Merge
This commit is contained in:
commit
8b89580a17
@ -835,10 +835,6 @@ endif
|
|||||||
$(BOOT_JAVA_CMD) -jar $(BUILDMETAINDEX_JARFILE) \
|
$(BOOT_JAVA_CMD) -jar $(BUILDMETAINDEX_JARFILE) \
|
||||||
-o meta-index *.jar
|
-o meta-index *.jar
|
||||||
@$(CD) $(JRE_IMAGE_DIR)/lib/ext && $(java-vm-cleanup)
|
@$(CD) $(JRE_IMAGE_DIR)/lib/ext && $(java-vm-cleanup)
|
||||||
ifeq ($(PLATFORM), macosx)
|
|
||||||
@#install jobjc, apple mac only
|
|
||||||
$(CP) $(OUTPUTDIR)/JObjC.build/JObjC.jar $(JRE_IMAGE_DIR)/lib/JObjC.jar
|
|
||||||
endif
|
|
||||||
ifeq ($(PLATFORM), windows)
|
ifeq ($(PLATFORM), windows)
|
||||||
@# Remove certain *.lib files
|
@# Remove certain *.lib files
|
||||||
$(CD) $(JRE_IMAGE_DIR)/lib && \
|
$(CD) $(JRE_IMAGE_DIR)/lib && \
|
||||||
|
@ -57,10 +57,6 @@ ifeq ($(PLATFORM), linux)
|
|||||||
SUBDIRS += jexec
|
SUBDIRS += jexec
|
||||||
endif # PLATFORM
|
endif # PLATFORM
|
||||||
|
|
||||||
ifeq ($(PLATFORM), macosx)
|
|
||||||
SUBDIRS += jobjc
|
|
||||||
endif # PLATFORM
|
|
||||||
|
|
||||||
include $(BUILDDIR)/common/Subdirs.gmk
|
include $(BUILDDIR)/common/Subdirs.gmk
|
||||||
|
|
||||||
all build clean clobber::
|
all build clean clobber::
|
||||||
|
@ -271,11 +271,6 @@ ifeq ($(OPENJDK_TARGET_OS),macosx)
|
|||||||
$(JDK_TOPDIR)/src/solaris/classes/sun/util/locale/provider/HostLocaleProviderAdapterImpl.java \
|
$(JDK_TOPDIR)/src/solaris/classes/sun/util/locale/provider/HostLocaleProviderAdapterImpl.java \
|
||||||
$(JDK_TOPDIR)/src/solaris/classes/sun/nio/fs/GnomeFileTypeDetector.java
|
$(JDK_TOPDIR)/src/solaris/classes/sun/nio/fs/GnomeFileTypeDetector.java
|
||||||
|
|
||||||
# JObjC.jar contains 1.5 byte-code...so skip it here :-(
|
|
||||||
# MACOSX_SRC_DIRS += $(JDK_TOPDIR)/src/macosx/native/jobjc/src
|
|
||||||
# EXCLUDES+= tests/java/com/apple/jobjc
|
|
||||||
|
|
||||||
EXCLUDES+= com/apple/jobjc
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
# The exception handling of swing beaninfo
|
# The exception handling of swing beaninfo
|
||||||
@ -327,44 +322,6 @@ $(JDK_OUTPUTDIR)/classes/META-INF/services/com.sun.tools.xjc.Plugin:
|
|||||||
|
|
||||||
##########################################################################################
|
##########################################################################################
|
||||||
|
|
||||||
ifeq ($(OPENJDK_TARGET_OS),macosx)
|
|
||||||
#
|
|
||||||
# JObjC.jar is compiled with BOOT_JAVAC which (may) not support the "-h" flag.
|
|
||||||
# so we first compile classes with BOOT_JAVAC and then with JDK_JAVAC :-(
|
|
||||||
#
|
|
||||||
$(eval $(call SetupJavaCompiler,GENERATE_15BYTECODE,\
|
|
||||||
JAVAC:=$(JAVAC),\
|
|
||||||
FLAGS:=-source 1.5 -target 1.5 -g -bootclasspath $(BOOT_RTJAR) -cp $(JDK_OUTPUTDIR)/../langtools/dist/lib/classes.jar $(DISABLE_WARNINGS),\
|
|
||||||
SERVER_DIR:=$(SJAVAC_SERVER_DIR),\
|
|
||||||
SERVER_JVM:=$(SJAVAC_SERVER_JAVA)))
|
|
||||||
|
|
||||||
$(eval $(call SetupJavaCompilation,BUILD_JOBJC,\
|
|
||||||
SETUP:=GENERATE_15BYTECODE,\
|
|
||||||
DISABLE_SJAVAC:=true,\
|
|
||||||
SRC:=$(JDK_TOPDIR)/src/macosx/native/jobjc/src/core/java \
|
|
||||||
$(JDK_TOPDIR)/src/macosx/native/jobjc/src/runtime-additions/java \
|
|
||||||
$(JDK_OUTPUTDIR)/gensrc_jobjc/src, \
|
|
||||||
INCLUDES := com/apple/jobjc,\
|
|
||||||
EXCLUDES := tests/java/com/apple/jobjc,\
|
|
||||||
BIN:=$(JDK_OUTPUTDIR)/jobjc_classes,\
|
|
||||||
JAR:=$(JDK_OUTPUTDIR)/lib/JObjC.jar, \
|
|
||||||
JARINDEX := true))
|
|
||||||
|
|
||||||
$(BUILD_JOBJC) : $(BUILD_JDK)
|
|
||||||
|
|
||||||
$(eval $(call SetupJavaCompilation,BUILD_JOBJC_HEADERS,\
|
|
||||||
SETUP:=GENERATE_JDKBYTECODE,\
|
|
||||||
SRC:=$(JDK_TOPDIR)/src/macosx/native/jobjc/src/core/java \
|
|
||||||
$(JDK_TOPDIR)/src/macosx/native/jobjc/src/runtime-additions/java \
|
|
||||||
$(JDK_OUTPUTDIR)/gensrc_jobjc/src, \
|
|
||||||
INCLUDES := com/apple/jobjc,\
|
|
||||||
EXCLUDES := tests/java/com/apple/jobjc,\
|
|
||||||
BIN:=$(JDK_OUTPUTDIR)/jobjc_classes_headers,\
|
|
||||||
HEADERS:=$(JDK_OUTPUTDIR)/gensrc_headers_jobjc))
|
|
||||||
|
|
||||||
$(BUILD_JOBJC_HEADERS) : $(BUILD_JDK)
|
|
||||||
|
|
||||||
endif
|
|
||||||
|
|
||||||
##########################################################################################
|
##########################################################################################
|
||||||
|
|
||||||
@ -403,7 +360,7 @@ endif
|
|||||||
|
|
||||||
##########################################################################################
|
##########################################################################################
|
||||||
|
|
||||||
all: $(BUILD_JDK) $(BUILD_ALTCLASSES) $(BUILD_JOBJC) $(BUILD_JOBJC_HEADERS) $(COPY_EXTRA) \
|
all: $(BUILD_JDK) $(BUILD_ALTCLASSES) $(COPY_EXTRA) \
|
||||||
$(JDK_OUTPUTDIR)/classes/META-INF/services/com.sun.tools.xjc.Plugin \
|
$(JDK_OUTPUTDIR)/classes/META-INF/services/com.sun.tools.xjc.Plugin \
|
||||||
$(BUILD_ACCESSBRIDGE_32) $(BUILD_ACCESSBRIDGE_64) \
|
$(BUILD_ACCESSBRIDGE_32) $(BUILD_ACCESSBRIDGE_64) \
|
||||||
$(BUILD_ACCESSBRIDGE_LEGACY)
|
$(BUILD_ACCESSBRIDGE_LEGACY)
|
||||||
|
@ -3296,67 +3296,6 @@ endif
|
|||||||
|
|
||||||
##########################################################################################
|
##########################################################################################
|
||||||
|
|
||||||
ifeq ($(OPENJDK_TARGET_OS), macosx)
|
|
||||||
|
|
||||||
# Ugly hack to mimic behaviour in old build where this is built as an xcode project.
|
|
||||||
SET_SHARED_LIBRARY_NAME=-Xlinker -install_name -Xlinker /usr/local/lib/libJObjC.dylib
|
|
||||||
|
|
||||||
$(eval $(call SetupNativeCompilation,BUILD_LIBJOBJC32,\
|
|
||||||
LIBRARY:=JObjC,\
|
|
||||||
OUTPUT_DIR:=$(JDK_OUTPUTDIR)/objs/libjobjc32,\
|
|
||||||
SRC:=$(JDK_TOPDIR)/src/macosx/native/jobjc/src/core/native \
|
|
||||||
$(JDK_TOPDIR)/src/macosx/native/jobjc/src/runtime-additions/native ,\
|
|
||||||
LANG:=C,\
|
|
||||||
OPTIMIZATION:=LOW, \
|
|
||||||
CFLAGS:=-fpascal-strings \
|
|
||||||
-fobjc-gc \
|
|
||||||
-gdwarf-2 \
|
|
||||||
$(CFLAGS_JDKLIB) -I$(JDK_OUTPUTDIR)/gensrc_headers_jobjc \
|
|
||||||
-F/System/Library/Frameworks/JavaVM.framework/Frameworks \
|
|
||||||
-m32,\
|
|
||||||
LDFLAGS:=$(LDFLAGS_JDKLIB)\
|
|
||||||
-m32, \
|
|
||||||
LDFLAGS_SUFFIX:=-framework Foundation -framework JavaVM \
|
|
||||||
-F/System/Library/Frameworks/JavaVM.framework/Frameworks \
|
|
||||||
-framework JavaNativeFoundation \
|
|
||||||
-lffi, \
|
|
||||||
OBJECT_DIR:=$(JDK_OUTPUTDIR)/objs/libjobjc32,\
|
|
||||||
DEBUG_SYMBOLS:=$(DEBUG_ALL_BINARIES)))
|
|
||||||
|
|
||||||
$(eval $(call SetupNativeCompilation,BUILD_LIBJOBJC64,\
|
|
||||||
LIBRARY:=JObjC,\
|
|
||||||
OUTPUT_DIR:=$(JDK_OUTPUTDIR)/objs/libjobjc64,\
|
|
||||||
SRC:=$(JDK_TOPDIR)/src/macosx/native/jobjc/src/core/native \
|
|
||||||
$(JDK_TOPDIR)/src/macosx/native/jobjc/src/runtime-additions/native ,\
|
|
||||||
LANG:=C,\
|
|
||||||
OPTIMIZATION:=LOW, \
|
|
||||||
CFLAGS:=-fpascal-strings \
|
|
||||||
-fobjc-gc \
|
|
||||||
-gdwarf-2 \
|
|
||||||
$(CFLAGS_JDKLIB) -I$(JDK_OUTPUTDIR)/gensrc_headers_jobjc \
|
|
||||||
-F/System/Library/Frameworks/JavaVM.framework/Frameworks \
|
|
||||||
, \
|
|
||||||
LDFLAGS:=-fpascal-strings \
|
|
||||||
-fobjc-gc \
|
|
||||||
-gdwarf-2 \
|
|
||||||
$(LDFLAGS_JDKLIB)\
|
|
||||||
$(call SET_SHARED_LIBRARY_ORIGIN), \
|
|
||||||
LDFLAGS_SUFFIX:=-framework Foundation -framework JavaVM \
|
|
||||||
-F/System/Library/Frameworks/JavaVM.framework/Frameworks \
|
|
||||||
-framework JavaNativeFoundation \
|
|
||||||
-lffi, \
|
|
||||||
OBJECT_DIR:=$(JDK_OUTPUTDIR)/objs/libjobjc64,\
|
|
||||||
DEBUG_SYMBOLS:=$(DEBUG_ALL_BINARIES)))
|
|
||||||
|
|
||||||
$(INSTALL_LIBRARIES_HERE)/$(LIBRARY_PREFIX)JObjC$(SHARED_LIBRARY_SUFFIX): $(BUILD_LIBJOBJC32) $(BUILD_LIBJOBJC64)
|
|
||||||
$(LIPO) -create -output $@ $(BUILD_LIBJOBJC32) $(BUILD_LIBJOBJC64)
|
|
||||||
|
|
||||||
BUILD_LIBRARIES += $(INSTALL_LIBRARIES_HERE)/$(LIBRARY_PREFIX)JObjC$(SHARED_LIBRARY_SUFFIX)
|
|
||||||
|
|
||||||
endif
|
|
||||||
|
|
||||||
##########################################################################################
|
|
||||||
|
|
||||||
ifndef OPENJDK
|
ifndef OPENJDK
|
||||||
ifeq ($(OPENJDK_TARGET_OS), windows)
|
ifeq ($(OPENJDK_TARGET_OS), windows)
|
||||||
|
|
||||||
|
@ -994,15 +994,6 @@ $(IMAGES_OUTPUTDIR)/lib/ext/zipfs.jar : $(JDK_OUTPUTDIR)/demo/nio/zipfs/zipfs.ja
|
|||||||
|
|
||||||
##########################################################################################
|
##########################################################################################
|
||||||
|
|
||||||
ifeq ($(OPENJDK_TARGET_OS),macosx)
|
|
||||||
$(eval $(call SetupArchive,BUILD_JOBJC_JAR,,\
|
|
||||||
SRCS:=$(JDK_OUTPUTDIR)/jobjc_classes,\
|
|
||||||
JAR:=$(IMAGES_OUTPUTDIR)/lib/JObjC.jar, \
|
|
||||||
JARINDEX:=true))
|
|
||||||
endif
|
|
||||||
|
|
||||||
##########################################################################################
|
|
||||||
|
|
||||||
ifndef OPENJDK
|
ifndef OPENJDK
|
||||||
$(eval $(call SetupArchive,BUILD_ALT_RT_JAR,,\
|
$(eval $(call SetupArchive,BUILD_ALT_RT_JAR,,\
|
||||||
SRCS:=$(JDK_OUTPUTDIR)/altclasses_classes,\
|
SRCS:=$(JDK_OUTPUTDIR)/altclasses_classes,\
|
||||||
|
@ -83,11 +83,6 @@ GENSRC += $(GENSRC_CLDR)
|
|||||||
include GensrcSwing.gmk
|
include GensrcSwing.gmk
|
||||||
GENSRC += $(GENSRC_SWING_BEANINFO) $(GENSRC_SWING_NIMBUS)
|
GENSRC += $(GENSRC_SWING_BEANINFO) $(GENSRC_SWING_NIMBUS)
|
||||||
|
|
||||||
ifeq ($(OPENJDK_TARGET_OS), macosx)
|
|
||||||
include GensrcJObjC.gmk
|
|
||||||
GENSRC += $(GENSRC_JOBJC)
|
|
||||||
endif
|
|
||||||
|
|
||||||
$(GENSRC) : $(BUILD_TOOLS)
|
$(GENSRC) : $(BUILD_TOOLS)
|
||||||
|
|
||||||
all: $(GENSRC)
|
all: $(GENSRC)
|
||||||
|
@ -303,14 +303,13 @@ $(JDK_IMAGE_DIR)/jre/lib/applet:
|
|||||||
$(ECHO) $(LOG_INFO) Creating $(patsubst $(OUTPUT_ROOT)/%,%,$@)
|
$(ECHO) $(LOG_INFO) Creating $(patsubst $(OUTPUT_ROOT)/%,%,$@)
|
||||||
$(MKDIR) -p $@
|
$(MKDIR) -p $@
|
||||||
|
|
||||||
# In the old build, JObjC.jar is not part of the meta-index
|
|
||||||
$(JRE_IMAGE_DIR)/lib/meta-index: $(JRE_LIB_TARGETS)
|
$(JRE_IMAGE_DIR)/lib/meta-index: $(JRE_LIB_TARGETS)
|
||||||
$(ECHO) $(LOG_INFO) Generating $(patsubst $(OUTPUT_ROOT)/%,%,$@)
|
$(ECHO) $(LOG_INFO) Generating $(patsubst $(OUTPUT_ROOT)/%,%,$@)
|
||||||
$(CD) $(@D) && $(TOOL_BUILDMETAINDEX) -o meta-index `$(LS) *.jar | $(SED) 's/JObjC\.jar//g'`
|
$(CD) $(@D) && $(TOOL_BUILDMETAINDEX) -o meta-index *.jar
|
||||||
|
|
||||||
$(JDK_IMAGE_DIR)/jre/lib/meta-index: $(JDKJRE_LIB_TARGETS)
|
$(JDK_IMAGE_DIR)/jre/lib/meta-index: $(JDKJRE_LIB_TARGETS)
|
||||||
$(ECHO) $(LOG_INFO) Generating $(patsubst $(OUTPUT_ROOT)/%,%,$@)
|
$(ECHO) $(LOG_INFO) Generating $(patsubst $(OUTPUT_ROOT)/%,%,$@)
|
||||||
$(CD) $(@D) && $(TOOL_BUILDMETAINDEX) -o meta-index `$(LS) *.jar | $(SED) 's/JObjC\.jar//g'`
|
$(CD) $(@D) && $(TOOL_BUILDMETAINDEX) -o meta-index *.jar
|
||||||
|
|
||||||
$(JRE_IMAGE_DIR)/lib/ext/meta-index: $(JRE_LIB_TARGETS)
|
$(JRE_IMAGE_DIR)/lib/ext/meta-index: $(JRE_LIB_TARGETS)
|
||||||
$(ECHO) $(LOG_INFO) Generating $(patsubst $(OUTPUT_ROOT)/%,%,$@)
|
$(ECHO) $(LOG_INFO) Generating $(patsubst $(OUTPUT_ROOT)/%,%,$@)
|
||||||
|
@ -109,10 +109,6 @@ ifeq ($(OPENJDK_TARGET_OS),windows)
|
|||||||
