++++++++++------ .../classes/sun/security/pkcs11/P11Key.java | 23 +++++++------------ .../share/lib/security/sunpkcs11-solaris.cfg | 3 +++ jdk/test/ProblemList.txt | 3 --- 5 files changed, 35 insertions(+), 25 deletions(-) diff --git a/jdk/src/share/classes/sun/security/pkcs11/Config.java b/jdk/src/share/classes/sun/security/pkcs11/Config.java index dbed2cf8f4c..08cb6de40c9 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/Config.java +++ b/jdk/src/share/classes/sun/security/pkcs11/Config.java @@ -192,6 +192,11 @@ final class Config { // works only for NSS providers created via the Secmod API private boolean nssUseSecmodTrust = false; + // Flag to indicate whether the X9.63 encoding for EC points shall be used + // (true) or whether that encoding shall be wrapped in an ASN.1 OctetString + // (false). + private boolean useEcX963Encoding = false; + private Config(String filename, InputStream in) throws IOException { if (in == null) { if (filename.startsWith("--")) { @@ -320,6 +325,10 @@ final class Config { return nssUseSecmodTrust; } + boolean getUseEcX963Encoding() { + return useEcX963Encoding; + } + private static String expand(final String s) throws IOException { try { return PropertyExpander.expand(s); @@ -440,6 +449,8 @@ final class Config { parseNSSArgs(word); } else if (word.equals("nssUseSecmodTrust")) { nssUseSecmodTrust = parseBooleanEntry(word); + } else if (word.equals("useEcX963Encoding")) { + useEcX963Encoding = parseBooleanEntry(word); } else { throw new ConfigurationException ("Unknown keyword '" + word + "', line " + st.lineno()); diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java b/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java index d44231a6bf2..ef6cf3a1ef5 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java @@ -203,14 +203,20 @@ final class P11ECKeyFactory extends P11KeyFactory { private PublicKey generatePublic(ECPoint point, ECParameterSpec params) throws PKCS11Exception { byte[] encodedParams = ECParameters.encodeParameters(params); - byte[] encodedPoint = null; - DerValue pkECPoint = new DerValue(DerValue.tag_OctetString, - ECParameters.encodePoint(point, params.getCurve())); + byte[] encodedPoint = + ECParameters.encodePoint(point, params.getCurve()); - try { - encodedPoint = pkECPoint.toByteArray(); - } catch (IOException e) { - throw new IllegalArgumentException("Could not DER encode point", e); + // Check whether the X9.63 encoding of an EC point shall be wrapped + // in an ASN.1 OCTET STRING + if (!token.config.getUseEcX963Encoding()) { + try { + encodedPoint = + new DerValue(DerValue.tag_OctetString, encodedPoint) + .toByteArray(); + } catch (IOException e) { + throw new + IllegalArgumentException("Could not DER encode point", e); + } } CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11Key.java b/jdk/src/share/classes/sun/security/pkcs11/P11Key.java index 54ccd3213c2..bbce8982e90 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11Key.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11Key.java @@ -1028,28 +1028,21 @@ abstract class P11Key implements Key { try { params = P11ECKeyFactory.decodeParameters (attributes[1].getByteArray()); - - /* - * An uncompressed EC point may be in either of two formats. - * First try the OCTET STRING encoding: - * 04 04 - * - * Otherwise try the raw encoding: - * 04 - */ byte[] ecKey = attributes[0].getByteArray(); - try { + // Check whether the X9.63 encoding of an EC point is wrapped + // in an ASN.1 OCTET STRING + if (!token.config.getUseEcX963Encoding()) { DerValue wECPoint = new DerValue(ecKey); - if (wECPoint.getTag() != DerValue.tag_OctetString) - throw new IOException("Unexpected tag: " + - wECPoint.getTag()); + if (wECPoint.getTag() != DerValue.tag_OctetString) { + throw new IOException("Could not DER decode EC point." + + " Unexpected tag: " + wECPoint.getTag()); + } w = P11ECKeyFactory.decodePoint (wECPoint.getDataBytes(), params.getCurve()); - } catch (IOException e) { - // Failover + } else { w = P11ECKeyFactory.decodePoint(ecKey, params.getCurve()); } diff --git a/jdk/src/share/lib/security/sunpkcs11-solaris.cfg b/jdk/src/share/lib/security/sunpkcs11-solaris.cfg index daf03a447a3..3b3f7fa82f9 100644 --- a/jdk/src/share/lib/security/sunpkcs11-solaris.cfg +++ b/jdk/src/share/lib/security/sunpkcs11-solaris.cfg @@ -11,6 +11,9 @@ library = /usr/lib/$ISA/libpkcs11.so handleStartupErrors = ignoreAll +# Use the X9.63 encoding for EC points (do not wrap in an ASN.1 OctetString). +useEcX963Encoding = true + attributes = compatibility disabledMechanisms = { diff --git a/jdk/test/ProblemList.txt b/jdk/test/ProblemList.txt index c2fd9fc0cfc..6097bcf7b97 100644 --- a/jdk/test/ProblemList.txt +++ b/jdk/test/ProblemList.txt @@ -517,9 +517,6 @@ sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java generic-all # 7079203 sun/security/tools/keytool/printssl.sh fails on solaris with timeout sun/security/tools/keytool/printssl.sh solaris-all -# 7054637 -sun/security/tools/jarsigner/ec.sh solaris-all - # 7081817 sun/security/provider/certpath/X509CertPath/IllegalCertiticates.java generic-all From 4bc227715b2c484b23eec40ae2d70dca6b02c257 Mon Sep 17 00:00:00 2001 From: Sean Mullan Date: Thu, 13 Oct 2011 13:50:17 -0400 Subject: [PATCH 02/15] 6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package Reviewed-by: mchung --- jdk/make/sun/security/other/Makefile | 1 + .../sun/security/pkcs/EncodingException.java | 45 ---- .../sun/security/{pkcs => pkcs10}/PKCS10.java | 2 +- .../{pkcs => pkcs10}/PKCS10Attribute.java | 5 +- .../{pkcs => pkcs10}/PKCS10Attributes.java | 4 +- .../provider/certpath/CertStoreHelper.java | 68 +++++- .../provider/certpath/URICertStore.java | 163 +++++-------- .../provider/certpath/ldap/LDAPCertStore.java | 2 +- .../certpath/ldap/LDAPCertStoreHelper.java | 8 +- .../certpath/ssl/SSLServerCertStore.java | 153 ++++++++++++ .../ssl/SSLServerCertStoreHelper.java | 69 ++++++ .../{x509 => tools}/CertAndKeyGen.java | 16 +- .../classes/sun/security/tools/KeyTool.java | 223 ++++++------------ .../security/{util => tools}/PathList.java | 4 +- .../classes/sun/security/util/BigInt.java | 198 ---------------- .../util/BigInt/BigIntEqualsHashCode.java | 46 ---- 16 files changed, 439 insertions(+), 568 deletions(-) delete mode 100644 jdk/src/share/classes/sun/security/pkcs/EncodingException.java rename jdk/src/share/classes/sun/security/{pkcs => pkcs10}/PKCS10.java (99%) rename jdk/src/share/classes/sun/security/{pkcs => pkcs10}/PKCS10Attribute.java (97%) rename jdk/src/share/classes/sun/security/{pkcs => pkcs10}/PKCS10Attributes.java (98%) create mode 100644 jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStore.java create mode 100644 jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java rename jdk/src/share/classes/sun/security/{x509 => tools}/CertAndKeyGen.java (95%) rename jdk/src/share/classes/sun/security/{util => tools}/PathList.java (97%) delete mode 100644 jdk/src/share/classes/sun/security/util/BigInt.java delete mode 100644 jdk/test/sun/security/util/BigInt/BigIntEqualsHashCode.java diff --git a/jdk/make/sun/security/other/Makefile b/jdk/make/sun/security/other/Makefile index 78893730edd..cc869aec2e3 100644 --- a/jdk/make/sun/security/other/Makefile +++ b/jdk/make/sun/security/other/Makefile @@ -38,6 +38,7 @@ AUTO_FILES_JAVA_DIRS = \ sun/security/acl \ sun/security/jca \ sun/security/pkcs \ + sun/security/pkcs10 \ sun/security/pkcs12 \ sun/security/provider \ sun/security/rsa \ diff --git a/jdk/src/share/classes/sun/security/pkcs/EncodingException.java b/jdk/src/share/classes/sun/security/pkcs/EncodingException.java deleted file mode 100644 index 81650cd89f5..00000000000 --- a/jdk/src/share/classes/sun/security/pkcs/EncodingException.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 1996, 2003, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/** - * Generic PKCS Encoding exception. - * - * @author Benjamin Renaud - */ - -package sun.security.pkcs; - -public class EncodingException extends Exception { - - private static final long serialVersionUID = 4060198374240668325L; - - public EncodingException() { - super(); - } - - public EncodingException(String s) { - super(s); - } -} diff --git a/jdk/src/share/classes/sun/security/pkcs/PKCS10.java b/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java similarity index 99% rename from jdk/src/share/classes/sun/security/pkcs/PKCS10.java rename to jdk/src/share/classes/sun/security/pkcs10/PKCS10.java index 6303c8b9adf..c5418c67d07 100644 --- a/jdk/src/share/classes/sun/security/pkcs/PKCS10.java +++ b/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java @@ -24,7 +24,7 @@ */ -package sun.security.pkcs; +package sun.security.pkcs10; import java.io.PrintStream; import java.io.IOException; diff --git a/jdk/src/share/classes/sun/security/pkcs/PKCS10Attribute.java b/jdk/src/share/classes/sun/security/pkcs10/PKCS10Attribute.java similarity index 97% rename from jdk/src/share/classes/sun/security/pkcs/PKCS10Attribute.java rename to jdk/src/share/classes/sun/security/pkcs10/PKCS10Attribute.java index a83813157b0..c7cac3baa25 100644 --- a/jdk/src/share/classes/sun/security/pkcs/PKCS10Attribute.java +++ b/jdk/src/share/classes/sun/security/pkcs10/PKCS10Attribute.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,11 +23,12 @@ * questions. */ -package sun.security.pkcs; +package sun.security.pkcs10; import java.io.OutputStream; import java.io.IOException; +import sun.security.pkcs.PKCS9Attribute; import sun.security.util.*; /** diff --git a/jdk/src/share/classes/sun/security/pkcs/PKCS10Attributes.java b/jdk/src/share/classes/sun/security/pkcs10/PKCS10Attributes.java similarity index 98% rename from jdk/src/share/classes/sun/security/pkcs/PKCS10Attributes.java rename to jdk/src/share/classes/sun/security/pkcs10/PKCS10Attributes.java index 8279ae237eb..d35f3a7fe29 100644 --- a/jdk/src/share/classes/sun/security/pkcs/PKCS10Attributes.java +++ b/jdk/src/share/classes/sun/security/pkcs10/PKCS10Attributes.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ * questions. */ -package sun.security.pkcs; +package sun.security.pkcs10; import java.io.IOException; import java.io.OutputStream; diff --git a/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java b/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java index 891919a4bb1..e325239d114 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,32 +27,86 @@ package sun.security.provider.certpath; import java.net.URI; import java.util.Collection; +import java.util.HashMap; +import java.util.Map; +import java.security.AccessController; import java.security.NoSuchAlgorithmException; import java.security.InvalidAlgorithmParameterException; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.security.cert.CertStore; import java.security.cert.X509CertSelector; import java.security.cert.X509CRLSelector; import javax.security.auth.x500.X500Principal; import java.io.IOException; +import sun.security.util.Cache; + /** - * Helper used by URICertStore when delegating to another CertStore to - * fetch certs and CRLs. + * Helper used by URICertStore and others when delegating to another CertStore + * to fetch certs and CRLs. */ -public interface CertStoreHelper { +public abstract class CertStoreHelper { + + private static final int NUM_TYPES = 2; + private final static Map classMap = new HashMap<>(NUM_TYPES); + static { + classMap.put( + "LDAP", + "sun.security.provider.certpath.ldap.LDAPCertStoreHelper"); + classMap.put( + "SSLServer", + "sun.security.provider.certpath.ssl.SSLServerCertStoreHelper"); + }; + private static Cache cache = Cache.newSoftMemoryCache(NUM_TYPES); + + public static CertStoreHelper getInstance(final String type) + throws NoSuchAlgorithmException + { + CertStoreHelper helper = (CertStoreHelper)cache.get(type); + if (helper != null) { + return helper; + } + final String cl = classMap.get(type); + if (cl == null) { + throw new NoSuchAlgorithmException(type + " not available"); + } + try { + helper = AccessController.doPrivileged( + new PrivilegedExceptionAction() { + public CertStoreHelper run() throws ClassNotFoundException { + try { + Class c = Class.forName(cl, true, null); + CertStoreHelper csh + = (CertStoreHelper)c.newInstance(); + cache.put(type, csh); + return csh; + } catch (InstantiationException e) { + throw new AssertionError(e); + } catch (IllegalAccessException e) { + throw new AssertionError(e); + } + } + }); + return helper; + } catch (PrivilegedActionException e) { + throw new NoSuchAlgorithmException(type + " not available", + e.getException()); + } + } /** * Returns a CertStore using the given URI as parameters. */ - CertStore getCertStore(URI uri) + public abstract CertStore getCertStore(URI uri) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException; /** * Wraps an existing X509CertSelector when needing to avoid DN matching * issues. */ - X509CertSelector wrap(X509CertSelector selector, + public abstract X509CertSelector wrap(X509CertSelector selector, X500Principal certSubject, String dn) throws IOException; @@ -61,7 +115,7 @@ public interface CertStoreHelper { * Wraps an existing X509CRLSelector when needing to avoid DN matching * issues. */ - X509CRLSelector wrap(X509CRLSelector selector, + public abstract X509CRLSelector wrap(X509CRLSelector selector, Collection certIssuers, String dn) throws IOException; diff --git a/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java b/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java index 321f9153ec3..da607724437 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java @@ -30,8 +30,6 @@ import java.io.IOException; import java.net.HttpURLConnection; import java.net.URI; import java.net.URLConnection; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.security.Provider; @@ -120,35 +118,10 @@ class URICertStore extends CertStoreSpi { // true if URI is ldap private boolean ldap = false; + private CertStoreHelper ldapHelper; private CertStore ldapCertStore; private String ldapPath; - /** - * Holder class to lazily load LDAPCertStoreHelper if present. - */ - private static class LDAP { - private static final String CERT_STORE_HELPER = - "sun.security.provider.certpath.ldap.LDAPCertStoreHelper"; - private static final CertStoreHelper helper = - AccessController.doPrivileged( - new PrivilegedAction() { - public CertStoreHelper run() { - try { - Class c = Class.forName(CERT_STORE_HELPER, true, null); - return (CertStoreHelper)c.newInstance(); - } catch (ClassNotFoundException cnf) { - return null; - } catch (InstantiationException e) { - throw new AssertionError(e); - } catch (IllegalAccessException e) { - throw new AssertionError(e); - } - }}); - static CertStoreHelper helper() { - return helper; - } - } - /** * Creates a URICertStore. * @@ -164,10 +137,9 @@ class URICertStore extends CertStoreSpi { this.uri = ((URICertStoreParameters) params).uri; // if ldap URI, use an LDAPCertStore to fetch certs and CRLs if (uri.getScheme().toLowerCase(Locale.ENGLISH).equals("ldap")) { - if (LDAP.helper() == null) - throw new NoSuchAlgorithmException("LDAP not present"); ldap = true; - ldapCertStore = LDAP.helper().getCertStore(uri); + ldapHelper = CertStoreHelper.getInstance("LDAP"); + ldapCertStore = ldapHelper.getCertStore(uri); ldapPath = uri.getPath(); // strip off leading '/' if (ldapPath.charAt(0) == '/') { @@ -251,7 +223,7 @@ class URICertStore extends CertStoreSpi { if (ldap) { X509CertSelector xsel = (X509CertSelector) selector; try { - xsel = LDAP.helper().wrap(xsel, xsel.getSubject(), ldapPath); + xsel = ldapHelper.wrap(xsel, xsel.getSubject(), ldapPath); } catch (IOException ioe) { throw new CertStoreException(ioe); } @@ -273,57 +245,44 @@ class URICertStore extends CertStoreSpi { return getMatchingCerts(certs, selector); } lastChecked = time; - InputStream in = null; try { URLConnection connection = uri.toURL().openConnection(); if (lastModified != 0) { connection.setIfModifiedSince(lastModified); } - in = connection.getInputStream(); long oldLastModified = lastModified; - lastModified = connection.getLastModified(); - if (oldLastModified != 0) { - if (oldLastModified == lastModified) { - if (debug != null) { - debug.println("Not modified, using cached copy"); - } - return getMatchingCerts(certs, selector); - } else if (connection instanceof HttpURLConnection) { - // some proxy servers omit last modified - HttpURLConnection hconn = (HttpURLConnection) connection; - if (hconn.getResponseCode() - == HttpURLConnection.HTTP_NOT_MODIFIED) { + try (InputStream in = connection.getInputStream()) { + lastModified = connection.getLastModified(); + if (oldLastModified != 0) { + if (oldLastModified == lastModified) { if (debug != null) { debug.println("Not modified, using cached copy"); } return getMatchingCerts(certs, selector); + } else if (connection instanceof HttpURLConnection) { + // some proxy servers omit last modified + HttpURLConnection hconn = (HttpURLConnection)connection; + if (hconn.getResponseCode() + == HttpURLConnection.HTTP_NOT_MODIFIED) { + if (debug != null) { + debug.println("Not modified, using cached copy"); + } + return getMatchingCerts(certs, selector); + } } } - } - if (debug != null) { - debug.println("Downloading new certificates..."); - } - // Safe cast since factory is an X.509 certificate factory - certs = (Collection) - factory.generateCertificates(in); - return getMatchingCerts(certs, selector); - } catch (IOException e) { - if (debug != null) { - debug.println("Exception fetching certificates:"); - e.printStackTrace(); - } - } catch (CertificateException e) { - if (debug != null) { - debug.println("Exception fetching certificates:"); - e.printStackTrace(); - } - } finally { - if (in != null) { - try { - in.close(); - } catch (IOException e) { - // ignore + if (debug != null) { + debug.println("Downloading new certificates..."); } + // Safe cast since factory is an X.509 certificate factory + certs = (Collection) + factory.generateCertificates(in); + } + return getMatchingCerts(certs, selector); + } catch (IOException | CertificateException e) { + if (debug != null) { + debug.println("Exception fetching certificates:"); + e.printStackTrace(); } } // exception, forget previous values @@ -343,8 +302,7 @@ class URICertStore extends CertStoreSpi { if (selector == null) { return certs; } - List matchedCerts = - new ArrayList(certs.size()); + List matchedCerts = new ArrayList<>(certs.size()); for (X509Certificate cert : certs) { if (selector.match(cert)) { matchedCerts.add(cert); @@ -374,7 +332,7 @@ class URICertStore extends CertStoreSpi { if (ldap) { X509CRLSelector xsel = (X509CRLSelector) selector; try { - xsel = LDAP.helper().wrap(xsel, null, ldapPath); + xsel = ldapHelper.wrap(xsel, null, ldapPath); } catch (IOException ioe) { throw new CertStoreException(ioe); } @@ -395,55 +353,42 @@ class URICertStore extends CertStoreSpi { return getMatchingCRLs(crl, selector); } lastChecked = time; - InputStream in = null; try { URLConnection connection = uri.toURL().openConnection(); if (lastModified != 0) { connection.setIfModifiedSince(lastModified); } - in = connection.getInputStream(); long oldLastModified = lastModified; - lastModified = connection.getLastModified(); - if (oldLastModified != 0) { - if (oldLastModified == lastModified) { - if (debug != null) { - debug.println("Not modified, using cached copy"); - } - return getMatchingCRLs(crl, selector); - } else if (connection instanceof HttpURLConnection) { - // some proxy servers omit last modified - HttpURLConnection hconn = (HttpURLConnection) connection; - if (hconn.getResponseCode() - == HttpURLConnection.HTTP_NOT_MODIFIED) { + try (InputStream in = connection.getInputStream()) { + lastModified = connection.getLastModified(); + if (oldLastModified != 0) { + if (oldLastModified == lastModified) { if (debug != null) { debug.println("Not modified, using cached copy"); } return getMatchingCRLs(crl, selector); + } else if (connection instanceof HttpURLConnection) { + // some proxy servers omit last modified + HttpURLConnection hconn = (HttpURLConnection)connection; + if (hconn.getResponseCode() + == HttpURLConnection.HTTP_NOT_MODIFIED) { + if (debug != null) { + debug.println("Not modified, using cached copy"); + } + return getMatchingCRLs(crl, selector); + } } } - } - if (debug != null) { - debug.println("Downloading new CRL..."); - } - crl = (X509CRL) factory.generateCRL(in); - return getMatchingCRLs(crl, selector); - } catch (IOException e) { - if (debug != null) { - debug.println("Exception fetching CRL:"); - e.printStackTrace(); - } - } catch (CRLException e) { - if (debug != null) { - debug.println("Exception fetching CRL:"); - e.printStackTrace(); - } - } finally { - if (in != null) { - try { - in.close(); - } catch (IOException e) { - // ignore + if (debug != null) { + debug.println("Downloading new CRL..."); } + crl = (X509CRL) factory.generateCRL(in); + } + return getMatchingCRLs(crl, selector); + } catch (IOException | CRLException e) { + if (debug != null) { + debug.println("Exception fetching CRL:"); + e.printStackTrace(); } } // exception, forget previous values diff --git a/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java b/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java index d86404d0802..3eea0b25fff 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java @@ -103,7 +103,7 @@ import sun.security.action.GetPropertyAction; * @author Steve Hanna * @author Andreas Sterbenz */ -public class LDAPCertStore extends CertStoreSpi { +public final class LDAPCertStore extends CertStoreSpi { private static final Debug debug = Debug.getInstance("certpath"); diff --git a/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java b/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java index 7eb65d5a7a8..5ec100c6a1d 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreHelper.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,11 +41,9 @@ import sun.security.provider.certpath.CertStoreHelper; * LDAP implementation of CertStoreHelper. */ -public class LDAPCertStoreHelper - implements CertStoreHelper +public final class LDAPCertStoreHelper + extends CertStoreHelper { - public LDAPCertStoreHelper() { } - @Override public CertStore getCertStore(URI uri) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException diff --git a/jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStore.java b/jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStore.java new file mode 100644 index 00000000000..5109e132d22 --- /dev/null +++ b/jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStore.java @@ -0,0 +1,153 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.provider.certpath.ssl; + +import java.io.IOException; +import java.net.URI; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.security.GeneralSecurityException; +import java.security.InvalidAlgorithmParameterException; +import java.security.Provider; +import java.security.cert.CertificateException; +import java.security.cert.CertSelector; +import java.security.cert.CertStore; +import java.security.cert.CertStoreException; +import java.security.cert.CertStoreParameters; +import java.security.cert.CertStoreSpi; +import java.security.cert.CRLSelector; +import java.security.cert.X509Certificate; +import java.security.cert.X509CRL; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + +/** + * A CertStore that retrieves an SSL server's certificate chain. + */ +public final class SSLServerCertStore extends CertStoreSpi { + + private final URI uri; + + SSLServerCertStore(URI uri) throws InvalidAlgorithmParameterException { + super(null); + this.uri = uri; + } + + public synchronized Collection engineGetCertificates + (CertSelector selector) throws CertStoreException + { + try { + SSLContext sc = SSLContext.getInstance("SSL"); + GetChainTrustManager xtm = new GetChainTrustManager(); + sc.init(null, new TrustManager[] { xtm }, null); + HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + HttpsURLConnection.setDefaultHostnameVerifier( + new HostnameVerifier() { + public boolean verify(String hostname, SSLSession session) { + return true; + } + }); + uri.toURL().openConnection().connect(); + return getMatchingCerts(xtm.serverChain, selector); + } catch (GeneralSecurityException | IOException e) { + throw new CertStoreException(e); + } + } + + private static List getMatchingCerts + (List certs, CertSelector selector) + { + // if selector not specified, all certs match + if (selector == null) { + return certs; + } + List matchedCerts = new ArrayList<>(certs.size()); + for (X509Certificate cert : certs) { + if (selector.match(cert)) { + matchedCerts.add(cert); + } + } + return matchedCerts; + } + + public Collection engineGetCRLs(CRLSelector selector) + throws CertStoreException + { + throw new UnsupportedOperationException(); + } + + static synchronized CertStore getInstance(URI uri) + throws InvalidAlgorithmParameterException + { + return new CS(new SSLServerCertStore(uri), null, "SSLServer", null); + } + + /* + * An X509TrustManager that simply stores a reference to the server's + * certificate chain. + */ + private static class GetChainTrustManager implements X509TrustManager { + private List serverChain; + + public X509Certificate[] getAcceptedIssuers() { + throw new UnsupportedOperationException(); + } + + public void checkClientTrusted(X509Certificate[] chain, + String authType) + throws CertificateException + { + throw new UnsupportedOperationException(); + } + + public void checkServerTrusted(X509Certificate[] chain, + String authType) + throws CertificateException + { + this.serverChain = (chain == null) + ? Collections.emptyList() + : Arrays.asList(chain); + } + } + + /** + * This class allows the SSLServerCertStore to be accessed as a CertStore. + */ + private static class CS extends CertStore { + protected CS(CertStoreSpi spi, Provider p, String type, + CertStoreParameters params) + { + super(spi, p, type, params); + } + } +} diff --git a/jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java b/jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java new file mode 100644 index 00000000000..fd36adfbad1 --- /dev/null +++ b/jdk/src/share/classes/sun/security/provider/certpath/ssl/SSLServerCertStoreHelper.java @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.provider.certpath.ssl; + +import java.net.URI; +import java.util.Collection; +import java.security.NoSuchAlgorithmException; +import java.security.InvalidAlgorithmParameterException; +import java.security.cert.CertStore; +import java.security.cert.X509CertSelector; +import java.security.cert.X509CRLSelector; +import javax.security.auth.x500.X500Principal; +import java.io.IOException; + +import sun.security.provider.certpath.CertStoreHelper; + +/** + * SSL implementation of CertStoreHelper. + */ +public final class SSLServerCertStoreHelper extends CertStoreHelper { + + @Override + public CertStore getCertStore(URI uri) + throws NoSuchAlgorithmException, InvalidAlgorithmParameterException + { + return SSLServerCertStore.getInstance(uri); + } + + @Override + public X509CertSelector wrap(X509CertSelector selector, + X500Principal certSubject, + String ldapDN) + throws IOException + { + throw new UnsupportedOperationException(); + } + + @Override + public X509CRLSelector wrap(X509CRLSelector selector, + Collection certIssuers, + String ldapDN) + throws IOException + { + throw new UnsupportedOperationException(); + } +} diff --git a/jdk/src/share/classes/sun/security/x509/CertAndKeyGen.java b/jdk/src/share/classes/sun/security/tools/CertAndKeyGen.java similarity index 95% rename from jdk/src/share/classes/sun/security/x509/CertAndKeyGen.java rename to jdk/src/share/classes/sun/security/tools/CertAndKeyGen.java index f1560c716ad..4c32a33b4f7 100644 --- a/jdk/src/share/classes/sun/security/x509/CertAndKeyGen.java +++ b/jdk/src/share/classes/sun/security/tools/CertAndKeyGen.java @@ -23,7 +23,7 @@ * questions. */ -package sun.security.x509; +package sun.security.tools; import java.io.IOException; import java.security.cert.X509Certificate; @@ -32,7 +32,19 @@ import java.security.cert.CertificateEncodingException; import java.security.