ALL_JARS += $(IMAGES_OUTPUTDIR)/lib/ext/sunmscapi.jar
|
ALL_JARS += $(IMAGES_OUTPUTDIR)/lib/ext/sunmscapi.jar
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifeq ($(OPENJDK_TARGET_OS),macosx)
|
|
||||||
ALL_JARS += $(IMAGES_OUTPUTDIR)/lib/JObjC.jar
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(PROFILE), profile_1)
|
ifeq ($(PROFILE), profile_1)
|
||||||
PROFILE_JARS := $(PROFILE_1_JARS)
|
PROFILE_JARS := $(PROFILE_1_JARS)
|
||||||
else ifeq ($(PROFILE), profile_2)
|
else ifeq ($(PROFILE), profile_2)
|
||||||
|
@ -290,8 +290,8 @@ SplashEventLoop(Splash * splash) {
|
|||||||
SplashUnlock(splash);
|
SplashUnlock(splash);
|
||||||
rc = poll(pfd, 1, timeout);
|
rc = poll(pfd, 1, timeout);
|
||||||
SplashLock(splash);
|
SplashLock(splash);
|
||||||
if (splash->isVisible>0 && SplashTime() >= splash->time +
|
if (splash->isVisible > 0 && splash->currentFrame >= 0 &&
|
||||||
splash->frames[splash->currentFrame].delay) {
|
SplashTime() >= splash->time + splash->frames[splash->currentFrame].delay) {
|
||||||
SplashNextFrame(splash);
|
SplashNextFrame(splash);
|
||||||
SplashRedrawWindow(splash);
|
SplashRedrawWindow(splash);
|
||||||
}
|
}
|
||||||
|
@ -29,6 +29,7 @@ import com.sun.beans.finder.ClassFinder;
|
|||||||
import java.beans.ExceptionListener;
|
import java.beans.ExceptionListener;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.io.StringReader;
|
||||||
|
|
||||||
import java.lang.ref.Reference;
|
import java.lang.ref.Reference;
|
||||||
import java.lang.ref.WeakReference;
|
import java.lang.ref.WeakReference;
|
||||||
@ -245,6 +246,14 @@ public final class DocumentHandler extends DefaultHandler {
|
|||||||
this.objects.add(object);
|
this.objects.add(object);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Disables any external entities.
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public InputSource resolveEntity(String publicId, String systemId) {
|
||||||
|
return new InputSource(new StringReader(""));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Prepares this handler to read objects from XML document.
|
* Prepares this handler to read objects from XML document.
|
||||||
*/
|
*/
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -72,13 +72,17 @@ public final class TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
|
|||||||
throw new IllegalStateException(
|
throw new IllegalStateException(
|
||||||
"TlsRsaPremasterSecretGenerator must be initialized");
|
"TlsRsaPremasterSecretGenerator must be initialized");
|
||||||
}
|
}
|
||||||
if (random == null) {
|
byte[] b = spec.getEncodedSecret();
|
||||||
random = new SecureRandom();
|
if (b == null) {
|
||||||
|
if (random == null) {
|
||||||
|
random = new SecureRandom();
|
||||||
|
}
|
||||||
|
b = new byte[48];
|
||||||
|
random.nextBytes(b);
|
||||||
|
b[0] = (byte)spec.getMajorVersion();
|
||||||
|
b[1] = (byte)spec.getMinorVersion();
|
||||||
}
|
}
|
||||||
byte[] b = new byte[48];
|
|
||||||
random.nextBytes(b);
|
|
||||||
b[0] = (byte)spec.getMajorVersion();
|
|
||||||
b[1] = (byte)spec.getMinorVersion();
|
|
||||||
return new SecretKeySpec(b, "TlsRsaPremasterSecret");
|
return new SecretKeySpec(b, "TlsRsaPremasterSecret");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -660,7 +660,7 @@ public class XmlReaderContentHandler extends DefaultHandler {
|
|||||||
//Added the handling for Class tags to take care of maps
|
//Added the handling for Class tags to take care of maps
|
||||||
//Makes an entry into the map upon end of class tag
|
//Makes an entry into the map upon end of class tag
|
||||||
try{
|
try{
|
||||||
typeMap.put(Key_map,Class.forName(Value_map));
|
typeMap.put(Key_map,sun.reflect.misc.ReflectUtil.forName(Value_map));
|
||||||
|
|
||||||
}catch(ClassNotFoundException ex) {
|
}catch(ClassNotFoundException ex) {
|
||||||
throw new SAXException(MessageFormat.format(resBundle.handleGetObject("xmlrch.errmap").toString(), ex.getMessage()));
|
throw new SAXException(MessageFormat.format(resBundle.handleGetObject("xmlrch.errmap").toString(), ex.getMessage()));
|
||||||
|
@ -53,6 +53,13 @@ import sun.misc.SharedSecrets;
|
|||||||
* or method in this class will cause a {@link NullPointerException} to be
|
* or method in this class will cause a {@link NullPointerException} to be
|
||||||
* thrown.
|
* thrown.
|
||||||
*
|
*
|
||||||
|
* If the verify flag is on when opening a signed jar file, the content of the
|
||||||
|
* file is verified against its signature embedded inside the file. Please note
|
||||||
|
* that the verification process does not include validating the signer's
|
||||||
|
* certificate. A caller should inspect the return value of
|
||||||
|
* {@link JarEntry#getCodeSigners()} to further determine if the signature
|
||||||
|
* can be trusted.
|
||||||
|
*
|
||||||
* @author David Connelly
|
* @author David Connelly
|
||||||
* @see Manifest
|
* @see Manifest
|
||||||
* @see java.util.zip.ZipFile
|
* @see java.util.zip.ZipFile
|
||||||
|
@ -179,7 +179,9 @@ class JarVerifier {
|
|||||||
name = name.substring(1);
|
name = name.substring(1);
|
||||||
|
|
||||||
// only set the jev object for entries that have a signature
|
// only set the jev object for entries that have a signature
|
||||||
if (sigFileSigners.get(name) != null) {
|
// (either verified or not)
|
||||||
|
if (sigFileSigners.get(name) != null ||
|
||||||
|
verifiedSigners.get(name) != null) {
|
||||||
mev.setEntry(name, je);
|
mev.setEntry(name, je);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -964,6 +964,10 @@ public final class Subject implements java.io.Serializable {
|
|||||||
|
|
||||||
s.defaultReadObject();
|
s.defaultReadObject();
|
||||||
|
|
||||||
|
// Rewrap the principals into a SecureSet
|
||||||
|
principals = Collections.synchronizedSet(new SecureSet<Principal>
|
||||||
|
(this, PRINCIPAL_SET, principals));
|
||||||
|
|
||||||
// The Credential {@code Set} is not serialized, but we do not
|
// The Credential {@code Set} is not serialized, but we do not
|
||||||
// want the default deserialization routine to set it to null.
|
// want the default deserialization routine to set it to null.
|
||||||
this.pubCredentials = Collections.synchronizedSet
|
this.pubCredentials = Collections.synchronizedSet
|
||||||
|
@ -35,6 +35,8 @@ import java.io.FileInputStream;
|
|||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
|
import java.security.AccessController;
|
||||||
|
import java.security.PrivilegedAction;
|
||||||
|
|
||||||
import javax.naming.*;
|
import javax.naming.*;
|
||||||
|
|
||||||
@ -348,7 +350,17 @@ public class SyncFactory {
|
|||||||
/*
|
/*
|
||||||
* Dependent on application
|
* Dependent on application
|
||||||
*/
|
*/
|
||||||
String strRowsetProperties = System.getProperty("rowset.properties");
|
String strRowsetProperties;
|
||||||
|
try {
|
||||||
|
strRowsetProperties = AccessController.doPrivileged(new PrivilegedAction<String>() {
|
||||||
|
public String run() {
|
||||||
|
return System.getProperty("rowset.properties");
|
||||||
|
}
|
||||||
|
}, null, new PropertyPermission("rowset.properties","read"));
|
||||||
|
} catch (Exception ex) {
|
||||||
|
strRowsetProperties = null;
|
||||||
|
}
|
||||||
|
|
||||||
if (strRowsetProperties != null) {
|
if (strRowsetProperties != null) {
|
||||||
// Load user's implementation of SyncProvider
|
// Load user's implementation of SyncProvider
|
||||||
// here. -Drowset.properties=/abc/def/pqr.txt
|
// here. -Drowset.properties=/abc/def/pqr.txt
|
||||||
@ -393,7 +405,16 @@ public class SyncFactory {
|
|||||||
* load additional properties from -D command line
|
* load additional properties from -D command line
|
||||||
*/
|
*/
|
||||||
properties.clear();
|
properties.clear();
|
||||||
String providerImpls = System.getProperty(ROWSET_SYNC_PROVIDER);
|
String providerImpls;
|
||||||
|
try {
|
||||||
|
providerImpls = AccessController.doPrivileged(new PrivilegedAction<String>() {
|
||||||
|
public String run() {
|
||||||
|
return System.getProperty(ROWSET_SYNC_PROVIDER);
|
||||||
|
}
|
||||||
|
}, null, new PropertyPermission(ROWSET_SYNC_PROVIDER,"read"));
|
||||||
|
} catch (Exception ex) {
|
||||||
|
providerImpls = null;
|
||||||
|
}
|
||||||
|
|
||||||
if (providerImpls != null) {
|
if (providerImpls != null) {
|
||||||
int i = 0;
|
int i = 0;
|
||||||
|
@ -27,6 +27,7 @@ package javax.swing.event;
|
|||||||
import java.io.*;
|
import java.io.*;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
import java.lang.reflect.Array;
|
import java.lang.reflect.Array;
|
||||||
|
import sun.reflect.misc.ReflectUtil;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A class that holds a list of EventListeners. A single instance
|
* A class that holds a list of EventListeners. A single instance
|
||||||
@ -271,7 +272,9 @@ public class EventListenerList implements Serializable {
|
|||||||
while (null != (listenerTypeOrNull = s.readObject())) {
|
while (null != (listenerTypeOrNull = s.readObject())) {
|
||||||
ClassLoader cl = Thread.currentThread().getContextClassLoader();
|
ClassLoader cl = Thread.currentThread().getContextClassLoader();
|
||||||
EventListener l = (EventListener)s.readObject();
|
EventListener l = (EventListener)s.readObject();
|
||||||
add((Class<EventListener>)Class.forName((String)listenerTypeOrNull, true, cl), l);
|
String name = (String) listenerTypeOrNull;
|
||||||
|
ReflectUtil.checkPackageAccess(name);
|
||||||
|
add((Class<EventListener>)Class.forName(name, true, cl), l);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -45,11 +45,12 @@ public class TlsRsaPremasterSecretParameterSpec
|
|||||||
|
|
||||||
private final int majorVersion;
|
private final int majorVersion;
|
||||||
private final int minorVersion;
|
private final int minorVersion;
|
||||||
|
private final byte[] encodedSecret;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructs a new TlsRsaPremasterSecretParameterSpec.
|
* Constructs a new TlsRsaPremasterSecretParameterSpec.
|
||||||
*
|
* <P>
|
||||||
* <p>The version numbers will be placed inside the premaster secret to
|
* The version numbers will be placed inside the premaster secret to
|
||||||
* detect version rollbacks attacks as described in the TLS specification.
|
* detect version rollbacks attacks as described in the TLS specification.
|
||||||
* Note that they do not indicate the protocol version negotiated for
|
* Note that they do not indicate the protocol version negotiated for
|
||||||
* the handshake.
|
* the handshake.
|
||||||
@ -65,7 +66,42 @@ public class TlsRsaPremasterSecretParameterSpec
|
|||||||
this.majorVersion =
|
this.majorVersion =
|
||||||
TlsMasterSecretParameterSpec.checkVersion(majorVersion);
|
TlsMasterSecretParameterSpec.checkVersion(majorVersion);
|
||||||
this.minorVersion =
|
this.minorVersion =
|
||||||
TlsMasterSecretParameterSpec.checkVersion(minorVersion); }
|
TlsMasterSecretParameterSpec.checkVersion(minorVersion);
|
||||||
|
this.encodedSecret = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constructs a new TlsRsaPremasterSecretParameterSpec.
|
||||||
|
* <P>
|
||||||
|
* The version numbers will be placed inside the premaster secret to
|
||||||
|
* detect version rollbacks attacks as described in the TLS specification.
|
||||||
|
* Note that they do not indicate the protocol version negotiated for
|
||||||
|
* the handshake.
|
||||||
|
* <P>
|
||||||
|
* Usually, the encoded secret key is a random number that acts as
|
||||||
|
* dummy pre_master_secret to avoid vulnerabilities described by
|
||||||
|
* section 7.4.7.1, RFC 5246.
|
||||||
|
*
|
||||||
|
* @param majorVersion the major number of the protocol version
|
||||||
|
* @param minorVersion the minor number of the protocol version
|
||||||
|
* @param encodedSecret the encoded secret key
|
||||||
|
*
|
||||||
|
* @throws IllegalArgumentException if minorVersion or majorVersion are
|
||||||
|
* negative or larger than 255, or encodedSecret is not exactly 48 bytes.
|
||||||
|
*/
|
||||||
|
public TlsRsaPremasterSecretParameterSpec(int majorVersion,
|
||||||
|
int minorVersion, byte[] encodedSecret) {
|
||||||
|
this.majorVersion =
|
||||||
|
TlsMasterSecretParameterSpec.checkVersion(majorVersion);
|
||||||
|
this.minorVersion =
|
||||||
|
TlsMasterSecretParameterSpec.checkVersion(minorVersion);
|
||||||
|
|
||||||
|
if (encodedSecret == null || encodedSecret.length != 48) {
|
||||||
|
throw new IllegalArgumentException(
|
||||||
|
"Encoded secret is not exactly 48 bytes");
|
||||||
|
}
|
||||||
|
this.encodedSecret = encodedSecret.clone();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the major version.
|
* Returns the major version.
|
||||||
@ -84,4 +120,13 @@ public class TlsRsaPremasterSecretParameterSpec
|
|||||||
public int getMinorVersion() {
|
public int getMinorVersion() {
|
||||||
return minorVersion;
|
return minorVersion;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the encoded secret.
|
||||||
|
*
|
||||||
|
* @return the encoded secret, may be null if no encoded secret.
|
||||||
|
*/
|
||||||
|
public byte[] getEncodedSecret() {
|
||||||
|
return encodedSecret == null ? null : encodedSecret.clone();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -451,30 +451,7 @@ final class P11RSACipher extends CipherSpi {
|
|||||||
// see JCE spec
|
// see JCE spec
|
||||||
protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
|
protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
|
||||||
int type) throws InvalidKeyException, NoSuchAlgorithmException {
|
int type) throws InvalidKeyException, NoSuchAlgorithmException {
|
||||||
if (algorithm.equals("TlsRsaPremasterSecret")) {
|
|
||||||
// the instance variable "session" has been initialized for
|
|
||||||
// decrypt mode, so use a local variable instead.
|
|
||||||
Session s = null;
|
|
||||||
try {
|
|
||||||
s = token.getObjSession();
|
|
||||||
long keyType = CKK_GENERIC_SECRET;
|
|
||||||
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
|
|
||||||
new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
|
|
||||||
new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
|
|
||||||
};
|
|
||||||
attributes = token.getAttributes
|
|
||||||
(O_IMPORT, CKO_SECRET_KEY, keyType, attributes);
|
|
||||||
long keyID = token.p11.C_UnwrapKey(s.id(),
|
|
||||||
new CK_MECHANISM(mechanism), p11Key.keyID, wrappedKey,
|
|
||||||
attributes);
|
|
||||||
return P11Key.secretKey(s, keyID, algorithm, 48 << 3,
|
|
||||||
attributes);
|
|
||||||
} catch (PKCS11Exception e) {
|
|
||||||
throw new InvalidKeyException("unwrap() failed", e);
|
|
||||||
} finally {
|
|
||||||
token.releaseSession(s);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// XXX implement unwrap using C_Unwrap() for all keys
|
// XXX implement unwrap using C_Unwrap() for all keys
|
||||||
implInit(Cipher.DECRYPT_MODE, p11Key);
|
implInit(Cipher.DECRYPT_MODE, p11Key);
|
||||||
if (wrappedKey.length > maxInputSize) {
|
if (wrappedKey.length > maxInputSize) {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -88,23 +88,33 @@ final class P11TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
|
|||||||
throw new IllegalStateException
|
throw new IllegalStateException
|
||||||
("TlsRsaPremasterSecretGenerator must be initialized");
|
("TlsRsaPremasterSecretGenerator must be initialized");
|
||||||
}
|
}
|
||||||
CK_VERSION version =
|
|
||||||
new CK_VERSION(spec.getMajorVersion(), spec.getMinorVersion());
|
byte[] b = spec.getEncodedSecret();
|
||||||
Session session = null;
|
if (b == null) {
|
||||||
try {
|
CK_VERSION version = new CK_VERSION(
|
||||||
session = token.getObjSession();
|
spec.getMajorVersion(), spec.getMinorVersion());
|
||||||
CK_ATTRIBUTE[] attributes = token.getAttributes
|
Session session = null;
|
||||||
(O_GENERATE, CKO_SECRET_KEY, CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
|
try {
|
||||||
long keyID = token.p11.C_GenerateKey
|
session = token.getObjSession();
|
||||||
(session.id(), new CK_MECHANISM(mechanism, version), attributes);
|
CK_ATTRIBUTE[] attributes = token.getAttributes(
|
||||||
SecretKey key = P11Key.secretKey
|
O_GENERATE, CKO_SECRET_KEY,
|
||||||
(session, keyID, "TlsRsaPremasterSecret", 48 << 3, attributes);
|
CKK_GENERIC_SECRET, new CK_ATTRIBUTE[0]);
|
||||||
return key;
|
long keyID = token.p11.C_GenerateKey(session.id(),
|
||||||
} catch (PKCS11Exception e) {
|
new CK_MECHANISM(mechanism, version), attributes);
|
||||||
throw new ProviderException("Could not generate premaster secret", e);
|
SecretKey key = P11Key.secretKey(session,
|
||||||
} finally {
|
keyID, "TlsRsaPremasterSecret", 48 << 3, attributes);
|
||||||
token.releaseSession(session);
|
return key;
|
||||||
|
} catch (PKCS11Exception e) {
|
||||||
|
throw new ProviderException(
|
||||||
|
"Could not generate premaster secret", e);
|
||||||
|
} finally {
|
||||||
|
token.releaseSession(session);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Won't worry, the TlsRsaPremasterSecret will be soon converted to
|
||||||
|
// TlsMasterSecret.
|
||||||
|
return new SecretKeySpec(b, "TlsRsaPremasterSecret");
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -43,10 +43,8 @@ import sun.misc.Unsafe;
|
|||||||
* These are the only platforms we currently support, but other optimized
|
* These are the only platforms we currently support, but other optimized
|
||||||
* variants could be added as needed.
|
* variants could be added as needed.
|
||||||
*
|
*
|
||||||
* NOTE that because this code performs unchecked direct memory access, it
|
* NOTE that ArrayIndexOutOfBoundsException will be thrown if the bounds checks
|
||||||
* MUST be restricted to trusted code. It is imperative that the caller protects
|
* failed.
|
||||||
* against out of bounds memory access by performing the necessary bounds
|
|
||||||
* checks before calling methods in this class.
|
|
||||||
*
|
*
|
||||||
* This class may also be helpful in improving the performance of the
|
* This class may also be helpful in improving the performance of the
|
||||||
* crypto code in the SunJCE provider. However, for now it is only accessible by
|
* crypto code in the SunJCE provider. However, for now it is only accessible by
|
||||||
@ -103,6 +101,10 @@ final class ByteArrayAccess {
|
|||||||
* byte[] to int[] conversion, little endian byte order.
|
* byte[] to int[] conversion, little endian byte order.
|
||||||
*/
|
*/
|
||||||
static void b2iLittle(byte[] in, int inOfs, int[] out, int outOfs, int len) {
|
static void b2iLittle(byte[] in, int inOfs, int[] out, int outOfs, int len) {
|
||||||
|
if ((inOfs < 0) || ((in.length - inOfs) < len) ||
|
||||||
|
(outOfs < 0) || ((out.length - outOfs) < len/4)) {
|
||||||
|
throw new ArrayIndexOutOfBoundsException();
|
||||||
|
}
|
||||||
if (littleEndianUnaligned) {
|
if (littleEndianUnaligned) {
|
||||||
inOfs += byteArrayOfs;
|
inOfs += byteArrayOfs;
|
||||||
len += inOfs;
|
len += inOfs;
|
||||||
@ -131,6 +133,10 @@ final class ByteArrayAccess {
|
|||||||
|
|
||||||
// Special optimization of b2iLittle(in, inOfs, out, 0, 64)
|
// Special optimization of b2iLittle(in, inOfs, out, 0, 64)
|
||||||
static void b2iLittle64(byte[] in, int inOfs, int[] out) {
|
static void b2iLittle64(byte[] in, int inOfs, int[] out) {
|
||||||
|
if ((inOfs < 0) || ((in.length - inOfs) < 64) ||
|
||||||
|
(out.length < 16)) {
|
||||||
|
throw new ArrayIndexOutOfBoundsException();
|
||||||
|
}
|
||||||
if (littleEndianUnaligned) {
|
if (littleEndianUnaligned) {
|
||||||
inOfs += byteArrayOfs;
|
inOfs += byteArrayOfs;
|
||||||
out[ 0] = unsafe.getInt(in, (long)(inOfs ));
|
out[ 0] = unsafe.getInt(in, (long)(inOfs ));
|
||||||
@ -176,6 +182,10 @@ final class ByteArrayAccess {
|
|||||||
* int[] to byte[] conversion, little endian byte order.
|
* int[] to byte[] conversion, little endian byte order.
|
||||||
*/
|
*/
|
||||||
static void i2bLittle(int[] in, int inOfs, byte[] out, int outOfs, int len) {
|
static void i2bLittle(int[] in, int inOfs, byte[] out, int outOfs, int len) {
|
||||||
|
if ((inOfs < 0) || ((in.length - inOfs) < len/4) ||
|
||||||
|
(outOfs < 0) || ((out.length - outOfs) < len)) {
|
||||||
|
throw new ArrayIndexOutOfBoundsException();
|
||||||
|
}
|
||||||
if (littleEndianUnaligned) {
|
if (littleEndianUnaligned) {
|
||||||
outOfs += byteArrayOfs;
|
outOfs += byteArrayOfs;
|
||||||
len += outOfs;
|
len += outOfs;
|
||||||
@ -204,6 +214,9 @@ final class ByteArrayAccess {
|
|||||||
|
|
||||||
// Store one 32-bit value into out[outOfs..outOfs+3] in little endian order.
|
// Store one 32-bit value into out[outOfs..outOfs+3] in little endian order.
|
||||||
static void i2bLittle4(int val, byte[] out, int outOfs) {
|
static void i2bLittle4(int val, byte[] out, int outOfs) {
|
||||||
|
if ((outOfs < 0) || ((out.length - outOfs) < 4)) {
|
||||||
|
throw new ArrayIndexOutOfBoundsException();
|
||||||
|
}
|
||||||
if (littleEndianUnaligned) {
|
if (littleEndianUnaligned) {
|
||||||
unsafe.putInt(out, (long)(byteArrayOfs + outOfs), val);
|
unsafe.putInt(out, (long)(byteArrayOfs + outOfs), val);
|
||||||
} else if (bigEndian && ((outOfs & 3) == 0)) {
|
} else if (bigEndian && ((outOfs & 3) == 0)) {
|
||||||
@ -220,6 +233,10 @@ final class ByteArrayAccess {
|
|||||||
* byte[] to int[] conversion, big endian byte order.
|
* byte[] to int[] conversion, big endian byte order.
|
||||||
*/
|
*/
|
||||||
static void b2iBig(byte[] in, int inOfs, int[] out, int outOfs, int len) {
|
static void b2iBig(byte[] in, int inOfs, int[] out, int outOfs, int len) {
|
||||||
|
if ((inOfs < 0) || ((in.length - inOfs) < len) ||
|
||||||
|
(outOfs < 0) || ((out.length - outOfs) < len/4)) {
|
||||||
|
throw new ArrayIndexOutOfBoundsException();
|
||||||
|
}
|
||||||
if (littleEndianUnaligned) {
|
if (littleEndianUnaligned) {
|
||||||
inOfs += byteArrayOfs;
|
inOfs += byteArrayOfs;
|
||||||
len += inOfs;
|
len += inOfs;
|
||||||
@ -248,6 +265,10 @@ final class ByteArrayAccess {
|
|||||||
|
|
||||||
// Special optimization of b2iBig(in, inOfs, out, 0, 64)
|
// Special optimization of b2iBig(in, inOfs, out, 0, 64)
|
||||||
static void b2iBig64(byte[] in, int inOfs, int[] out) {
|
static void b2iBig64(byte[] in, int inOfs, int[] out) {
|
||||||
|
if ((inOfs < 0) || ((in.length - inOfs) < 64) ||
|
||||||
|
(out.length < 16)) {
|
||||||
|
throw new ArrayIndexOutOfBoundsException();
|
||||||
|
}
|
||||||
if (littleEndianUnaligned) {
|
if (littleEndianUnaligned) {
|
||||||
inOfs += byteArrayOfs;
|
inOfs += byteArrayOfs;
|
||||||
out[ 0] = reverseBytes(unsafe.getInt(in, (long)(inOfs )));
|
out[ 0] = reverseBytes(unsafe.getInt(in, (long)(inOfs )));
|
||||||
@ -293,6 +314,10 @@ final class ByteArrayAccess {
|
|||||||
* int[] to byte[] conversion, big endian byte order.
|
* int[] to byte[] conversion, big endian byte order.
|
||||||
*/
|
*/
|
||||||
static void i2bBig(int[] in, int inOfs, byte[] out, int outOfs, int len) {
|
static void i2bBig(int[] in, int inOfs, byte[] out, int outOfs, int len) {
|
||||||
|
if ((inOfs < 0) || ((in.length - inOfs) < len/4) ||
|
||||||
|
(outOfs < 0) || ((out.length - outOfs) < len)) {
|
||||||
|
throw new ArrayIndexOutOfBoundsException();
|
||||||
|
}
|
||||||
if (littleEndianUnaligned) {
|
if (littleEndianUnaligned) {
|
||||||
outOfs += byteArrayOfs;
|
outOfs += byteArrayOfs;
|
||||||
len += outOfs;
|
len += outOfs;
|
||||||
@ -321,6 +346,9 @@ final class ByteArrayAccess {
|
|||||||
|
|
||||||
// Store one 32-bit value into out[outOfs..outOfs+3] in big endian order.
|
// Store one 32-bit value into out[outOfs..outOfs+3] in big endian order.
|
||||||
static void i2bBig4(int val, byte[] out, int outOfs) {
|
static void i2bBig4(int val, byte[] out, int outOfs) {
|
||||||
|
if ((outOfs < 0) || ((out.length - outOfs) < 4)) {
|
||||||
|
throw new ArrayIndexOutOfBoundsException();
|
||||||
|
}
|
||||||
if (littleEndianUnaligned) {
|
if (littleEndianUnaligned) {
|
||||||
unsafe.putInt(out, (long)(byteArrayOfs + outOfs), reverseBytes(val));
|
unsafe.putInt(out, (long)(byteArrayOfs + outOfs), reverseBytes(val));
|
||||||
} else if (bigEndian && ((outOfs & 3) == 0)) {
|
} else if (bigEndian && ((outOfs & 3) == 0)) {
|
||||||
@ -337,6 +365,10 @@ final class ByteArrayAccess {
|
|||||||
* byte[] to long[] conversion, big endian byte order.