*; import java.util.Date; -import sun.security.pkcs.PKCS10; +import sun.security.pkcs10.PKCS10; +import sun.security.x509.AlgorithmId; +import sun.security.x509.CertificateAlgorithmId; +import sun.security.x509.CertificateIssuerName; +import sun.security.x509.CertificateSerialNumber; +import sun.security.x509.CertificateSubjectName; +import sun.security.x509.CertificateValidity; +import sun.security.x509.CertificateVersion; +import sun.security.x509.CertificateX509Key; +import sun.security.x509.X500Name; +import sun.security.x509.X509CertImpl; +import sun.security.x509.X509CertInfo; +import sun.security.x509.X509Key; /** diff --git a/jdk/src/share/classes/sun/security/tools/KeyTool.java b/jdk/src/share/classes/sun/security/tools/KeyTool.java index 2e67bcea23b..0d928209807 100644 --- a/jdk/src/share/classes/sun/security/tools/KeyTool.java +++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java @@ -38,10 +38,12 @@ import java.security.Signature; import java.security.Timestamp; import java.security.UnrecoverableEntryException; import java.security.UnrecoverableKeyException; +import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.Provider; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; +import java.security.cert.CertStoreException; import java.security.cert.CRL; import java.security.cert.X509Certificate; import java.security.cert.CertificateException; @@ -63,23 +65,16 @@ import java.security.cert.X509CRLSelector; import javax.security.auth.x500.X500Principal; import sun.misc.BASE64Encoder; import sun.security.util.ObjectIdentifier; -import sun.security.pkcs.PKCS10; +import sun.security.pkcs10.PKCS10; +import sun.security.pkcs10.PKCS10Attribute; import sun.security.provider.X509Factory; +import sun.security.provider.certpath.CertStoreHelper; import sun.security.util.Password; -import sun.security.util.PathList; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; import sun.misc.BASE64Decoder; -import sun.security.pkcs.PKCS10Attribute; import sun.security.pkcs.PKCS9Attribute; -import sun.security.provider.certpath.ldap.LDAPCertStoreHelper; import sun.security.util.DerValue; import sun.security.x509.*; @@ -917,18 +912,13 @@ public final class KeyTool { // Perform the specified command if (command == CERTREQ) { - PrintStream ps = null; if (filename != null) { - ps = new PrintStream(new FileOutputStream - (filename)); - out = ps; - } - try { - doCertReq(alias, sigAlgName, out); - } finally { - if (ps != null) { - ps.close(); + try (PrintStream ps = new PrintStream(new FileOutputStream + (filename))) { + doCertReq(alias, sigAlgName, ps); } + } else { + doCertReq(alias, sigAlgName, out); } if (verbose && filename != null) { MessageFormat form = new MessageFormat(rb.getString @@ -941,18 +931,13 @@ public final class KeyTool { doDeleteEntry(alias); kssave = true; } else if (command == EXPORTCERT) { - PrintStream ps = null; if (filename != null) { - ps = new PrintStream(new FileOutputStream - (filename)); - out = ps; - } - try { - doExportCert(alias, out); - } finally { - if (ps != null) { - ps.close(); + try (PrintStream ps = new PrintStream(new FileOutputStream + (filename))) { + doExportCert(alias, ps); } + } else { + doExportCert(alias, out); } if (filename != null) { MessageFormat form = new MessageFormat(rb.getString @@ -973,16 +958,12 @@ public final class KeyTool { doGenSecretKey(alias, keyAlgName, keysize); kssave = true; } else if (command == IDENTITYDB) { - InputStream inStream = System.in; if (filename != null) { - inStream = new FileInputStream(filename); - } - try { - doImportIdentityDatabase(inStream); - } finally { - if (inStream != System.in) { - inStream.close(); + try (InputStream inStream = new FileInputStream(filename)) { + doImportIdentityDatabase(inStream); } + } else { + doImportIdentityDatabase(System.in); } } else if (command == IMPORTCERT) { InputStream inStream = System.in; @@ -1101,29 +1082,21 @@ public final class KeyTool { if (alias == null) { alias = keyAlias; } - PrintStream ps = null; if (filename != null) { - ps = new PrintStream(new FileOutputStream(filename)); - out = ps; - } - try { - doGenCRL(out); - } finally { - if (ps != null) { - ps.close(); + try (PrintStream ps = + new PrintStream(new FileOutputStream(filename))) { + doGenCRL(ps); } + } else { + doGenCRL(out); } } else if (command == PRINTCERTREQ) { - InputStream inStream = System.in; if (filename != null) { - inStream = new FileInputStream(filename); - } - try { - doPrintCertReq(inStream, out); - } finally { - if (inStream != System.in) { - inStream.close(); + try (InputStream inStream = new FileInputStream(filename)) { + doPrintCertReq(inStream, out); } + } else { + doPrintCertReq(System.in, out); } } else if (command == PRINTCRL) { doPrintCRL(filename, out); @@ -2070,12 +2043,13 @@ public final class KeyTool { } } } else { // must be LDAP, and uri is not null + // Lazily load LDAPCertStoreHelper if present + CertStoreHelper helper = CertStoreHelper.getInstance("LDAP"); String path = uri.getPath(); if (path.charAt(0) == '/') path = path.substring(1); - LDAPCertStoreHelper h = new LDAPCertStoreHelper(); - CertStore s = h.getCertStore(uri); + CertStore s = helper.getCertStore(uri); X509CRLSelector sel = - h.wrap(new X509CRLSelector(), null, path); + helper.wrap(new X509CRLSelector(), null, path); return s.getCRLs(sel); } } @@ -2259,18 +2233,12 @@ public final class KeyTool { int pos = 0; while (entries.hasMoreElements()) { JarEntry je = entries.nextElement(); - InputStream is = null; - try { - is = jf.getInputStream(je); + try (InputStream is = jf.getInputStream(je)) { while (is.read(buffer) != -1) { // we just read. this will throw a SecurityException // if a signature/digest check fails. This also // populate the signers } - } finally { - if (is != null) { - is.close(); - } } CodeSigner[] signers = je.getCodeSigners(); if (signers != null) { @@ -2316,85 +2284,52 @@ public final class KeyTool { out.println(rb.getString("Not.a.signed.jar.file")); } } else if (sslserver != null) { - SSLContext sc = SSLContext.getInstance("SSL"); - final boolean[] certPrinted = new boolean[1]; - sc.init(null, new TrustManager[] { - new X509TrustManager() { - - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return null; - } - - public void checkClientTrusted( - java.security.cert.X509Certificate[] certs, String authType) { - } - - public void checkServerTrusted( - java.security.cert.X509Certificate[] certs, String authType) { - for (int i=0; i 0) { - certPrinted[0] = true; - } - } - } - }, null); - HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); - HttpsURLConnection.setDefaultHostnameVerifier( - new HostnameVerifier() { - public boolean verify(String hostname, SSLSession session) { - return true; - } - }); - // HTTPS instead of raw SSL, so that -Dhttps.proxyHost and - // -Dhttps.proxyPort can be used. Since we only go through - // the handshake process, an HTTPS server is not needed. - // This program should be able to deal with any SSL-based - // network service. - Exception ex = null; + // Lazily load SSLCertStoreHelper if present + CertStoreHelper helper = CertStoreHelper.getInstance("SSLServer"); + CertStore cs = helper.getCertStore(new URI("https://" + sslserver)); + Collection chain; try { - new URL("https://" + sslserver).openConnection().connect(); - } catch (Exception e) { - ex = e; - } - // If the certs are not printed out, we consider it an error even - // if the URL connection is successful. - if (!certPrinted[0]) { - Exception e = new Exception( - rb.getString("No.certificate.from.the.SSL.server")); - if (ex != null) { - e.initCause(ex); + chain = cs.getCertificates(null); + if (chain.isEmpty()) { + // If the certs are not retrieved, we consider it an error + // even if the URL connection is successful. + throw new Exception(rb.getString( + "No.certificate.from.the.SSL.server")); + } + } catch (CertStoreException cse) { + if (cse.getCause() instanceof IOException) { + throw new Exception(rb.getString( + "No.certificate.from.the.SSL.server"), + cse.getCause()); + } else { + throw cse; + } + } + + int i = 0; + for (Certificate cert : chain) { + try { + if (rfc) { + dumpCert(cert, out); + } else { + out.println("Certificate #" + i++); + out.println("===================================="); + printX509Cert((X509Certificate)cert, out); + out.println(); + } + } catch (Exception e) { + if (debug) { + e.printStackTrace(); + } } - throw e; } } else { - InputStream inStream = System.in; if (filename != null) { - inStream = new FileInputStream(filename); - } - try { - printCertFromStream(inStream, out); - } finally { - if (inStream != System.in) { - inStream.close(); + try (FileInputStream inStream = new FileInputStream(filename)) { + printCertFromStream(inStream, out); } + } else { + printCertFromStream(System.in, out); } } } @@ -2590,9 +2525,7 @@ public final class KeyTool { X509Certificate cert = null; try { cert = (X509Certificate)cf.generateCertificate(in); - } catch (ClassCastException cce) { - throw new Exception(rb.getString("Input.not.an.X.509.certificate")); - } catch (CertificateException ce) { + } catch (ClassCastException | CertificateException ce) { throw new Exception(rb.getString("Input.not.an.X.509.certificate")); } @@ -3441,16 +3374,10 @@ public final class KeyTool { if (!file.exists()) { return null; } - FileInputStream fis = null; KeyStore caks = null; - try { - fis = new FileInputStream(file); + try (FileInputStream fis = new FileInputStream(file)) { caks = KeyStore.getInstance(JKS); caks.load(fis, null); - } finally { - if (fis != null) { - fis.close(); - } } return caks; } diff --git a/jdk/src/share/classes/sun/security/util/PathList.java b/jdk/src/share/classes/sun/security/tools/PathList.java similarity index 97% rename from jdk/src/share/classes/sun/security/util/PathList.java rename to jdk/src/share/classes/sun/security/tools/PathList.java index 4d1fa71d704..f059a5ea1aa 100644 --- a/jdk/src/share/classes/sun/security/util/PathList.java +++ b/jdk/src/share/classes/sun/security/tools/PathList.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ * questions. */ -package sun.security.util; +package sun.security.tools; import java.io.File; import java.io.IOException; diff --git a/jdk/src/share/classes/sun/security/util/BigInt.java b/jdk/src/share/classes/sun/security/util/BigInt.java deleted file mode 100644 index 4713cc4d9fb..00000000000 --- a/jdk/src/share/classes/sun/security/util/BigInt.java +++ /dev/null @@ -1,198 +0,0 @@ -/* - * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.util; - -import java.math.BigInteger; - - -/** - * A low-overhead arbitrary-precision unsigned integer. - * This is intended for use with ASN.1 parsing, and printing of - * such parsed values. Convert to "BigInteger" if you need to do - * arbitrary precision arithmetic, rather than just represent - * the number as a wrapped array of bytes. - * - *

NOTE: This class may eventually disappear, to - * be supplanted by big-endian byte arrays which hold both signed - * and unsigned arbitrary-precision integers. - * - * @author David Brownell - */ -public final class BigInt { - - // Big endian -- MSB first. - private byte[] places; - - /** - * Constructs a "Big" integer from a set of (big-endian) bytes. - * Leading zeroes should be stripped off. - * - * @param data a sequence of bytes, most significant bytes/digits - * first. CONSUMED. - */ - public BigInt(byte[] data) { places = data.clone(); } - - /** - * Constructs a "Big" integer from a "BigInteger", which must be - * positive (or zero) in value. - */ - public BigInt(BigInteger i) { - byte[] temp = i.toByteArray(); - - if ((temp[0] & 0x80) != 0) - throw new IllegalArgumentException("negative BigInteger"); - - // XXX we assume exactly _one_ sign byte is used... - - if (temp[0] != 0) - places = temp; - else { - places = new byte[temp.length - 1]; - for (int j = 1; j < temp.length; j++) - places[j - 1] = temp[j]; - } - } - - /** - * Constructs a "Big" integer from a normal Java integer. - * - * @param i the java primitive integer - */ - public BigInt(int i) { - if (i < (1 << 8)) { - places = new byte[1]; - places[0] = (byte) i; - } else if (i < (1 << 16)) { - places = new byte[2]; - places[0] = (byte) (i >> 8); - places[1] = (byte) i; - } else if (i < (1 << 24)) { - places = new byte[3]; - places[0] = (byte) (i >> 16); - places[1] = (byte) (i >> 8); - places[2] = (byte) i; - } else { - places = new byte[4]; - places[0] = (byte) (i >> 24); - places[1] = (byte) (i >> 16); - places[2] = (byte) (i >> 8); - places[3] = (byte) i; - } - } - - /** - * Converts the "big" integer to a java primitive integer. - * - * @excpet NumberFormatException if 32 bits is insufficient. - */ - public int toInt() { - if (places.length > 4) - throw new NumberFormatException("BigInt.toLong, too big"); - int retval = 0, i = 0; - for (; i < places.length; i++) - retval = (retval << 8) + ((int)places[i] & 0xff); - return retval; - } - - /** - * Returns a hexadecimal printed representation. The value is - * formatted to fit on lines of at least 75 characters, with - * embedded newlines. Words are separated for readability, - * with eight words (32 bytes) per line. - */ - public String toString() { return hexify(); } - - /** - * Returns a BigInteger value which supports many arithmetic - * operations. Assumes negative values will never occur. - */ - public BigInteger toBigInteger() - { return new BigInteger(1, places); } - - /** - * Returns the data as a byte array. The most significant bit - * of the array is bit zero (as in java.math.BigInteger). - */ - public byte[] toByteArray() { return places.clone(); } - - private static final String digits = "0123456789abcdef"; - private String hexify() { - if (places.length == 0) - return " 0 "; - - StringBuffer buf = new StringBuffer(places.length * 2); - buf.append(" "); // four spaces - for (int i = 0; i < places.length; i++) { - buf.append(digits.charAt((places[i] >> 4) & 0x0f)); - buf.append(digits.charAt(places[i] & 0x0f)); - if (((i + 1) % 32) == 0) { - if ((i + 1) != places.length) - buf.append("\n "); // line after four words - } else if (((i + 1) % 4) == 0) - buf.append(' '); // space between words - } - return buf.toString(); - } - - /** - * Returns true iff the parameter is a numerically equivalent - * BigInt. - * - * @param other the object being compared with this one. - */ - public boolean equals(Object other) { - if (other instanceof BigInt) - return equals((BigInt) other); - return false; - } - - /** - * Returns true iff the parameter is numerically equivalent. - * - * @param other the BigInt being compared with this one. - */ - public boolean equals(BigInt other) { - if (this == other) - return true; - - byte[] otherPlaces = other.toByteArray(); - if (places.length != otherPlaces.length) - return false; - for (int i = 0; i < places.length; i++) - if (places[i] != otherPlaces[i]) - return false; - return true; - } - - /** - * Returns a hashcode for this BigInt. - * - * @return a hashcode for this BigInt. - */ - public int hashCode() { - return hexify().hashCode(); - } -} diff --git a/jdk/test/sun/security/util/BigInt/BigIntEqualsHashCode.java b/jdk/test/sun/security/util/BigInt/BigIntEqualsHashCode.java deleted file mode 100644 index 5da5752e1e6..00000000000 --- a/jdk/test/sun/security/util/BigInt/BigIntEqualsHashCode.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @author Gary Ellison - * @bug 4170635 - * @summary Verify equals()/hashCode() contract honored - */ - -import java.io.*; -import sun.security.util.*; - - -public class BigIntEqualsHashCode { - public static void main(String[] args) throws Exception { - BigInt bi1 = new BigInt(12345678); - BigInt bi2 = new BigInt(12345678); - - if ( (bi1.equals(bi2)) == (bi1.hashCode()==bi2.hashCode()) ) - System.out.println("PASSED"); - else - throw new Exception ("FAILED equals()/hashCode() contract"); - - } -} From ab1010388dba92bfa00545e06d01be8e34eae7ae Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Mon, 17 Oct 2011 17:11:26 +0800 Subject: [PATCH 03/15] 7099399: cannot deal with CRL file larger than 16MB Reviewed-by: xuelei, mullan --- .../sun/security/provider/X509Factory.java | 17 ++++ .../security/provider/X509Factory/BigCRL.java | 87 +++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 jdk/test/sun/security/provider/X509Factory/BigCRL.java diff --git a/jdk/src/share/classes/sun/security/provider/X509Factory.java b/jdk/src/share/classes/sun/security/provider/X509Factory.java index 0260ff5c7bf..15122a0eafc 100644 --- a/jdk/src/share/classes/sun/security/provider/X509Factory.java +++ b/jdk/src/share/classes/sun/security/provider/X509Factory.java @@ -669,6 +669,23 @@ public class X509Factory extends CertificateFactorySpi { bout.write(midByte); bout.write(lowByte); length = (highByte << 16) | (midByte << 8) | lowByte; + } else if (n == 0x84) { + int highByte = is.read(); + int nextByte = is.read(); + int midByte = is.read(); + int lowByte = is.read(); + if (lowByte == -1) { + throw new IOException("Incomplete BER/DER length info"); + } + if (highByte > 127) { + throw new IOException("Invalid BER/DER data (a little huge?)"); + } + bout.write(highByte); + bout.write(nextByte); + bout.write(midByte); + bout.write(lowByte); + length = (highByte << 24 ) | (nextByte << 16) | + (midByte << 8) | lowByte; } else { // ignore longer length forms throw new IOException("Invalid BER/DER data (too huge?)"); } diff --git a/jdk/test/sun/security/provider/X509Factory/BigCRL.java b/jdk/test/sun/security/provider/X509Factory/BigCRL.java new file mode 100644 index 00000000000..acee51a1434 --- /dev/null +++ b/jdk/test/sun/security/provider/X509Factory/BigCRL.java @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7099399 + * @summary cannot deal with CRL file larger than 16MB + * @run main/othervm -Xmx1024m BigCRL + */ + +import java.io.FileInputStream; +import java.math.BigInteger; +import java.security.KeyStore; +import java.security.cert.Certificate; +import java.security.PrivateKey; +import java.security.cert.X509CRLEntry; +import java.util.Arrays; +import java.util.Date; +import sun.security.x509.*; +import java.security.cert.CertificateFactory; +import java.io.ByteArrayInputStream; + +public class BigCRL { + + public static void main(String[] args) throws Exception { + int n = 500000; + String ks = System.getProperty("test.src", ".") + + "/../../ssl/etc/keystore"; + String pass = "passphrase"; + String alias = "dummy"; + + KeyStore keyStore = KeyStore.getInstance("JKS"); + keyStore.load(new FileInputStream(ks), pass.toCharArray()); + Certificate signerCert = keyStore.getCertificate(alias); + byte[] encoded = signerCert.getEncoded(); + X509CertImpl signerCertImpl = new X509CertImpl(encoded); + X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); + X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." + + CertificateSubjectName.DN_NAME); + + Date date = new Date(); + PrivateKey privateKey = (PrivateKey) + keyStore.getKey(alias, pass.toCharArray()); + String sigAlgName = signerCertImpl.getSigAlgOID(); + + X509CRLEntry[] badCerts = new X509CRLEntry[n]; + CRLExtensions ext = new CRLExtensions(); + ext.set("Reason", new CRLReasonCodeExtension(1)); + for (int i = 0; i < n; i++) { + badCerts[i] = new X509CRLEntryImpl( + BigInteger.valueOf(i), date, ext); + } + X509CRLImpl crl = new X509CRLImpl(owner, date, date, badCerts); + crl.sign(privateKey, sigAlgName); + byte[] data = crl.getEncodedInternal(); + + // Make sure the CRL is big enough + if ((data[1]&0xff) != 0x84) { + throw new Exception("The file should be big enough?"); + } + + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + cf.generateCRL(new ByteArrayInputStream(data)); + } +} + From 9852219b7e071395c8cf2c04da0e8d71128439ad Mon Sep 17 00:00:00 2001 From: Sean Mullan Date: Tue, 18 Oct 2011 10:12:14 -0400 Subject: [PATCH 04/15] 7092897: sun.security.util.Cache should be generified Reviewed-by: xuelei --- .../classes/sun/security/pkcs11/KeyCache.java | 10 +- .../sun/security/provider/X509Factory.java | 23 +-- .../provider/certpath/CertStoreHelper.java | 5 +- .../provider/certpath/URICertStore.java | 17 +- .../certpath/X509CertificatePair.java | 9 +- .../provider/certpath/ldap/LDAPCertStore.java | 45 +++--- .../security/ssl/SSLSessionContextImpl.java | 31 ++-- .../classes/sun/security/util/Cache.java | 146 ++++++++++-------- 8 files changed, 149 insertions(+), 137 deletions(-) diff --git a/jdk/src/share/classes/sun/security/pkcs11/KeyCache.java b/jdk/src/share/classes/sun/security/pkcs11/KeyCache.java index 359156f7dc9..1687649e10e 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/KeyCache.java +++ b/jdk/src/share/classes/sun/security/pkcs11/KeyCache.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -48,7 +48,7 @@ import sun.security.util.Cache; */ final class KeyCache { - private final Cache strongCache; + private final Cache strongCache; private WeakReference> cacheReference; @@ -77,7 +77,7 @@ final class KeyCache { } synchronized P11Key get(Key key) { - P11Key p11Key = (P11Key)strongCache.get(new IdentityWrapper(key)); + P11Key p11Key = strongCache.get(new IdentityWrapper(key)); if (p11Key != null) { return p11Key; } @@ -94,8 +94,8 @@ final class KeyCache { Map map = (cacheReference == null) ? null : cacheReference.get(); if (map == null) { - map = new IdentityHashMap(); - cacheReference = new WeakReference>(map); + map = new IdentityHashMap<>(); + cacheReference = new WeakReference<>(map); } map.put(key, p11Key); } diff --git a/jdk/src/share/classes/sun/security/provider/X509Factory.java b/jdk/src/share/classes/sun/security/provider/X509Factory.java index 0260ff5c7bf..b3d738fb856 100644 --- a/jdk/src/share/classes/sun/security/provider/X509Factory.java +++ b/jdk/src/share/classes/sun/security/provider/X509Factory.java @@ -64,8 +64,10 @@ public class X509Factory extends CertificateFactorySpi { private static final int ENC_MAX_LENGTH = 4096 * 1024; // 4 MB MAX - private static final Cache certCache = Cache.newSoftMemoryCache(750); - private static final Cache crlCache = Cache.newSoftMemoryCache(750); + private static final Cache certCache + = Cache.newSoftMemoryCache(750); + private static final Cache crlCache + = Cache.newSoftMemoryCache(750); /** * Generates an X.509 certificate object and initializes it with @@ -90,7 +92,7 @@ public class X509Factory extends CertificateFactorySpi { try { byte[] encoding = readOneBlock(is); if (encoding != null) { - X509CertImpl cert = (X509CertImpl)getFromCache(certCache, encoding); + X509CertImpl cert = getFromCache(certCache, encoding); if (cert != null) { return cert; } @@ -151,7 +153,7 @@ public class X509Factory extends CertificateFactorySpi { } else { encoding = c.getEncoded(); } - X509CertImpl newC = (X509CertImpl)getFromCache(certCache, encoding); + X509CertImpl newC = getFromCache(certCache, encoding); if (newC != null) { return newC; } @@ -181,7 +183,7 @@ public class X509Factory extends CertificateFactorySpi { } else { encoding = c.getEncoded(); } - X509CRLImpl newC = (X509CRLImpl)getFromCache(crlCache, encoding); + X509CRLImpl newC = getFromCache(crlCache, encoding); if (newC != null) { return newC; } @@ -198,18 +200,17 @@ public class X509Factory extends CertificateFactorySpi { /** * Get the X509CertImpl or X509CRLImpl from the cache. */ - private static synchronized Object getFromCache(Cache cache, + private static synchronized V getFromCache(Cache cache, byte[] encoding) { Object key = new Cache.EqualByteArray(encoding); - Object value = cache.get(key); - return value; + return cache.get(key); } /** * Add the X509CertImpl or X509CRLImpl to the cache. */ - private static synchronized void addToCache(Cache cache, byte[] encoding, - Object value) { + private static synchronized void addToCache(Cache cache, + byte[] encoding, V value) { if (encoding.length > ENC_MAX_LENGTH) { return; } @@ -361,7 +362,7 @@ public class X509Factory extends CertificateFactorySpi { try { byte[] encoding = readOneBlock(is); if (encoding != null) { - X509CRLImpl crl = (X509CRLImpl)getFromCache(crlCache, encoding); + X509CRLImpl crl = getFromCache(crlCache, encoding); if (crl != null) { return crl; } diff --git a/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java b/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java index e325239d114..8670778ee7e 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/CertStoreHelper.java @@ -59,12 +59,13 @@ public abstract class CertStoreHelper { "SSLServer", "sun.security.provider.certpath.ssl.SSLServerCertStoreHelper"); }; - private static Cache cache = Cache.newSoftMemoryCache(NUM_TYPES); + private static Cache cache + = Cache.newSoftMemoryCache(NUM_TYPES); public static CertStoreHelper getInstance(final String type) throws NoSuchAlgorithmException { - CertStoreHelper helper = (CertStoreHelper)cache.get(type); + CertStoreHelper helper = cache.get(type); if (helper != null) { return helper; } diff --git a/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java b/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java index da607724437..6fb7bc72af3 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/URICertStore.java @@ -100,8 +100,7 @@ class URICertStore extends CertStoreSpi { private final CertificateFactory factory; // cached Collection of X509Certificates (may be empty, never null) - private Collection certs = - Collections.emptySet(); + private Collection certs = Collections.emptySet(); // cached X509CRL (may be null) private X509CRL crl; @@ -157,14 +156,14 @@ class URICertStore extends CertStoreSpi { * Returns a URI CertStore. This method consults a cache of * CertStores (shared per JVM) using the URI as a key. */ - private static final Cache certStoreCache = - Cache.newSoftMemoryCache(CACHE_SIZE); + private static final Cache + certStoreCache = Cache.newSoftMemoryCache(CACHE_SIZE); static synchronized CertStore getInstance(URICertStoreParameters params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { if (debug != null) { debug.println("CertStore URI:" + params.uri); } - CertStore ucs = (CertStore) certStoreCache.get(params); + CertStore ucs = certStoreCache.get(params); if (ucs == null) { ucs = new UCS(new URICertStore(params), null, "URI", params); certStoreCache.put(params, ucs); @@ -287,7 +286,7 @@ class URICertStore extends CertStoreSpi { } // exception, forget previous values lastModified = 0; - certs = Collections.emptySet(); + certs = Collections.emptySet(); return certs; } @@ -394,7 +393,7 @@ class URICertStore extends CertStoreSpi { // exception, forget previous values lastModified = 0; crl = null; - return Collections.emptyList(); + return Collections.emptyList(); } /** @@ -404,9 +403,9 @@ class URICertStore extends CertStoreSpi { private static Collection getMatchingCRLs (X509CRL crl, CRLSelector selector) { if (selector == null || (crl != null && selector.match(crl))) { - return Collections.singletonList(crl); + return Collections.singletonList(crl); } else { - return Collections.emptyList(); + return Collections.emptyList(); } } diff --git a/jdk/src/share/classes/sun/security/provider/certpath/X509CertificatePair.java b/jdk/src/share/classes/sun/security/provider/certpath/X509CertificatePair.java index 20d05f71be8..3228b7ed62e 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/X509CertificatePair.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/X509CertificatePair.