|
* byte[] to long[] conversion, big endian byte order.
|
||||||
*/
|
*/
|
||||||
static void b2lBig(byte[] in, int inOfs, long[] out, int outOfs, int len) {
|
static void b2lBig(byte[] in, int inOfs, long[] out, int outOfs, int len) {
|
||||||
|
if ((inOfs < 0) || ((in.length - inOfs) < len) ||
|
||||||
|
(outOfs < 0) || ((out.length - outOfs) < len/8)) {
|
||||||
|
throw new ArrayIndexOutOfBoundsException();
|
||||||
|
}
|
||||||
if (littleEndianUnaligned) {
|
if (littleEndianUnaligned) {
|
||||||
inOfs += byteArrayOfs;
|
inOfs += byteArrayOfs;
|
||||||
len += inOfs;
|
len += inOfs;
|
||||||
@ -378,6 +410,10 @@ final class ByteArrayAccess {
|
|||||||
|
|
||||||
// Special optimization of b2lBig(in, inOfs, out, 0, 128)
|
// Special optimization of b2lBig(in, inOfs, out, 0, 128)
|
||||||
static void b2lBig128(byte[] in, int inOfs, long[] out) {
|
static void b2lBig128(byte[] in, int inOfs, long[] out) {
|
||||||
|
if ((inOfs < 0) || ((in.length - inOfs) < 128) ||
|
||||||
|
(out.length < 16)) {
|
||||||
|
throw new ArrayIndexOutOfBoundsException();
|
||||||
|
}
|
||||||
if (littleEndianUnaligned) {
|
if (littleEndianUnaligned) {
|
||||||
inOfs += byteArrayOfs;
|
inOfs += byteArrayOfs;
|
||||||
out[ 0] = reverseBytes(unsafe.getLong(in, (long)(inOfs )));
|
out[ 0] = reverseBytes(unsafe.getLong(in, (long)(inOfs )));
|
||||||
@ -406,6 +442,10 @@ final class ByteArrayAccess {
|
|||||||
* long[] to byte[] conversion, big endian byte order.
|
* long[] to byte[] conversion, big endian byte order.
|
||||||
*/
|
*/
|
||||||
static void l2bBig(long[] in, int inOfs, byte[] out, int outOfs, int len) {
|
static void l2bBig(long[] in, int inOfs, byte[] out, int outOfs, int len) {
|
||||||
|
if ((inOfs < 0) || ((in.length - inOfs) < len/8) ||
|
||||||
|
(outOfs < 0) || ((out.length - outOfs) < len)) {
|
||||||
|
throw new ArrayIndexOutOfBoundsException();
|
||||||
|
}
|
||||||
len += outOfs;
|
len += outOfs;
|
||||||
while (outOfs < len) {
|
while (outOfs < len) {
|
||||||
long i = in[inOfs++];
|
long i = in[inOfs++];
|
||||||
@ -419,5 +459,4 @@ final class ByteArrayAccess {
|
|||||||
out[outOfs++] = (byte)(i );
|
out[outOfs++] = (byte)(i );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2013 Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -318,33 +318,53 @@ public final class RSAPadding {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* PKCS#1 v1.5 unpadding (blocktype 1 and 2).
|
* PKCS#1 v1.5 unpadding (blocktype 1 and 2).
|
||||||
|
*
|
||||||
|
* Note that we want to make it a constant-time operation
|
||||||
*/
|
*/
|
||||||
private byte[] unpadV15(byte[] padded) throws BadPaddingException {
|
private byte[] unpadV15(byte[] padded) throws BadPaddingException {
|
||||||
int k = 0;
|
int k = 0;
|
||||||
|
BadPaddingException bpe = null;
|
||||||
|
|
||||||
if (padded[k++] != 0) {
|
if (padded[k++] != 0) {
|
||||||
throw new BadPaddingException("Data must start with zero");
|
bpe = new BadPaddingException("Data must start with zero");
|
||||||
}
|
}
|
||||||
if (padded[k++] != type) {
|
if (padded[k++] != type && bpe == null) {
|
||||||
throw new BadPaddingException("Blocktype mismatch: " + padded[1]);
|
bpe = new BadPaddingException("Blocktype mismatch: " + padded[1]);
|
||||||
}
|
}
|
||||||
while (true) {
|
int p = 0;
|
||||||
|
while (k < padded.length) {
|
||||||
int b = padded[k++] & 0xff;
|
int b = padded[k++] & 0xff;
|
||||||
if (b == 0) {
|
if (b == 0 && p == 0) {
|
||||||
break;
|
p = k;
|
||||||
}
|
}
|
||||||
if (k == padded.length) {
|
if (k == padded.length && p == 0 && bpe == null) {
|
||||||
throw new BadPaddingException("Padding string not terminated");
|
bpe = new BadPaddingException("Padding string not terminated");
|
||||||
}
|
}
|
||||||
if ((type == PAD_BLOCKTYPE_1) && (b != 0xff)) {
|
if ((type == PAD_BLOCKTYPE_1) && (b != 0xff) &&
|
||||||
throw new BadPaddingException("Padding byte not 0xff: " + b);
|
p == 0 && bpe == null) {
|
||||||
|
bpe = new BadPaddingException("Padding byte not 0xff: " + b);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
int n = padded.length - k;
|
int n = padded.length - p;
|
||||||
if (n > maxDataSize) {
|
if (n > maxDataSize && bpe == null) {
|
||||||
throw new BadPaddingException("Padding string too short");
|
bpe = new BadPaddingException("Padding string too short");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// copy useless padding array for a constant-time method
|
||||||
|
//
|
||||||
|
// Is it necessary?
|
||||||
|
byte[] padding = new byte[p];
|
||||||
|
System.arraycopy(padded, 0, padding, 0, p);
|
||||||
|
|
||||||
byte[] data = new byte[n];
|
byte[] data = new byte[n];
|
||||||
System.arraycopy(padded, padded.length - n, data, 0, n);
|
System.arraycopy(padded, p, data, 0, n);
|
||||||
|
|
||||||
|
if (bpe == null) {
|
||||||
|
bpe = new BadPaddingException("Unused exception");
|
||||||
|
} else {
|
||||||
|
throw bpe;
|
||||||
|
}
|
||||||
|
|
||||||
return data;
|
return data;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1112,94 +1112,23 @@ abstract class Handshaker {
|
|||||||
clnt_random.random_bytes, svr_random.random_bytes,
|
clnt_random.random_bytes, svr_random.random_bytes,
|
||||||
prfHashAlg, prfHashLength, prfBlockSize);
|
prfHashAlg, prfHashLength, prfBlockSize);
|
||||||
|
|
||||||
SecretKey masterSecret;
|
|
||||||
try {
|
try {
|
||||||
KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg);
|
KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg);
|
||||||
kg.init(spec);
|
kg.init(spec);
|
||||||
masterSecret = kg.generateKey();
|
return kg.generateKey();
|
||||||
} catch (GeneralSecurityException e) {
|
} catch (InvalidAlgorithmParameterException |
|
||||||
|
NoSuchAlgorithmException iae) {
|
||||||
|
// unlikely to happen, otherwise, must be a provider exception
|
||||||
|
//
|
||||||
// For RSA premaster secrets, do not signal a protocol error
|
// For RSA premaster secrets, do not signal a protocol error
|
||||||
// due to the Bleichenbacher attack. See comments further down.
|
// due to the Bleichenbacher attack. See comments further down.
|
||||||
if (!preMasterSecret.getAlgorithm().equals(
|
|
||||||
"TlsRsaPremasterSecret")) {
|
|
||||||
throw new ProviderException(e);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (debug != null && Debug.isOn("handshake")) {
|
if (debug != null && Debug.isOn("handshake")) {
|
||||||
System.out.println("RSA master secret generation error:");
|
System.out.println("RSA master secret generation error:");
|
||||||
e.printStackTrace(System.out);
|
iae.printStackTrace(System.out);
|
||||||
}
|
}
|
||||||
|
throw new ProviderException(iae);
|
||||||
|
|
||||||
if (requestedVersion != null) {
|
|
||||||
preMasterSecret =
|
|
||||||
RSAClientKeyExchange.generateDummySecret(requestedVersion);
|
|
||||||
} else {
|
|
||||||
preMasterSecret =
|
|
||||||
RSAClientKeyExchange.generateDummySecret(protocolVersion);
|
|
||||||
}
|
|
||||||
|
|
||||||
// recursive call with new premaster secret
|
|
||||||
return calculateMasterSecret(preMasterSecret, null);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// if no version check requested (client side handshake), or version
|
|
||||||
// information is not available (not an RSA premaster secret),
|
|
||||||
// return master secret immediately.
|
|
||||||
if ((requestedVersion == null) ||
|
|
||||||
!(masterSecret instanceof TlsMasterSecret)) {
|
|
||||||
return masterSecret;
|
|
||||||
}
|
|
||||||
|
|
||||||
// we have checked the ClientKeyExchange message when reading TLS
|
|
||||||
// record, the following check is necessary to ensure that
|
|
||||||
// JCE provider does not ignore the checking, or the previous
|
|
||||||
// checking process bypassed the premaster secret version checking.
|
|
||||||
TlsMasterSecret tlsKey = (TlsMasterSecret)masterSecret;
|
|
||||||
int major = tlsKey.getMajorVersion();
|
|
||||||
int minor = tlsKey.getMinorVersion();
|
|
||||||
if ((major < 0) || (minor < 0)) {
|
|
||||||
return masterSecret;
|
|
||||||
}
|
|
||||||
|
|
||||||
// check if the premaster secret version is ok
|
|
||||||
// the specification says that it must be the maximum version supported
|
|
||||||
// by the client from its ClientHello message. However, many
|
|
||||||
// implementations send the negotiated version, so accept both
|
|
||||||
// for SSL v3.0 and TLS v1.0.
|
|
||||||
// NOTE that we may be comparing two unsupported version numbers, which
|
|
||||||
// is why we cannot use object reference equality in this special case.
|
|
||||||
ProtocolVersion premasterVersion =
|
|
||||||
ProtocolVersion.valueOf(major, minor);
|
|
||||||
boolean versionMismatch = (premasterVersion.v != requestedVersion.v);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* we never checked the client_version in server side
|
|
||||||
* for TLS v1.0 and SSL v3.0. For compatibility, we
|
|
||||||
* maintain this behavior.
|
|
||||||
*/
|
|
||||||
if (versionMismatch && requestedVersion.v <= ProtocolVersion.TLS10.v) {
|
|
||||||
versionMismatch = (premasterVersion.v != protocolVersion.v);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (versionMismatch == false) {
|
|
||||||
// check passed, return key
|
|
||||||
return masterSecret;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Due to the Bleichenbacher attack, do not signal a protocol error.
|
|
||||||
// Generate a random premaster secret and continue with the handshake,
|
|
||||||
// which will fail when verifying the finished messages.
|
|
||||||
// For more information, see comments in PreMasterSecret.
|
|
||||||
if (debug != null && Debug.isOn("handshake")) {
|
|
||||||
System.out.println("RSA PreMasterSecret version error: expected"
|
|
||||||
+ protocolVersion + " or " + requestedVersion + ", decrypted: "
|
|
||||||
+ premasterVersion);
|
|
||||||
}
|
|
||||||
preMasterSecret =
|
|
||||||
RSAClientKeyExchange.generateDummySecret(requestedVersion);
|
|
||||||
|
|
||||||
// recursive call with new premaster secret
|
|
||||||
return calculateMasterSecret(preMasterSecret, null);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -133,26 +133,37 @@ final class RSAClientKeyExchange extends HandshakeMessage {
|
|||||||
} else {
|
} else {
|
||||||
encrypted = new byte [messageSize];
|
encrypted = new byte [messageSize];
|
||||||
if (input.read(encrypted) != messageSize) {
|
if (input.read(encrypted) != messageSize) {
|
||||||
throw new SSLProtocolException
|
throw new SSLProtocolException(
|
||||||
("SSL: read PreMasterSecret: short read");
|
"SSL: read PreMasterSecret: short read");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Exception failover = null;
|
||||||
|
byte[] encoded = null;
|
||||||
try {
|
try {
|
||||||
Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1);
|
Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1);
|
||||||
cipher.init(Cipher.UNWRAP_MODE, privateKey);
|
// Cannot generate key here, please don't use Cipher.UNWRAP_MODE!
|
||||||
preMaster = (SecretKey)cipher.unwrap(encrypted,
|
cipher.init(Cipher.DECRYPT_MODE, privateKey);
|
||||||
"TlsRsaPremasterSecret", Cipher.SECRET_KEY);
|
encoded = cipher.doFinal(encrypted);
|
||||||
|
} catch (BadPaddingException bpe) {
|
||||||
// polish the premaster secret
|
failover = bpe;
|
||||||
preMaster = polishPreMasterSecretKey(currentVersion, maxVersion,
|
encoded = null;
|
||||||
generator, preMaster, null);
|
} catch (IllegalBlockSizeException ibse) {
|
||||||
|
// the message it too big to process with RSA
|
||||||
|
throw new SSLProtocolException(
|
||||||
|
"Unable to process PreMasterSecret, may be too big");
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
// polish the premaster secret
|
// unlikely to happen, otherwise, must be a provider exception
|
||||||
preMaster =
|
if (debug != null && Debug.isOn("handshake")) {
|
||||||
polishPreMasterSecretKey(currentVersion, maxVersion,
|
System.out.println("RSA premaster secret decryption error:");
|
||||||
generator, null, e);
|
e.printStackTrace(System.out);
|
||||||
|
}
|
||||||
|
throw new RuntimeException("Could not generate dummy secret", e);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// polish the premaster secret
|
||||||
|
preMaster = polishPreMasterSecretKey(
|
||||||
|
currentVersion, maxVersion, generator, encoded, failover);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -163,85 +174,74 @@ final class RSAClientKeyExchange extends HandshakeMessage {
|
|||||||
*
|
*
|
||||||
* RFC 5246 describes the approach as :
|
* RFC 5246 describes the approach as :
|
||||||
*
|
*
|
||||||
* 1. Generate a string R of 46 random bytes
|
* 1. Generate a string R of 48 random bytes
|
||||||
*
|
*
|
||||||
* 2. Decrypt the message to recover the plaintext M
|
* 2. Decrypt the message to recover the plaintext M
|
||||||
*
|
*
|
||||||
* 3. If the PKCS#1 padding is not correct, or the length of message
|
* 3. If the PKCS#1 padding is not correct, or the length of message
|
||||||
* M is not exactly 48 bytes:
|
* M is not exactly 48 bytes:
|
||||||
* pre_master_secret = ClientHello.client_version || R
|
* pre_master_secret = R
|
||||||
* else If ClientHello.client_version <= TLS 1.0, and version
|
* else If ClientHello.client_version <= TLS 1.0, and version
|
||||||
* number check is explicitly disabled:
|
* number check is explicitly disabled:
|
||||||
* pre_master_secret = M
|
* premaster secret = M
|
||||||
|
* else If M[0..1] != ClientHello.client_version:
|
||||||
|
* premaster secret = R
|
||||||
* else:
|
* else:
|
||||||
* pre_master_secret = ClientHello.client_version || M[2..47]
|
* premaster secret = M
|
||||||
|
*
|
||||||
|
* Note that #2 has completed before the call of this method.