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2002, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -79,7 +79,8 @@ public class X509CertificatePair { private X509Certificate reverse; private byte[] encoded; - private static final Cache cache = Cache.newSoftMemoryCache(750); + private static final Cache cache + = Cache.newSoftMemoryCache(750); /** * Creates an empty instance of X509CertificatePair. @@ -114,7 +115,7 @@ public class X509CertificatePair { * * For internal use only, external code should use generateCertificatePair. */ - private X509CertificatePair(byte[] encoded)throws CertificateException { + private X509CertificatePair(byte[] encoded) throws CertificateException { try { parse(new DerValue(encoded)); this.encoded = encoded; @@ -138,7 +139,7 @@ public class X509CertificatePair { public static synchronized X509CertificatePair generateCertificatePair (byte[] encoded) throws CertificateException { Object key = new Cache.EqualByteArray(encoded); - X509CertificatePair pair = (X509CertificatePair)cache.get(key); + X509CertificatePair pair = cache.get(key); if (pair != null) { return pair; } diff --git a/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java b/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java index 3eea0b25fff..eb20b3f704d 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -160,7 +160,7 @@ public final class LDAPCertStore extends CertStoreSpi { */ private boolean prefetchCRLs = false; - private final Cache valueCache; + private final Cache valueCache; private int cacheHits = 0; private int cacheMisses = 0; @@ -207,10 +207,11 @@ public final class LDAPCertStore extends CertStoreSpi { * Returns an LDAP CertStore. This method consults a cache of * CertStores (shared per JVM) using the LDAP server/port as a key. */ - private static final Cache certStoreCache = Cache.newSoftMemoryCache(185); + private static final Cache + certStoreCache = Cache.newSoftMemoryCache(185); static synchronized CertStore getInstance(LDAPCertStoreParameters params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { - CertStore lcs = (CertStore) certStoreCache.get(params); + CertStore lcs = certStoreCache.get(params); if (lcs == null) { lcs = CertStore.getInstance("LDAP", params); certStoreCache.put(params, lcs); @@ -232,7 +233,7 @@ public final class LDAPCertStore extends CertStoreSpi { private void createInitialDirContext(String server, int port) throws InvalidAlgorithmParameterException { String url = "ldap://" + server + ":" + port; - Hashtable env = new Hashtable(); + Hashtable env = new Hashtable<>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, url); @@ -283,7 +284,7 @@ public final class LDAPCertStore extends CertStoreSpi { LDAPRequest(String name) { this.name = name; - requestedAttributes = new ArrayList(5); + requestedAttributes = new ArrayList<>(5); } String getName() { @@ -311,7 +312,7 @@ public final class LDAPCertStore extends CertStoreSpi { + cacheMisses); } String cacheKey = name + "|" + attrId; - byte[][] values = (byte[][])valueCache.get(cacheKey); + byte[][] values = valueCache.get(cacheKey); if (values != null) { cacheHits++; return values; @@ -347,7 +348,7 @@ public final class LDAPCertStore extends CertStoreSpi { System.out.println("LDAP requests: " + requests); } } - valueMap = new HashMap(8); + valueMap = new HashMap<>(8); String[] attrIds = requestedAttributes.toArray(STRING0); Attributes attrs; try { @@ -429,10 +430,10 @@ public final class LDAPCertStore extends CertStoreSpi { int n = encodedCert.length; if (n == 0) { - return Collections.emptySet(); + return Collections.emptySet(); } - List certs = new ArrayList(n); + List certs = new ArrayList<>(n); /* decode certs and check if they satisfy selector */ for (int i = 0; i < n; i++) { ByteArrayInputStream bais = new ByteArrayInputStream(encodedCert[i]); @@ -477,11 +478,10 @@ public final class LDAPCertStore extends CertStoreSpi { int n = encodedCertPair.length; if (n == 0) { - return Collections.emptySet(); + return Collections.emptySet(); } - List certPairs = - new ArrayList(n); + List certPairs = new ArrayList<>(n); /* decode each cert pair and add it to the Collection */ for (int i = 0; i < n; i++) { try { @@ -528,8 +528,7 @@ public final class LDAPCertStore extends CertStoreSpi { getCertPairs(request, CROSS_CERT); // Find Certificates that match and put them in a list - ArrayList matchingCerts = - new ArrayList(); + ArrayList matchingCerts = new ArrayList<>(); for (X509CertificatePair certPair : certPairs) { X509Certificate cert; if (forward != null) { @@ -587,7 +586,7 @@ public final class LDAPCertStore extends CertStoreSpi { int basicConstraints = xsel.getBasicConstraints(); String subject = xsel.getSubjectAsString(); String issuer = xsel.getIssuerAsString(); - HashSet certs = new HashSet(); + HashSet certs = new HashSet<>(); if (debug != null) { debug.println("LDAPCertStore.engineGetCertificates() basicConstraints: " + basicConstraints); @@ -706,10 +705,10 @@ public final class LDAPCertStore extends CertStoreSpi { int n = encodedCRL.length; if (n == 0) { - return Collections.emptySet(); + return Collections.emptySet(); } - List crls = new ArrayList(n); + List crls = new ArrayList<>(n); /* decode each crl and check if it matches selector */ for (int i = 0; i < n; i++) { try { @@ -765,13 +764,13 @@ public final class LDAPCertStore extends CertStoreSpi { throw new CertStoreException("need X509CRLSelector to find CRLs"); } X509CRLSelector xsel = (X509CRLSelector) selector; - HashSet crls = new HashSet(); + HashSet crls = new HashSet<>(); // Look in directory entry for issuer of cert we're checking. Collection issuerNames; X509Certificate certChecking = xsel.getCertificateChecking(); if (certChecking != null) { - issuerNames = new HashSet(); + issuerNames = new HashSet<>(); X500Principal issuer = certChecking.getIssuerX500Principal(); issuerNames.add(issuer.getName(X500Principal.RFC2253)); } else { @@ -796,7 +795,7 @@ public final class LDAPCertStore extends CertStoreSpi { issuerName = (String)nameObject; } // If all we want is CA certs, try to get the (probably shorter) ARL - Collection entryCRLs = Collections.emptySet(); + Collection entryCRLs = Collections.emptySet(); if (certChecking == null || certChecking.getBasicConstraints() != -1) { LDAPRequest request = new LDAPRequest(issuerName); request.addRequestedAttribute(CROSS_CERT); @@ -1028,9 +1027,9 @@ public final class LDAPCertStore extends CertStoreSpi { throws IOException { this.selector = selector == null ? new X509CRLSelector() : selector; this.certIssuers = certIssuers; - issuerNames = new HashSet(); + issuerNames = new HashSet<>(); issuerNames.add(ldapDN); - issuers = new HashSet(); + issuers = new HashSet<>(); issuers.add(new X500Name(ldapDN).asX500Principal()); } // we only override the get (accessor methods) since the set methods diff --git a/jdk/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java b/jdk/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java index ce1336bf122..7d0ea3faf97 100644 --- a/jdk/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java +++ b/jdk/src/share/classes/sun/security/ssl/SSLSessionContextImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,11 +43,14 @@ import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import sun.security.util.Cache; +import sun.security.util.Cache.CacheVisitor; final class SSLSessionContextImpl implements SSLSessionContext { - private Cache sessionCache; // session cache, session id as key - private Cache sessionHostPortCache; // session cache, "host:port" as key + private Cache sessionCache; + // session cache, session id as key + private Cache sessionHostPortCache; + // session cache, "host:port" as key private int cacheLimit; // the max cache size private int timeout; // timeout in seconds @@ -71,8 +74,7 @@ final class SSLSessionContextImpl implements SSLSessionContext { throw new NullPointerException("session id cannot be null"); } - SSLSessionImpl sess = - (SSLSessionImpl)sessionCache.get(new SessionId(sessionId)); + SSLSessionImpl sess = sessionCache.get(new SessionId(sessionId)); if (!isTimedout(sess)) { return sess; } @@ -157,8 +159,7 @@ final class SSLSessionContextImpl implements SSLSessionContext { return null; } - SSLSessionImpl sess = - (SSLSessionImpl)sessionHostPortCache.get(getKey(hostname, port)); + SSLSessionImpl sess = sessionHostPortCache.get(getKey(hostname, port)); if (!isTimedout(sess)) { return sess; } @@ -193,7 +194,7 @@ final class SSLSessionContextImpl implements SSLSessionContext { // package-private method, remove a cached SSLSession void remove(SessionId key) { - SSLSessionImpl s = (SSLSessionImpl)sessionCache.get(key); + SSLSessionImpl s = sessionCache.get(key); if (s != null) { sessionCache.remove(key); sessionHostPortCache.remove( @@ -233,17 +234,17 @@ final class SSLSessionContextImpl implements SSLSessionContext { } final class SessionCacheVisitor - implements sun.security.util.Cache.CacheVisitor { + implements Cache.CacheVisitor { Vector ids = null; - // public void visit(java.util.Map map) {} - public void visit(java.util.Map map) { - ids = new Vector(map.size()); + // public void visit(java.util.Map map) {} + public void visit(java.util.Map map) { + ids = new Vector<>(map.size()); - for (Object key : map.keySet()) { - SSLSessionImpl value = (SSLSessionImpl)map.get(key); + for (SessionId key : map.keySet()) { + SSLSessionImpl value = map.get(key); if (!isTimedout(value)) { - ids.addElement(((SessionId)key).getId()); + ids.addElement(key.getId()); } } } diff --git a/jdk/src/share/classes/sun/security/util/Cache.java b/jdk/src/share/classes/sun/security/util/Cache.java index 7c7f072b5de..8037324928a 100644 --- a/jdk/src/share/classes/sun/security/util/Cache.java +++ b/jdk/src/share/classes/sun/security/util/Cache.java @@ -43,7 +43,7 @@ import java.lang.ref.*; * * . optional lifetime, specified in seconds. * - * . save for concurrent use by multiple threads + * . safe for concurrent use by multiple threads * * . values are held by either standard references or via SoftReferences. * SoftReferences have the advantage that they are automatically cleared @@ -69,7 +69,7 @@ import java.lang.ref.*; * * @author Andreas Sterbenz */ -public abstract class Cache { +public abstract class Cache { protected Cache() { // empty @@ -88,12 +88,12 @@ public abstract class Cache { /** * Add an entry to the cache. */ - public abstract void put(Object key, Object value); + public abstract void put(K key, V value); /** * Get a value from the cache. */ - public abstract Object get(Object key); + public abstract V get(Object key); /** * Remove an entry from the cache. @@ -113,14 +113,14 @@ public abstract class Cache { /** * accept a visitor */ - public abstract void accept(CacheVisitor visitor); + public abstract void accept(CacheVisitor visitor); /** * Return a new memory cache with the specified maximum size, unlimited * lifetime for entries, with the values held by SoftReferences. */ - public static Cache newSoftMemoryCache(int size) { - return new MemoryCache(true, size); + public static Cache newSoftMemoryCache(int size) { + return new MemoryCache<>(true, size); } /** @@ -128,23 +128,24 @@ public abstract class Cache { * specified maximum lifetime (in seconds), with the values held * by SoftReferences. */ - public static Cache newSoftMemoryCache(int size, int timeout) { - return new MemoryCache(true, size, timeout); + public static Cache newSoftMemoryCache(int size, int timeout) { + return new MemoryCache<>(true, size, timeout); } /** * Return a new memory cache with the specified maximum size, unlimited * lifetime for entries, with the values held by standard references. */ - public static Cache newHardMemoryCache(int size) { - return new MemoryCache(false, size); + public static Cache newHardMemoryCache(int size) { + return new MemoryCache<>(false, size); } /** * Return a dummy cache that does nothing. */ - public static Cache newNullCache() { - return NullCache.INSTANCE; + @SuppressWarnings("unchecked") + public static Cache newNullCache() { + return (Cache) NullCache.INSTANCE; } /** @@ -152,8 +153,8 @@ public abstract class Cache { * specified maximum lifetime (in seconds), with the values held * by standard references. */ - public static Cache newHardMemoryCache(int size, int timeout) { - return new MemoryCache(false, size, timeout); + public static Cache newHardMemoryCache(int size, int timeout) { + return new MemoryCache<>(false, size, timeout); } /** @@ -193,15 +194,15 @@ public abstract class Cache { } } - public interface CacheVisitor { - public void visit(Map map); + public interface CacheVisitor { + public void visit(Map map); } } -class NullCache extends Cache { +class NullCache extends Cache { - final static Cache INSTANCE = new NullCache(); + final static Cache INSTANCE = new NullCache<>(); private NullCache() { // empty @@ -215,11 +216,11 @@ class NullCache extends Cache { // empty } - public void put(Object key, Object value) { + public void put(K key, V value) { // empty } - public Object get(Object key) { + public V get(Object key) { return null; } @@ -235,23 +236,26 @@ class NullCache extends Cache { // empty } - public void accept(CacheVisitor visitor) { + public void accept(CacheVisitor visitor) { // empty } } -class MemoryCache extends Cache { +class MemoryCache extends Cache { private final static float LOAD_FACTOR = 0.75f; // XXXX private final static boolean DEBUG = false; - private final Map cacheMap; + private final Map> cacheMap; private int maxSize; private long lifetime; - private final ReferenceQueue queue; + + // ReferenceQueue is of type V instead of Cache + // to allow SoftCacheEntry to extend SoftReference + private final ReferenceQueue queue; public MemoryCache(boolean soft, int maxSize) { this(soft, maxSize, 0); @@ -260,10 +264,13 @@ class MemoryCache extends Cache { public MemoryCache(boolean soft, int maxSize, int lifetime) { this.maxSize = maxSize; this.lifetime = lifetime * 1000; - this.queue = soft ? new ReferenceQueue() : null; + if (soft) + this.queue = new ReferenceQueue<>(); + else + this.queue = null; + int buckets = (int)(maxSize / LOAD_FACTOR) + 1; - cacheMap = new LinkedHashMap(buckets, - LOAD_FACTOR, true); + cacheMap = new LinkedHashMap<>(buckets, LOAD_FACTOR, true); } /** @@ -279,16 +286,17 @@ class MemoryCache extends Cache { } int startSize = cacheMap.size(); while (true) { - CacheEntry entry = (CacheEntry)queue.poll(); + @SuppressWarnings("unchecked") + CacheEntry entry = (CacheEntry)queue.poll(); if (entry == null) { break; } - Object key = entry.getKey(); + K key = entry.getKey(); if (key == null) { // key is null, entry has already been removed continue; } - CacheEntry currentEntry = cacheMap.remove(key); + CacheEntry currentEntry = cacheMap.remove(key); // check if the entry in the map corresponds to the expired // entry. If not, readd the entry if ((currentEntry != null) && (entry != currentEntry)) { @@ -314,9 +322,9 @@ class MemoryCache extends Cache { } int cnt = 0; long time = System.currentTimeMillis(); - for (Iterator t = cacheMap.values().iterator(); + for (Iterator> t = cacheMap.values().iterator(); t.hasNext(); ) { - CacheEntry entry = t.next(); + CacheEntry entry = t.next(); if (entry.isValid(time) == false) { t.remove(); cnt++; @@ -339,7 +347,7 @@ class MemoryCache extends Cache { if (queue != null) { // if this is a SoftReference cache, first invalidate() all // entries so that GC does not have to enqueue them - for (CacheEntry entry : cacheMap.values()) { + for (CacheEntry entry : cacheMap.values()) { entry.invalidate(); } while (queue.poll() != null) { @@ -349,12 +357,12 @@ class MemoryCache extends Cache { cacheMap.clear(); } - public synchronized void put(Object key, Object value) { + public synchronized void put(K key, V value) { emptyQueue(); long expirationTime = (lifetime == 0) ? 0 : System.currentTimeMillis() + lifetime; - CacheEntry newEntry = newEntry(key, value, expirationTime, queue); - CacheEntry oldEntry = cacheMap.put(key, newEntry); + CacheEntry newEntry = newEntry(key, value, expirationTime, queue); + CacheEntry oldEntry = cacheMap.put(key, newEntry); if (oldEntry != null) { oldEntry.invalidate(); return; @@ -362,8 +370,8 @@ class MemoryCache extends Cache { if (maxSize > 0 && cacheMap.size() > maxSize) { expungeExpiredEntries(); if (cacheMap.size() > maxSize) { // still too large? - Iterator t = cacheMap.values().iterator(); - CacheEntry lruEntry = t.next(); + Iterator> t = cacheMap.values().iterator(); + CacheEntry lruEntry = t.next(); if (DEBUG) { System.out.println("** Overflow removal " + lruEntry.getKey() + " | " + lruEntry.getValue()); @@ -374,9 +382,9 @@ class MemoryCache extends Cache { } } - public synchronized Object get(Object key) { + public synchronized V get(Object key) { emptyQueue(); - CacheEntry entry = cacheMap.get(key); + CacheEntry entry = cacheMap.get(key); if (entry == null) { return null; } @@ -393,7 +401,7 @@ class MemoryCache extends Cache { public synchronized void remove(Object key) { emptyQueue(); - CacheEntry entry = cacheMap.remove(key); + CacheEntry entry = cacheMap.remove(key); if (entry != null) { entry.invalidate(); } @@ -402,9 +410,9 @@ class MemoryCache extends Cache { public synchronized void setCapacity(int size) { expungeExpiredEntries(); if (size > 0 && cacheMap.size() > size) { - Iterator t = cacheMap.values().iterator(); + Iterator> t = cacheMap.values().iterator(); for (int i = cacheMap.size() - size; i > 0; i--) { - CacheEntry lruEntry = t.next(); + CacheEntry lruEntry = t.next(); if (DEBUG) { System.out.println("** capacity reset removal " + lruEntry.getKey() + " | " + lruEntry.getValue()); @@ -431,60 +439,61 @@ class MemoryCache extends Cache { } // it is a heavyweight method. - public synchronized void accept(CacheVisitor visitor) { + public synchronized void accept(CacheVisitor visitor) { expungeExpiredEntries(); - Map cached = getCachedEntries(); + Map cached = getCachedEntries(); visitor.visit(cached); } - private Map getCachedEntries() { - Map kvmap = new HashMap(cacheMap.size()); + private Map getCachedEntries() { + Map kvmap = new HashMap<>(cacheMap.size()); - for (CacheEntry entry : cacheMap.values()) { + for (CacheEntry entry : cacheMap.values()) { kvmap.put(entry.getKey(), entry.getValue()); } return kvmap; } - protected CacheEntry newEntry(Object key, Object value, - long expirationTime, ReferenceQueue queue) { + protected CacheEntry newEntry(K key, V value, + long expirationTime, ReferenceQueue queue) { if (queue != null) { - return new SoftCacheEntry(key, value, expirationTime, queue); + return new SoftCacheEntry<>(key, value, expirationTime, queue); } else { - return new HardCacheEntry(key, value, expirationTime); + return new HardCacheEntry<>(key, value, expirationTime); } } - private static interface CacheEntry { + private static interface CacheEntry { boolean isValid(long currentTime); void invalidate(); - Object getKey(); + K getKey(); - Object getValue(); + V getValue(); } - private static class HardCacheEntry implements CacheEntry { + private static class HardCacheEntry implements CacheEntry { - private Object key, value; + private K key; + private V value; private long expirationTime; - HardCacheEntry(Object key, Object value, long expirationTime) { + HardCacheEntry(K key, V value, long expirationTime) { this.key = key; this.value = value; this.expirationTime = expirationTime; } - public Object getKey() { + public K getKey() { return key; } - public Object getValue() { + public V getValue() { return value; } @@ -503,24 +512,25 @@ class MemoryCache extends Cache { } } - private static class SoftCacheEntry - extends SoftReference implements CacheEntry { + private static class SoftCacheEntry + extends SoftReference + implements CacheEntry { - private Object key; + private K key; private long expirationTime; - SoftCacheEntry(Object key, Object value, long expirationTime, - ReferenceQueue queue) { + SoftCacheEntry(K key, V value, long expirationTime, + ReferenceQueue queue) { super(value, queue); this.key = key; this.expirationTime = expirationTime; } - public Object getKey() { + public K getKey() { return key; } - public Object getValue() { + public V getValue() { return get(); } From d25a9c128ff99b8eb95b0fd3b1eed2d13b594b8a Mon Sep 17 00:00:00 2001 From: Bradford Wetmore Date: Tue, 18 Oct 2011 11:58:57 -0700 Subject: [PATCH 05/15] 7031830: bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine Reviewed-by: xuelei, weijun, asaha --- .../classes/sun/security/ssl/CipherBox.java | 13 +- .../SSLEngineBadBufferArrayAccess.java | 479 ++++++++++++++++++ 2 files changed, 487 insertions(+), 5 deletions(-) create mode 100644 jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java diff --git a/jdk/src/share/classes/sun/security/ssl/CipherBox.java b/jdk/src/share/classes/sun/security/ssl/CipherBox.java index 91f9f36198d..16f0643a7c5 100644 --- a/jdk/src/share/classes/sun/security/ssl/CipherBox.java +++ b/jdk/src/share/classes/sun/security/ssl/CipherBox.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -305,9 +305,11 @@ final class CipherBox { byte[] buf = null; int limit = bb.limit(); if (bb.hasArray()) { + int arrayOffset = bb.arrayOffset(); buf = bb.array(); - System.arraycopy(buf, pos, - buf, pos + prefix.length, limit - pos); + System.arraycopy(buf, arrayOffset + pos, + buf, arrayOffset + pos + prefix.length, + limit - pos); bb.limit(limit + prefix.length); } else { buf = new byte[limit - pos]; @@ -491,9 +493,10 @@ final class CipherBox { byte[] buf = null; int limit = bb.limit(); if (bb.hasArray()) { + int arrayOffset = bb.arrayOffset(); buf = bb.array(); - System.arraycopy(buf, pos + blockSize, - buf, pos, limit - pos - blockSize); + System.arraycopy(buf, arrayOffset + pos + blockSize, + buf, arrayOffset + pos, limit - pos - blockSize); bb.limit(limit - blockSize); } else { buf = new byte[limit - pos - blockSize]; diff --git a/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java new file mode 100644 index 00000000000..f9cd5185b33 --- /dev/null +++ b/jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLEngineImpl/SSLEngineBadBufferArrayAccess.java @@ -0,0 +1,479 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7031830 + * @summary bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine + * @run main/othervm SSLEngineBadBufferArrayAccess + * + * SunJSSE does not support dynamic system properties, no way to re-use + * system properties in samevm/agentvm mode. + */ + +/** + * A SSLSocket/SSLEngine interop test case. This is not the way to + * code SSLEngine-based servers, but works for what we need to do here, + * which is to make sure that SSLEngine/SSLSockets can talk to each other. + * SSLEngines can use direct or indirect buffers, and different code + * is used to get at the buffer contents internally, so we test that here. + * + * The test creates one SSLSocket (client) and one SSLEngine (server). + * The SSLSocket talks to a raw ServerSocket, and the server code + * does the translation between byte [] and ByteBuffers that the SSLEngine + * can use. The "transport" layer consists of a Socket Input/OutputStream + * and two byte buffers for the SSLEngines: think of them + * as directly connected pipes. + * + * Again, this is a *very* simple example: real code will be much more + * involved. For example, different threading and I/O models could be + * used, transport mechanisms could close unexpectedly, and so on. + * + * When this application runs, notice that several messages + * (wrap/unwrap) pass before any application data is consumed or + * produced. (For more information, please see the SSL/TLS + * specifications.) There may several steps for a successful handshake, + * so it's typical to see the following series of operations: + * + * client server message + * ====== ====== ======= + * write() ... ClientHello + * ... unwrap() ClientHello + * ... wrap() ServerHello/Certificate + * read() ... ServerHello/Certificate + * write() ... ClientKeyExchange + * write() ... ChangeCipherSpec + * write() ... Finished + * ... unwrap() ClientKeyExchange + * ... unwrap() ChangeCipherSpec + * ... unwrap() Finished + * ... wrap() ChangeCipherSpec + * ... wrap() Finished + * read() ... ChangeCipherSpec + * read() ... Finished + * + * This particular bug had a problem where byte buffers backed by an + * array didn't offset correctly, and we got bad MAC errors. + */ +import javax.net.ssl.*; +import javax.net.ssl.SSLEngineResult.*; +import java.io.*; +import java.net.*; +import java.security.*; +import java.nio.*; + +public class SSLEngineBadBufferArrayAccess { + + /* + * Enables logging of the SSL/TLS operations. + */ + private static boolean logging = true; + + /* + * Enables the JSSE system debugging system property: + * + * -Djavax.net.debug=all + * + * This gives a lot of low-level information about operations underway, + * including specific handshake messages, and might be best examined + * after gaining some familiarity with this application. + */ + private static boolean debug = false; + private SSLContext sslc; + private SSLEngine serverEngine; // server-side SSLEngine + private SSLSocket sslSocket; // client-side socket + private ServerSocket serverSocket; // server-side Socket, generates the... + private Socket socket; // server-side socket that will read + + private final byte[] serverMsg = "Hi there Client, I'm a Server".getBytes(); + private final byte[] clientMsg = "Hello Server, I'm a Client".getBytes(); + + private ByteBuffer serverOut; // write side of serverEngine + private ByteBuffer serverIn; // read side of serverEngine + + private volatile Exception clientException; + private volatile Exception serverException; + + /* + * For data transport, this example uses local ByteBuffers. + */ + private ByteBuffer cTOs; // "reliable" transport client->server + private ByteBuffer sTOc; // "reliable" transport server->client + + /* + * The following is to set up the keystores/trust material. + */ + private static final String pathToStores = "../../../../../../../etc/"; + private static final String keyStoreFile = "keystore"; + private static final String trustStoreFile = "truststore"; + private static final String passwd = "passphrase"; + private static String keyFilename = + System.getProperty("test.src", ".") + "/" + pathToStores + + "/" + keyStoreFile; + private static String trustFilename = + System.getProperty("test.src", ".") + "/" + pathToStores + + "/" + trustStoreFile; + + /* + * Main entry point for this test. + */ + public static void main(String args[]) throws Exception { + if (debug) { + System.setProperty("javax.net.debug", "all"); + } + + String [] protocols = new String [] { + "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" }; + + for (String protocol : protocols) { + log("Testing " + protocol); + /* + * Run the tests with direct and indirect buffers. + */ + SSLEngineBadBufferArrayAccess test = + new SSLEngineBadBufferArrayAccess(protocol); + test.runTest(true); + test.runTest(false); + } + + System.out.println("Test Passed."); + } + + /* + * Create an initialized SSLContext to use for these tests. + */ + public SSLEngineBadBufferArrayAccess(String protocol) throws Exception { + + KeyStore ks = KeyStore.getInstance("JKS"); + KeyStore ts = KeyStore.getInstance("JKS"); + + char[] passphrase = "passphrase".toCharArray(); + + ks.load(new FileInputStream(keyFilename), passphrase); + ts.load(new FileInputStream(trustFilename), passphrase); + + KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); + kmf.init(ks, passphrase); + + TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); + tmf.init(ts); + + SSLContext sslCtx = SSLContext.getInstance(protocol); + + sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); + + sslc = sslCtx; + } + + /* + * Run the test. + * + * Sit in a tight loop, with the server engine calling wrap/unwrap + * regardless of whether data is available or not. We do this until + * we get the application data. Then we shutdown and go to the next one. + * + * The main loop handles all of the I/O phases of the SSLEngine's + * lifetime: + * + * initial handshaking + * application data transfer + * engine closing + * + * One could easily separate these phases into separate + * sections of code. + */ + private void runTest(boolean direct) throws Exception { + boolean serverClose = direct; + + serverSocket = new ServerSocket(0); + int port = serverSocket.getLocalPort(); + Thread thread = createClientThread(port, serverClose); + + socket = serverSocket.accept(); + socket.setSoTimeout(500); + serverSocket.close(); + + createSSLEngine(); + createBuffers(direct); + + try { + boolean closed = false; + + InputStream is = socket.getInputStream(); + OutputStream os = socket.getOutputStream(); + + SSLEngineResult serverResult; // results from last operation + + /* + * Examining the SSLEngineResults could be much more involved, + * and may alter the overall flow of the application. + * + * For example, if we received a BUFFER_OVERFLOW when trying + * to write to the output pipe, we could reallocate a larger + * pipe, but instead we wait for the peer to drain it. + */ + byte[] inbound = new byte[8192]; + byte[] outbound = new byte[8192]; + + while (!isEngineClosed(serverEngine)) { + int len = 0; + + // Inbound data + log("================"); + + // Read from the Client side. + try { + len = is.read(inbound); + if (len == -1) { + throw new Exception("Unexpected EOF"); + } + cTOs.put(inbound, 0, len); + } catch (SocketTimeoutException ste) { + // swallow. Nothing yet, probably waiting on us. + } + + cTOs.flip(); + + serverResult = serverEngine.unwrap(cTOs, serverIn); + log("server unwrap: ", serverResult); + runDelegatedTasks(serverResult, serverEngine); + cTOs.compact(); + + // Outbound data + log("----"); + + serverResult = serverEngine.wrap(serverOut, sTOc); + log("server wrap: ", serverResult); + runDelegatedTasks(serverResult, serverEngine); + + sTOc.flip(); + + if ((len = sTOc.remaining()) != 0) { + sTOc.get(outbound, 0, len); + os.write(outbound, 0, len); + // Give the other side a chance to process + } + + sTOc.compact(); + + if (!closed && (serverOut.remaining() == 0)) { + closed = true; + + /* + * We'll alternate initiatating the shutdown. + * When the server initiates, it will take one more + * loop, but tests the orderly shutdown. + */ + if (serverClose) { + serverEngine.closeOutbound(); + } + serverIn.flip(); + + /* + * A sanity check to ensure we got what was sent. + */ + if (serverIn.remaining() != clientMsg.length) { + throw new Exception("Client: Data length error"); + } + + for (int i = 0; i < clientMsg.length; i++) { + if (clientMsg[i] != serverIn.get()) { + throw new Exception("Client: Data content error"); + } + } + serverIn.compact(); + } + } + return; + } catch (Exception e) { + serverException = e; + } finally { + socket.close(); + + // Wait for the client to join up with us. + thread.join(); + if (serverException != null) { + throw serverException; + } + if (clientException != null) { + throw clientException; + } + } + } + + /* + * Create a client thread which does simple SSLSocket operations. + * We'll write and read one data packet. + */ + private Thread createClientThread(final int port, + final boolean serverClose) throws Exception { + + Thread t = new Thread("ClientThread") { + + @Override + public void run() { + try { + Thread.sleep(1000); // Give server time to finish setup. + + sslSocket = (SSLSocket) sslc.getSocketFactory(). + createSocket("localhost", port); + OutputStream os = sslSocket.getOutputStream(); + InputStream is = sslSocket.getInputStream(); + + // write(byte[]) goes in one shot. + os.write(clientMsg); + + byte[] inbound = new byte[2048]; + int pos = 0; + + int len; +done: + while ((len = is.read(inbound, pos, 2048 - pos)) != -1) { + pos += len; + // Let the client do the closing. + if ((pos == serverMsg.length) && !serverClose) { + sslSocket.close(); + break done; + } + } + + if (pos != serverMsg.length) { + throw new Exception("Client: Data length error"); + } + + for (int i = 0; i < serverMsg.length; i++) { + if (inbound[i] != serverMsg[i]) { + throw new Exception("Client: Data content error"); + } + } + } catch (Exception e) { + clientException = e; + } + } + }; + t.start(); + return t; + } + + /* + * Using the SSLContext created during object creation, + * create/configure the SSLEngines we'll use for this test. + */ + private void createSSLEngine() throws Exception { + /* + * Configure the serverEngine to act as a server in the SSL/TLS + * handshake. + */ + serverEngine = sslc.createSSLEngine(); + serverEngine.setUseClientMode(false); + serverEngine.getNeedClientAuth(); + } + + /* + * Create and size the buffers appropriately. + */ + private void createBuffers(boolean direct) { + + SSLSession session = serverEngine.getSession(); + int appBufferMax = session.getApplicationBufferSize(); + int netBufferMax = session.getPacketBufferSize(); + + /* + * We'll make the input buffers a bit bigger than the max needed + * size, so that unwrap()s following a successful data transfer + * won't generate BUFFER_OVERFLOWS. + * + * We'll use a mix of direct and indirect ByteBuffers for + * tutorial purposes only. In reality, only use direct + * ByteBuffers when they give a clear performance enhancement. + */ + if (direct) { + serverIn = ByteBuffer.allocateDirect(appBufferMax + 50); + cTOs = ByteBuffer.allocateDirect(netBufferMax); + sTOc = ByteBuffer.allocateDirect(netBufferMax); + } else { + serverIn = ByteBuffer.allocate(appBufferMax + 50); + cTOs = ByteBuffer.allocate(netBufferMax); + sTOc = ByteBuffer.allocate(netBufferMax); + } + + serverOut = ByteBuffer.wrap(serverMsg); + } + + /* + * If the result indicates that we have outstanding tasks to do, + * go ahead and run them in this thread. + */ + private static void runDelegatedTasks(SSLEngineResult result, + SSLEngine engine) throws Exception { + + if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { + Runnable runnable; + while ((runnable = engine.getDelegatedTask()) != null) { + log("\trunning delegated task..."); + runnable.run(); + } + HandshakeStatus hsStatus = engine.getHandshakeStatus(); + if (hsStatus == HandshakeStatus.NEED_TASK) { + throw new Exception( + "handshake shouldn't need additional tasks"); + } + log("\tnew HandshakeStatus: " + hsStatus); + } + } + + private static boolean isEngineClosed(SSLEngine engine) { + return (engine.isOutboundDone() && engine.isInboundDone()); + } + + /* + * Logging code + */ + private static boolean resultOnce = true; + + private static void log(String str, SSLEngineResult result) { + if (!logging) { + return; + } + if (resultOnce) { + resultOnce = false; + System.out.println("The format of the SSLEngineResult is: \n" + + "\t\"getStatus() / getHandshakeStatus()\" +\n" + + "\t\"bytesConsumed() / bytesProduced()\"\n"); + } + HandshakeStatus hsStatus = result.getHandshakeStatus(); + log(str + + result.getStatus() + "/" + hsStatus + ", " + + result.bytesConsumed() + "/" + result.bytesProduced() + + " bytes"); + if (hsStatus == HandshakeStatus.FINISHED) { + log("\t...ready for application data"); + } + } + + private static void log(String str) { + if (logging) { + System.out.println(str); + } + } +} From f1f3aad11cfda1a45383fc0964d55f9b1da572d9 Mon Sep 17 00:00:00 2001 From: Sean Mullan Date: Wed, 19 Oct 2011 10:15:23 -0400 Subject: [PATCH 06/15] 7102686: Restructure timestamp code so that jars and modules can more easily share the same code Reviewed-by: mchung --- .../classes/sun/security/pkcs/PKCS7.java | 186 +++++++++++++ .../classes/sun/security/pkcs/SignerInfo.java | 63 ++++- .../security/timestamp/HttpTimestamper.java | 51 ++-- .../sun/security/timestamp/TSRequest.java | 57 ++-- .../sun/security/timestamp/TSResponse.java | 113 ++++---- .../classes/sun/security/tools/JarSigner.java | 7 +- .../sun/security/tools/TimestampedSigner.java | 244 ++---------------- .../classes/sun/security/util/Debug.java | 3 +- .../security/util/SignatureFileVerifier.java | 59 +---- 9 files changed, 378 insertions(+), 405 deletions(-) diff --git a/jdk/src/share/classes/sun/security/pkcs/PKCS7.java b/jdk/src/share/classes/sun/security/pkcs/PKCS7.java index 4cdf35dba0e..a3198784729 100644 --- a/jdk/src/share/classes/sun/security/pkcs/PKCS7.java +++ b/jdk/src/share/classes/sun/security/pkcs/PKCS7.java @@ -27,6 +27,7 @@ package sun.security.pkcs; import java.io.*; import java.math.BigInteger; +import java.net.URI; import java.util.*; import java.security.cert.X509Certificate; import java.security.cert.CertificateException; @@ -35,6 +36,7 @@ import java.security.cert.CRLException; import java.security.cert.CertificateFactory; import java.security.*; +import sun.security.timestamp.*; import sun.security.util.*; import sun.security.x509.AlgorithmId; import sun.security.x509.CertificateIssuerName; @@ -68,6 +70,30 @@ public class PKCS7 { private Principal[] certIssuerNames; + /* + * Random number generator for creating nonce values + */ + private static final SecureRandom RANDOM; + static { + SecureRandom tmp = null; + try { + tmp = SecureRandom.getInstance("SHA1PRNG"); + } catch (NoSuchAlgorithmException e) { + // should not happen + } + RANDOM = tmp; + } + + /* + * Object identifier for the timestamping key purpose. + */ + private static final String KP_TIMESTAMPING_OID = "1.3.6.1.5.5.7.3.8"; + + /* + * Object identifier for extendedKeyUsage extension + */ + private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37"; + /** * Unmarshals a PKCS7 block from its encoded form, parsing the * encoded bytes from the InputStream. @@ -733,4 +759,164 @@ public class PKCS7 { public boolean isOldStyle() { return this.oldStyle; } + + /** + * Assembles a PKCS #7 signed data message that optionally includes a + * signature timestamp. + * + * @param signature the signature bytes + * @param signerChain the signer's X.509 certificate chain + * @param content the content that is signed; specify null to not include + * it in the PKCS7 data + * @param signatureAlgorithm the name of the signature algorithm + * @param tsaURI the URI of the Timestamping Authority; or null if no + * timestamp is requested + * @return the bytes of the encoded PKCS #7 signed data message + * @throws NoSuchAlgorithmException The exception is thrown if the signature + * algorithm is unrecognised. + * @throws CertificateException The exception is thrown if an error occurs + * while processing the signer's certificate or the TSA's + * certificate. + * @throws IOException The exception is thrown if an error occurs while + * generating the signature timestamp or while generating the signed + * data message. + */ + public static byte[] generateSignedData(byte[] signature, + X509Certificate[] signerChain, + byte[] content, + String signatureAlgorithm, + URI tsaURI) + throws CertificateException, IOException, NoSuchAlgorithmException + { + + // Generate the timestamp token + PKCS9Attributes unauthAttrs = null; + if (tsaURI != null) { + // Timestamp the signature + HttpTimestamper tsa = new HttpTimestamper(tsaURI); + byte[] tsToken = generateTimestampToken(tsa, signature); + + // Insert the timestamp token into the PKCS #7 signer info element + // (as an unsigned attribute) + unauthAttrs = + new PKCS9Attributes(new PKCS9Attribute[]{ + new PKCS9Attribute( + PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR, + tsToken)}); + } + + // Create the SignerInfo + X500Name issuerName = + X500Name.asX500Name(signerChain[0].getIssuerX500Principal()); + BigInteger serialNumber = signerChain[0].getSerialNumber(); + String encAlg = AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm); + String digAlg = AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm); + SignerInfo signerInfo = new SignerInfo(issuerName, serialNumber, + AlgorithmId.get(digAlg), null, + AlgorithmId.get(encAlg), + signature, unauthAttrs); + + // Create the PKCS #7 signed data message + SignerInfo[] signerInfos = {signerInfo}; + AlgorithmId[] algorithms = {signerInfo.getDigestAlgorithmId()}; + // Include or exclude content + ContentInfo contentInfo = (content == null) + ? new ContentInfo(ContentInfo.DATA_OID, null) + : new ContentInfo(content); + PKCS7 pkcs7 = new PKCS7(algorithms, contentInfo, + signerChain, signerInfos); + ByteArrayOutputStream p7out = new ByteArrayOutputStream(); + pkcs7.encodeSignedData(p7out); + + return p7out.toByteArray(); + } + + /** + * Requests, processes and validates a timestamp token from a TSA using + * common defaults. Uses the following defaults in the timestamp request: + * SHA-1 for the hash algorithm, a 64-bit nonce, and request certificate + * set to true. + * + * @param tsa the timestamping authority to use + * @param toBeTimestamped the token that is to be timestamped + * @return the encoded timestamp token + * @throws IOException The exception is thrown if an error occurs while + * communicating with the TSA. + * @throws CertificateException The exception is thrown if the TSA's + * certificate is not permitted for timestamping. + */ + private static byte[] generateTimestampToken(Timestamper tsa, + byte[] toBeTimestamped) + throws IOException, CertificateException + { + // Generate a timestamp + MessageDigest messageDigest = null; + TSRequest tsQuery = null; + try { + // SHA-1 is always used. + messageDigest = MessageDigest.getInstance("SHA-1"); + tsQuery = new TSRequest(toBeTimestamped, messageDigest); + } catch (NoSuchAlgorithmException e) { + // ignore + } + + // Generate a nonce + BigInteger nonce = null; + if (RANDOM != null) { + nonce = new BigInteger(64, RANDOM); + tsQuery.setNonce(nonce); + } + tsQuery.requestCertificate(true); + + TSResponse tsReply = tsa.generateTimestamp(tsQuery); + int status = tsReply.getStatusCode(); + // Handle TSP error + if (status != 0 && status != 1) { + throw new IOException("Error generating timestamp: " + + tsReply.getStatusCodeAsText() + " " + + tsReply.getFailureCodeAsText()); + } + PKCS7 tsToken = tsReply.getToken(); + + TimestampToken tst = tsReply.getTimestampToken(); + if (!tst.getHashAlgorithm().getName().equals("SHA")) { + throw new IOException("Digest algorithm not SHA-1 in " + + "timestamp token"); + } + if (!MessageDigest.isEqual(tst.getHashedMessage(), + tsQuery.getHashedMessage())) { + throw new IOException("Digest octets changed in timestamp token"); + } + + BigInteger replyNonce = tst.getNonce(); + if (replyNonce == null && nonce != null) { + throw new IOException("Nonce missing in timestamp token"); + } + if (replyNonce != null && !replyNonce.equals(nonce)) { + throw new IOException("Nonce changed in timestamp token"); + } + + // Examine the TSA's certificate (if present) + for (SignerInfo si: tsToken.getSignerInfos()) { + X509Certificate cert = si.getCertificate(tsToken); + if (cert == null) { + // Error, we've already set tsRequestCertificate = true + throw new CertificateException( + "Certificate not included in timestamp token"); + } else { + if (!cert.getCriticalExtensionOIDs().contains( + EXTENDED_KEY_USAGE_OID)) { + throw new CertificateException( + "Certificate is not valid for timestamping"); + } + List keyPurposes = cert.getExtendedKeyUsage(); + if (keyPurposes == null || + !keyPurposes.contains(KP_TIMESTAMPING_OID)) { + throw new CertificateException( + "Certificate is not valid for timestamping"); + } + } + } + return tsReply.getEncodedToken(); + } } diff --git a/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java b/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java index c04b05ffdec..1d327706d78 100644 --- a/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java +++ b/jdk/src/share/classes/sun/security/pkcs/SignerInfo.java @@ -28,10 +28,14 @@ package sun.security.pkcs; import java.io.OutputStream; import java.io.IOException; import java.math.BigInteger; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.CertPath; import java.security.cert.X509Certificate; import java.security.*; import java.util.ArrayList; +import sun.security.timestamp.TimestampToken; import sun.security.util.*; import sun.security.x509.AlgorithmId; import sun.security.x509.X500Name; @@ -51,6 +55,8 @@ public class SignerInfo implements DerEncoder { AlgorithmId digestAlgorithmId; AlgorithmId digestEncryptionAlgorithmId; byte[] encryptedDigest; + Timestamp timestamp; + private boolean hasTimestamp = true; PKCS9Attributes authenticatedAttributes; PKCS9Attributes unauthenticatedAttributes; @@ -442,6 +448,62 @@ public class SignerInfo implements DerEncoder { return unauthenticatedAttributes; } + /* + * Extracts a timestamp from a PKCS7 SignerInfo. + * + * Examines the signer's unsigned attributes for a + * signatureTimestampToken attribute. If present, + * then it is parsed to extract the date and time at which the + * timestamp was generated. + * + * @param info A signer information element of a PKCS 7 block. + * + * @return A timestamp token or null if none is present. + * @throws IOException if an error is encountered while parsing the + * PKCS7 data. + * @throws NoSuchAlgorithmException if an error is encountered while + * verifying the PKCS7 object. + * @throws SignatureException if an error is encountered while + * verifying the PKCS7 object. + * @throws CertificateException if an error is encountered while generating + * the TSA's certpath. + */ + public Timestamp getTimestamp() + throws IOException, NoSuchAlgorithmException, SignatureException, + CertificateException + { + if (timestamp != null || !hasTimestamp) + return timestamp; + + if (unauthenticatedAttributes == null) { + hasTimestamp = false; + return null; + } + PKCS9Attribute tsTokenAttr = + unauthenticatedAttributes.getAttribute( + PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID); + if (tsTokenAttr == null) { + hasTimestamp = false; + return null; + } + + PKCS7 tsToken = new PKCS7((byte[])tsTokenAttr.getValue()); + // Extract the content (an encoded timestamp token info) + byte[] encTsTokenInfo = tsToken.getContentInfo().getData(); + // Extract the signer (the Timestamping Authority) + // while verifying the content + SignerInfo[] tsa = tsToken.verify(encTsTokenInfo); + // Expect only one signer + ArrayList chain = tsa[0].getCertificateChain(tsToken); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + CertPath tsaChain = cf.generateCertPath(chain); + // Create a timestamp token info object + TimestampToken tsTokenInfo = new TimestampToken(encTsTokenInfo); + // Create a timestamp object + timestamp = new Timestamp(tsTokenInfo.getDate(), tsaChain); + return timestamp; + } + public String toString() { HexDumpEncoder hexDump = new HexDumpEncoder(); @@ -467,5 +529,4 @@ public class SignerInfo implements DerEncoder { } return out; } - } diff --git a/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java b/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java index 54958f726c8..a4a1921bb29 100644 --- a/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java +++ b/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java @@ -28,13 +28,13 @@ package sun.security.timestamp; import java.io.BufferedInputStream; import java.io.DataOutputStream; import java.io.IOException; +import java.net.URI; import java.net.URL; import java.net.HttpURLConnection; -import java.util.List; -import java.util.Map; -import java.util.Set; +import java.util.*; import sun.misc.IOUtils; +import sun.security.util.Debug; /** * A timestamper that communicates with a Timestamping Authority (TSA) @@ -58,20 +58,23 @@ public class HttpTimestamper implements Timestamper { private static final String TS_REPLY_MIME_TYPE = "application/timestamp-reply"; - private static final boolean DEBUG = false; + private static final Debug debug = Debug.getInstance("ts"); /* - * HTTP URL identifying the location of the TSA + * HTTP URI identifying the location of the TSA */ - private String tsaUrl = null; + private URI tsaURI = null; /** * Creates a timestamper that connects to the specified TSA. * - * @param tsa The location of the TSA. It must be an HTTP URL. + * @param tsa The location of the TSA. It must be an HTTP URI. + * @throws IllegalArgumentException if tsaURI is not an HTTP URI */ - public HttpTimestamper(String tsaUrl) { - this.tsaUrl = tsaUrl; + public HttpTimestamper(URI tsaURI) { + if (!tsaURI.getScheme().equalsIgnoreCase("http")) + throw new IllegalArgumentException("TSA must be an HTTP URI"); + this.tsaURI = tsaURI; } /** @@ -85,7 +88,7 @@ public class HttpTimestamper implements Timestamper { public TSResponse generateTimestamp(TSRequest tsQuery) throws IOException { HttpURLConnection connection = - (HttpURLConnection) new URL(tsaUrl).openConnection(); + (HttpURLConnection) tsaURI.toURL().openConnection(); connection.setDoOutput(true); connection.setUseCaches(false); // ignore cache connection.setRequestProperty("Content-Type", TS_QUERY_MIME_TYPE); @@ -93,15 +96,15 @@ public class HttpTimestamper implements Timestamper { // Avoids the "hang" when a proxy is required but none has been set. connection.setConnectTimeout(CONNECT_TIMEOUT); - if (DEBUG) { + if (debug != null) { Set>> headers = - connection.getRequestProperties().entrySet(); - System.out.println(connection.getRequestMethod() + " " + tsaUrl + + connection.getRequestProperties().entrySet(); + debug.println(connection.getRequestMethod() + " " + tsaURI + " HTTP/1.1"); - for (Map.Entry> entry : headers) { - System.out.println(" " + entry); + for (Map.Entry> e : headers) { + debug.println(" " + e); } - System.out.println(); + debug.println(); } connection.connect(); // No HTTP authentication is performed @@ -112,8 +115,8 @@ public class HttpTimestamper implements Timestamper { byte[] request = tsQuery.encode(); output.write(request, 0, request.length); output.flush(); - if (DEBUG) { - System.out.println("sent timestamp query (length=" + + if (debug != null) { + debug.println("sent timestamp query (length=" + request.length + ")"); } } finally { @@ -127,17 +130,17 @@ public class HttpTimestamper implements Timestamper { byte[] replyBuffer = null; try { input = new BufferedInputStream(connection.getInputStream()); - if (DEBUG) { + if (debug != null) { String header = connection.getHeaderField(0); - System.out.println(header); + debug.println(header); int i = 1; while ((header = connection.getHeaderField(i)) != null) { String key = connection.getHeaderFieldKey(i); - System.out.println(" " + ((key==null) ? "" : key + ": ") + + debug.println(" " + ((key==null) ? "" : key + ": ") + header); i++; } - System.out.println(); + debug.println(); } verifyMimeType(connection.getContentType()); @@ -145,8 +148,8 @@ public class HttpTimestamper implements Timestamper { int contentLength = connection.getContentLength(); replyBuffer = IOUtils.readFully(input, contentLength, false); - if (DEBUG) { - System.out.println("received timestamp response (length=" + + if (debug != null) { + debug.println("received timestamp response (length=" + total + ")"); } } finally { diff --git a/jdk/src/share/classes/sun/security/timestamp/TSRequest.java b/jdk/src/share/classes/sun/security/timestamp/TSRequest.java index 241811f5333..9b322192cca 100644 --- a/jdk/src/share/classes/sun/security/timestamp/TSRequest.java +++ b/jdk/src/share/classes/sun/security/timestamp/TSRequest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,10 +27,13 @@ package sun.security.timestamp; import java.io.IOException; import java.math.BigInteger; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import java.security.cert.X509Extension; import sun.security.util.DerValue; import sun.security.util.DerOutputStream; import sun.security.util.ObjectIdentifier; +import sun.security.x509.AlgorithmId; /** * This class provides a timestamp request, as defined in @@ -64,24 +67,9 @@ import sun.security.util.ObjectIdentifier; public class TSRequest { - private static final ObjectIdentifier SHA1_OID; - private static final ObjectIdentifier MD5_OID; - static { - ObjectIdentifier sha1 = null; - ObjectIdentifier md5 = null; - try { - sha1 = new ObjectIdentifier("1.3.14.3.2.26"); - md5 = new ObjectIdentifier("1.2.840.113549.2.5"); - } catch (IOException ioe) { - // should not happen - } - SHA1_OID = sha1; - MD5_OID = md5; - } - private int version = 1; - private ObjectIdentifier hashAlgorithmId = null; + private AlgorithmId hashAlgorithmId = null; private byte[] hashValue; @@ -94,30 +82,21 @@ public class TSRequest { private X509Extension[] extensions = null; /** - * Constructs a timestamp request for the supplied hash value.. + * Constructs a timestamp request for the supplied data. * - * @param hashValue The hash value. This is the data to be timestamped. - * @param hashAlgorithm The name of the hash algorithm. + * @param toBeTimeStamped The data to be timestamped. + * @param messageDigest The MessageDigest of the hash algorithm to use. + * @throws NoSuchAlgorithmException if the hash algorithm is not supported */ - public TSRequest(byte[] hashValue, String hashAlgorithm) { + public TSRequest(byte[] toBeTimeStamped, MessageDigest messageDigest) + throws NoSuchAlgorithmException { - // Check the common hash algorithms - if ("MD5".equalsIgnoreCase(hashAlgorithm)) { - hashAlgorithmId = MD5_OID; - // Check that the hash value matches the hash algorithm - assert hashValue.length == 16; + this.hashAlgorithmId = AlgorithmId.get(messageDigest.getAlgorithm()); + this.hashValue = messageDigest.digest(toBeTimeStamped); + } - } else if ("SHA-1".equalsIgnoreCase(hashAlgorithm) || - "SHA".equalsIgnoreCase(hashAlgorithm) || - "SHA1".equalsIgnoreCase(hashAlgorithm)) { - hashAlgorithmId = SHA1_OID; - // Check that the hash value matches the hash algorithm - assert hashValue.length == 20; - - } - // Clone the hash value - this.hashValue = new byte[hashValue.length]; - System.arraycopy(hashValue, 0, this.hashValue, 0, hashValue.length); + public byte[] getHashedMessage() { + return hashValue.clone(); } /** @@ -176,9 +155,7 @@ public class TSRequest { // encode messageImprint DerOutputStream messageImprint = new DerOutputStream(); - DerOutputStream hashAlgorithm = new DerOutputStream(); - hashAlgorithm.putOID(hashAlgorithmId); - messageImprint.write(DerValue.tag_Sequence, hashAlgorithm); + hashAlgorithmId.encode(messageImprint); messageImprint.putOctetString(hashValue); request.write(DerValue.tag_Sequence, messageImprint); diff --git a/jdk/src/share/classes/sun/security/timestamp/TSResponse.java b/jdk/src/share/classes/sun/security/timestamp/TSResponse.java index afb8084fed7..0cf223d492a 100644 --- a/jdk/src/share/classes/sun/security/timestamp/TSResponse.java +++ b/jdk/src/share/classes/sun/security/timestamp/TSResponse.java @@ -27,6 +27,7 @@ package sun.security.timestamp; import java.io.IOException; import sun.security.pkcs.PKCS7; +import sun.security.util.Debug; import sun.security.util.DerValue; /** @@ -175,18 +176,20 @@ public class TSResponse { */ public static final int SYSTEM_FAILURE = 25; - private static final boolean DEBUG = false; + private static final Debug debug = Debug.getInstance("ts"); private int status; private String[] statusString = null; - private int failureInfo = -1; + private boolean[] failureInfo = null; private byte[] encodedTsToken = null; private PKCS7 tsToken = null; + private TimestampToken tstInfo; + /** * Constructs an object to store the response to a timestamp request. * @@ -215,11 +218,11 @@ public class TSResponse { } /** - * Retrieve the failure code returned by the TSA. + * Retrieve the failure info returned by the TSA. * - * @return If -1 then no failure code was received. + * @return the failure info, or null if no failure code was received. */ - public int getFailureCode() { + public boolean[] getFailureInfo() { return failureInfo; } @@ -250,42 +253,38 @@ public class TSResponse { } } + private boolean isSet(int position) { + return failureInfo[position]; + } + public String getFailureCodeAsText() { - if (failureInfo == -1) { - return null; + if (failureInfo == null) { + return ""; } - switch (failureInfo) { + try { + if (isSet(BAD_ALG)) + return "Unrecognized or unsupported algorithm identifier."; + if (isSet(BAD_REQUEST)) + return "The requested transaction is not permitted or " + + "supported."; + if (isSet(BAD_DATA_FORMAT)) + return "The data submitted has the wrong format."; + if (isSet(TIME_NOT_AVAILABLE)) + return "The TSA's time source is not available."; + if (isSet(UNACCEPTED_POLICY)) + return "The requested TSA policy is not supported by the TSA."; + if (isSet(UNACCEPTED_EXTENSION)) + return "The requested extension is not supported by the TSA."; + if (isSet(ADD_INFO_NOT_AVAILABLE)) + return "The additional information requested could not be " + + "understood or is not available."; + if (isSet(SYSTEM_FAILURE)) + return "The request cannot be handled due to system failure."; + } catch (ArrayIndexOutOfBoundsException ex) {} - case BAD_ALG: - return "Unrecognized or unsupported alrorithm identifier."; - - case BAD_REQUEST: - return "The requested transaction is not permitted or supported."; - - case BAD_DATA_FORMAT: - return "The data submitted has the wrong format."; - - case TIME_NOT_AVAILABLE: - return "The TSA's time source is not available."; - - case UNACCEPTED_POLICY: - return "The requested TSA policy is not supported by the TSA."; - - case UNACCEPTED_EXTENSION: - return "The requested extension is not supported by the TSA."; - - case ADD_INFO_NOT_AVAILABLE: - return "The additional information requested could not be " + - "understood or is not available."; - - case SYSTEM_FAILURE: - return "The request cannot be handled due to system failure."; - - default: - return ("unknown status code " + status); - } + return ("unknown failure code"); } /** @@ -297,6 +296,10 @@ public class TSResponse { return tsToken; } + public TimestampToken getTimestampToken() { + return tstInfo; + } + /** * Retrieve the ASN.1 BER encoded timestamp token returned by the TSA. * @@ -323,29 +326,30 @@ public class TSResponse { // Parse status - DerValue status = derValue.data.getDerValue(); - // Parse status - this.status = status.data.getInteger(); - if (DEBUG) { - System.out.println("timestamp response: status=" + this.status); + DerValue statusInfo = derValue.data.getDerValue(); + this.status = statusInfo.data.getInteger(); + if (debug != null) { + debug.println("timestamp response: status=" + this.status); } // Parse statusString, if present - if (status.data.available() > 0) { - DerValue[] strings = status.data.getSequence(1); - statusString = new String[strings.length]; - for (int i = 0; i < strings.length; i++) { - statusString[i] = strings[i].data.getUTF8String(); + if (statusInfo.data.available() > 0) { + byte tag = (byte)statusInfo.data.peekByte(); + if (tag == DerValue.tag_SequenceOf) { + DerValue[] strings = statusInfo.data.getSequence(1); + statusString = new String[strings.length]; + for (int i = 0; i < strings.length; i++) { + statusString[i] = strings[i].getUTF8String(); + if (debug != null) { + debug.println("timestamp response: statusString=" + + statusString[i]); + } + } } } // Parse failInfo, if present - if (status.data.available() > 0) { - byte[] failInfo = status.data.getBitString(); - int failureInfo = (new Byte(failInfo[0])).intValue(); - if (failureInfo < 0 || failureInfo > 25 || failInfo.length != 1) { - throw new IOException("Bad encoding for timestamp response: " + - "unrecognized value for the failInfo element"); - } - this.failureInfo = failureInfo; + if (statusInfo.data.available() > 0) { + this.failureInfo + = statusInfo.data.getUnalignedBitString().toBooleanArray(); } // Parse timeStampToken, if present @@ -353,6 +357,7 @@ public class TSResponse { DerValue timestampToken = derValue.data.getDerValue(); encodedTsToken = timestampToken.toByteArray(); tsToken = new PKCS7(encodedTsToken); + tstInfo = new TimestampToken(tsToken.getContentInfo().getData()); } // Check the format of the timestamp response diff --git a/jdk/src/share/classes/sun/security/tools/JarSigner.java b/jdk/src/share/classes/sun/security/tools/JarSigner.java index ac2ffde9e58..fe3944f4b29 100644 --- a/jdk/src/share/classes/sun/security/tools/JarSigner.java +++ b/jdk/src/share/classes/sun/security/tools/JarSigner.java @@ -1277,11 +1277,10 @@ public class JarSigner { System.out.println(rb.getString("TSA.location.") + tsaUrl); } if (tsaCert != null) { - String certUrl = - TimestampedSigner.getTimestampingUrl(tsaCert); - if (certUrl != null) { + URI tsaURI = TimestampedSigner.getTimestampingURI(tsaCert); + if (tsaURI != null) { System.out.println(rb.getString("TSA.location.") + - certUrl); + tsaURI); } System.out.println(rb.getString("TSA.certificate.") + printCert("", tsaCert, false, 0, false)); diff --git a/jdk/src/share/classes/sun/security/tools/TimestampedSigner.java b/jdk/src/share/classes/sun/security/tools/TimestampedSigner.java index 94a6a8b158c..4848a40dcbc 100644 --- a/jdk/src/share/classes/sun/security/tools/TimestampedSigner.java +++ b/jdk/src/share/classes/sun/security/tools/TimestampedSigner.java @@ -25,22 +25,14 @@ package sun.security.tools; -import java.io.ByteArrayOutputStream; import java.io.IOException; -import java.math.BigInteger; import java.net.URI; -import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.SecureRandom; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; -import java.util.List; import com.sun.jarsigner.