|
||||||
*/
|
*/
|
||||||
private SecretKey polishPreMasterSecretKey(ProtocolVersion currentVersion,
|
private SecretKey polishPreMasterSecretKey(ProtocolVersion currentVersion,
|
||||||
ProtocolVersion clientHelloVersion, SecureRandom generator,
|
ProtocolVersion clientHelloVersion, SecureRandom generator,
|
||||||
SecretKey secretKey, Exception failoverException) {
|
byte[] encoded, Exception failoverException) {
|
||||||
|
|
||||||
this.protocolVersion = clientHelloVersion;
|
this.protocolVersion = clientHelloVersion;
|
||||||
|
if (generator == null) {
|
||||||
|
generator = new SecureRandom();
|
||||||
|
}
|
||||||
|
byte[] random = new byte[48];
|
||||||
|
generator.nextBytes(random);
|
||||||
|
|
||||||
if (failoverException == null && secretKey != null) {
|
if (failoverException == null && encoded != null) {
|
||||||
// check the length
|
// check the length
|
||||||
byte[] encoded = secretKey.getEncoded();
|
if (encoded.length != 48) {
|
||||||
if (encoded == null) { // unable to get the encoded key
|
|
||||||
if (debug != null && Debug.isOn("handshake")) {
|
|
||||||
System.out.println(
|
|
||||||
"unable to get the plaintext of the premaster secret");
|
|
||||||
}
|
|
||||||
|
|
||||||
int keySize = KeyUtil.getKeySize(secretKey);
|
|
||||||
if (keySize > 0 && keySize != 384) { // 384 = 48 * 8
|
|
||||||
if (debug != null && Debug.isOn("handshake")) {
|
|
||||||
System.out.println(
|
|
||||||
"incorrect length of premaster secret: " +
|
|
||||||
(keySize/8));
|
|
||||||
}
|
|
||||||
|
|
||||||
return generateDummySecret(clientHelloVersion);
|
|
||||||
}
|
|
||||||
|
|
||||||
// The key size is exactly 48 bytes or not accessible.
|
|
||||||
//
|
|
||||||
// Conservatively, pass the checking to master secret
|
|
||||||
// calculation.
|
|
||||||
return secretKey;
|
|
||||||
} else if (encoded.length == 48) {
|
|
||||||
// check the version
|
|
||||||
if (clientHelloVersion.major == encoded[0] &&
|
|
||||||
clientHelloVersion.minor == encoded[1]) {
|
|
||||||
|
|
||||||
return secretKey;
|
|
||||||
} else if (clientHelloVersion.v <= ProtocolVersion.TLS10.v &&
|
|
||||||
currentVersion.major == encoded[0] &&
|
|
||||||
currentVersion.minor == encoded[1]) {
|
|
||||||
/*
|
|
||||||
* For compatibility, we maintain the behavior that the
|
|
||||||
* version in pre_master_secret can be the negotiated
|
|
||||||
* version for TLS v1.0 and SSL v3.0.
|
|
||||||
*/
|
|
||||||
this.protocolVersion = currentVersion;
|
|
||||||
return secretKey;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (debug != null && Debug.isOn("handshake")) {
|
|
||||||
System.out.println("Mismatching Protocol Versions, " +
|
|
||||||
"ClientHello.client_version is " + clientHelloVersion +
|
|
||||||
", while PreMasterSecret.client_version is " +
|
|
||||||
ProtocolVersion.valueOf(encoded[0], encoded[1]));
|
|
||||||
}
|
|
||||||
|
|
||||||
return generateDummySecret(clientHelloVersion);
|
|
||||||
} else {
|
|
||||||
if (debug != null && Debug.isOn("handshake")) {
|
if (debug != null && Debug.isOn("handshake")) {
|
||||||
System.out.println(
|
System.out.println(
|
||||||
"incorrect length of premaster secret: " +
|
"incorrect length of premaster secret: " +
|
||||||
encoded.length);
|
encoded.length);
|
||||||
}
|
}
|
||||||
|
|
||||||
return generateDummySecret(clientHelloVersion);
|
return generatePreMasterSecret(
|
||||||
|
clientHelloVersion, random, generator);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (clientHelloVersion.major != encoded[0] ||
|
||||||
|
clientHelloVersion.minor != encoded[1]) {
|
||||||
|
|
||||||
|
if (clientHelloVersion.v <= ProtocolVersion.TLS10.v &&
|
||||||
|
currentVersion.major == encoded[0] &&
|
||||||
|
currentVersion.minor == encoded[1]) {
|
||||||
|
/*
|
||||||
|
* For compatibility, we maintain the behavior that the
|
||||||
|
* version in pre_master_secret can be the negotiated
|
||||||
|
* version for TLS v1.0 and SSL v3.0.
|
||||||
|
*/
|
||||||
|
this.protocolVersion = currentVersion;
|
||||||
|
} else {
|
||||||
|
if (debug != null && Debug.isOn("handshake")) {
|
||||||
|
System.out.println("Mismatching Protocol Versions, " +
|
||||||
|
"ClientHello.client_version is " +
|
||||||
|
clientHelloVersion +
|
||||||
|
", while PreMasterSecret.client_version is " +
|
||||||
|
ProtocolVersion.valueOf(encoded[0], encoded[1]));
|
||||||
|
}
|
||||||
|
|
||||||
|
encoded = random;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return generatePreMasterSecret(
|
||||||
|
clientHelloVersion, encoded, generator);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (debug != null && Debug.isOn("handshake") &&
|
if (debug != null && Debug.isOn("handshake") &&
|
||||||
@ -250,11 +250,14 @@ final class RSAClientKeyExchange extends HandshakeMessage {
|
|||||||
failoverException.printStackTrace(System.out);
|
failoverException.printStackTrace(System.out);
|
||||||
}
|
}
|
||||||
|
|
||||||
return generateDummySecret(clientHelloVersion);
|
return generatePreMasterSecret(clientHelloVersion, random, generator);
|
||||||
}
|
}
|
||||||
|
|
||||||
// generate a premaster secret with the specified version number
|
// generate a premaster secret with the specified version number
|
||||||
static SecretKey generateDummySecret(ProtocolVersion version) {
|
private static SecretKey generatePreMasterSecret(
|
||||||
|
ProtocolVersion version, byte[] encodedSecret,
|
||||||
|
SecureRandom generator) {
|
||||||
|
|
||||||
if (debug != null && Debug.isOn("handshake")) {
|
if (debug != null && Debug.isOn("handshake")) {
|
||||||
System.out.println("Generating a random fake premaster secret");
|
System.out.println("Generating a random fake premaster secret");
|
||||||
}
|
}
|
||||||
@ -263,11 +266,17 @@ final class RSAClientKeyExchange extends HandshakeMessage {
|
|||||||
String s = ((version.v >= ProtocolVersion.TLS12.v) ?
|
String s = ((version.v >= ProtocolVersion.TLS12.v) ?
|
||||||
"SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
|
"SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
|
||||||
KeyGenerator kg = JsseJce.getKeyGenerator(s);
|
KeyGenerator kg = JsseJce.getKeyGenerator(s);
|
||||||
kg.init(new TlsRsaPremasterSecretParameterSpec
|
kg.init(new TlsRsaPremasterSecretParameterSpec(
|
||||||
(version.major, version.minor));
|
version.major, version.minor, encodedSecret), generator);
|
||||||
return kg.generateKey();
|
return kg.generateKey();
|
||||||
} catch (GeneralSecurityException e) {
|
} catch (InvalidAlgorithmParameterException |
|
||||||
throw new RuntimeException("Could not generate dummy secret", e);
|
NoSuchAlgorithmException iae) {
|
||||||
|
// unlikely to happen, otherwise, must be a provider exception
|
||||||
|
if (debug != null && Debug.isOn("handshake")) {
|
||||||
|
System.out.println("RSA premaster secret generation error:");
|
||||||
|
iae.printStackTrace(System.out);
|
||||||
|
}
|
||||||
|
throw new RuntimeException("Could not generate dummy secret", iae);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -158,8 +158,13 @@ public class Main {
|
|||||||
private String altSignerClasspath = null;
|
private String altSignerClasspath = null;
|
||||||
private ZipFile zipFile = null;
|
private ZipFile zipFile = null;
|
||||||
|
|
||||||
private boolean hasExpiredCert = false;
|
// Informational warnings
|
||||||
private boolean hasExpiringCert = false;
|
private boolean hasExpiringCert = false;
|
||||||
|
private boolean noTimestamp = false;
|
||||||
|
private Date expireDate = new Date(0L); // used in noTimestamp warning
|
||||||
|
|
||||||
|
// Severe warnings
|
||||||
|
private boolean hasExpiredCert = false;
|
||||||
private boolean notYetValidCert = false;
|
private boolean notYetValidCert = false;
|
||||||
private boolean chainNotValidated = false;
|
private boolean chainNotValidated = false;
|
||||||
private boolean notSignedByAlias = false;
|
private boolean notSignedByAlias = false;
|
||||||
@ -258,9 +263,6 @@ public class Main {
|
|||||||
|
|
||||||
if (strict) {
|
if (strict) {
|
||||||
int exitCode = 0;
|
int exitCode = 0;
|
||||||
if (hasExpiringCert) {
|
|
||||||
exitCode |= 2;
|
|
||||||
}
|
|
||||||
if (chainNotValidated || hasExpiredCert || notYetValidCert) {
|
if (chainNotValidated || hasExpiredCert || notYetValidCert) {
|
||||||
exitCode |= 4;
|
exitCode |= 4;
|
||||||
}
|
}
|
||||||
@ -754,14 +756,25 @@ public class Main {
|
|||||||
System.out.println(rb.getString(
|
System.out.println(rb.getString(
|
||||||
"jar.is.unsigned.signatures.missing.or.not.parsable."));
|
"jar.is.unsigned.signatures.missing.or.not.parsable."));
|
||||||
} else {
|
} else {
|
||||||
System.out.println(rb.getString("jar.verified."));
|
boolean warningAppeared = false;
|
||||||
if (hasUnsignedEntry || hasExpiredCert || hasExpiringCert ||
|
boolean errorAppeared = false;
|
||||||
badKeyUsage || badExtendedKeyUsage || badNetscapeCertType ||
|
if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType ||
|
||||||
notYetValidCert || chainNotValidated ||
|
notYetValidCert || chainNotValidated || hasExpiredCert ||
|
||||||
aliasNotInStore || notSignedByAlias) {
|
hasUnsignedEntry ||
|
||||||
|
aliasNotInStore || notSignedByAlias) {
|
||||||
|
|
||||||
|
if (strict) {
|
||||||
|
System.out.println(rb.getString("jar.verified.with.signer.errors."));
|
||||||
|
System.out.println();
|
||||||
|
System.out.println(rb.getString("Error."));
|
||||||
|
errorAppeared = true;
|
||||||
|
} else {
|
||||||
|
System.out.println(rb.getString("jar.verified."));
|
||||||
|
System.out.println();
|
||||||
|
System.out.println(rb.getString("Warning."));
|
||||||
|
warningAppeared = true;
|
||||||
|
}
|
||||||
|
|
||||||
System.out.println();
|
|
||||||
System.out.println(rb.getString("Warning."));
|
|
||||||
if (badKeyUsage) {
|
if (badKeyUsage) {
|
||||||
System.out.println(
|
System.out.println(
|
||||||
rb.getString("This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
|
rb.getString("This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
|
||||||
@ -785,10 +798,6 @@ public class Main {
|
|||||||
System.out.println(rb.getString(
|
System.out.println(rb.getString(
|
||||||
"This.jar.contains.entries.whose.signer.certificate.has.expired."));
|
"This.jar.contains.entries.whose.signer.certificate.has.expired."));
|
||||||
}
|
}
|
||||||
if (hasExpiringCert) {
|
|
||||||
System.out.println(rb.getString(
|
|
||||||
"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months."));
|
|
||||||
}
|
|
||||||
if (notYetValidCert) {
|
if (notYetValidCert) {
|
||||||
System.out.println(rb.getString(
|
System.out.println(rb.getString(
|
||||||
"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid."));
|
"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid."));
|
||||||
@ -807,10 +816,29 @@ public class Main {
|
|||||||
if (aliasNotInStore) {
|
if (aliasNotInStore) {
|
||||||
System.out.println(rb.getString("This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore."));
|
System.out.println(rb.getString("This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore."));
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
System.out.println(rb.getString("jar.verified."));
|
||||||
|
}
|
||||||
|
if (hasExpiringCert || noTimestamp) {
|
||||||
|
if (!warningAppeared) {
|
||||||
|
System.out.println();
|
||||||
|
System.out.println(rb.getString("Warning."));
|
||||||
|
warningAppeared = true;
|
||||||
|
}
|
||||||
|
if (hasExpiringCert) {
|
||||||
|
System.out.println(rb.getString(
|
||||||
|
"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months."));
|
||||||
|
}
|
||||||
|
if (noTimestamp) {
|
||||||
|
System.out.println(
|
||||||
|
String.format(rb.getString("no.timestamp.verifying"), expireDate));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (warningAppeared || errorAppeared) {
|
||||||
if (! (verbose != null && showcerts)) {
|
if (! (verbose != null && showcerts)) {
|
||||||
System.out.println();
|
System.out.println();
|
||||||
System.out.println(rb.getString(
|
System.out.println(rb.getString(
|
||||||
"Re.run.with.the.verbose.and.certs.options.for.more.details."));
|
"Re.run.with.the.verbose.and.certs.options.for.more.details."));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -870,6 +898,9 @@ public class Main {
|
|||||||
try {
|
try {
|
||||||
boolean printValidity = true;
|
boolean printValidity = true;
|
||||||
if (timestamp == null) {
|
if (timestamp == null) {
|
||||||
|
if (expireDate.getTime() == 0 || expireDate.after(notAfter)) {
|
||||||
|
expireDate = notAfter;
|
||||||
|
}
|
||||||
x509Cert.checkValidity();
|
x509Cert.checkValidity();
|
||||||
// test if cert will expire within six months
|
// test if cert will expire within six months
|
||||||
if (notAfter.getTime() < System.currentTimeMillis() + SIX_MONTHS) {
|
if (notAfter.getTime() < System.currentTimeMillis() + SIX_MONTHS) {
|
||||||
@ -1233,6 +1264,10 @@ public class Main {
|
|||||||
tsaCert = getTsaCert(tsaAlias);
|
tsaCert = getTsaCert(tsaAlias);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (tsaUrl == null && tsaCert == null) {
|
||||||
|
noTimestamp = true;
|
||||||
|
}
|
||||||
|
|
||||||
SignatureFile.Block block = null;
|
SignatureFile.Block block = null;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -1380,12 +1415,20 @@ public class Main {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hasExpiredCert || hasExpiringCert || notYetValidCert
|
boolean warningAppeared = false;
|
||||||
|| badKeyUsage || badExtendedKeyUsage
|
if (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType ||
|
||||||
|| badNetscapeCertType || chainNotValidated) {
|
notYetValidCert || chainNotValidated || hasExpiredCert) {
|
||||||
System.out.println();
|
if (strict) {
|
||||||
|
System.out.println(rb.getString("jar.signed.with.signer.errors."));
|
||||||
|
System.out.println();
|
||||||
|
System.out.println(rb.getString("Error."));
|
||||||
|
} else {
|
||||||
|
System.out.println(rb.getString("jar.signed."));
|
||||||
|
System.out.println();
|
||||||
|
System.out.println(rb.getString("Warning."));
|
||||||
|
warningAppeared = true;
|
||||||
|
}
|
||||||
|
|
||||||
System.out.println(rb.getString("Warning."));
|
|
||||||
if (badKeyUsage) {
|
if (badKeyUsage) {
|
||||||
System.out.println(
|
System.out.println(
|
||||||
rb.getString("The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
|
rb.getString("The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
|
||||||
@ -1404,9 +1447,6 @@ public class Main {
|
|||||||
if (hasExpiredCert) {
|
if (hasExpiredCert) {
|
||||||
System.out.println(
|
System.out.println(
|
||||||
rb.getString("The.signer.certificate.has.expired."));
|
rb.getString("The.signer.certificate.has.expired."));
|
||||||
} else if (hasExpiringCert) {
|
|
||||||
System.out.println(
|
|
||||||
rb.getString("The.signer.certificate.will.expire.within.six.months."));
|
|
||||||
} else if (notYetValidCert) {
|
} else if (notYetValidCert) {
|
||||||
System.out.println(
|
System.out.println(
|
||||||
rb.getString("The.signer.certificate.is.not.yet.valid."));
|
rb.getString("The.signer.certificate.is.not.yet.valid."));
|
||||||
@ -1416,6 +1456,24 @@ public class Main {
|
|||||||
System.out.println(
|
System.out.println(
|
||||||
rb.getString("The.signer.s.certificate.chain.is.not.validated."));
|
rb.getString("The.signer.s.certificate.chain.is.not.validated."));
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
System.out.println(rb.getString("jar.signed."));
|
||||||
|
}
|
||||||
|
if (hasExpiringCert || noTimestamp) {
|
||||||
|
if (!warningAppeared) {
|
||||||
|
System.out.println();
|
||||||
|
System.out.println(rb.getString("Warning."));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (hasExpiringCert) {
|
||||||
|
System.out.println(
|
||||||
|
rb.getString("The.signer.certificate.will.expire.within.six.months."));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (noTimestamp) {
|
||||||
|
System.out.println(
|
||||||
|
String.format(rb.getString("no.timestamp.signing"), expireDate));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// no IOException thrown in the above try clause, so disable
|
// no IOException thrown in the above try clause, so disable
|
||||||
@ -1502,6 +1560,7 @@ public class Main {
|
|||||||
timestamp = ts.getTimestamp();
|
timestamp = ts.getTimestamp();
|
||||||
} else {
|
} else {
|
||||||
timestamp = null;
|
timestamp = null;
|
||||||
|
noTimestamp = true;
|
||||||
}
|
}
|
||||||
// display the certificate(s). The first one is end-entity cert and
|
// display the certificate(s). The first one is end-entity cert and
|
||||||
// its KeyUsage should be checked.