*; -import java.util.Arrays; -import sun.security.pkcs.*; -import sun.security.timestamp.*; +import sun.security.pkcs.PKCS7; import sun.security.util.*; import sun.security.x509.*; @@ -56,36 +48,12 @@ import sun.security.x509.*; public final class TimestampedSigner extends ContentSigner { - /* - * Random number generator for creating nonce values - */ - private static final SecureRandom RANDOM; - static { - SecureRandom tmp = null; - try { - tmp = SecureRandom.getInstance("SHA1PRNG"); - } catch (NoSuchAlgorithmException e) { - // should not happen - } - RANDOM = tmp; - } - /* * Object identifier for the subject information access X.509 certificate * extension. */ private static final String SUBJECT_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.11"; - /* - * Object identifier for the timestamping key purpose. - */ - private static final String KP_TIMESTAMPING_OID = "1.3.6.1.5.5.7.3.8"; - - /* - * Object identifier for extendedKeyUsage extension - */ - private static final String EXTENDED_KEY_USAGE_OID = "2.5.29.37"; - /* * Object identifier for the timestamping access descriptors. */ @@ -100,26 +68,6 @@ public final class TimestampedSigner extends ContentSigner { AD_TIMESTAMPING_Id = tmp; } - /* - * Location of the TSA. - */ - private String tsaUrl = null; - - /* - * TSA's X.509 certificate. - */ - private X509Certificate tsaCertificate = null; - - /* - * Generates an SHA-1 hash value for the data to be timestamped. - */ - private MessageDigest messageDigest = null; - - /* - * Parameters for the timestamping protocol. - */ - private boolean tsRequestCertificate = true; - /** * Instantiates a content signer that supports timestamped signatures. */ @@ -134,7 +82,7 @@ public final class TimestampedSigner extends ContentSigner { * and optionally the content that was signed, are packaged into a PKCS #7 * signed data message. * - * @param parameters The non-null input parameters. + * @param params The non-null input parameters. * @param omitContent true if the content should be omitted from the * signed data message. Otherwise the content is included. * @param applyTimestamp true if the signature should be timestamped. @@ -151,98 +99,41 @@ public final class TimestampedSigner extends ContentSigner { * @throws NullPointerException The exception is thrown if parameters is * null. */ - public byte[] generateSignedData(ContentSignerParameters parameters, + public byte[] generateSignedData(ContentSignerParameters params, boolean omitContent, boolean applyTimestamp) throws NoSuchAlgorithmException, CertificateException, IOException { - if (parameters == null) { + if (params == null) { throw new NullPointerException(); } - // Parse the signature algorithm to extract the digest and key - // algorithms. The expected format is: + // Parse the signature algorithm to extract the digest + // algorithm. The expected format is: // "with" // or "withand" - String signatureAlgorithm = parameters.getSignatureAlgorithm(); - String keyAlgorithm = - AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm); - String digestAlgorithm = - AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm); - AlgorithmId digestAlgorithmId = AlgorithmId.get(digestAlgorithm); + String signatureAlgorithm = params.getSignatureAlgorithm(); - // Examine signer's certificate - X509Certificate[] signerCertificateChain = - parameters.getSignerCertificateChain(); - Principal issuerName = signerCertificateChain[0].getIssuerDN(); - if (!(issuerName instanceof X500Name)) { - // must extract the original encoded form of DN for subsequent - // name comparison checks (converting to a String and back to - // an encoded DN could cause the types of String attribute - // values to be changed) - X509CertInfo tbsCert = new - X509CertInfo(signerCertificateChain[0].getTBSCertificate()); - issuerName = (Principal) - tbsCert.get(CertificateIssuerName.NAME + "." + - CertificateIssuerName.DN_NAME); - } - BigInteger serialNumber = signerCertificateChain[0].getSerialNumber(); + X509Certificate[] signerChain = params.getSignerCertificateChain(); + byte[] signature = params.getSignature(); // Include or exclude content - byte[] content = parameters.getContent(); - ContentInfo contentInfo; - if (omitContent) { - contentInfo = new ContentInfo(ContentInfo.DATA_OID, null); - } else { - contentInfo = new ContentInfo(content); - } + byte[] content = (omitContent == true) ? null : params.getContent(); - // Generate the timestamp token - byte[] signature = parameters.getSignature(); - SignerInfo signerInfo = null; + URI tsaURI = null; if (applyTimestamp) { - - tsaCertificate = parameters.getTimestampingAuthorityCertificate(); - URI tsaUri = parameters.getTimestampingAuthority(); - if (tsaUri != null) { - tsaUrl = tsaUri.toString(); - } else { + tsaURI = params.getTimestampingAuthority(); + if (tsaURI == null) { // Examine TSA cert - String certUrl = getTimestampingUrl(tsaCertificate); - if (certUrl == null) { + tsaURI = getTimestampingURI( + params.getTimestampingAuthorityCertificate()); + if (tsaURI == null) { throw new CertificateException( "Subject Information Access extension not found"); } - tsaUrl = certUrl; } - - // Timestamp the signature - byte[] tsToken = generateTimestampToken(signature); - - // Insert the timestamp token into the PKCS #7 signer info element - // (as an unsigned attribute) - PKCS9Attributes unsignedAttrs = - new PKCS9Attributes(new PKCS9Attribute[]{ - new PKCS9Attribute( - PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR, - tsToken)}); - signerInfo = new SignerInfo((X500Name)issuerName, serialNumber, - digestAlgorithmId, null, AlgorithmId.get(keyAlgorithm), - signature, unsignedAttrs); - } else { - signerInfo = new SignerInfo((X500Name)issuerName, serialNumber, - digestAlgorithmId, AlgorithmId.get(keyAlgorithm), signature); } - - SignerInfo[] signerInfos = {signerInfo}; - AlgorithmId[] algorithms = {digestAlgorithmId}; - - // Create the PKCS #7 signed data message - PKCS7 p7 = new PKCS7(algorithms, contentInfo, signerCertificateChain, - null, signerInfos); - ByteArrayOutputStream p7out = new ByteArrayOutputStream(); - p7.encodeSignedData(p7out); - - return p7out.toByteArray(); + return PKCS7.generateSignedData(signature, signerChain, content, + params.getSignatureAlgorithm(), tsaURI); } /** @@ -253,9 +144,9 @@ public final class TimestampedSigner extends ContentSigner { * accessLocation field should contain an HTTP or HTTPS URL. * * @param tsaCertificate An X.509 certificate for the TSA. - * @return An HTTP or HTTPS URL or null if none was found. + * @return An HTTP or HTTPS URI or null if none was found. */ - public static String getTimestampingUrl(X509Certificate tsaCertificate) { + public static URI getTimestampingURI(X509Certificate tsaCertificate) { if (tsaCertificate == null) { return null; @@ -282,7 +173,7 @@ public final class TimestampedSigner extends ContentSigner { uri = (URIName) location.getName(); if (uri.getScheme().equalsIgnoreCase("http") || uri.getScheme().equalsIgnoreCase("https")) { - return uri.getName(); + return uri.getURI(); } } } @@ -292,97 +183,4 @@ public final class TimestampedSigner extends ContentSigner { } return null; } - - /* - * Returns a timestamp token from a TSA for the given content. - * Performs a basic check on the token to confirm that it has been signed - * by a certificate that is permitted to sign timestamps. - * - * @param toBeTimestamped The data to be timestamped. - * @throws IOException The exception is throw if an error occurs while - * communicating with the TSA. - * @throws CertificateException The exception is throw if the TSA's - * certificate is not permitted for timestamping. - */ - private byte[] generateTimestampToken(byte[] toBeTimestamped) - throws CertificateException, IOException { - - // Generate hash value for the data to be timestamped - // SHA-1 is always used. - if (messageDigest == null) { - try { - messageDigest = MessageDigest.getInstance("SHA-1"); - } catch (NoSuchAlgorithmException e) { - // ignore - } - } - byte[] digest = messageDigest.digest(toBeTimestamped); - - // Generate a timestamp - TSRequest tsQuery = new TSRequest(digest, "SHA-1"); - // Generate a nonce - BigInteger nonce = null; - if (RANDOM != null) { - nonce = new BigInteger(64, RANDOM); - tsQuery.setNonce(nonce); - } - tsQuery.requestCertificate(tsRequestCertificate); - - Timestamper tsa = new HttpTimestamper(tsaUrl); // use supplied TSA - TSResponse tsReply = tsa.generateTimestamp(tsQuery); - int status = tsReply.getStatusCode(); - // Handle TSP error - if (status != 0 && status != 1) { - int failureCode = tsReply.getFailureCode(); - if (failureCode == -1) { - throw new IOException("Error generating timestamp: " + - tsReply.getStatusCodeAsText()); - } else { - throw new IOException("Error generating timestamp: " + - tsReply.getStatusCodeAsText() + " " + - tsReply.getFailureCodeAsText()); - } - } - PKCS7 tsToken = tsReply.getToken(); - - TimestampToken tst = new TimestampToken(tsToken.getContentInfo().getData()); - if (!tst.getHashAlgorithm().equals( - new AlgorithmId(new ObjectIdentifier("1.3.14.3.2.26")))) { - throw new IOException("Digest algorithm not SHA-1 in timestamp token"); - } - if (!Arrays.equals(tst.getHashedMessage(), digest)) { - throw new IOException("Digest octets changed in timestamp token"); - } - - BigInteger replyNonce = tst.getNonce(); - if (replyNonce == null && nonce != null) { - throw new IOException("Nonce missing in timestamp token"); - } - if (replyNonce != null && !replyNonce.equals(nonce)) { - throw new IOException("Nonce changed in timestamp token"); - } - - // Examine the TSA's certificate (if present) - for (SignerInfo si: tsToken.getSignerInfos()) { - X509Certificate cert = si.getCertificate(tsToken); - if (cert == null) { - // Error, we've already set tsRequestCertificate = true - throw new CertificateException( - "Certificate not included in timestamp token"); - } else { - if (!cert.getCriticalExtensionOIDs().contains( - EXTENDED_KEY_USAGE_OID)) { - throw new CertificateException( - "Certificate is not valid for timestamping"); - } - List keyPurposes = cert.getExtendedKeyUsage(); - if (keyPurposes == null || - ! keyPurposes.contains(KP_TIMESTAMPING_OID)) { - throw new CertificateException( - "Certificate is not valid for timestamping"); - } - } - } - return tsReply.getEncodedToken(); - } } diff --git a/jdk/src/share/classes/sun/security/util/Debug.java b/jdk/src/share/classes/sun/security/util/Debug.java index 5701a80cf9f..3356cf856e1 100644 --- a/jdk/src/share/classes/sun/security/util/Debug.java +++ b/jdk/src/share/classes/sun/security/util/Debug.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -80,6 +80,7 @@ public class Debug { System.err.println("policy loading and granting"); System.err.println("provider security provider debugging"); System.err.println("scl permissions SecureClassLoader assigns"); + System.err.println("ts timestamping"); System.err.println(); System.err.println("The following can be used with access:"); System.err.println(); diff --git a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java index 1c818f8945b..715a5da356b 100644 --- a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java +++ b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java @@ -35,7 +35,6 @@ import java.util.*; import java.util.jar.*; import sun.security.pkcs.*; -import sun.security.timestamp.TimestampToken; import sun.misc.BASE64Decoder; import sun.security.jca.Providers; @@ -485,7 +484,7 @@ public class SignatureFileVerifier { signers = new ArrayList(); } // Append the new code signer - signers.add(new CodeSigner(certChain, getTimestamp(info))); + signers.add(new CodeSigner(certChain, info.getTimestamp())); if (debug != null) { debug.println("Signature Block Certificate: " + @@ -500,62 +499,6 @@ public class SignatureFileVerifier { } } - /* - * Examines a signature timestamp token to generate a timestamp object. - * - * Examines the signer's unsigned attributes for a - * signatureTimestampToken attribute. If present, - * then it is parsed to extract the date and time at which the - * timestamp was generated. - * - * @param info A signer information element of a PKCS 7 block. - * - * @return A timestamp token or null if none is present. - * @throws IOException if an error is encountered while parsing the - * PKCS7 data. - * @throws NoSuchAlgorithmException if an error is encountered while - * verifying the PKCS7 object. - * @throws SignatureException if an error is encountered while - * verifying the PKCS7 object. - * @throws CertificateException if an error is encountered while generating - * the TSA's certpath. - */ - private Timestamp getTimestamp(SignerInfo info) - throws IOException, NoSuchAlgorithmException, SignatureException, - CertificateException { - - Timestamp timestamp = null; - - // Extract the signer's unsigned attributes - PKCS9Attributes unsignedAttrs = info.getUnauthenticatedAttributes(); - if (unsignedAttrs != null) { - PKCS9Attribute timestampTokenAttr = - unsignedAttrs.getAttribute("signatureTimestampToken"); - if (timestampTokenAttr != null) { - PKCS7 timestampToken = - new PKCS7((byte[])timestampTokenAttr.getValue()); - // Extract the content (an encoded timestamp token info) - byte[] encodedTimestampTokenInfo = - timestampToken.getContentInfo().getData(); - // Extract the signer (the Timestamping Authority) - // while verifying the content - SignerInfo[] tsa = - timestampToken.verify(encodedTimestampTokenInfo); - // Expect only one signer - ArrayList chain = - tsa[0].getCertificateChain(timestampToken); - CertPath tsaChain = certificateFactory.generateCertPath(chain); - // Create a timestamp token info object - TimestampToken timestampTokenInfo = - new TimestampToken(encodedTimestampTokenInfo); - // Create a timestamp object - timestamp = - new Timestamp(timestampTokenInfo.getDate(), tsaChain); - } - } - return timestamp; - } - // for the toHex function private static final char[] hexc = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; From 8d1c6cf60ee55c119f3a9c956d9b4fb257daa718 Mon Sep 17 00:00:00 2001 From: Darryl Mocek Date: Wed, 19 Oct 2011 14:17:47 -0700 Subject: [PATCH 07/15] 5029031: Add Collections.checkedQueue() Reviewed-by: mduigou --- .../share/classes/java/util/Collections.java | 58 ++++++ .../java/util/Collections/CheckedQueue.java | 190 ++++++++++++++++++ 2 files changed, 248 insertions(+) create mode 100644 jdk/test/java/util/Collections/CheckedQueue.java diff --git a/jdk/src/share/classes/java/util/Collections.java b/jdk/src/share/classes/java/util/Collections.java index d15a4292ddd..e55eb59296e 100644 --- a/jdk/src/share/classes/java/util/Collections.java +++ b/jdk/src/share/classes/java/util/Collections.java @@ -2351,6 +2351,64 @@ public class Collections { } } + /** + * Returns a dynamically typesafe view of the specified queue. + * Any attempt to insert an element of the wrong type will result in + * an immediate {@link ClassCastException}. Assuming a queue contains + * no incorrectly typed elements prior to the time a dynamically typesafe + * view is generated, and that all subsequent access to the queue + * takes place through the view, it is guaranteed that the + * queue cannot contain an incorrectly typed element. + * + *

A discussion of the use of dynamically typesafe views may be + * found in the documentation for the {@link #checkedCollection + * checkedCollection} method. + * + *

The returned queue will be serializable if the specified queue + * is serializable. + * + *

Since {@code null} is considered to be a value of any reference + * type, the returned queue permits insertion of {@code null} elements + * whenever the backing queue does. + * + * @param queue the queue for which a dynamically typesafe view is to be + * returned + * @param type the type of element that {@code queue} is permitted to hold + * @return a dynamically typesafe view of the specified queue + * @since 1.8 + */ + public static Queue checkedQueue(Queue queue, Class type) { + return new CheckedQueue<>(queue, type); + } + + /** + * @serial include + */ + static class CheckedQueue + extends CheckedCollection + implements Queue, Serializable + { + private static final long serialVersionUID = 1433151992604707767L; + final Queue queue; + + CheckedQueue(Queue queue, Class elementType) { + super(queue, elementType); + this.queue = queue; + } + + public E element() {return queue.element();} + public boolean equals(Object o) {return o == this || c.equals(o);} + public int hashCode() {return c.hashCode();} + public E peek() {return queue.peek();} + public E poll() {return queue.poll();} + public E remove() {return queue.remove();} + + public boolean offer(E e) { + typeCheck(e); + return add(e); + } + } + /** * Returns a dynamically typesafe view of the specified set. * Any attempt to insert an element of the wrong type will result in diff --git a/jdk/test/java/util/Collections/CheckedQueue.java b/jdk/test/java/util/Collections/CheckedQueue.java new file mode 100644 index 00000000000..6f28e12e9ef --- /dev/null +++ b/jdk/test/java/util/Collections/CheckedQueue.java @@ -0,0 +1,190 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 5020931 + * @summary Unit test for Collections.checkedQueue + */ + +import java.lang.reflect.Method; +import java.util.Collections; +import java.util.Iterator; +import java.util.Queue; +import java.util.concurrent.ArrayBlockingQueue; + +public class CheckedQueue { + static int status = 0; + + public static void main(String[] args) throws Exception { + new CheckedQueue(); + } + + public CheckedQueue() throws Exception { + run(); + } + + private void run() throws Exception { + Method[] methods = this.getClass().getDeclaredMethods(); + + for (int i = 0; i < methods.length; i++) { + Method method = methods[i]; + String methodName = method.getName(); + + if (methodName.startsWith("test")) { + try { + Object obj = method.invoke(this, new Object[0]); + } catch(Exception e) { + throw new Exception(this.getClass().getName() + "." + + methodName + " test failed, test exception " + + "follows\n" + e.getCause()); + } + } + } + } + + /** + * This test adds items to a queue. + */ + private void test00() { + int arrayLength = 10; + ArrayBlockingQueue abq = new ArrayBlockingQueue(arrayLength); + + for (int i = 0; i < arrayLength; i++) { + abq.add(new String(Integer.toString(i))); + } + } + + /** + * This test tests the CheckedQueue.add method. It creates a queue of + * {@code String}s gets the checked queue, and attempt to add an Integer to + * the checked queue. + */ + private void test01() throws Exception { + int arrayLength = 10; + ArrayBlockingQueue abq = new ArrayBlockingQueue(arrayLength + 1); + + for (int i = 0; i < arrayLength; i++) { + abq.add(new String(Integer.toString(i))); + } + + Queue q = Collections.checkedQueue(abq, String.class); + + try { + q.add(new Integer(0)); + throw new Exception(this.getClass().getName() + "." + "test01 test" + + " failed, should throw ClassCastException."); + } catch(ClassCastException cce) { + // Do nothing. + } + } + + /** + * This test tests the CheckedQueue.add method. It creates a queue of one + * {@code String}, gets the checked queue, and attempt to add an Integer to + * the checked queue. + */ + private void test02() throws Exception { + ArrayBlockingQueue abq = new ArrayBlockingQueue(1); + Queue q = Collections.checkedQueue(abq, String.class); + + try { + q.add(new Integer(0)); + throw new Exception(this.getClass().getName() + "." + "test02 test" + + " failed, should throw ClassCastException."); + } catch(ClassCastException e) { + // Do nothing. + } + } + + /** + * This test tests the Collections.checkedQueue method call for nulls in + * each and both of the parameters. + */ + private void test03() throws Exception { + ArrayBlockingQueue abq = new ArrayBlockingQueue(1); + Queue q; + + try { + q = Collections.checkedQueue(null, String.class); + throw new Exception(this.getClass().getName() + "." + "test03 test" + + " failed, should throw NullPointerException."); + } catch(NullPointerException npe) { + // Do nothing + } + + try { + q = Collections.checkedQueue(abq, null); + throw new Exception(this.getClass().getName() + "." + "test03 test" + + " failed, should throw NullPointerException."); + } catch(Exception e) { + // Do nothing + } + + try { + q = Collections.checkedQueue(null, null); + throw new Exception(this.getClass().getName() + "." + "test03 test" + + " failed, should throw NullPointerException."); + } catch(Exception e) { + // Do nothing + } + } + + /** + * This test tests the CheckedQueue.offer method. + */ + private void test04() throws Exception { + ArrayBlockingQueue abq = new ArrayBlockingQueue(1); + Queue q = Collections.checkedQueue(abq, String.class); + + try { + q.offer(null); + throw new Exception(this.getClass().getName() + "." + "test04 test" + + " failed, should throw NullPointerException."); + } catch (NullPointerException npe) { + // Do nothing + } + + try { + q.offer(new Integer(0)); + throw new Exception(this.getClass().getName() + "." + "test04 test" + + " failed, should throw ClassCastException."); + } catch (ClassCastException cce) { + // Do nothing + } + + q.offer(new String("0")); + + try { + q.offer(new String("1")); + throw new Exception(this.getClass().getName() + "." + "test04 test" + + " failed, should throw IllegalStateException."); + } catch(IllegalStateException ise) { + // Do nothing + } + } + + private void test05() { + + } +} From ed977156e59a5867f00cdbda0174a41fa792d3fe Mon Sep 17 00:00:00 2001 From: Kurchi Subhra Hazra Date: Thu, 20 Oct 2011 09:08:38 +0100 Subject: [PATCH 08/15] 7102704: test/java/net/DatagramSocket/ChangingAddress.java failing Reviewed-by: chegar --- .../net/DatagramSocket/ChangingAddress.java | 56 ------------------- 1 file changed, 56 deletions(-) delete mode 100644 jdk/test/java/net/DatagramSocket/ChangingAddress.java diff --git a/jdk/test/java/net/DatagramSocket/ChangingAddress.java b/jdk/test/java/net/DatagramSocket/ChangingAddress.java deleted file mode 100644 index 42cc78b00a9..00000000000 --- a/jdk/test/java/net/DatagramSocket/ChangingAddress.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* @test - * @bug 7084030 - * @summary Tests that DatagramSocket.getLocalAddress returns the right local - * address after connect/disconnect. - */ -import java.net.*; - -public class ChangingAddress { - - static void check(DatagramSocket ds, InetAddress expected) { - InetAddress actual = ds.getLocalAddress(); - if (!expected.equals(actual)) { - throw new RuntimeException("Expected:"+expected+" Actual"+ - actual); - } - } - - public static void main(String[] args) throws Exception { - InetAddress lh = InetAddress.getLocalHost(); - SocketAddress remote = new InetSocketAddress(lh, 1234); - InetAddress wildcard = InetAddress.getByAddress - ("localhost", new byte[]{0,0,0,0}); - try (DatagramSocket ds = new DatagramSocket()) { - check(ds, wildcard); - - ds.connect(remote); - check(ds, lh); - - ds.disconnect(); - check(ds, wildcard); - } - } -} From 0ec5b82c857e34c17df7310ec8b6d6e3ac957fb6 Mon Sep 17 00:00:00 2001 From: Michael McMahon Date: Thu, 20 Oct 2011 09:21:03 +0100 Subject: [PATCH 09/15] 7102665: Move tests to Problemlist Reviewed-by: chegar, alanb --- jdk/test/ProblemList.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/jdk/test/ProblemList.txt b/jdk/test/ProblemList.txt index 6097bcf7b97..9f91b1879b2 100644 --- a/jdk/test/ProblemList.txt +++ b/jdk/test/ProblemList.txt @@ -377,6 +377,12 @@ java/net/ipv6tests/UdpTest.java linux-all # 7081476 java/net/InetSocketAddress/B6469803.java generic-all +# 7102670 +java/net/InetAddress/CheckJNI.java linux-all + +# failing on vista 32/64 on nightly +# 7102702 +java/net/PortUnreachableException/OneExceptionOnly.java windows-all ############################################################################ # jdk_io From 448e208ddb4f6e991df3c003e294aa0eeff6d08d Mon Sep 17 00:00:00 2001 From: Charles Lee Date: Thu, 13 Oct 2011 12:30:51 +0100 Subject: [PATCH 10/15] 7100054: (porting) Native code should include fcntl.h and unistd.h rather than sys/fcntl.h and sys/unistd.h Use POSIX defined includes for unistd.h and fcntl.h Reviewed-by: dholmes, alanb, chegar, ngmr --- jdk/src/solaris/native/sun/nio/fs/genSolarisConstants.c | 2 +- jdk/src/solaris/native/sun/nio/fs/genUnixConstants.