|
// its KeyUsage should be checked.
|
||||||
|
@ -135,7 +135,10 @@ public class Resources extends java.util.ListResourceBundle {
|
|||||||
{".Unsigned.entries.", "(Unsigned entries)"},
|
{".Unsigned.entries.", "(Unsigned entries)"},
|
||||||
{"jar.is.unsigned.signatures.missing.or.not.parsable.",
|
{"jar.is.unsigned.signatures.missing.or.not.parsable.",
|
||||||
"jar is unsigned. (signatures missing or not parsable)"},
|
"jar is unsigned. (signatures missing or not parsable)"},
|
||||||
|
{"jar.signed.", "jar signed."},
|
||||||
|
{"jar.signed.with.signer.errors.", "jar signed, with signer errors."},
|
||||||
{"jar.verified.", "jar verified."},
|
{"jar.verified.", "jar verified."},
|
||||||
|
{"jar.verified.with.signer.errors.", "jar verified, with signer errors."},
|
||||||
{"jarsigner.", "jarsigner: "},
|
{"jarsigner.", "jarsigner: "},
|
||||||
{"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.",
|
{"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.",
|
||||||
"signature filename must consist of the following characters: A-Z, 0-9, _ or -"},
|
"signature filename must consist of the following characters: A-Z, 0-9, _ or -"},
|
||||||
@ -193,6 +196,7 @@ public class Resources extends java.util.ListResourceBundle {
|
|||||||
"using an alternative signing mechanism"},
|
"using an alternative signing mechanism"},
|
||||||
{"entry.was.signed.on", "entry was signed on {0}"},
|
{"entry.was.signed.on", "entry was signed on {0}"},
|
||||||
{"Warning.", "Warning: "},
|
{"Warning.", "Warning: "},
|
||||||
|
{"Error.", "Error: "},
|
||||||
{"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
|
{"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
|
||||||
"This jar contains unsigned entries which have not been integrity-checked. "},
|
"This jar contains unsigned entries which have not been integrity-checked. "},
|
||||||
{"This.jar.contains.entries.whose.signer.certificate.has.expired.",
|
{"This.jar.contains.entries.whose.signer.certificate.has.expired.",
|
||||||
@ -229,6 +233,10 @@ public class Resources extends java.util.ListResourceBundle {
|
|||||||
"The signer's certificate chain is not validated."},
|
"The signer's certificate chain is not validated."},
|
||||||
{"This.jar.contains.entries.whose.certificate.chain.is.not.validated.",
|
{"This.jar.contains.entries.whose.certificate.chain.is.not.validated.",
|
||||||
"This jar contains entries whose certificate chain is not validated."},
|
"This jar contains entries whose certificate chain is not validated."},
|
||||||
|
{"no.timestamp.signing",
|
||||||
|
"No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."},
|
||||||
|
{"no.timestamp.verifying",
|
||||||
|
"This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td) or after any future revocation date."},
|
||||||
{"Unknown.password.type.", "Unknown password type: "},
|
{"Unknown.password.type.", "Unknown password type: "},
|
||||||
{"Cannot.find.environment.variable.",
|
{"Cannot.find.environment.variable.",
|
||||||
"Cannot find environment variable: "},
|
"Cannot find environment variable: "},
|
||||||
|
@ -182,6 +182,7 @@ package.access=sun.,\
|
|||||||
com.sun.istack.internal.,\
|
com.sun.istack.internal.,\
|
||||||
com.sun.jmx.,\
|
com.sun.jmx.,\
|
||||||
com.sun.media.sound.,\
|
com.sun.media.sound.,\
|
||||||
|
com.sun.naming.internal.,\
|
||||||
com.sun.proxy.,\
|
com.sun.proxy.,\
|
||||||
com.sun.org.apache.bcel.internal.,\
|
com.sun.org.apache.bcel.internal.,\
|
||||||
com.sun.org.apache.regexp.internal.,\
|
com.sun.org.apache.regexp.internal.,\
|
||||||
@ -204,7 +205,7 @@ package.access=sun.,\
|
|||||||
com.sun.org.glassfish.,\
|
com.sun.org.glassfish.,\
|
||||||
com.oracle.xmlns.internal.,\
|
com.oracle.xmlns.internal.,\
|
||||||
com.oracle.webservices.internal.,\
|
com.oracle.webservices.internal.,\
|
||||||
oracle.jrockit.jfr.,\
|
oracle.jrockit.jfr.,\
|
||||||
org.jcp.xml.dsig.internal.,\
|
org.jcp.xml.dsig.internal.,\
|
||||||
jdk.internal.,\
|
jdk.internal.,\
|
||||||
jdk.nashorn.internal.,\
|
jdk.nashorn.internal.,\
|
||||||
@ -227,6 +228,7 @@ package.definition=sun.,\
|
|||||||
com.sun.istack.internal.,\
|
com.sun.istack.internal.,\
|
||||||
com.sun.jmx.,\
|
com.sun.jmx.,\
|
||||||
com.sun.media.sound.,\
|
com.sun.media.sound.,\
|
||||||
|
com.sun.naming.internal.,\
|
||||||
com.sun.proxy.,\
|
com.sun.proxy.,\
|
||||||
com.sun.org.apache.bcel.internal.,\
|
com.sun.org.apache.bcel.internal.,\
|
||||||
com.sun.org.apache.regexp.internal.,\
|
com.sun.org.apache.regexp.internal.,\
|
||||||
@ -249,7 +251,7 @@ package.definition=sun.,\
|
|||||||
com.sun.org.glassfish.,\
|
com.sun.org.glassfish.,\
|
||||||
com.oracle.xmlns.internal.,\
|
com.oracle.xmlns.internal.,\
|
||||||
com.oracle.webservices.internal.,\
|
com.oracle.webservices.internal.,\
|
||||||
oracle.jrockit.jfr.,\
|
oracle.jrockit.jfr.,\
|
||||||
org.jcp.xml.dsig.internal.,\
|
org.jcp.xml.dsig.internal.,\
|
||||||
jdk.internal.,\
|
jdk.internal.,\
|
||||||
jdk.nashorn.internal.,\
|
jdk.nashorn.internal.,\
|
||||||
|
@ -183,6 +183,7 @@ package.access=sun.,\
|
|||||||
com.sun.istack.internal.,\
|
com.sun.istack.internal.,\
|
||||||
com.sun.jmx.,\
|
com.sun.jmx.,\
|
||||||
com.sun.media.sound.,\
|
com.sun.media.sound.,\
|
||||||
|
com.sun.naming.internal.,\
|
||||||
com.sun.proxy.,\
|
com.sun.proxy.,\
|
||||||
com.sun.org.apache.bcel.internal.,\
|
com.sun.org.apache.bcel.internal.,\
|
||||||
com.sun.org.apache.regexp.internal.,\
|
com.sun.org.apache.regexp.internal.,\
|
||||||
@ -228,6 +229,7 @@ package.definition=sun.,\
|
|||||||
com.sun.istack.internal.,\
|
com.sun.istack.internal.,\
|
||||||
com.sun.jmx.,\
|
com.sun.jmx.,\
|
||||||
com.sun.media.sound.,\
|
com.sun.media.sound.,\
|
||||||
|
com.sun.naming.internal.,\
|
||||||
com.sun.proxy.,\
|
com.sun.proxy.,\
|
||||||
com.sun.org.apache.bcel.internal.,\
|
com.sun.org.apache.bcel.internal.,\
|
||||||
com.sun.org.apache.regexp.internal.,\
|
com.sun.org.apache.regexp.internal.,\
|
||||||
|
@ -184,6 +184,7 @@ package.access=sun.,\
|
|||||||
com.sun.istack.internal.,\
|
com.sun.istack.internal.,\
|
||||||
com.sun.jmx.,\
|
com.sun.jmx.,\
|
||||||
com.sun.media.sound.,\
|
com.sun.media.sound.,\
|
||||||
|
com.sun.naming.internal.,\
|
||||||
com.sun.proxy.,\
|
com.sun.proxy.,\
|
||||||
com.sun.org.apache.bcel.internal.,\
|
com.sun.org.apache.bcel.internal.,\
|
||||||
com.sun.org.apache.regexp.internal.,\
|
com.sun.org.apache.regexp.internal.,\
|
||||||
@ -206,7 +207,7 @@ package.access=sun.,\
|
|||||||
com.sun.org.glassfish.,\
|
com.sun.org.glassfish.,\
|
||||||
com.oracle.xmlns.internal.,\
|
com.oracle.xmlns.internal.,\
|
||||||
com.oracle.webservices.internal.,\
|
com.oracle.webservices.internal.,\
|
||||||
oracle.jrockit.jfr.,\
|
oracle.jrockit.jfr.,\
|
||||||
org.jcp.xml.dsig.internal.,\
|
org.jcp.xml.dsig.internal.,\
|
||||||
jdk.internal.,\
|
jdk.internal.,\
|
||||||
jdk.nashorn.internal.,\
|
jdk.nashorn.internal.,\
|
||||||
@ -228,6 +229,7 @@ package.definition=sun.,\
|
|||||||
com.sun.istack.internal.,\
|
com.sun.istack.internal.,\
|
||||||
com.sun.jmx.,\
|
com.sun.jmx.,\
|
||||||
com.sun.media.sound.,\
|
com.sun.media.sound.,\
|
||||||
|
com.sun.naming.internal.,\
|
||||||
com.sun.proxy.,\
|
com.sun.proxy.,\
|
||||||
com.sun.org.apache.bcel.internal.,\
|
com.sun.org.apache.bcel.internal.,\
|
||||||
com.sun.org.apache.regexp.internal.,\
|
com.sun.org.apache.regexp.internal.,\
|
||||||
@ -250,7 +252,7 @@ package.definition=sun.,\
|
|||||||
com.sun.org.glassfish.,\
|
com.sun.org.glassfish.,\
|
||||||
com.oracle.xmlns.internal.,\
|
com.oracle.xmlns.internal.,\
|
||||||
com.oracle.webservices.internal.,\
|
com.oracle.webservices.internal.,\
|
||||||
oracle.jrockit.jfr.,\
|
oracle.jrockit.jfr.,\
|
||||||
org.jcp.xml.dsig.internal.,\
|
org.jcp.xml.dsig.internal.,\
|
||||||
jdk.internal.,\
|
jdk.internal.,\
|
||||||
jdk.nashorn.internal.,\
|
jdk.nashorn.internal.,\
|
||||||
|
@ -183,6 +183,7 @@ package.access=sun.,\
|
|||||||
com.sun.istack.internal.,\
|
com.sun.istack.internal.,\
|
||||||
com.sun.jmx.,\
|
com.sun.jmx.,\
|
||||||
com.sun.media.sound.,\
|
com.sun.media.sound.,\
|
||||||
|
com.sun.naming.internal.,\
|
||||||
com.sun.proxy.,\
|
com.sun.proxy.,\
|
||||||
com.sun.org.apache.bcel.internal.,\
|
com.sun.org.apache.bcel.internal.,\
|
||||||
com.sun.org.apache.regexp.internal.,\
|
com.sun.org.apache.regexp.internal.,\
|
||||||
@ -205,7 +206,7 @@ package.access=sun.,\
|
|||||||
com.sun.org.glassfish.,\
|
com.sun.org.glassfish.,\
|
||||||
com.oracle.xmlns.internal.,\
|
com.oracle.xmlns.internal.,\
|
||||||
com.oracle.webservices.internal.,\
|
com.oracle.webservices.internal.,\
|
||||||
oracle.jrockit.jfr.,\
|
oracle.jrockit.jfr.,\
|
||||||
org.jcp.xml.dsig.internal.,\
|
org.jcp.xml.dsig.internal.,\
|
||||||
jdk.internal.,\
|
jdk.internal.,\
|
||||||
jdk.nashorn.internal.,\
|
jdk.nashorn.internal.,\
|
||||||
@ -228,6 +229,7 @@ package.definition=sun.,\
|
|||||||
com.sun.istack.internal.,\
|
com.sun.istack.internal.,\
|
||||||
com.sun.jmx.,\
|
com.sun.jmx.,\
|
||||||
com.sun.media.sound.,\
|
com.sun.media.sound.,\
|
||||||
|
com.sun.naming.internal.,\