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jdk/src/solaris/native/sun/nio/fs/genSolarisConstants.c b/jdk/src/solaris/native/sun/nio/fs/genSolarisConstants.c index df463986093..346bfbbe542 100644 --- a/jdk/src/solaris/native/sun/nio/fs/genSolarisConstants.c +++ b/jdk/src/solaris/native/sun/nio/fs/genSolarisConstants.c @@ -27,7 +27,7 @@ #include #include #include -#include +#include #include /** diff --git a/jdk/src/solaris/native/sun/nio/fs/genUnixConstants.c b/jdk/src/solaris/native/sun/nio/fs/genUnixConstants.c index ea48d4d07d8..56984a7e352 100644 --- a/jdk/src/solaris/native/sun/nio/fs/genUnixConstants.c +++ b/jdk/src/solaris/native/sun/nio/fs/genUnixConstants.c @@ -26,7 +26,7 @@ #include #include #include -#include +#include #include /** From 2f1ee9427a34aea028b9056fc00fa4e1590ce766 Mon Sep 17 00:00:00 2001 From: Yuka Kamiya Date: Fri, 21 Oct 2011 15:56:24 +0900 Subject: [PATCH 11/15] 7103108: (tz) Support tzdata2011l Reviewed-by: okutsu --- jdk/make/sun/javazic/tzdata/VERSION | 2 +- jdk/make/sun/javazic/tzdata/asia | 66 +++++++++++++++++-- jdk/make/sun/javazic/tzdata/australasia | 14 ++++ jdk/make/sun/javazic/tzdata/europe | 63 +++++++++++++++--- jdk/make/sun/javazic/tzdata/northamerica | 38 ++++------- jdk/make/sun/javazic/tzdata/southamerica | 23 +++++++ jdk/make/sun/javazic/tzdata/zone.tab | 3 +- .../sun/util/resources/TimeZoneNames.java | 16 +++-- .../sun/util/resources/TimeZoneNames_de.java | 16 +++-- .../sun/util/resources/TimeZoneNames_es.java | 16 +++-- .../sun/util/resources/TimeZoneNames_fr.java | 16 +++-- .../sun/util/resources/TimeZoneNames_it.java | 16 +++-- .../sun/util/resources/TimeZoneNames_ja.java | 16 +++-- .../sun/util/resources/TimeZoneNames_ko.java | 16 +++-- .../util/resources/TimeZoneNames_pt_BR.java | 16 +++-- .../sun/util/resources/TimeZoneNames_sv.java | 16 +++-- .../util/resources/TimeZoneNames_zh_CN.java | 16 +++-- .../util/resources/TimeZoneNames_zh_TW.java | 16 +++-- 18 files changed, 268 insertions(+), 117 deletions(-) diff --git a/jdk/make/sun/javazic/tzdata/VERSION b/jdk/make/sun/javazic/tzdata/VERSION index 9ccfe4c299f..fbc87a0d579 100644 --- a/jdk/make/sun/javazic/tzdata/VERSION +++ b/jdk/make/sun/javazic/tzdata/VERSION @@ -21,4 +21,4 @@ # or visit www.oracle.com if you need additional information or have any # questions. # -tzdata2011j +tzdata2011l diff --git a/jdk/make/sun/javazic/tzdata/asia b/jdk/make/sun/javazic/tzdata/asia index 36c52373004..446940c21bf 100644 --- a/jdk/make/sun/javazic/tzdata/asia +++ b/jdk/make/sun/javazic/tzdata/asia @@ -2216,7 +2216,47 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 # http://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html # +# From Steffen Thorsen (2011-08-26): +# Gaza and the West Bank did go back to standard time in the beginning of +# August, and will now enter daylight saving time again on 2011-08-30 +# 00:00 (so two periods of DST in 2011). The pause was because of +# Ramadan. +# +# +# http://www.maannews.net/eng/ViewDetails.aspx?ID=416217 +# +# Additional info: +# +# http://www.timeanddate.com/news/time/palestine-dst-2011.html +# + +# From Alexander Krivenyshev (2011-08-27): +# According to the article in The Jerusalem Post: +# "...Earlier this month, the Palestinian government in the West Bank decided to +# move to standard time for 30 days, during Ramadan. The Palestinians in the +# Gaza Strip accepted the change and also moved their clocks one hour back. +# The Hamas government said on Saturday that it won't observe summertime after +# the Muslim feast of Id al-Fitr, which begins on Tuesday..." +# ... +# +# http://www.jpost.com/MiddleEast/Article.aspx?id=235650 +# +# or +# +# http://www.worldtimezone.com/dst_news/dst_news_gazastrip05.html +# # The rules for Egypt are stolen from the `africa' file. + +# From Steffen Thorsen (2011-09-30): +# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30 +# 00:00). +# So West Bank and Gaza now have the same time again. +# +# Many sources, including: +# +# http://www.maannews.net/eng/ViewDetails.aspx?ID=424808 +# + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule EgyptAsia 1957 only - May 10 0:00 1:00 S Rule EgyptAsia 1957 1958 - Oct 1 0:00 0 - @@ -2232,19 +2272,37 @@ Rule Palestine 2005 only - Oct 4 2:00 0 - Rule Palestine 2006 2008 - Apr 1 0:00 1:00 S Rule Palestine 2006 only - Sep 22 0:00 0 - Rule Palestine 2007 only - Sep Thu>=8 2:00 0 - -Rule Palestine 2008 only - Aug lastFri 2:00 0 - +Rule Palestine 2008 only - Aug lastFri 0:00 0 - Rule Palestine 2009 only - Mar lastFri 0:00 1:00 S -Rule Palestine 2010 max - Mar lastSat 0:01 1:00 S -Rule Palestine 2009 max - Sep Fri>=1 2:00 0 - +Rule Palestine 2009 only - Sep Fri>=1 2:00 0 - +Rule Palestine 2010 only - Mar lastSat 0:01 1:00 S Rule Palestine 2010 only - Aug 11 0:00 0 - +# From Arthur David Olson (2011-09-20): +# 2011 transitions per http://www.timeanddate.com as of 2011-09-20. + # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Asia/Gaza 2:17:52 - LMT 1900 Oct 2:00 Zion EET 1948 May 15 2:00 EgyptAsia EE%sT 1967 Jun 5 2:00 Zion I%sT 1996 2:00 Jordan EE%sT 1999 - 2:00 Palestine EE%sT + 2:00 Palestine EE%sT 2011 Apr 2 12:01 + 2:00 1:00 EEST 2011 Aug 1 + 2:00 - EET + +Zone Asia/Hebron 2:20:23 - LMT 1900 Oct + 2:00 Zion EET 1948 May 15 + 2:00 EgyptAsia EE%sT 1967 Jun 5 + 2:00 Zion I%sT 1996 + 2:00 Jordan EE%sT 1999 + 2:00 Palestine EE%sT 2008 Aug + 2:00 1:00 EEST 2008 Sep + 2:00 Palestine EE%sT 2011 Apr 1 12:01 + 2:00 1:00 EEST 2011 Aug 1 + 2:00 - EET 2011 Aug 30 + 2:00 1:00 EEST 2011 Sep 30 3:00 + 2:00 - EET # Paracel Is # no information diff --git a/jdk/make/sun/javazic/tzdata/australasia b/jdk/make/sun/javazic/tzdata/australasia index 0330fcd9234..722908b4b95 100644 --- a/jdk/make/sun/javazic/tzdata/australasia +++ b/jdk/make/sun/javazic/tzdata/australasia @@ -318,6 +318,18 @@ Zone Indian/Cocos 6:27:40 - LMT 1900 # http://www.worldtimezone.com/dst_news/dst_news_fiji04.html # +# From Steffen Thorsen (2011-10-03): +# Now the dates have been confirmed, and at least our start date +# assumption was correct (end date was one week wrong). +# +# +# www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155 +# +# which says +# Members of the public are reminded to change their time to one hour in +# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to +# 2am on February 26 next year. + # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S Rule Fiji 1998 1999 - Nov Sun>=1 2:00 1:00 S Rule Fiji 1999 2000 - Feb lastSun 3:00 0 - @@ -325,6 +337,8 @@ Rule Fiji 2009 only - Nov 29 2:00 1:00 S Rule Fiji 2010 only - Mar lastSun 3:00 0 - Rule Fiji 2010 only - Oct 24 2:00 1:00 S Rule Fiji 2011 only - Mar Sun>=1 3:00 0 - +Rule Fiji 2011 only - Oct 23 2:00 1:00 S +Rule Fiji 2012 only - Feb 26 3:00 0 - # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Pacific/Fiji 11:53:40 - LMT 1915 Oct 26 # Suva 12:00 Fiji FJ%sT # Fiji Time diff --git a/jdk/make/sun/javazic/tzdata/europe b/jdk/make/sun/javazic/tzdata/europe index 5c6abc17424..b5394fb5004 100644 --- a/jdk/make/sun/javazic/tzdata/europe +++ b/jdk/make/sun/javazic/tzdata/europe @@ -583,9 +583,9 @@ Rule Russia 1985 1991 - Mar lastSun 2:00s 1:00 S # Rule Russia 1992 only - Mar lastSat 23:00 1:00 S Rule Russia 1992 only - Sep lastSat 23:00 0 - -Rule Russia 1993 max - Mar lastSun 2:00s 1:00 S +Rule Russia 1993 2010 - Mar lastSun 2:00s 1:00 S Rule Russia 1993 1995 - Sep lastSun 2:00s 0 - -Rule Russia 1996 max - Oct lastSun 2:00s 0 - +Rule Russia 1996 2010 - Oct lastSun 2:00s 0 - # From Alexander Krivenyshev (2011-06-14): # According to Kremlin press service, Russian President Dmitry Medvedev @@ -605,7 +605,6 @@ Rule Russia 1996 max - Oct lastSun 2:00s 0 - # From Arthur David Olson (2011-06-15): # Take "abolishing daylight saving time" to mean that time is now considered # to be standard. -# At least for now, keep the "old" Russia rules for the benefit of Belarus. # These are for backward compatibility with older versions. @@ -711,6 +710,23 @@ Zone Europe/Vienna 1:05:20 - LMT 1893 Apr 1:00 EU CE%sT # Belarus +# From Yauhen Kharuzhy (2011-09-16): +# By latest Belarus government act Europe/Minsk timezone was changed to +# GMT+3 without DST (was GMT+2 with DST). +# +# Sources (Russian language): +# 1. +# +# http://www.belta.by/ru/all_news/society/V-Belarusi-otmenjaetsja-perexod-na-sezonnoe-vremja_i_572952.html +# +# 2. +# +# http://naviny.by/rubrics/society/2011/09/16/ic_articles_116_175144/ +# +# 3. +# +# http://news.tut.by/society/250578.html +# # Zone NAME GMTOFF RULES FORMAT [UNTIL] Zone Europe/Minsk 1:50:16 - LMT 1880 1:50 - MMT 1924 May 2 # Minsk Mean Time @@ -722,7 +738,8 @@ Zone Europe/Minsk 1:50:16 - LMT 1880 2:00 1:00 EEST 1991 Sep 29 2:00s 2:00 - EET 1992 Mar 29 0:00s 2:00 1:00 EEST 1992 Sep 27 0:00s - 2:00 Russia EE%sT + 2:00 Russia EE%sT 2011 Mar 27 2:00s + 3:00 - FET # Further-eastern European Time # Belgium # @@ -2056,7 +2073,7 @@ Zone Europe/Kaliningrad 1:22:00 - LMT 1893 Apr 2:00 Poland CE%sT 1946 3:00 Russia MSK/MSD 1991 Mar 31 2:00s 2:00 Russia EE%sT 2011 Mar 27 2:00s - 3:00 - KALT + 3:00 - FET # Further-eastern European Time # # From Oscar van Vlijmen (2001-08-25): [This region consists of] # Respublika Adygeya, Arkhangel'skaya oblast', @@ -2211,7 +2228,7 @@ Zone Asia/Irkutsk 6:57:20 - LMT 1880 # [parts of] Respublika Sakha (Yakutiya), Chitinskaya oblast'. # From Oscar van Vlijmen (2009-11-29): -# ...some regions of RUssia were merged with others since 2005... +# ...some regions of [Russia] were merged with others since 2005... # Some names were changed, no big deal, except for one instance: a new name. # YAK/YAKST: UTC+9 Zabajkal'skij kraj. @@ -2635,6 +2652,28 @@ Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents. # of March at 3am the time is changing to 4am and each last Sunday of # October the time at 4am is changing to 3am" +# From Alexander Krivenyshev (2011-09-20): +# On September 20, 2011 the deputies of the Verkhovna Rada agreed to +# abolish the transfer clock to winter time. +# +# Bill number 8330 of MP from the Party of Regions Oleg Nadoshi got +# approval from 266 deputies. +# +# Ukraine abolishes transter back to the winter time (in Russian) +# +# http://news.mail.ru/politics/6861560/ +# +# +# The Ukrainians will no longer change the clock (in Russian) +# +# http://www.segodnya.ua/news/14290482.html +# +# +# Deputies cancelled the winter time (in Russian) +# +# http://www.pravda.com.ua/rus/news/2011/09/20/6600616/ +# + # Zone NAME GMTOFF RULES FORMAT [UNTIL] # Most of Ukraine since 1970 has been like Kiev. # "Kyiv" is the transliteration of the Ukrainian name, but @@ -2648,7 +2687,8 @@ Zone Europe/Kiev 2:02:04 - LMT 1880 3:00 - MSK 1990 Jul 1 2:00 2:00 - EET 1992 2:00 E-Eur EE%sT 1995 - 2:00 EU EE%sT + 2:00 EU EE%sT 2011 Mar lastSun 1:00u + 3:00 - FET # Further-eastern European Time # Ruthenia used CET 1990/1991. # "Uzhhorod" is the transliteration of the Ukrainian name, but # "Uzhgorod" is more common in English. @@ -2662,7 +2702,8 @@ Zone Europe/Uzhgorod 1:29:12 - LMT 1890 Oct 1:00 - CET 1991 Mar 31 3:00 2:00 - EET 1992 2:00 E-Eur EE%sT 1995 - 2:00 EU EE%sT + 2:00 EU EE%sT 2011 Mar lastSun 1:00u + 3:00 - FET # Further-eastern European Time # Zaporozh'ye and eastern Lugansk oblasts observed DST 1990/1991. # "Zaporizhia" is the transliteration of the Ukrainian name, but # "Zaporozh'ye" is more common in English. Use the common English @@ -2675,7 +2716,8 @@ Zone Europe/Zaporozhye 2:20:40 - LMT 1880 1:00 C-Eur CE%sT 1943 Oct 25 3:00 Russia MSK/MSD 1991 Mar 31 2:00 2:00 E-Eur EE%sT 1995 - 2:00 EU EE%sT + 2:00 EU EE%sT 2011 Mar lastSun 1:00u + 3:00 - FET # Further-eastern European Time # Central Crimea used Moscow time 1994/1997. Zone Europe/Simferopol 2:16:24 - LMT 1880 2:16 - SMT 1924 May 2 # Simferopol Mean T @@ -2700,7 +2742,8 @@ Zone Europe/Simferopol 2:16:24 - LMT 1880 # Assume it happened in March by not changing the clocks. 3:00 Russia MSK/MSD 1997 3:00 - MSK 1997 Mar lastSun 1:00u - 2:00 EU EE%sT + 2:00 EU EE%sT 2011 Mar lastSun 1:00u + 3:00 - FET # Further-eastern European Time ############################################################################### diff --git a/jdk/make/sun/javazic/tzdata/northamerica b/jdk/make/sun/javazic/tzdata/northamerica index d31b7f0ad03..fbefc6d320d 100644 --- a/jdk/make/sun/javazic/tzdata/northamerica +++ b/jdk/make/sun/javazic/tzdata/northamerica @@ -505,7 +505,7 @@ Zone America/Juneau 15:02:19 - LMT 1867 Oct 18 -8:00 US P%sT 1983 Oct 30 2:00 -9:00 US Y%sT 1983 Nov 30 -9:00 US AK%sT -Zone America/Sitka -14:58:47 - LMT 1867 Oct 18 +Zone America/Sitka 14:58:47 - LMT 1867 Oct 18 -9:01:13 - LMT 1900 Aug 20 12:00 -8:00 - PST 1942 -8:00 US P%sT 1946 @@ -1190,31 +1190,21 @@ Rule StJohns 1960 1986 - Oct lastSun 2:00 0 S # INMS (2000-09-12) says that, since 1988 at least, Newfoundland switches # at 00:01 local time. For now, assume it started in 1987. -# From Michael Pelley (2011-08-05): -# The Government of Newfoundland and Labrador has pending changes to -# modify the hour for daylight savings time to come into effect in -# November 2011. This modification would change the time from 12:01AM to -# 2:00AM on the dates of the switches of Daylight Savings Time to/from -# Standard Time. -# -# As a matter of reference, in Canada provinces have the authority of -# setting time zone information. The legislation has passed our -# legislative body (The House of Assembly) and is awaiting the -# proclamation to come into effect. You may find this information at: -# -# http://www.assembly.nl.ca/legislation/sr/lists/Proclamation.htm -# -# and -# search within that web page for Standard Time (Amendment) Act. The Act -# may be found at: -# -# http://www.assembly.nl.ca/business/bills/Bill1106.htm +# From Michael Pelley (2011-09-12): +# We received today, Monday, September 12, 2011, notification that the +# changes to the Newfoundland Standard Time Act have been proclaimed. +# The change in the Act stipulates that the change from Daylight Savings +# Time to Standard Time and from Standard Time to Daylight Savings Time +# now occurs at 2:00AM. +# ... +# +# http://www.assembly.nl.ca/legislation/sr/annualstatutes/2011/1106.chp.htm # # ... -# MICHAEL PELLEY | Manager of Enterprise Architecture - Solution Delivery -# Office of the Chief Information Officer Executive Council Government of -# Newfoundland & Labrador P.O. Box 8700, 40 Higgins Line, St. John's NL -# A1B 4J6 +# MICHAEL PELLEY | Manager of Enterprise Architecture - Solution Delivery +# Office of the Chief Information Officer +# Executive Council +# Government of Newfoundland & Labrador Rule StJohns 1987 only - Apr Sun>=1 0:01 1:00 D Rule StJohns 1987 2006 - Oct lastSun 0:01 0 S diff --git a/jdk/make/sun/javazic/tzdata/southamerica b/jdk/make/sun/javazic/tzdata/southamerica index 215d95defbc..0f155002da4 100644 --- a/jdk/make/sun/javazic/tzdata/southamerica +++ b/jdk/make/sun/javazic/tzdata/southamerica @@ -819,6 +819,26 @@ Zone America/La_Paz -4:32:36 - LMT 1890 # # http://www.timeanddate.com/news/time/brazil-dst-2008-2009.html # +# +# From Alexander Krivenyshev (2011-10-04): +# State Bahia will return to Daylight savings time this year after 8 years off. +# The announcement was made by Governor Jaques Wagner in an interview to a +# television station in Salvador. + +# In Portuguese: +# +# http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html +# and +# +# http://noticias.terra.com.br/brasil/noticias/0,,OI5390887-EI8139,00-Bahia+volta+a+ter+horario+de+verao+apos+oito+anos.html +# + +# From Guilherme Bernardes Rodrigues (2011-10-07): +# There is news in the media, however there is still no decree about it. +# I just send a e-mail to Zulmira Brandão at +# http://pcdsh01.on.br/ the +# oficial agency about time in Brazil, and she confirmed that the old rule is +# still in force. # Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S # Decree 20,466 (1931-10-01) @@ -1057,6 +1077,9 @@ Zone America/Maceio -2:22:52 - LMT 1914 Zone America/Bahia -2:34:04 - LMT 1914 -3:00 Brazil BR%sT 2003 Sep 24 -3:00 - BRT +# as noted above, not yet in operation. +# -3:00 - BRT 2011 Oct 16 +# -3:00 Brazil BR%sT # # Goias (GO), Distrito Federal (DF), Minas Gerais (MG), # Espirito Santo (ES), Rio de Janeiro (RJ), Sao Paulo (SP), Parana (PR), diff --git a/jdk/make/sun/javazic/tzdata/zone.tab b/jdk/make/sun/javazic/tzdata/zone.tab index 81ce7f5a56f..89d3c8ea835 100644 --- a/jdk/make/sun/javazic/tzdata/zone.tab +++ b/jdk/make/sun/javazic/tzdata/zone.tab @@ -341,7 +341,8 @@ PL +5215+02100 Europe/Warsaw PM +4703-05620 America/Miquelon PN -2504-13005 Pacific/Pitcairn PR +182806-0660622 America/Puerto_Rico -PS +3130+03428 Asia/Gaza +PS +3130+03428 Asia/Gaza Gaza Strip +PS +313200+0350542 Asia/Hebron West Bank PT +3843-00908 Europe/Lisbon mainland PT +3238-01654 Atlantic/Madeira Madeira Islands PT +3744-02540 Atlantic/Azores Azores diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java index c4862dc75aa..0acde8aa898 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java @@ -103,6 +103,8 @@ public final class TimeZoneNames extends TimeZoneNamesBundle { "Eastern Daylight Time", "EDT"}; String EST_NSW[] = new String[] {"Eastern Standard Time (New South Wales)", "EST", "Eastern Summer Time (New South Wales)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Ghana Mean Time", "GMT", "Ghana Summer Time", "GHST"}; String GAMBIER[] = new String[] {"Gambier Time", "GAMT", @@ -511,6 +513,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle { "Tajikistan Summer Time", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Hovd Time", "HOVT", @@ -674,9 +677,8 @@ public final class TimeZoneNames extends TimeZoneNamesBundle { {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle { {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ public final class TimeZoneNames extends TimeZoneNamesBundle { "Samara Summer Time", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle { "Volgograd Summer Time", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST}, diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_de.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_de.java index 763f7f51fb1..7f2b91396eb 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_de.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_de.java @@ -103,6 +103,8 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle { "\u00d6stliche Sommerzeit", "EDT"}; String EST_NSW[] = new String[] {"\u00d6stliche Normalzeit (New South Wales)", "EST", "\u00d6stliche Sommerzeit (New South Wales)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Ghanaische Normalzeit", "GMT", "Ghanaische Sommerzeit", "GHST"}; String GAMBIER[] = new String[] {"Gambier Zeit", "GAMT", @@ -511,6 +513,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle { "Tadschikische Sommerzeit", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Hovd Zeit", "HOVT", @@ -674,9 +677,8 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle { {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle { {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle { "Samarische Sommerzeit", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle { "Wolgograder Sommerzeit", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST}, diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_es.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_es.java index 1c09f1e585c..0b0beedc699 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_es.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_es.java @@ -103,6 +103,8 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle { "Hora de verano Oriental", "EDT"}; String EST_NSW[] = new String[] {"Hora est\u00e1ndar Oriental (Nueva Gales del Sur)", "EST", "Hora de verano Oriental (Nueva Gales del Sur)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Hora central de Ghana", "GMT", "Hora de verano de Ghana", "GHST"}; String GAMBIER[] = new String[] {"Hora de Gambier", "GAMT", @@ -511,6 +513,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle { "Hora de verano de Tajikist\u00e1n", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Hora de Hovd", "HOVT", @@ -674,9 +677,8 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle { {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle { {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle { "Hora de verano de Samara", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle { "Hora de verano de Volgogrado", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST}, diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_fr.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_fr.java index fba1e827b0a..4816c6a07f2 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_fr.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_fr.java @@ -103,6 +103,8 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle { "Heure avanc\u00e9e de l'Est", "EDT"} ; String EST_NSW[] = new String[] {"Heure normale de l'Est (Nouvelle-Galles du Sud)", "EST", "Heure d'\u00e9t\u00e9 de l'Est (Nouvelle-Galles du Sud)", "EST"} ; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Heure du Ghana", "GMT", "Heure d'\u00e9t\u00e9 du Ghana", "GHST"}; String GAMBIER[] = new String[] {"Heure de Gambi", "GAMT", @@ -511,6 +513,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle { "Heure d'\u00e9t\u00e9 du Tadjikistan", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Heure de Hovd", "HOVT", @@ -674,9 +677,8 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle { {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle { {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle { "Heure d'\u00e9t\u00e9 de Samara", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle { "Heure d'\u00e9t\u00e9 de Volgograd", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST}, diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_it.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_it.java index c2bb1d673f0..b0f1efbfe04 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_it.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_it.java @@ -103,6 +103,8 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle { "Ora legale USA orientale", "EDT"}; String EST_NSW[] = new String[] {"Ora solare dell'Australia orientale (Nuovo Galles del Sud)", "EST", "Ora estiva dell'Australia orientale (Nuovo Galles del Sud)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Ora media del Ghana", "GMT", "Ora legale del Ghana", "GHST"}; String GAMBIER[] = new String[] {"Ora di Gambier", "GAMT", @@ -511,6 +513,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle { "Ora estiva del Tagikistan", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Ora di Hovd", "HOVT", @@ -674,9 +677,8 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle { {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle { {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle { "Ora estiva di Samara", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle { "Ora estiva di Volgograd", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST}, diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ja.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ja.java index a0d9d7c863f..8225fb9e8c7 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ja.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ja.java @@ -103,6 +103,8 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle { "\u6771\u90e8\u590f\u6642\u9593", "EDT"}; String EST_NSW[] = new String[] {"\u6771\u90e8\u6a19\u6e96\u6642 (\u30cb\u30e5\u30fc\u30b5\u30a6\u30b9\u30a6\u30a7\u30fc\u30eb\u30ba)", "EST", "\u6771\u90e8\u590f\u6642\u9593 (\u30cb\u30e5\u30fc\u30b5\u30a6\u30b9\u30a6\u30a7\u30fc\u30eb\u30ba)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"\u30ac\u30fc\u30ca\u6a19\u6e96\u6642", "GMT", "\u30ac\u30fc\u30ca\u590f\u6642\u9593", "GHST"}; String GAMBIER[] = new String[] {"\u30ac\u30f3\u30d3\u30a2\u6642\u9593", "GAMT", @@ -511,6 +513,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle { "\u30bf\u30b8\u30ad\u30b9\u30bf\u30f3\u590f\u6642\u9593", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"\u30db\u30d6\u30c9\u6642\u9593", "HOVT", @@ -674,9 +677,8 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle { {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle { {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle { "\u30b5\u30de\u30e9\u590f\u6642\u9593", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle { "\u30dc\u30eb\u30b4\u30b0\u30e9\u30fc\u30c9\u590f\u6642\u9593", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST}, diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ko.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ko.java index 2079655f736..38ca0499024 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ko.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ko.java @@ -103,6 +103,8 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle { "\ub3d9\ubd80 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "EDT"}; String EST_NSW[] = new String[] {"\ub3d9\ubd80 \ud45c\uc900\uc2dc(\ub274 \uc0ac\uc6b0\uc2a4 \uc6e8\uc77c\uc988)", "EST", "\ub3d9\ubd80 \uc77c\uad11\uc808\uc57d\uc2dc\uac04(\ub274 \uc0ac\uc6b0\uc2a4 \uc6e8\uc77c\uc988)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"\uac00\ub098 \ud45c\uc900\uc2dc", "GMT", "\uac00\ub098 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "GHST"}; String GAMBIER[] = new String[] {"\uac10\ube44\uc544 \uc2dc\uac04", "GAMT", @@ -511,6 +513,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle { "\ud0c0\uc9c0\ud0a4\uc2a4\ud0c4 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Hovd \uc2dc\uac04", "HOVT", @@ -674,9 +677,8 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle { {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle { {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle { "\uc0ac\ub9c8\ub77c \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle { "\ubcfc\uace0\uadf8\ub77c\ub4dc \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST}, diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java index 89191d0674f..5256d59a369 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java @@ -101,6 +101,8 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle { "Hor\u00e1rio de luz natural oriental", "EDT"}; String EST_NSW[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o oriental (Nova Gales do Sul)", "EST", "Fuso hor\u00e1rio de ver\u00e3o oriental (Nova Gales do Sul)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Fuso hor\u00e1rio do meridiano de Gana", "GMT", "Fuso hor\u00e1rio de ver\u00e3o de Gana", "GHST"}; String GAMBIER[] = new String[] {"Fuso hor\u00e1rio de Gambier", "GAMT", @@ -511,6 +513,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle { "Fuso hor\u00e1rio de ver\u00e3o do Tadjiquist\u00e3o", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Fuso hor\u00e1rio de Hovd", "HOVT", @@ -674,9 +677,8 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle { {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle { {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle { "Fuso hor\u00e1rio de ver\u00e3o de Samara", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle { "Fuso hor\u00e1rio de ver\u00e3o de Volgogrado", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST}, diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_sv.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_sv.java index 007e5534a13..bb15b2a5268 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_sv.