|
||||||
com.sun.proxy.,\
|
com.sun.proxy.,\
|
||||||
com.sun.org.apache.bcel.internal.,\
|
com.sun.org.apache.bcel.internal.,\
|
||||||
com.sun.org.apache.regexp.internal.,\
|
com.sun.org.apache.regexp.internal.,\
|
||||||
@ -250,7 +252,7 @@ package.definition=sun.,\
|
|||||||
com.sun.org.glassfish.,\
|
com.sun.org.glassfish.,\
|
||||||
com.oracle.xmlns.internal.,\
|
com.oracle.xmlns.internal.,\
|
||||||
com.oracle.webservices.internal.,\
|
com.oracle.webservices.internal.,\
|
||||||
oracle.jrockit.jfr.,\
|
oracle.jrockit.jfr.,\
|
||||||
org.jcp.xml.dsig.internal.,\
|
org.jcp.xml.dsig.internal.,\
|
||||||
jdk.internal.,\
|
jdk.internal.,\
|
||||||
jdk.nashorn.internal.,\
|
jdk.nashorn.internal.,\
|
||||||
|
@ -111,8 +111,9 @@ SplashDone(Splash * splash)
|
|||||||
int
|
int
|
||||||
SplashIsStillLooping(Splash * splash)
|
SplashIsStillLooping(Splash * splash)
|
||||||
{
|
{
|
||||||
if (splash->currentFrame < 0)
|
if (splash->currentFrame < 0) {
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
return splash->loopCount != 1 ||
|
return splash->loopCount != 1 ||
|
||||||
splash->currentFrame + 1 < splash->frameCount;
|
splash->currentFrame + 1 < splash->frameCount;
|
||||||
}
|
}
|
||||||
@ -121,17 +122,22 @@ void
|
|||||||
SplashUpdateScreenData(Splash * splash)
|
SplashUpdateScreenData(Splash * splash)
|
||||||
{
|
{
|
||||||
ImageRect srcRect, dstRect;
|
ImageRect srcRect, dstRect;
|
||||||
|
if (splash->currentFrame < 0) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
initRect(&srcRect, 0, 0, splash->width, splash->height, 1,
|
initRect(&srcRect, 0, 0, splash->width, splash->height, 1,
|
||||||
splash->width * sizeof(rgbquad_t),
|
splash->width * sizeof(rgbquad_t),
|
||||||
splash->frames[splash->currentFrame].bitmapBits, &splash->imageFormat);
|
splash->frames[splash->currentFrame].bitmapBits, &splash->imageFormat);
|
||||||
if (splash->screenData)
|
if (splash->screenData) {
|
||||||
free(splash->screenData);
|
free(splash->screenData);
|
||||||
|
}
|
||||||
splash->screenStride = splash->width * splash->screenFormat.depthBytes;
|
splash->screenStride = splash->width * splash->screenFormat.depthBytes;
|
||||||
if (splash->byteAlignment > 1)
|
if (splash->byteAlignment > 1) {
|
||||||
splash->screenStride =
|
splash->screenStride =
|
||||||
(splash->screenStride + splash->byteAlignment - 1) &
|
(splash->screenStride + splash->byteAlignment - 1) &
|
||||||
~(splash->byteAlignment - 1);
|
~(splash->byteAlignment - 1);
|
||||||
|
}
|
||||||
splash->screenData = malloc(splash->height * splash->screenStride);
|
splash->screenData = malloc(splash->height * splash->screenStride);
|
||||||
initRect(&dstRect, 0, 0, splash->width, splash->height, 1,
|
initRect(&dstRect, 0, 0, splash->width, splash->height, 1,
|
||||||
splash->screenStride, splash->screenData, &splash->screenFormat);
|
splash->screenStride, splash->screenData, &splash->screenFormat);
|
||||||
@ -146,16 +152,19 @@ SplashUpdateScreenData(Splash * splash)
|
|||||||
void
|
void
|
||||||
SplashNextFrame(Splash * splash)
|
SplashNextFrame(Splash * splash)
|
||||||
{
|
{
|
||||||
if (splash->currentFrame < 0)
|
if (splash->currentFrame < 0) {
|
||||||
return;
|
return;
|
||||||
|
}
|
||||||
do {
|
do {
|
||||||
if (!SplashIsStillLooping(splash))
|
if (!SplashIsStillLooping(splash)) {
|
||||||
return;
|
return;
|
||||||
|
}
|
||||||
splash->time += splash->frames[splash->currentFrame].delay;
|
splash->time += splash->frames[splash->currentFrame].delay;
|
||||||
if (++splash->currentFrame >= splash->frameCount) {
|
if (++splash->currentFrame >= splash->frameCount) {
|
||||||
splash->currentFrame = 0;
|
splash->currentFrame = 0;
|
||||||
if (splash->loopCount > 0)
|
if (splash->loopCount > 0) {
|
||||||
splash->loopCount--;
|
splash->loopCount--;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} while (splash->time + splash->frames[splash->currentFrame].delay -
|
} while (splash->time + splash->frames[splash->currentFrame].delay -
|
||||||
SplashTime() <= 0);
|
SplashTime() <= 0);
|
||||||
@ -183,8 +192,9 @@ BitmapToYXBandedRectangles(ImageRect * pSrcRect, RECT_T * out)
|
|||||||
pSrc += pSrcRect->depthBytes;
|
pSrc += pSrcRect->depthBytes;
|
||||||
++i;
|
++i;
|
||||||
}
|
}
|
||||||
if (i >= pSrcRect->numSamples)
|
if (i >= pSrcRect->numSamples) {
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
i0 = i;
|
i0 = i;
|
||||||
while (i < pSrcRect->numSamples &&
|
while (i < pSrcRect->numSamples &&
|
||||||
getRGBA(pSrc, pSrcRect->format) >= ALPHA_THRESHOLD) {
|
getRGBA(pSrc, pSrcRect->format) >= ALPHA_THRESHOLD) {
|
||||||
|
@ -138,7 +138,7 @@ le_uint32 LookupProcessor::applySingleLookup(le_uint16 lookupTableIndex, GlyphIt
|
|||||||
le_int32 LookupProcessor::selectLookups(const LEReferenceTo<FeatureTable> &featureTable, FeatureMask featureMask, le_int32 order, LEErrorCode &success)
|
le_int32 LookupProcessor::selectLookups(const LEReferenceTo<FeatureTable> &featureTable, FeatureMask featureMask, le_int32 order, LEErrorCode &success)
|
||||||
{
|
{
|
||||||
le_uint16 lookupCount = featureTable.isValid()? SWAPW(featureTable->lookupCount) : 0;
|
le_uint16 lookupCount = featureTable.isValid()? SWAPW(featureTable->lookupCount) : 0;
|
||||||
le_int32 store = order;
|
le_uint32 store = (le_uint32)order;
|
||||||
|
|
||||||
LEReferenceToArrayOf<le_uint16> lookupListIndexArray(featureTable, success, featureTable->lookupListIndexArray, lookupCount);
|
LEReferenceToArrayOf<le_uint16> lookupListIndexArray(featureTable, success, featureTable->lookupListIndexArray, lookupCount);
|
||||||
|
|
||||||
@ -147,6 +147,9 @@ le_int32 LookupProcessor::selectLookups(const LEReferenceTo<FeatureTable> &featu
|
|||||||
if (lookupListIndex >= lookupSelectCount) {
|
if (lookupListIndex >= lookupSelectCount) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
if (store >= lookupOrderCount) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
lookupSelectArray[lookupListIndex] |= featureMask;
|
lookupSelectArray[lookupListIndex] |= featureMask;
|
||||||
lookupOrderArray[store++] = lookupListIndex;
|
lookupOrderArray[store++] = lookupListIndex;
|
||||||
@ -246,7 +249,7 @@ LookupProcessor::LookupProcessor(const LETableReference &baseAddress,
|
|||||||
|
|
||||||
if (requiredFeatureIndex != 0xFFFF) {
|
if (requiredFeatureIndex != 0xFFFF) {
|
||||||
requiredFeatureTable = featureListTable->getFeatureTable(featureListTable, requiredFeatureIndex, &requiredFeatureTag, success);
|
requiredFeatureTable = featureListTable->getFeatureTable(featureListTable, requiredFeatureIndex, &requiredFeatureTag, success);
|
||||||
featureReferences += SWAPW(featureTable->lookupCount);
|
featureReferences += SWAPW(requiredFeatureTable->lookupCount);
|
||||||
}
|
}
|
||||||
|
|
||||||
lookupOrderArray = LE_NEW_ARRAY(le_uint16, featureReferences);
|
lookupOrderArray = LE_NEW_ARRAY(le_uint16, featureReferences);
|
||||||
@ -254,6 +257,7 @@ LookupProcessor::LookupProcessor(const LETableReference &baseAddress,
|
|||||||
success = LE_MEMORY_ALLOCATION_ERROR;
|
success = LE_MEMORY_ALLOCATION_ERROR;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
lookupOrderCount = featureReferences;
|
||||||
|
|
||||||
for (le_int32 f = 0; f < featureMapCount; f += 1) {
|
for (le_int32 f = 0; f < featureMapCount; f += 1) {
|
||||||
FeatureMap fm = featureMap[f];
|
FeatureMap fm = featureMap[f];
|
||||||
|
@ -215,6 +215,11 @@ void LinLerp1D(register const cmsUInt16Number Value[],
|
|||||||
Output[0] = LinearInterp(rest, y0, y1);
|
Output[0] = LinearInterp(rest, y0, y1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// To prevent out of bounds indexing
|
||||||
|
cmsINLINE cmsFloat32Number fclamp(cmsFloat32Number v)
|
||||||
|
{
|
||||||
|
return v < 0.0f ? 0.0f : (v > 1.0f ? 1.0f : v);
|
||||||
|
}
|
||||||
|
|
||||||
// Floating-point version of 1D interpolation
|
// Floating-point version of 1D interpolation
|
||||||
static
|
static
|
||||||
@ -227,13 +232,15 @@ void LinLerp1Dfloat(const cmsFloat32Number Value[],
|
|||||||
int cell0, cell1;
|
int cell0, cell1;
|
||||||
const cmsFloat32Number* LutTable = (cmsFloat32Number*) p ->Table;
|
const cmsFloat32Number* LutTable = (cmsFloat32Number*) p ->Table;
|
||||||
|
|
||||||
|
val2 = fclamp(Value[0]);
|
||||||
|
|
||||||
// if last value...
|
// if last value...
|
||||||
if (Value[0] == 1.0) {
|
if (val2 == 1.0) {
|
||||||
Output[0] = LutTable[p -> Domain[0]];
|
Output[0] = LutTable[p -> Domain[0]];
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
val2 = p -> Domain[0] * Value[0];
|
val2 *= p -> Domain[0];
|
||||||
|
|
||||||
cell0 = (int) floor(val2);
|
cell0 = (int) floor(val2);
|
||||||
cell1 = (int) ceil(val2);
|
cell1 = (int) ceil(val2);
|
||||||
@ -292,13 +299,15 @@ void Eval1InputFloat(const cmsFloat32Number Value[],
|
|||||||
cmsUInt32Number OutChan;
|
cmsUInt32Number OutChan;
|
||||||
const cmsFloat32Number* LutTable = (cmsFloat32Number*) p ->Table;
|
const cmsFloat32Number* LutTable = (cmsFloat32Number*) p ->Table;
|
||||||
|
|
||||||
|
val2 = fclamp(Value[0]);
|
||||||
|
|
||||||
// if last value...
|
// if last value...