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_sv.java @@ -103,6 +103,8 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle { "Eastern, sommartid", "EDT"}; String EST_NSW[] = new String[] {"Eastern, normaltid (Nya Sydwales)", "EST", "Eastern, sommartid (Nya Sydwales)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"Ghana, normaltid", "GMT", "Ghana, sommartid", "GHST"}; String GAMBIER[] = new String[] {"Gambier, normaltid", "GAMT", @@ -511,6 +513,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle { "Tadzjikistan, sommartid", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"Hovd, normaltid", "HOVT", @@ -674,9 +677,8 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle { {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle { {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle { "Samara, sommartid", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle { "Volgograd, sommartid", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST}, diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java index d7521372bbd..dacacf3492c 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java @@ -103,6 +103,8 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle { "\u4e1c\u90e8\u590f\u4ee4\u65f6", "EDT"}; String EST_NSW[] = new String[] {"\u4e1c\u90e8\u6807\u51c6\u65f6\u95f4\uff08\u65b0\u5357\u5a01\u5c14\u65af\uff09", "EST", "\u4e1c\u90e8\u590f\u4ee4\u65f6\uff08\u65b0\u5357\u5a01\u5c14\u65af\uff09", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"\u52a0\u7eb3\u65f6\u95f4", "GMT", "\u52a0\u7eb3\u590f\u4ee4\u65f6", "GHST"}; String GAMBIER[] = new String[] {"\u5188\u6bd4\u4e9a\u65f6\u95f4", "GAMT", @@ -511,6 +513,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle { "\u5854\u5409\u514b\u65af\u5766\u590f\u4ee4\u65f6", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"\u79d1\u5e03\u591a\u65f6\u95f4", "HOVT", @@ -674,9 +677,8 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle { {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -684,7 +686,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle { {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -697,14 +699,14 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle { "\u6c99\u9a6c\u62c9\u590f\u4ee4\u65f6", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -713,7 +715,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle { "\u4f0f\u5c14\u52a0\u683c\u52d2\u590f\u4ee4\u65f6", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST}, diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java index 9a7fbe9479a..1c63e72bef2 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java @@ -103,6 +103,8 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle { "\u6771\u65b9\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "EDT"}; String EST_NSW[] = new String[] {"\u6771\u65b9\u6a19\u6e96\u6642\u9593 (\u65b0\u5357\u5a01\u723e\u65af)", "EST", "\u6771\u65b9\u590f\u4ee4\u6642\u9593 (\u65b0\u5357\u5a01\u723e\u65af)", "EST"}; + String FET[] = new String[] {"Further-eastern European Time", "FET", + "Further-eastern European Summer Time", "FEST"}; String GHMT[] = new String[] {"\u8fe6\u7d0d\u5e73\u5747\u6642\u9593", "GMT", "\u8fe6\u7d0d\u590f\u4ee4\u6642\u9593", "GHST"}; String GAMBIER[] = new String[] {"\u7518\u6bd4\u723e\u6642\u9593", "GAMT", @@ -511,6 +513,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle { "\u5854\u5409\u514b\u590f\u4ee4\u6642\u9593", "TJST"}}, {"Asia/Gaza", EET}, {"Asia/Harbin", CTT}, + {"Asia/Hebron", EET}, {"Asia/Ho_Chi_Minh", ICT}, {"Asia/Hong_Kong", HKT}, {"Asia/Hovd", new String[] {"\u4faf\u5fb7 (Hovd) \u6642\u9593", "HOVT", @@ -675,9 +678,8 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle { {"Europe/Isle_of_Man", GMTBST}, {"Europe/Istanbul", EET}, {"Europe/Jersey", GMTBST}, - {"Europe/Kaliningrad", new String[] {"Kaliningrad Time", "KALT", - "Kaliningrad Summer Time", "KALST"}}, - {"Europe/Kiev", EET}, + {"Europe/Kaliningrad", FET}, + {"Europe/Kiev", FET}, {"Europe/Lisbon", WET}, {"Europe/Ljubljana", CET}, {"Europe/London", GMTBST}, @@ -685,7 +687,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle { {"Europe/Madrid", CET}, {"Europe/Malta", CET}, {"Europe/Mariehamn", EET}, - {"Europe/Minsk", EET}, + {"Europe/Minsk", FET}, {"Europe/Monaco", CET}, {"Europe/Moscow", MSK}, {"Europe/Nicosia", EET}, @@ -698,14 +700,14 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle { "\u6c99\u99ac\u62c9\u590f\u4ee4\u6642\u9593", "SAMST"}}, {"Europe/San_Marino", CET}, {"Europe/Sarajevo", CET}, - {"Europe/Simferopol", EET}, + {"Europe/Simferopol", FET}, {"Europe/Skopje", CET}, {"Europe/Sofia", EET}, {"Europe/Stockholm", CET}, {"Europe/Tallinn", EET}, {"Europe/Tirane", CET}, {"Europe/Tiraspol", EET}, - {"Europe/Uzhgorod", EET}, + {"Europe/Uzhgorod", FET}, {"Europe/Vaduz", CET}, {"Europe/Vatican", CET}, {"Europe/Vienna", CET}, @@ -714,7 +716,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle { "\u4f0f\u723e\u52a0\u683c\u52d2\u590f\u4ee4\u6642\u9593", "VOLST"}}, {"Europe/Warsaw", CET}, {"Europe/Zagreb", CET}, - {"Europe/Zaporozhye", EET}, + {"Europe/Zaporozhye", FET}, {"Europe/Zurich", CET}, {"GB", GMTBST}, {"GB-Eire", GMTBST}, From 27ae28ada043fd66dca39379c2415ebc225130b0 Mon Sep 17 00:00:00 2001 From: Yuka Kamiya Date: Fri, 21 Oct 2011 18:01:01 +0900 Subject: [PATCH 12/15] 7103405: Correct display names for Pacific/Apia timezone Reviewed-by: okutsu --- jdk/src/share/classes/sun/util/resources/TimeZoneNames.java | 2 +- jdk/src/share/classes/sun/util/resources/TimeZoneNames_de.java | 2 +- jdk/src/share/classes/sun/util/resources/TimeZoneNames_es.java | 2 +- jdk/src/share/classes/sun/util/resources/TimeZoneNames_fr.java | 2 +- jdk/src/share/classes/sun/util/resources/TimeZoneNames_it.java | 2 +- jdk/src/share/classes/sun/util/resources/TimeZoneNames_ja.java | 2 +- jdk/src/share/classes/sun/util/resources/TimeZoneNames_ko.java | 2 +- .../share/classes/sun/util/resources/TimeZoneNames_pt_BR.java | 2 +- jdk/src/share/classes/sun/util/resources/TimeZoneNames_sv.java | 2 +- .../share/classes/sun/util/resources/TimeZoneNames_zh_CN.java | 2 +- .../share/classes/sun/util/resources/TimeZoneNames_zh_TW.java | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java index 0acde8aa898..9a194512dfb 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames.java @@ -188,7 +188,7 @@ public final class TimeZoneNames extends TimeZoneNamesBundle { String SAMOA[] = new String[] {"Samoa Standard Time", "SST", "Samoa Daylight Time", "SDT"}; String WST_SAMOA[] = new String[] {"West Samoa Time", "WST", - "West Samoa Summer Time", "WSST"}; + "West Samoa Daylight Time", "WSDT"}; String ChST[] = new String[] {"Chamorro Standard Time", "ChST", "Chamorro Daylight Time", "ChDT"}; String VICTORIA[] = new String[] {"Eastern Standard Time (Victoria)", "EST", diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_de.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_de.java index 7f2b91396eb..cd6dce69060 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_de.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_de.java @@ -188,7 +188,7 @@ public final class TimeZoneNames_de extends TimeZoneNamesBundle { String SAMOA[] = new String[] {"Samoa Normalzeit", "SST", "Samoa Sommerzeit", "SDT"}; String WST_SAMOA[] = new String[] {"West Samoa Zeit", "WST", - "West Samoa Sommerzeit", "WSST"}; + "West Samoa Sommerzeit", "WSDT"}; String ChST[] = new String[] {"Chamorro Normalzeit", "ChST", "Chamorro Sommerzeit", "ChDT"}; String VICTORIA[] = new String[] {"\u00d6stliche Normalzeit (Victoria)", "EST", diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_es.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_es.java index 0b0beedc699..ba28d638990 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_es.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_es.java @@ -188,7 +188,7 @@ public final class TimeZoneNames_es extends TimeZoneNamesBundle { String SAMOA[] = new String[] {"Hora est\u00e1ndar de Samoa", "SST", "Hora de verano de Samoa", "SDT"}; String WST_SAMOA[] = new String[] {"Hora de Samoa Occidental", "WST", - "Hora de verano de Samoa Occidental", "WSST"}; + "Hora de verano de Samoa Occidental", "WSDT"}; String ChST[] = new String[] {"Hora est\u00e1ndar de Chamorro", "ChST", "Hora de verano de Chamorro", "ChDT"}; String VICTORIA[] = new String[] {"Hora est\u00e1ndar del Este (Victoria)", "EST", diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_fr.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_fr.java index 4816c6a07f2..1cb8bbcf4b8 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_fr.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_fr.java @@ -188,7 +188,7 @@ public final class TimeZoneNames_fr extends TimeZoneNamesBundle { String SAMOA[] = new String[] {"Heure standard de Samoa", "SST", "Heure avanc\u00e9e de Samoa", "SDT"}; String WST_SAMOA[] = new String[] {"Heure des Samoas occidentales", "WST", - "Heure d'\u00e9t\u00e9 des Samoas occidentales", "WSST"} ; + "Heure d'\u00e9t\u00e9 des Samoas occidentales", "WSDT"} ; String ChST[] = new String[] {"Heure normale des \u00eeles Mariannes", "ChST", "Heure d'\u00e9t\u00e9 des \u00eeles Mariannes", "ChDT"}; String VICTORIA[] = new String[] {"Heure standard d'Australie orientale (Victoria)", "EST", diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_it.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_it.java index b0f1efbfe04..216f9dc5f72 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_it.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_it.java @@ -188,7 +188,7 @@ public final class TimeZoneNames_it extends TimeZoneNamesBundle { String SAMOA[] = new String[] {"Ora standard di Samoa", "SST", "Ora legale di Samoa", "SDT"}; String WST_SAMOA[] = new String[] {"Ora di Samoa", "WST", - "Ora estiva di Samoa", "WSST"}; + "Ora estiva di Samoa", "WSDT"}; String ChST[] = new String[] {"Ora standard di Chamorro", "ChST", "Ora legale di Chamorro", "ChDT"}; String VICTORIA[] = new String[] {"Ora orientale standard (Victoria)", "EST", diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ja.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ja.java index 8225fb9e8c7..fdf98fc5b4d 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ja.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ja.java @@ -188,7 +188,7 @@ public final class TimeZoneNames_ja extends TimeZoneNamesBundle { String SAMOA[] = new String[] {"\u30b5\u30e2\u30a2\u6a19\u6e96\u6642", "SST", "\u30b5\u30e2\u30a2\u590f\u6642\u9593", "SDT"}; String WST_SAMOA[] = new String[] {"\u897f\u30b5\u30e2\u30a2\u6642\u9593", "WST", - "\u897f\u30b5\u30e2\u30a2\u590f\u6642\u9593", "WSST"}; + "\u897f\u30b5\u30e2\u30a2\u590f\u6642\u9593", "WSDT"}; String ChST[] = new String[] {"\u30b0\u30a2\u30e0\u6a19\u6e96\u6642", "ChST", "\u30b0\u30a2\u30e0\u590f\u6642\u9593", "ChDT"}; String VICTORIA[] = new String[] {"\u6771\u90e8\u6a19\u6e96\u6642 (\u30d3\u30af\u30c8\u30ea\u30a2)", "EST", diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ko.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ko.java index 38ca0499024..060e6b3105f 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ko.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_ko.java @@ -188,7 +188,7 @@ public final class TimeZoneNames_ko extends TimeZoneNamesBundle { String SAMOA[] = new String[] {"\uc0ac\ubaa8\uc544 \ud45c\uc900\uc2dc", "SST", "\uc0ac\ubaa8\uc544 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "SDT"}; String WST_SAMOA[] = new String[] {"\uc11c\uc0ac\ubaa8\uc544 \uc2dc\uac04", "WST", - "\uc11c\uc0ac\ubaa8\uc544 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "WSST"}; + "\uc11c\uc0ac\ubaa8\uc544 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "WSDT"}; String ChST[] = new String[] {"\ucc28\ubaa8\ub85c \ud45c\uc900\uc2dc", "ChST", "\ucc28\ubaa8\ub85c \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "ChDT"}; String VICTORIA[] = new String[] {"\ub3d9\ubd80 \ud45c\uc900\uc2dc(\ube45\ud1a0\ub9ac\uc544)", "EST", diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java index 5256d59a369..31356369a9f 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_pt_BR.java @@ -186,7 +186,7 @@ public final class TimeZoneNames_pt_BR extends TimeZoneNamesBundle { String SAMOA[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o de Samoa", "SST", "Hor\u00e1rio de luz natural de Samoa", "SDT"}; String WST_SAMOA[] = new String[] {"Fuso hor\u00e1rio de Samoa Ocidental", "WST", - "Fuso hor\u00e1rio de ver\u00e3o de Samoa Ocidental", "WSST"}; + "Fuso hor\u00e1rio de ver\u00e3o de Samoa Ocidental", "WSDT"}; String ChST[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o de Chamorro", "ChST", "Hor\u00e1rio de luz natural de Chamorro", "ChDT"}; String VICTORIA[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o oriental (Victoria)", "EST", diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_sv.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_sv.java index bb15b2a5268..f399e0d69b4 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_sv.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_sv.java @@ -188,7 +188,7 @@ public final class TimeZoneNames_sv extends TimeZoneNamesBundle { String SAMOA[] = new String[] {"Samoa, normaltid", "SST", "Samoa, sommartid", "SDT"}; String WST_SAMOA[] = new String[] {"V\u00e4stsamoansk tid", "WST", - "V\u00e4stsamoansk sommartid", "WSST"}; + "V\u00e4stsamoansk sommartid", "WSDT"}; String ChST[] = new String[] {"Chamorro, normaltid", "ChST", "Chamorro, sommartid", "ChDT"}; String VICTORIA[] = new String[] {"\u00d6stlig normaltid (Victoria)", "EST", diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java index dacacf3492c..28dd24f85f5 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_CN.java @@ -188,7 +188,7 @@ public final class TimeZoneNames_zh_CN extends TimeZoneNamesBundle { String SAMOA[] = new String[] {"\u8428\u6469\u4e9a\u7fa4\u5c9b\u6807\u51c6\u65f6\u95f4", "SST", "\u8428\u6469\u4e9a\u7fa4\u5c9b\u590f\u4ee4\u65f6", "SDT"}; String WST_SAMOA[] = new String[] {"\u897f\u8428\u6469\u4e9a\u65f6\u95f4", "WST", - "\u897f\u8428\u6469\u4e9a\u590f\u4ee4\u65f6", "WSST"}; + "\u897f\u8428\u6469\u4e9a\u590f\u4ee4\u65f6", "WSDT"}; String ChST[] = new String[] {"Chamorro \u6807\u51c6\u65f6\u95f4", "ChST", "Chamorro \u590f\u4ee4\u65f6", "ChDT"}; String VICTORIA[] = new String[] {"\u4e1c\u90e8\u6807\u51c6\u65f6\u95f4\uff08\u7ef4\u591a\u5229\u4e9a\uff09", "EST", diff --git a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java index 1c63e72bef2..bafb87e408e 100644 --- a/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java +++ b/jdk/src/share/classes/sun/util/resources/TimeZoneNames_zh_TW.java @@ -188,7 +188,7 @@ public final class TimeZoneNames_zh_TW extends TimeZoneNamesBundle { String SAMOA[] = new String[] {"\u85a9\u6469\u4e9e\u6a19\u6e96\u6642\u9593", "SST", "\u85a9\u6469\u4e9e\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "SDT"}; String WST_SAMOA[] = new String[] {"\u897f\u85a9\u6469\u4e9e\u6642\u9593", "WST", - "\u897f\u85a9\u6469\u4e9e\u590f\u4ee4\u6642\u9593", "WSST"}; + "\u897f\u85a9\u6469\u4e9e\u590f\u4ee4\u6642\u9593", "WSDT"}; String ChST[] = new String[] {"\u67e5\u83ab\u6d1b\u6a19\u6e96\u6642\u9593", "ChST", "\u67e5\u83ab\u6d1b\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "ChDT"}; String VICTORIA[] = new String[] {"\u6771\u90e8\u6a19\u6e96\u6642\u9593 (\u7dad\u591a\u5229\u4e9e\u90a6)", "EST", From de7b2614765602453293cac1e7046f026dc63616 Mon Sep 17 00:00:00 2001 From: Chris Hegarty Date: Mon, 24 Oct 2011 20:55:08 +0100 Subject: [PATCH 13/15] 7104209: Cleanup and remove librmi (native library) Reviewed-by: mduigou, alanb --- jdk/make/java/java/mapfile-vers | 2 +- jdk/make/sun/rmi/rmi/Makefile | 31 +------------ jdk/make/sun/rmi/rmi/mapfile-vers | 33 -------------- .../classes/java/io/ObjectInputStream.java | 5 ++- jdk/src/share/classes/sun/misc/VM.java | 6 +++ .../sun/rmi/server/MarshalInputStream.java | 4 +- .../share/native/java/io/ObjectInputStream.c | 13 ------ jdk/src/share/native/sun/misc/VM.c | 5 +++ .../sun/rmi/server/MarshalInputStream.c | 44 ------------------- 9 files changed, 19 insertions(+), 124 deletions(-) delete mode 100644 jdk/make/sun/rmi/rmi/mapfile-vers delete mode 100644 jdk/src/share/native/sun/rmi/server/MarshalInputStream.c diff --git a/jdk/make/java/java/mapfile-vers b/jdk/make/java/java/mapfile-vers index 74523b44674..8517e713dd9 100644 --- a/jdk/make/java/java/mapfile-vers +++ b/jdk/make/java/java/mapfile-vers @@ -90,7 +90,6 @@ SUNWprivate_1.1 { Java_java_io_FileSystem_getFileSystem; Java_java_io_ObjectInputStream_bytesToDoubles; Java_java_io_ObjectInputStream_bytesToFloats; - Java_java_io_ObjectInputStream_latestUserDefinedLoader; Java_java_io_ObjectOutputStream_doublesToBytes; Java_java_io_ObjectOutputStream_floatsToBytes; Java_java_io_ObjectStreamClass_hasStaticInitializer; @@ -275,6 +274,7 @@ SUNWprivate_1.1 { Java_sun_misc_Version_getJvmVersionInfo; Java_sun_misc_Version_getJvmSpecialVersion; Java_sun_misc_VM_getThreadStateValues; + Java_sun_misc_VM_latestUserDefinedLoader; Java_sun_misc_VM_initialize; Java_sun_misc_VMSupport_initAgentProperties; diff --git a/jdk/make/sun/rmi/rmi/Makefile b/jdk/make/sun/rmi/rmi/Makefile index 127777229e4..1718329b00c 100644 --- a/jdk/make/sun/rmi/rmi/Makefile +++ b/jdk/make/sun/rmi/rmi/Makefile @@ -30,15 +30,8 @@ BUILDDIR = ../../.. PACKAGE = sun.rmi PRODUCT = sun -LIBRARY = rmi include $(BUILDDIR)/common/Defs.gmk -# -# Add use of a mapfile -# -FILES_m = mapfile-vers -include $(BUILDDIR)/common/Mapfile-vers.gmk - # # Java files to compile. # @@ -51,32 +44,10 @@ AUTO_FILES_JAVA_DIRS = \ sun/rmi/transport \ com/sun/rmi -# -# Native files to compile. -# -FILES_c = \ - sun/rmi/server/MarshalInputStream.c - -# -# Add ambient vpath to pick up files not part of sun.rmi package -# -vpath %.c $(SHARE_SRC)/native/sun/rmi/server - -# -# Exported files that require generated .h -# -FILES_export = \ - sun/rmi/server/MarshalInputStream.java - -# -# Link to JVM for JVM_LatestUserDefinedLoader -# -OTHER_LDLIBS = $(JVMLIB) - # # Rules # -include $(BUILDDIR)/common/Library.gmk +include $(BUILDDIR)/common/Rules.gmk # # Full package names of implementations requiring stubs diff --git a/jdk/make/sun/rmi/rmi/mapfile-vers b/jdk/make/sun/rmi/rmi/mapfile-vers deleted file mode 100644 index dc334026fde..00000000000 --- a/jdk/make/sun/rmi/rmi/mapfile-vers +++ /dev/null @@ -1,33 +0,0 @@ -# -# Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. Oracle designates this -# particular file as subject to the "Classpath" exception as provided -# by Oracle in the LICENSE file that accompanied this code. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -# Define library interface. - -SUNWprivate_1.1 { - global: - Java_sun_rmi_server_MarshalInputStream_latestUserDefinedLoader; - local: - *; -}; diff --git a/jdk/src/share/classes/java/io/ObjectInputStream.java b/jdk/src/share/classes/java/io/ObjectInputStream.java index 26a764f7a1e..04705e63229 100644 --- a/jdk/src/share/classes/java/io/ObjectInputStream.java +++ b/jdk/src/share/classes/java/io/ObjectInputStream.java @@ -2025,8 +2025,9 @@ public class ObjectInputStream * This method should not be removed or its signature changed without * corresponding modifications to the above class. */ - // REMIND: change name to something more accurate? - private static native ClassLoader latestUserDefinedLoader(); + private static ClassLoader latestUserDefinedLoader() { + return sun.misc.VM.latestUserDefinedLoader(); + } /** * Default GetField implementation. diff --git a/jdk/src/share/classes/sun/misc/VM.java b/jdk/src/share/classes/sun/misc/VM.java index bcec901e706..e1fb584bb2c 100644 --- a/jdk/src/share/classes/sun/misc/VM.java +++ b/jdk/src/share/classes/sun/misc/VM.java @@ -371,6 +371,12 @@ public class VM { private final static int JVMTI_THREAD_STATE_WAITING_INDEFINITELY = 0x0010; private final static int JVMTI_THREAD_STATE_WAITING_WITH_TIMEOUT = 0x0020; + /* + * Returns the first non-null class loader up the execution stack, + * or null if only code from the null class loader is on the stack. + */ + public static native ClassLoader latestUserDefinedLoader(); + static { initialize(); } diff --git a/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java b/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java index b67e72b9108..e560376f68d 100644 --- a/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java +++ b/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java @@ -262,7 +262,9 @@ public class MarshalInputStream extends ObjectInputStream { * Returns the first non-null class loader up the execution stack, or null * if only code from the null class loader is on the stack. */ - private static native ClassLoader latestUserDefinedLoader(); + private static ClassLoader latestUserDefinedLoader() { + return sun.misc.VM.latestUserDefinedLoader(); + } /** * Fix for 4179055: Need to assist resolving sun stubs; resolve diff --git a/jdk/src/share/native/java/io/ObjectInputStream.c b/jdk/src/share/native/java/io/ObjectInputStream.c index 8b8a710e614..1e288e911ec 100644 --- a/jdk/src/share/native/java/io/ObjectInputStream.c +++ b/jdk/src/share/native/java/io/ObjectInputStream.c @@ -173,16 +173,3 @@ Java_java_io_ObjectInputStream_bytesToDoubles(JNIEnv *env, (*env)->ReleasePrimitiveArrayCritical(env, dst, doubles, 0); } -/* - * Class: java_io_ObjectInputStream - * Method: latestUserDefinedLoader - * Signature: ()Ljava/lang/ClassLoader; - * - * Returns the first non-null class loader up the execution stack, or null - * if only code from the null class loader is on the stack. - */ -JNIEXPORT jobject JNICALL -Java_java_io_ObjectInputStream_latestUserDefinedLoader(JNIEnv *env, jclass cls) -{ - return JVM_LatestUserDefinedLoader(env); -} diff --git a/jdk/src/share/native/sun/misc/VM.c b/jdk/src/share/native/sun/misc/VM.c index 8744da78403..2dbeb985d81 100644 --- a/jdk/src/share/native/sun/misc/VM.c +++ b/jdk/src/share/native/sun/misc/VM.c @@ -111,6 +111,11 @@ Java_sun_misc_VM_getThreadStateValues(JNIEnv *env, jclass cls, get_thread_state_info(env, JAVA_THREAD_STATE_TERMINATED, values, names); } +JNIEXPORT jobject JNICALL +Java_sun_misc_VM_latestUserDefinedLoader(JNIEnv *env, jclass cls) { + return JVM_LatestUserDefinedLoader(env); +} + typedef void (JNICALL *GetJvmVersionInfo_fp)(JNIEnv*, jvm_version_info*, size_t); JNIEXPORT void JNICALL diff --git a/jdk/src/share/native/sun/rmi/server/MarshalInputStream.c b/jdk/src/share/native/sun/rmi/server/MarshalInputStream.c deleted file mode 100644 index 089afbdb330..00000000000 --- a/jdk/src/share/native/sun/rmi/server/MarshalInputStream.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2000, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -#include "jni.h" -#include "jvm.h" -#include "jni_util.h" - -#include "sun_rmi_server_MarshalInputStream.h" - -/* - * Class: sun_rmi_server_MarshalInputStream - * Method: latestUserDefinedLoader - * Signature: ()Ljava/lang/ClassLoader; - * - * Returns the first non-null class loader up the execution stack, or null - * if only code from the null class loader is on the stack. - */ -JNIEXPORT jobject JNICALL -Java_sun_rmi_server_MarshalInputStream_latestUserDefinedLoader(JNIEnv *env, jclass cls) -{ - return JVM_LatestUserDefinedLoader(env); -} From f5ff85a77a4969f0809cc2892fef0f478910f878 Mon Sep 17 00:00:00 2001 From: Chris Hegarty Date: Mon, 24 Oct 2011 21:03:41 +0100 Subject: [PATCH 14/15] 7103549: Remove dependencies on libjava and libjvm from security libraries Reviewed-by: vinnie, ohair, alanb, dholmes --- .../com/sun/security/auth/module/Makefile | 4 - jdk/make/common/Defs.gmk | 24 +++++- jdk/make/common/Library.gmk | 2 +- jdk/make/sun/security/ec/Makefile | 6 +- jdk/make/sun/security/jgss/wrapper/Makefile | 3 +- jdk/make/sun/security/krb5/Makefile | 9 -- jdk/make/sun/security/mscapi/Makefile | 2 +- jdk/make/sun/security/pkcs11/Makefile | 6 +- jdk/make/sun/security/smartcardio/Makefile | 4 +- .../sun/security/pkcs11/wrapper/p11_convert.c | 38 ++++---- .../sun/security/pkcs11/wrapper/p11_digest.c | 4 +- .../sun/security/pkcs11/wrapper/p11_dual.c | 8 +- .../sun/security/pkcs11/wrapper/p11_general.c | 7 +- .../sun/security/pkcs11/wrapper/p11_keymgmt.c | 4 +- .../sun/security/pkcs11/wrapper/p11_mutex.c | 28 +++--- .../sun/security/pkcs11/wrapper/p11_objmgmt.c | 4 +- .../security/pkcs11/wrapper/p11_sessmgmt.c | 12 ++- .../sun/security/pkcs11/wrapper/p11_sign.c | 20 ++--- .../sun/security/pkcs11/wrapper/p11_util.c | 86 ++++++++++++------- .../security/pkcs11/wrapper/pkcs11wrapper.h | 3 +- .../native/sun/security/pkcs11/j2secmod_md.c | 4 +- .../native/sun/security/smartcardio/pcsc_md.c | 32 ++++++- .../native/sun/security/pkcs11/j2secmod_md.c | 4 +- 23 files changed, 180 insertions(+), 134 deletions(-) diff --git a/jdk/make/com/sun/security/auth/module/Makefile b/jdk/make/com/sun/security/auth/module/Makefile index c274fac637a..2f6aabab01d 100644 --- a/jdk/make/com/sun/security/auth/module/Makefile +++ b/jdk/make/com/sun/security/auth/module/Makefile @@ -78,7 +78,3 @@ endif # linux # include $(BUILDDIR)/common/Library.gmk -# -# JVMDI implementation lives in the VM. -# -OTHER_LDLIBS = $(JVMLIB) diff --git a/jdk/make/common/Defs.gmk b/jdk/make/common/Defs.gmk index e46aedeffe1..99d1ed1a69e 100644 --- a/jdk/make/common/Defs.gmk +++ b/jdk/make/common/Defs.gmk @@ -220,14 +220,30 @@ JDK_LOCALES = ja zh_CN JRE_NONEXIST_LOCALES = en en_US de_DE es_ES fr_FR it_IT ja_JP ko_KR sv_SE zh # -# All libraries except libjava and libjvm itself link against libjvm and -# libjava, the latter for its exported common utilities. libjava only links -# against libjvm. Programs' makefiles take their own responsibility for +# For now, most libraries except libjava and libjvm itself link against libjvm +# and libjava, the latter for its exported common utilities. libjava only +# links against libjvm. Programs' makefiles take their own responsibility for # adding other libs. # +# The makefiles for these packages do not link against libjvm and libjava. +# This list will eventually go away and each Programs' makefiles +# will have to explicitly declare that they want to link to libjava/libjvm +# +NO_JAVALIB_PKGS = \ + sun.security.mscapi \ + sun.security.krb5 \ + sun.security.pkcs11 \ + sun.security.jgss \ + sun.security.jgss.wrapper \ + sun.security.ec \ + sun.security.smartcardio \ + com.sun.security.auth.module + ifdef PACKAGE # put JAVALIB first, but do not lose any platform specific values.... - LDLIBS_COMMON = $(JAVALIB) + ifeq (,$(findstring $(PACKAGE),$(NO_JAVALIB_PKGS))) + LDLIBS_COMMON = $(JAVALIB) + endif endif # PACKAGE # diff --git a/jdk/make/common/Library.gmk b/jdk/make/common/Library.gmk index 9999406b718..6c9b97997ce 100644 --- a/jdk/make/common/Library.gmk +++ b/jdk/make/common/Library.gmk @@ -165,7 +165,7 @@ $(ACTUAL_LIBRARY):: $(OBJDIR)/$(LIBRARY).lcf $(LINK) -dll -out:$(OBJDIR)/$(@F) \ -map:$(OBJDIR)/$(LIBRARY).map \ $(LFLAGS) @$(OBJDIR)/$(LIBRARY).lcf \ - $(OTHER_LCF) $(JAVALIB) $(LDLIBS) + $(OTHER_LCF) $(LDLIBS) $(CP) $(OBJDIR)/$(@F) $@ @$(call binary_file_verification,$@) $(CP) $(OBJDIR)/$(LIBRARY).map $(@D) diff --git a/jdk/make/sun/security/ec/Makefile b/jdk/make/sun/security/ec/Makefile index 4c95e33bde7..146a24e7a9b 100644 --- a/jdk/make/sun/security/ec/Makefile +++ b/jdk/make/sun/security/ec/Makefile @@ -192,10 +192,8 @@ ifeq ($(NATIVE_ECC_AVAILABLE), true) # # Libraries to link # - ifeq ($(PLATFORM), windows) - OTHER_LDLIBS += $(JVMLIB) - else - OTHER_LDLIBS = -ldl $(JVMLIB) $(LIBCXX) + ifneq ($(PLATFORM), windows) + OTHER_LDLIBS = $(LIBCXX) endif include $(BUILDDIR)/common/Mapfile-vers.gmk diff --git a/jdk/make/sun/security/jgss/wrapper/Makefile b/jdk/make/sun/security/jgss/wrapper/Makefile index c7c0a6a1672..fead6e2e8d1 100644 --- a/jdk/make/sun/security/jgss/wrapper/Makefile +++ b/jdk/make/sun/security/jgss/wrapper/Makefile @@ -72,5 +72,6 @@ include $(BUILDDIR)/common/Library.gmk # Libraries to link # ifneq ($(PLATFORM), windows) - OTHER_LDLIBS = -ldl $(JVMLIB) + OTHER_LDLIBS = -ldl endif + diff --git a/jdk/make/sun/security/krb5/Makefile b/jdk/make/sun/security/krb5/Makefile index 3b6d4f62046..848a694b7b5 100644 --- a/jdk/make/sun/security/krb5/Makefile +++ b/jdk/make/sun/security/krb5/Makefile @@ -69,15 +69,6 @@ else include $(BUILDDIR)/common/Classes.gmk endif # PLATFORM -# -# Libraries to link -# -ifeq ($(PLATFORM), windows) - OTHER_LDLIBS = $(JVMLIB) -else - OTHER_LDLIBS = -ldl $(JVMLIB) -endif - build: ifeq ($(PLATFORM),windows) $(call make-launcher, kinit, sun.security.krb5.internal.tools.Kinit, , ) diff --git a/jdk/make/sun/security/mscapi/Makefile b/jdk/make/sun/security/mscapi/Makefile index 405941fe7ba..389d5a1a016 100644 --- a/jdk/make/sun/security/mscapi/Makefile +++ b/jdk/make/sun/security/mscapi/Makefile @@ -159,7 +159,7 @@ include $(BUILDDIR)/common/Library.gmk # Libraries to link # ifeq ($(PLATFORM), windows) - OTHER_LDLIBS += $(JVMLIB) Crypt32.Lib + OTHER_LDLIBS += Crypt32.Lib endif # diff --git a/jdk/make/sun/security/pkcs11/Makefile b/jdk/make/sun/security/pkcs11/Makefile index 2d59f13a018..04057765a36 100644 --- a/jdk/make/sun/security/pkcs11/Makefile +++ b/jdk/make/sun/security/pkcs11/Makefile @@ -159,10 +159,8 @@ include $(BUILDDIR)/common/Library.gmk # # Libraries to link # -ifeq ($(PLATFORM), windows) - OTHER_LDLIBS = $(JVMLIB) -else - OTHER_LDLIBS = -ldl $(JVMLIB) +ifneq ($(PLATFORM), windows) + OTHER_LDLIBS = -ldl endif # Other config files diff --git a/jdk/make/sun/security/smartcardio/Makefile b/jdk/make/sun/security/smartcardio/Makefile index 75b315d6f52..1dae7a11f16 100644 --- a/jdk/make/sun/security/smartcardio/Makefile +++ b/jdk/make/sun/security/smartcardio/Makefile @@ -73,8 +73,8 @@ include $(BUILDDIR)/common/Library.gmk # Libraries to link # ifeq ($(PLATFORM), windows) - OTHER_LDLIBS = $(JVMLIB) winscard.lib + OTHER_LDLIBS = winscard.lib else - OTHER_LDLIBS = -ldl $(JVMLIB) + OTHER_LDLIBS = -ldl OTHER_CFLAGS = -D__sun_jdk endif diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c index c32a278b585..34080238b1b 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c @@ -273,7 +273,7 @@ CK_VERSION_PTR jVersionToCKVersionPtr(JNIEnv *env, jobject jVersion) /* allocate memory for CK_VERSION pointer */ ckpVersion = (CK_VERSION_PTR) malloc(sizeof(CK_VERSION)); if (ckpVersion == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } ckpVersion->major = jByteToCKByte(jMajor); @@ -326,7 +326,7 @@ CK_DATE * jDateObjectPtrToCKDatePtr(JNIEnv *env, jobject jDate) /* allocate memory for CK_DATE pointer */ ckpDate = (CK_DATE *) malloc(sizeof(CK_DATE)); if (ckpDate == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } @@ -340,7 +340,7 @@ CK_DATE * jDateObjectPtrToCKDatePtr(JNIEnv *env, jobject jDate) jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar)); if (jTempChars == NULL) { free(ckpDate); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } (*env)->GetCharArrayRegion(env, jYear, 0, ckLength, jTempChars); @@ -364,7 +364,7 @@ CK_DATE * jDateObjectPtrToCKDatePtr(JNIEnv *env, jobject jDate) jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar)); if (jTempChars == NULL) { free(ckpDate); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } (*env)->GetCharArrayRegion(env, jMonth, 0, ckLength, jTempChars); @@ -388,7 +388,7 @@ CK_DATE * jDateObjectPtrToCKDatePtr(JNIEnv *env, jobject jDate) jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar)); if (jTempChars == NULL) { free(ckpDate); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } (*env)->GetCharArrayRegion(env, jDay, 0, ckLength, jTempChars); @@ -558,7 +558,7 @@ CK_TLS_PRF_PARAMS jTlsPrfParamsToCKTlsPrfParam(JNIEnv *env, jobject jParam) if (ckParam.pulOutputLen == NULL) { free(ckParam.pSeed); free(ckParam.pLabel); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return ckParam; } jByteArrayToCKByteArray(env, jOutput, &(ckParam.pOutput), ckParam.pulOutputLen); @@ -665,7 +665,7 @@ CK_SSL3_KEY_MAT_PARAMS jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject if (ckParam.pReturnedKeyMaterial == NULL) { free(ckParam.RandomInfo.pClientRandom); free(ckParam.RandomInfo.pServerRandom); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return ckParam; } @@ -1013,7 +1013,7 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, ckpParam = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR) malloc(sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1040,7 +1040,7 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, ckpParam = (CK_SSL3_KEY_MAT_PARAMS_PTR) malloc(sizeof(CK_SSL3_KEY_MAT_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1067,7 +1067,7 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, ckpParam = (CK_TLS_PRF_PARAMS_PTR) malloc(sizeof(CK_TLS_PRF_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1094,7 +1094,7 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, ckpParam = (CK_AES_CTR_PARAMS_PTR) malloc(sizeof(CK_AES_CTR_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1121,7 +1121,7 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, ckpParam = (CK_RSA_PKCS_OAEP_PARAMS_PTR) malloc(sizeof(CK_RSA_PKCS_OAEP_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1148,7 +1148,7 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, ckpParam = (CK_PBE_PARAMS_PTR) malloc(sizeof(CK_PBE_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1175,7 +1175,7 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, ckpParam = (CK_PKCS5_PBKD2_PARAMS_PTR) malloc(sizeof(CK_PKCS5_PBKD2_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1202,7 +1202,7 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, ckpParam = (CK_RSA_PKCS_PSS_PARAMS_PTR) malloc(sizeof(CK_RSA_PKCS_PSS_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1229,7 +1229,7 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, ckpParam = (CK_ECDH1_DERIVE_PARAMS_PTR) malloc(sizeof(CK_ECDH1_DERIVE_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1256,7 +1256,7 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, ckpParam = (CK_ECDH2_DERIVE_PARAMS_PTR) malloc(sizeof(CK_ECDH2_DERIVE_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1283,7 +1283,7 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, ckpParam = (CK_X9_42_DH1_DERIVE_PARAMS_PTR) malloc(sizeof(CK_X9_42_DH1_DERIVE_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } @@ -1310,7 +1310,7 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, ckpParam = (CK_X9_42_DH2_DERIVE_PARAMS_PTR) malloc(sizeof(CK_X9_42_DH2_DERIVE_PARAMS)); if (ckpParam == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c index b7288c1c842..d33e4e206f3 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c @@ -131,7 +131,7 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestSingle /* always use single part op, even for large data */ bufP = (CK_BYTE_PTR) malloc((size_t)jInLen); if (bufP == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return 0; } } @@ -190,7 +190,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestUpdate bufLen = min(MAX_HEAP_BUFFER_LEN, jInLen); bufP = (CK_BYTE_PTR) malloc((size_t)bufLen); if (bufP == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } } diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_dual.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_dual.c index 1d030c51e86..a76e4042f9b 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_dual.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_dual.c @@ -92,7 +92,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestEn ckpEncryptedPart = (CK_BYTE_PTR) malloc(ckEncryptedPartLength * sizeof(CK_BYTE)); if (ckpEncryptedPart == NULL) { free(ckpPart); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } @@ -144,7 +144,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptD ckpPart = (CK_BYTE_PTR) malloc(ckPartLength * sizeof(CK_BYTE)); if (ckpPart == NULL) { free(ckpEncryptedPart); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } @@ -196,7 +196,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignEncr ckpEncryptedPart = (CK_BYTE_PTR) malloc(ckEncryptedPartLength * sizeof(CK_BYTE)); if (ckpEncryptedPart == NULL) { free(ckpPart); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } @@ -248,7 +248,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptV ckpPart = (CK_BYTE_PTR) malloc(ckPartLength * sizeof(CK_BYTE)); if (ckpPart == NULL) { free(ckpEncryptedPart); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c index a48c08b4db6..14085a16213 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c @@ -71,7 +71,10 @@ jfieldID mech_pParameterID; jclass jByteArrayClass; jclass jLongClass; +JavaVM* jvm = NULL; + JNIEXPORT jint JNICALL JNI_OnLoad(JavaVM *vm, void *reserved) { + jvm = vm; return JNI_VERSION_1_4; } @@ -351,7 +354,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetSlotList ckpSlotList = (CK_SLOT_ID_PTR) malloc(ckTokenNumber * sizeof(CK_SLOT_ID)); if (ckpSlotList == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } @@ -652,7 +655,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetMechanismList ckpMechanismList = (CK_MECHANISM_TYPE_PTR) malloc(ckMechanismNumber * sizeof(CK_MECHANISM_TYPE)); if (ckpMechanismList == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c index 7f987fb3c26..e74230f17a6 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c @@ -165,7 +165,7 @@ JNIEXPORT jlongArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Generate if (ckMechanism.pParameter != NULL_PTR) { free(ckMechanism.pParameter); } - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } ckpPublicKeyHandle = ckpKeyHandles; /* first element of array is Public Key */ @@ -253,7 +253,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1WrapKey if (ckMechanism.pParameter != NULL_PTR) { free(ckMechanism.pParameter); } - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c index 6bc1edcd99c..29c80b8a799 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c @@ -92,7 +92,7 @@ CK_C_INITIALIZE_ARGS_PTR makeCKInitArgsAdapter(JNIEnv *env, jobject jInitArgs) /* convert the Java InitArgs object to a pointer to a CK_C_INITIALIZE_ARGS structure */ ckpInitArgs = (CK_C_INITIALIZE_ARGS_PTR) malloc(sizeof(CK_C_INITIALIZE_ARGS)); if (ckpInitArgs == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL_PTR; } @@ -141,7 +141,7 @@ CK_C_INITIALIZE_ARGS_PTR makeCKInitArgsAdapter(JNIEnv *env, jobject jInitArgs) ckpGlobalInitArgs = (CK_C_INITIALIZE_ARGS_PTR) malloc(sizeof(CK_C_INITIALIZE_ARGS)); if (ckpGlobalInitArgs == NULL) { free(ckpInitArgs); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL_PTR; } @@ -178,9 +178,8 @@ CK_C_INITIALIZE_ARGS_PTR makeCKInitArgsAdapter(JNIEnv *env, jobject jInitArgs) */ CK_RV callJCreateMutex(CK_VOID_PTR_PTR ppMutex) { - JavaVM *jvm; + extern JavaVM *jvm; JNIEnv *env; - jsize actualNumberVMs; jint returnValue; jthrowable pkcs11Exception; jclass pkcs11ExceptionClass; @@ -196,8 +195,7 @@ CK_RV callJCreateMutex(CK_VOID_PTR_PTR ppMutex) /* Get the currently running Java VM */ - returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs); - if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ;} /* there is no VM running */ + if (jvm == NULL) { return rv ;} /* there is no VM running */ /* Determine, if current thread is already attached */ returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2); @@ -273,9 +271,8 @@ CK_RV callJCreateMutex(CK_VOID_PTR_PTR ppMutex) */ CK_RV callJDestroyMutex(CK_VOID_PTR pMutex) { - JavaVM *jvm; + extern JavaVM *jvm; JNIEnv *env; - jsize actualNumberVMs; jint returnValue; jthrowable pkcs11Exception; jclass pkcs11ExceptionClass; @@ -291,8 +288,7 @@ CK_RV callJDestroyMutex(CK_VOID_PTR pMutex) /* Get the currently running Java VM */ - returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs); - if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ; } /* there is no VM running */ + if (jvm == NULL) { return rv ; } /* there is no VM running */ /* Determine, if current thread is already attached */ returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2); @@ -367,9 +363,8 @@ CK_RV callJDestroyMutex(CK_VOID_PTR pMutex) */ CK_RV callJLockMutex(CK_VOID_PTR pMutex) { - JavaVM *jvm; + extern JavaVM *jvm; JNIEnv *env; - jsize actualNumberVMs; jint returnValue; jthrowable pkcs11Exception; jclass pkcs11ExceptionClass; @@ -385,8 +380,7 @@ CK_RV callJLockMutex(CK_VOID_PTR pMutex) /* Get the currently running Java VM */ - returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs); - if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ; } /* there is no VM running */ + if (jvm == NULL) { return rv ; } /* there is no VM running */ /* Determine, if current thread is already attached */ returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2); @@ -457,9 +451,8 @@ CK_RV callJLockMutex(CK_VOID_PTR pMutex) */ CK_RV callJUnlockMutex(CK_VOID_PTR pMutex) { - JavaVM *jvm; + extern JavaVM *jvm; JNIEnv *env; - jsize actualNumberVMs; jint returnValue; jthrowable pkcs11Exception; jclass pkcs11ExceptionClass; @@ -475,8 +468,7 @@ CK_RV callJUnlockMutex(CK_VOID_PTR pMutex) /* Get the currently running Java VM */ - returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs); - if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ; } /* there is no VM running */ + if (jvm == NULL) { return rv ; } /* there is no VM running */ /* Determine, if current thread is already attached */ returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2); diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_objmgmt.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_objmgmt.c index aea03eeba0d..910453eacd7 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_objmgmt.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_objmgmt.c @@ -258,7 +258,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetAttributeVa ckpAttributes[i].pValue = (void *) malloc(ckBufferLength); if (ckpAttributes[i].pValue == NULL) { freeCKAttributeArray(ckpAttributes, i); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } ckpAttributes[i].ulValueLen = ckBufferLength; @@ -390,7 +390,7 @@ JNIEXPORT jlongArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1FindObje ckMaxObjectLength = jLongToCKULong(jMaxObjectCount); ckpObjectHandleArray = (CK_OBJECT_HANDLE_PTR) malloc(sizeof(CK_OBJECT_HANDLE) * ckMaxObjectLength); if (ckpObjectHandleArray == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c index 1b7538a49a3..524fde013af 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c @@ -98,7 +98,7 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1OpenSession if (jNotify != NULL) { notifyEncapsulation = (NotifyEncapsulation *) malloc(sizeof(NotifyEncapsulation)); if (notifyEncapsulation == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return 0L; } notifyEncapsulation->jApplicationData = (jApplication != NULL) @@ -301,7 +301,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetOpera ckpState = (CK_BYTE_PTR) malloc(ckStateLength); if (ckpState == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } @@ -435,7 +435,7 @@ void putNotifyEntry(JNIEnv *env, CK_SESSION_HANDLE hSession, NotifyEncapsulation newNode = (NotifyListNode *) malloc(sizeof(NotifyListNode)); if (newNode == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } newNode->hSession = hSession; @@ -558,9 +558,8 @@ CK_RV notifyCallback( ) { NotifyEncapsulation *notifyEncapsulation; - JavaVM *jvm; + extern JavaVM *jvm; JNIEnv *env; - jsize actualNumberVMs; jint returnValue; jlong jSessionHandle; jlong jEvent; @@ -577,8 +576,7 @@ CK_RV notifyCallback( notifyEncapsulation = (NotifyEncapsulation *) pApplication; /* Get the currently running Java VM */ - returnValue = JNI_GetCreatedJavaVMs(&jvm, (jsize) 1, &actualNumberVMs); - if ((returnValue != 0) || (actualNumberVMs <= 0)) { return rv ; } /* there is no VM running */ + if (jvm == NULL) { return rv ; } /* there is no VM running */ /* Determine, if current thread is already attached */ returnValue = (*jvm)->GetEnv(jvm, (void **) &env, JNI_VERSION_1_2); diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c index e4a43937f51..e07bcf59d59 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c @@ -132,7 +132,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Sign ckpSignature = (CK_BYTE_PTR) malloc(ckSignatureLength * sizeof(CK_BYTE)); if (ckpSignature == NULL) { free(ckpData); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } @@ -146,7 +146,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Sign ckpSignature = (CK_BYTE_PTR) malloc(256 * sizeof(CK_BYTE)); if (ckpSignature == NULL) { free(ckpData); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength); @@ -156,7 +156,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Sign ckpSignature = (CK_BYTE_PTR) malloc(ckSignatureLength * sizeof(CK_BYTE)); if (ckpSignature == NULL) { free(ckpData); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength); @@ -210,7 +210,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignUpdate bufLen = min(MAX_HEAP_BUFFER_LEN, jInLen); bufP = (CK_BYTE_PTR) malloc((size_t)bufLen); if (bufP == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } } @@ -270,7 +270,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignFina if (rv == CKR_BUFFER_TOO_SMALL) { bufP = (CK_BYTE_PTR) malloc(ckSignatureLength); if (bufP == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } rv = (*ckpFunctions->C_SignFinal)(ckSessionHandle, bufP, &ckSignatureLength); @@ -355,7 +355,7 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignRecover } else { inBufP = (CK_BYTE_PTR) malloc((size_t)jInLen); if (inBufP == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return 0; } } @@ -373,7 +373,7 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignRecover if (inBufP != INBUF) { free(inBufP); } - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return 0; } rv = (*ckpFunctions->C_SignRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckSignatureLength); @@ -508,7 +508,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyUpdate bufLen = min(MAX_HEAP_BUFFER_LEN, jInLen); bufP = (CK_BYTE_PTR) malloc((size_t)bufLen); if (bufP == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } } @@ -638,7 +638,7 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyRecover } else { inBufP = (CK_BYTE_PTR) malloc((size_t)jInLen); if (inBufP == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return 0; } } @@ -656,7 +656,7 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyRecover outBufP = (CK_BYTE_PTR) malloc(ckDataLength); if (outBufP == NULL) { if (inBufP != INBUF) { free(inBufP); } - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return 0; } rv = (*ckpFunctions->C_VerifyRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckDataLength); diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_util.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_util.c index 36a4b15943a..9436f1ece4c 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_util.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_util.c @@ -213,28 +213,52 @@ jlong ckAssertReturnValueOK(JNIEnv *env, CK_RV returnValue) return jErrorCode ; } + /* - * This function simply throws an IOException - * - * @param env Used to call JNI funktions and to get the Exception class. - * @param message The message string of the Exception object. + * Throws a Java Exception by name */ -void throwIOException(JNIEnv *env, const char *message) +void throwByName(JNIEnv *env, const char *name, const char *msg) { - JNU_ThrowByName(env, CLASS_IO_EXCEPTION, message); + jclass cls = (*env)->FindClass(env, name); + + if (cls != 0) /* Otherwise an exception has already been thrown */ + (*env)->ThrowNew(env, cls, msg); +} + +/* + * Throws java.lang.OutOfMemoryError + */ +void throwOutOfMemoryError(JNIEnv *env, const char *msg) +{ + throwByName(env, "java/lang/OutOfMemoryError", msg); +} + +/* + * Throws java.lang.NullPointerException + */ +void throwNullPointerException(JNIEnv *env, const char *msg) +{ + throwByName(env, "java/lang/NullPointerException", msg); +} + +/* + * Throws java.io.IOException + */ +void throwIOException(JNIEnv *env, const char *msg) +{ + throwByName(env, "java/io/IOException", msg); } /* * This function simply throws a PKCS#11RuntimeException with the given - * string as its message. If the message is NULL, the exception is created - * using the default constructor. + * string as its message. * * @param env Used to call JNI funktions and to get the Exception class. * @param jmessage The message string of the Exception object. */ void throwPKCS11RuntimeException(JNIEnv *env, const char *message) { - JNU_ThrowByName(env, CLASS_PKCS11RUNTIMEEXCEPTION, message); + throwByName(env, CLASS_PKCS11RUNTIMEEXCEPTION, message); } /* @@ -318,7 +342,7 @@ void jBooleanArrayToCKBBoolArray(JNIEnv *env, const jbooleanArray jArray, CK_BBO *ckpLength = (*env)->GetArrayLength(env, jArray); jpTemp = (jboolean*) malloc((*ckpLength) * sizeof(jboolean)); if (jpTemp == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } (*env)->GetBooleanArrayRegion(env, jArray, 0, *ckpLength, jpTemp); @@ -330,7 +354,7 @@ void jBooleanArrayToCKBBoolArray(JNIEnv *env, const jbooleanArray jArray, CK_BBO *ckpArray = (CK_BBOOL*) malloc ((*ckpLength) * sizeof(CK_BBOOL)); if (*ckpArray == NULL) { free(jpTemp); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } for (i=0; i<(*ckpLength); i++) { @@ -360,7 +384,7 @@ void jByteArrayToCKByteArray(JNIEnv *env, const jbyteArray jArray, CK_BYTE_PTR * *ckpLength = (*env)->GetArrayLength(env, jArray); jpTemp = (jbyte*) malloc((*ckpLength) * sizeof(jbyte)); if (jpTemp == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } (*env)->GetByteArrayRegion(env, jArray, 0, *ckpLength, jpTemp); @@ -376,7 +400,7 @@ void jByteArrayToCKByteArray(JNIEnv *env, const jbyteArray jArray, CK_BYTE_PTR * *ckpArray = (CK_BYTE_PTR) malloc ((*ckpLength) * sizeof(CK_BYTE)); if (*ckpArray == NULL) { free(jpTemp); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } for (i=0; i<(*ckpLength); i++) { @@ -407,7 +431,7 @@ void jLongArrayToCKULongArray(JNIEnv *env, const jlongArray jArray, CK_ULONG_PTR *ckpLength = (*env)->GetArrayLength(env, jArray); jTemp = (jlong*) malloc((*ckpLength) * sizeof(jlong)); if (jTemp == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } (*env)->GetLongArrayRegion(env, jArray, 0, *ckpLength, jTemp); @@ -419,7 +443,7 @@ void jLongArrayToCKULongArray(JNIEnv *env, const jlongArray jArray, CK_ULONG_PTR *ckpArray = (CK_ULONG_PTR) malloc (*ckpLength * sizeof(CK_ULONG)); if (*ckpArray == NULL) { free(jTemp); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } for (i=0; i<(*ckpLength); i++) { @@ -449,7 +473,7 @@ void jCharArrayToCKCharArray(JNIEnv *env, const jcharArray jArray, CK_CHAR_PTR * *ckpLength = (*env)->GetArrayLength(env, jArray); jpTemp = (jchar*) malloc((*ckpLength) * sizeof(jchar)); if (jpTemp == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } (*env)->GetCharArrayRegion(env, jArray, 0, *ckpLength, jpTemp); @@ -461,7 +485,7 @@ void jCharArrayToCKCharArray(JNIEnv *env, const jcharArray jArray, CK_CHAR_PTR * *ckpArray = (CK_CHAR_PTR) malloc (*ckpLength * sizeof(CK_CHAR)); if (*ckpArray == NULL) { free(jpTemp); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } for (i=0; i<(*ckpLength); i++) { @@ -491,7 +515,7 @@ void jCharArrayToCKUTF8CharArray(JNIEnv *env, const jcharArray jArray, CK_UTF8CH *ckpLength = (*env)->GetArrayLength(env, jArray); jTemp = (jchar*) malloc((*ckpLength) * sizeof(jchar)); if (jTemp == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } (*env)->GetCharArrayRegion(env, jArray, 0, *ckpLength, jTemp); @@ -503,7 +527,7 @@ void jCharArrayToCKUTF8CharArray(JNIEnv *env, const jcharArray jArray, CK_UTF8CH *ckpArray = (CK_UTF8CHAR_PTR) malloc (*ckpLength * sizeof(CK_UTF8CHAR)); if (*ckpArray == NULL) { free(jTemp); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } for (i=0; i<(*ckpLength); i++) { @@ -538,7 +562,7 @@ void jStringToCKUTF8CharArray(JNIEnv *env, const jstring jArray, CK_UTF8CHAR_PTR *ckpArray = (CK_UTF8CHAR_PTR) malloc((*ckpLength + 1) * sizeof(CK_UTF8CHAR)); if (*ckpArray == NULL) { (*env)->ReleaseStringUTFChars(env, (jstring) jArray, pCharArray); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } strcpy((char*)*ckpArray, pCharArray); @@ -571,7 +595,7 @@ void jAttributeArrayToCKAttributeArray(JNIEnv *env, jobjectArray jArray, CK_ATTR *ckpLength = jLongToCKULong(jLength); *ckpArray = (CK_ATTRIBUTE_PTR) malloc(*ckpLength * sizeof(CK_ATTRIBUTE)); if (*ckpArray == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } TRACE1(", converting %d attibutes", jLength); @@ -613,7 +637,7 @@ jbyteArray ckByteArrayToJByteArray(JNIEnv *env, const CK_BYTE_PTR ckpArray, CK_U } else { jpTemp = (jbyte*) malloc((ckLength) * sizeof(jbyte)); if (jpTemp == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } for (i=0; iCallBooleanMethod(env, jObject, jValueMethod); ckpValue = (CK_BBOOL *) malloc(sizeof(CK_BBOOL)); if (ckpValue == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } *ckpValue = jBooleanToCKBBool(jValue); @@ -842,7 +866,7 @@ CK_BYTE_PTR jByteObjectToCKBytePtr(JNIEnv *env, jobject jObject) jValue = (*env)->CallByteMethod(env, jObject, jValueMethod); ckpValue = (CK_BYTE_PTR) malloc(sizeof(CK_BYTE)); if (ckpValue == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } *ckpValue = jByteToCKByte(jValue); @@ -871,7 +895,7 @@ CK_ULONG* jIntegerObjectToCKULongPtr(JNIEnv *env, jobject jObject) jValue = (*env)->CallIntMethod(env, jObject, jValueMethod); ckpValue = (CK_ULONG *) malloc(sizeof(CK_ULONG)); if (ckpValue == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } *ckpValue = jLongToCKLong(jValue); @@ -900,7 +924,7 @@ CK_ULONG* jLongObjectToCKULongPtr(JNIEnv *env, jobject jObject) jValue = (*env)->CallLongMethod(env, jObject, jValueMethod); ckpValue = (CK_ULONG *) malloc(sizeof(CK_ULONG)); if (ckpValue == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } *ckpValue = jLongToCKULong(jValue); @@ -930,7 +954,7 @@ CK_CHAR_PTR jCharObjectToCKCharPtr(JNIEnv *env, jobject jObject) jValue = (*env)->CallCharMethod(env, jObject, jValueMethod); ckpValue = (CK_CHAR_PTR) malloc(sizeof(CK_CHAR)); if (ckpValue == NULL) { - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return NULL; } *ckpValue = jCharToCKChar(jValue); @@ -1087,7 +1111,7 @@ void jObjectToPrimitiveCKObjectPtrPtr(JNIEnv *env, jobject jObject, CK_VOID_PTR malloc((strlen(exceptionMsgPrefix) + strlen(classNameString) + 1)); if (exceptionMsg == NULL) { (*env)->ReleaseStringUTFChars(env, jClassNameString, classNameString); - JNU_ThrowOutOfMemoryError(env, 0); + throwOutOfMemoryError(env, 0); return; } strcpy(exceptionMsg, exceptionMsgPrefix); diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h b/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h index ff6d550d523..bf3adf86a9d 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h @@ -228,7 +228,6 @@ #define CLASS_PKCS11EXCEPTION "sun/security/pkcs11/wrapper/PKCS11Exception" #define CLASS_PKCS11RUNTIMEEXCEPTION "sun/security/pkcs11/wrapper/PKCS11RuntimeException" #define CLASS_FILE_NOT_FOUND_EXCEPTION "java/io/FileNotFoundException" -#define CLASS_IO_EXCEPTION "java/io/IOException" #define CLASS_C_INITIALIZE_ARGS "sun/security/pkcs11/wrapper/CK_C_INITIALIZE_ARGS" #define CLASS_CREATEMUTEX "sun/security/pkcs11/wrapper/CK_CREATEMUTEX" #define CLASS_DESTROYMUTEX "sun/security/pkcs11/wrapper/CK_DESTROYMUTEX" @@ -280,6 +279,8 @@ */ jlong ckAssertReturnValueOK(JNIEnv *env, CK_RV returnValue); +void throwOutOfMemoryError(JNIEnv *env, const char *message); +void throwNullPointerException(JNIEnv *env, const char *message); void throwIOException(JNIEnv *env, const char *message); void throwPKCS11RuntimeException(JNIEnv *env, const char *message); void throwDisconnectedRuntimeException(JNIEnv *env); diff --git a/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.c b/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.c index b445899f73b..b763bc25bb4 100644 --- a/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.c +++ b/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.c @@ -40,7 +40,7 @@ void *findFunction(JNIEnv *env, jlong jHandle, const char *functionName) { if (fAddress == NULL) { char errorMessage[256]; snprintf(errorMessage, sizeof(errorMessage), "Symbol not found: %s", functionName); - JNU_ThrowNullPointerException(env, errorMessage); + throwNullPointerException(env, errorMessage); return NULL; } return fAddress; @@ -69,7 +69,7 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_Secmod_nssLoadLibrary dprintf2("-handle: %u (0X%X)\n", hModule, hModule); if (hModule == NULL) { - JNU_ThrowIOException(env, dlerror()); + throwIOException(env, dlerror()); return 0; } diff --git a/jdk/src/solaris/native/sun/security/smartcardio/pcsc_md.c b/jdk/src/solaris/native/sun/security/smartcardio/pcsc_md.c index 67e452da340..c7379810fab 100644 --- a/jdk/src/solaris/native/sun/security/smartcardio/pcsc_md.c +++ b/jdk/src/solaris/native/sun/security/smartcardio/pcsc_md.c @@ -51,12 +51,40 @@ FPTR_SCardBeginTransaction scardBeginTransaction; FPTR_SCardEndTransaction scardEndTransaction; FPTR_SCardControl scardControl; +/* + * Throws a Java Exception by name + */ +void throwByName(JNIEnv *env, const char *name, const char *msg) +{ + jclass cls = (*env)->FindClass(env, name); + + if (cls != 0) /* Otherwise an exception has already been thrown */ + (*env)->ThrowNew(env, cls, msg); +} + +/* + * Throws java.lang.NullPointerException + */ +void throwNullPointerException(JNIEnv *env, const char *msg) +{ + throwByName(env, "java/lang/NullPointerException", msg); +} + +/* + * Throws java.io.IOException + */ +void throwIOException(JNIEnv *env, const char *msg) +{ + throwByName(env, "java/io/IOException", msg); +} + + void *findFunction(JNIEnv *env, void *hModule, char *functionName) { void *fAddress = dlsym(hModule, functionName); if (fAddress == NULL) { char errorMessage[256]; snprintf(errorMessage, sizeof(errorMessage), "Symbol not found: %s", functionName); - JNU_ThrowNullPointerException(env, errorMessage); + throwNullPointerException(env, errorMessage); return NULL; } return fAddress; @@ -69,7 +97,7 @@ JNIEXPORT void JNICALL Java_sun_security_smartcardio_PlatformPCSC_initialize (*env)->ReleaseStringUTFChars(env, jLibName, libName); if (hModule == NULL) { - JNU_ThrowIOException(env, dlerror()); + throwIOException(env, dlerror()); return; } scardEstablishContext = (FPTR_SCardEstablishContext)findFunction(env, hModule, "SCardEstablishContext"); diff --git a/jdk/src/windows/native/sun/security/pkcs11/j2secmod_md.c b/jdk/src/windows/native/sun/security/pkcs11/j2secmod_md.c index 4a8d7583a4c..fac24a6063f 100644 --- a/jdk/src/windows/native/sun/security/pkcs11/j2secmod_md.c +++ b/jdk/src/windows/native/sun/security/pkcs11/j2secmod_md.c @@ -37,7 +37,7 @@ void *findFunction(JNIEnv *env, jlong jHandle, const char *functionName) { if (fAddress == NULL) { char errorMessage[256]; _snprintf(errorMessage, sizeof(errorMessage), "Symbol not found: %s", functionName); - JNU_ThrowNullPointerException(env, errorMessage); + throwNullPointerException(env, errorMessage); return NULL; } return fAddress; @@ -78,7 +78,7 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_Secmod_nssLoadLibrary NULL ); dprintf1("-error: %s\n", lpMsgBuf); - JNU_ThrowIOException(env, (char*)lpMsgBuf); + throwIOException(env, (char*)lpMsgBuf); LocalFree(lpMsgBuf); return 0; } From 616b1a997f8f5d7b821cdc151903092a3c20325f Mon Sep 17 00:00:00 2001 From: Alan Bateman Date: Tue, 25 Oct 2011 09:27:20 +0100 Subject: [PATCH 15/15] 7104577: Changes for 7104209 cause many RMI tests to fail Reviewed-by: chegar --- .../share/classes/sun/rmi/server/MarshalInputStream.java | 8 -------- 1 file changed, 8 deletions(-) diff --git a/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java b/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java index e560376f68d..cb32017b4ad 100644 --- a/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java +++ b/jdk/src/share/classes/sun/rmi/server/MarshalInputStream.java @@ -109,14 +109,6 @@ public class MarshalInputStream extends ObjectInputStream { } } - /** - * Load the "rmi" native library. - */ - static { - java.security.AccessController.doPrivileged( - new sun.security.action.LoadLibraryAction("rmi")); - } - /** * Create a new MarshalInputStream object. */