|
||||||
if (Value[0] == 1.0) {
|
if (val2 == 1.0) {
|
||||||
Output[0] = LutTable[p -> Domain[0]];
|
Output[0] = LutTable[p -> Domain[0]];
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
val2 = p -> Domain[0] * Value[0];
|
val2 *= p -> Domain[0];
|
||||||
|
|
||||||
cell0 = (int) floor(val2);
|
cell0 = (int) floor(val2);
|
||||||
cell1 = (int) ceil(val2);
|
cell1 = (int) ceil(val2);
|
||||||
@ -339,8 +348,8 @@ void BilinearInterpFloat(const cmsFloat32Number Input[],
|
|||||||
dxy;
|
dxy;
|
||||||
|
|
||||||
TotalOut = p -> nOutputs;
|
TotalOut = p -> nOutputs;
|
||||||
px = Input[0] * p->Domain[0];
|
px = fclamp(Input[0]) * p->Domain[0];
|
||||||
py = Input[1] * p->Domain[1];
|
py = fclamp(Input[1]) * p->Domain[1];
|
||||||
|
|
||||||
x0 = (int) _cmsQuickFloor(px); fx = px - (cmsFloat32Number) x0;
|
x0 = (int) _cmsQuickFloor(px); fx = px - (cmsFloat32Number) x0;
|
||||||
y0 = (int) _cmsQuickFloor(py); fy = py - (cmsFloat32Number) y0;
|
y0 = (int) _cmsQuickFloor(py); fy = py - (cmsFloat32Number) y0;
|
||||||
@ -454,20 +463,9 @@ void TrilinearInterpFloat(const cmsFloat32Number Input[],
|
|||||||
TotalOut = p -> nOutputs;
|
TotalOut = p -> nOutputs;
|
||||||
|
|
||||||
// We need some clipping here
|
// We need some clipping here
|
||||||
px = Input[0];
|
px = fclamp(Input[0]) * p->Domain[0];
|
||||||
py = Input[1];
|
py = fclamp(Input[1]) * p->Domain[1];
|
||||||
pz = Input[2];
|
pz = fclamp(Input[2]) * p->Domain[2];
|
||||||
|
|
||||||
if (px < 0) px = 0;
|
|
||||||
if (px > 1) px = 1;
|
|
||||||
if (py < 0) py = 0;
|
|
||||||
if (py > 1) py = 1;
|
|
||||||
if (pz < 0) pz = 0;
|
|
||||||
if (pz > 1) pz = 1;
|
|
||||||
|
|
||||||
px *= p->Domain[0];
|
|
||||||
py *= p->Domain[1];
|
|
||||||
pz *= p->Domain[2];
|
|
||||||
|
|
||||||
x0 = (int) _cmsQuickFloor(px); fx = px - (cmsFloat32Number) x0;
|
x0 = (int) _cmsQuickFloor(px); fx = px - (cmsFloat32Number) x0;
|
||||||
y0 = (int) _cmsQuickFloor(py); fy = py - (cmsFloat32Number) y0;
|
y0 = (int) _cmsQuickFloor(py); fy = py - (cmsFloat32Number) y0;
|
||||||
@ -609,20 +607,9 @@ void TetrahedralInterpFloat(const cmsFloat32Number Input[],
|
|||||||
TotalOut = p -> nOutputs;
|
TotalOut = p -> nOutputs;
|
||||||
|
|
||||||
// We need some clipping here
|
// We need some clipping here
|
||||||
px = Input[0];
|
px = fclamp(Input[0]) * p->Domain[0];
|
||||||
py = Input[1];
|
py = fclamp(Input[1]) * p->Domain[1];
|
||||||
pz = Input[2];
|
pz = fclamp(Input[2]) * p->Domain[2];
|
||||||
|
|
||||||
if (px < 0) px = 0;
|
|
||||||
if (px > 1) px = 1;
|
|
||||||
if (py < 0) py = 0;
|
|
||||||
if (py > 1) py = 1;
|
|
||||||
if (pz < 0) pz = 0;
|
|
||||||
if (pz > 1) pz = 1;
|
|
||||||
|
|
||||||
px *= p->Domain[0];
|
|
||||||
py *= p->Domain[1];
|
|
||||||
pz *= p->Domain[2];
|
|
||||||
|
|
||||||
x0 = (int) _cmsQuickFloor(px); rx = (px - (cmsFloat32Number) x0);
|
x0 = (int) _cmsQuickFloor(px); rx = (px - (cmsFloat32Number) x0);
|
||||||
y0 = (int) _cmsQuickFloor(py); ry = (py - (cmsFloat32Number) y0);
|
y0 = (int) _cmsQuickFloor(py); ry = (py - (cmsFloat32Number) y0);
|
||||||
@ -1039,8 +1026,7 @@ void Eval4InputsFloat(const cmsFloat32Number Input[],
|
|||||||
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
|
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
|
||||||
cmsInterpParams p1;
|
cmsInterpParams p1;
|
||||||
|
|
||||||
|
pk = fclamp(Input[0]) * p->Domain[0];
|
||||||
pk = Input[0] * p->Domain[0];
|
|
||||||
k0 = _cmsQuickFloor(pk);
|
k0 = _cmsQuickFloor(pk);
|
||||||
rest = pk - (cmsFloat32Number) k0;
|
rest = pk - (cmsFloat32Number) k0;
|
||||||
|
|
||||||
@ -1127,7 +1113,7 @@ void Eval5InputsFloat(const cmsFloat32Number Input[],
|
|||||||
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
|
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
|
||||||
cmsInterpParams p1;
|
cmsInterpParams p1;
|
||||||
|
|
||||||
pk = Input[0] * p->Domain[0];
|
pk = fclamp(Input[0]) * p->Domain[0];
|
||||||
k0 = _cmsQuickFloor(pk);
|
k0 = _cmsQuickFloor(pk);
|
||||||
rest = pk - (cmsFloat32Number) k0;
|
rest = pk - (cmsFloat32Number) k0;
|
||||||
|
|
||||||
@ -1214,7 +1200,7 @@ void Eval6InputsFloat(const cmsFloat32Number Input[],
|
|||||||
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
|
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
|
||||||
cmsInterpParams p1;
|
cmsInterpParams p1;
|
||||||
|
|
||||||
pk = Input[0] * p->Domain[0];
|
pk = fclamp(Input[0]) * p->Domain[0];
|
||||||
k0 = _cmsQuickFloor(pk);
|
k0 = _cmsQuickFloor(pk);
|
||||||
rest = pk - (cmsFloat32Number) k0;
|
rest = pk - (cmsFloat32Number) k0;
|
||||||
|
|
||||||
@ -1299,7 +1285,7 @@ void Eval7InputsFloat(const cmsFloat32Number Input[],
|
|||||||
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
|
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
|
||||||
cmsInterpParams p1;
|
cmsInterpParams p1;
|
||||||
|
|
||||||
pk = Input[0] * p->Domain[0];
|
pk = fclamp(Input[0]) * p->Domain[0];
|
||||||
k0 = _cmsQuickFloor(pk);
|
k0 = _cmsQuickFloor(pk);
|
||||||
rest = pk - (cmsFloat32Number) k0;
|
rest = pk - (cmsFloat32Number) k0;
|
||||||
|
|
||||||
@ -1384,7 +1370,7 @@ void Eval8InputsFloat(const cmsFloat32Number Input[],
|
|||||||
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
|
cmsFloat32Number Tmp1[MAX_STAGE_CHANNELS], Tmp2[MAX_STAGE_CHANNELS];
|
||||||
cmsInterpParams p1;
|
cmsInterpParams p1;
|
||||||
|
|
||||||
pk = Input[0] * p->Domain[0];
|
pk = fclamp(Input[0]) * p->Domain[0];
|
||||||
k0 = _cmsQuickFloor(pk);
|
k0 = _cmsQuickFloor(pk);
|
||||||
rest = pk - (cmsFloat32Number) k0;
|
rest = pk - (cmsFloat32Number) k0;
|
||||||
|
|
||||||
|
@ -577,8 +577,8 @@ SplashEventLoop(Splash * splash) {
|
|||||||
SplashUnlock(splash);
|
SplashUnlock(splash);
|
||||||
rc = poll(pfd, 2, timeout);
|
rc = poll(pfd, 2, timeout);
|
||||||
SplashLock(splash);
|
SplashLock(splash);
|
||||||
if (splash->isVisible>0 && SplashTime() >= splash->time +
|
if (splash->isVisible > 0 && splash->currentFrame >= 0 &&
|
||||||
splash->frames[splash->currentFrame].delay) {
|
SplashTime() >= splash->time + splash->frames[splash->currentFrame].delay) {
|
||||||
SplashNextFrame(splash);
|
SplashNextFrame(splash);
|
||||||
SplashUpdateShape(splash);
|
SplashUpdateShape(splash);
|
||||||
SplashRedrawWindow(splash);
|
SplashRedrawWindow(splash);
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* @test
|
* @test
|
||||||
* @bug 6741606 7146431 8000450 8019830
|
* @bug 6741606 7146431 8000450 8019830 8022945
|
||||||
* @summary Make sure all restricted packages listed in the package.access
|
* @summary Make sure all restricted packages listed in the package.access
|
||||||
* property in the java.security file are blocked
|
* property in the java.security file are blocked
|
||||||
* @run main/othervm CheckPackageAccess
|
* @run main/othervm CheckPackageAccess
|
||||||
@ -55,6 +55,7 @@ public class CheckPackageAccess {
|
|||||||
"com.sun.istack.internal.",
|
"com.sun.istack.internal.",
|
||||||
"com.sun.jmx.",
|
"com.sun.jmx.",
|
||||||
"com.sun.media.sound.",
|
"com.sun.media.sound.",
|
||||||
|
"com.sun.naming.internal.",
|
||||||
"com.sun.proxy.",
|
"com.sun.proxy.",
|
||||||
"com.sun.org.apache.bcel.internal.",
|
"com.sun.org.apache.bcel.internal.",
|
||||||
"com.sun.org.apache.regexp.internal.",
|
"com.sun.org.apache.regexp.internal.",
|
||||||
|
@ -239,13 +239,13 @@ public class TimestampCheck {
|
|||||||
" -J-Djava.security.egd=file:/dev/./urandom" +
|
" -J-Djava.security.egd=file:/dev/./urandom" +
|
||||||
" -debug -keystore " + TSKS + " -storepass changeit" +
|
" -debug -keystore " + TSKS + " -storepass changeit" +
|
||||||
" -tsa http://localhost:" + port + "/%d" +
|
" -tsa http://localhost:" + port + "/%d" +
|
||||||
" -signedjar new.jar " + JAR + " old";
|
" -signedjar new_%d.jar " + JAR + " old";
|
||||||
} else {
|
} else {
|
||||||
cmd = System.getProperty("java.home") + "/bin/jarsigner" +
|
cmd = System.getProperty("java.home") + "/bin/jarsigner" +
|
||||||
" -J-Djava.security.egd=file:/dev/./urandom" +
|
" -J-Djava.security.egd=file:/dev/./urandom" +
|
||||||
" -debug -keystore " + TSKS + " -storepass changeit" +
|
" -debug -keystore " + TSKS + " -storepass changeit" +
|
||||||
" -tsa http://localhost:" + port + "/%d" +
|
" -tsa http://localhost:" + port + "/%d" +
|
||||||
" -signedjar new.jar " + JAR + " old";
|
" -signedjar new_%d.jar " + JAR + " old";
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -280,7 +280,7 @@ public class TimestampCheck {
|
|||||||
static void jarsigner(String cmd, int path, boolean expected)
|
static void jarsigner(String cmd, int path, boolean expected)
|
||||||
throws Exception {
|
throws Exception {
|
||||||
System.err.println("Test " + path);
|
System.err.println("Test " + path);
|
||||||
Process p = Runtime.getRuntime().exec(String.format(cmd, path));
|
Process p = Runtime.getRuntime().exec(String.format(cmd, path, path));
|
||||||
BufferedReader reader = new BufferedReader(
|
BufferedReader reader = new BufferedReader(
|
||||||
new InputStreamReader(p.getErrorStream()));
|
new InputStreamReader(p.getErrorStream()));
|
||||||
while (true) {
|
while (true) {
|
||||||
@ -288,9 +288,25 @@ public class TimestampCheck {
|
|||||||
if (s == null) break;
|
if (s == null) break;
|
||||||
System.err.println(s);
|
System.err.println(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Will not see noTimestamp warning
|
||||||
|
boolean seeWarning = false;
|
||||||
|
reader = new BufferedReader(
|
||||||
|
new InputStreamReader(p.getInputStream()));
|
||||||
|
while (true) {
|
||||||
|
String s = reader.readLine();
|
||||||
|
if (s == null) break;
|
||||||
|
System.err.println(s);
|
||||||
|
if (s.indexOf("Warning:") >= 0) {
|
||||||
|
seeWarning = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
int result = p.waitFor();
|
int result = p.waitFor();
|
||||||
if (expected && result != 0 || !expected && result == 0) {
|
if (expected && result != 0 || !expected && result == 0) {
|
||||||
throw new Exception("Failed");
|
throw new Exception("Failed");
|
||||||
}
|
}
|
||||||
|
if (seeWarning) {
|
||||||
|
throw new Exception("See warning");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -139,7 +139,6 @@ LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep "more)" | wc -l`
|
|||||||
# 16 and 32 already covered in the first part
|
# 16 and 32 already covered in the first part
|
||||||
# ==========================================================
|
# ==========================================================
|
||||||
|
|
||||||
$KT -genkeypair -alias expiring -dname CN=expiring -startdate -1m
|
|
||||||
$KT -genkeypair -alias expired -dname CN=expired -startdate -10m
|
$KT -genkeypair -alias expired -dname CN=expired -startdate -10m
|
||||||
$KT -genkeypair -alias notyetvalid -dname CN=notyetvalid -startdate +1m
|
$KT -genkeypair -alias notyetvalid -dname CN=notyetvalid -startdate +1m
|
||||||
$KT -genkeypair -alias badku -dname CN=badku -ext KU=cRLSign -validity 365
|
$KT -genkeypair -alias badku -dname CN=badku -ext KU=cRLSign -validity 365
|
||||||
@ -154,9 +153,6 @@ $KT -certreq -alias badchain | $KT -gencert -alias ca -validity 365 | \
|
|||||||
$KT -importcert -alias badchain
|
$KT -importcert -alias badchain
|
||||||
$KT -delete -alias ca
|
$KT -delete -alias ca
|
||||||
|
|
||||||
$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar expiring
|
|
||||||
[ $? = 2 ] || exit $LINENO
|
|
||||||
|
|
||||||
$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar expired
|
$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar expired
|
||||||
[ $? = 4 ] || exit $LINENO
|
[ $? = 4 ] || exit $LINENO
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
# @test
|
# @test
|
||||||
# @bug 6543842 6543440 6939248 8009636
|
# @bug 6543842 6543440 6939248 8009636 8024302
|
||||||
# @summary checking response of timestamp
|
# @summary checking response of timestamp
|
||||||
#
|
#
|
||||||
# @run shell/timeout=600 ts.sh
|
# @run shell/timeout=600 ts.sh
|
||||||
@ -53,7 +53,7 @@ fi
|
|||||||
JAR="${TESTJAVA}${FS}bin${FS}jar"
|
JAR="${TESTJAVA}${FS}bin${FS}jar"
|
||||||
JAVA="${TESTJAVA}${FS}bin${FS}java"
|
JAVA="${TESTJAVA}${FS}bin${FS}java"
|
||||||
JAVAC="${TESTJAVA}${FS}bin${FS}javac"
|
JAVAC="${TESTJAVA}${FS}bin${FS}javac"
|
||||||
KT="${TESTJAVA}${FS}bin${FS}keytool -keystore tsks -storepass changeit -keypass changeit"
|
KT="${TESTJAVA}${FS}bin${FS}keytool -keystore tsks -storepass changeit -keypass changeit -validity 200"
|
||||||
|
|
||||||
rm tsks
|
rm tsks
|
||||||
echo Nothing > A
|
echo Nothing > A
|
||||||
|
117
jdk/test/sun/security/tools/jarsigner/warnings.sh
Normal file
117
jdk/test/sun/security/tools/jarsigner/warnings.sh
Normal file
@ -0,0 +1,117 @@
|
|||||||
|
#
|
||||||
|
# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
#
|
||||||
|
# This code is free software; you can redistribute it and/or modify it
|
||||||
|
# under the terms of the GNU General Public License version 2 only, as
|
||||||
|
# published by the Free Software Foundation.
|
||||||
|
#
|
||||||
|
# This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
# version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
# accompanied this code).
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License version
|
||||||
|
# 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
#
|
||||||
|
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
# or visit www.oracle.com if you need additional information or have any
|
||||||
|
# questions.
|
||||||
|
#
|
||||||
|
|
||||||
|
# @test
|
||||||
|
# @bug 8024302
|
||||||
|
# @summary Clarify jar verifications
|
||||||
|
#
|
||||||
|
|
||||||
|
if [ "${TESTJAVA}" = "" ] ; then
|
||||||
|
JAVAC_CMD=`which javac`
|
||||||
|
TESTJAVA=`dirname $JAVAC_CMD`/..
|
||||||
|
fi
|
||||||
|
|
||||||
|
# set platform-dependent variables
|
||||||
|
OS=`uname -s`
|
||||||
|
case "$OS" in
|
||||||
|
Windows_* )
|
||||||
|
FS="\\"
|
||||||
|
;;
|
||||||
|
* )
|
||||||
|
FS="/"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
KS=warnings.jks
|
||||||
|
JFILE=warnings.jar
|
||||||
|
|
||||||
|
KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit \
|
||||||
|
-keystore $KS"
|
||||||
|
JAR=$TESTJAVA${FS}bin${FS}jar
|
||||||
|
JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner -keystore $KS -storepass changeit"
|
||||||
|
|
||||||
|
rm $KS 2> /dev/null
|
||||||
|
|
||||||
|
export LANG=C
|
||||||
|
|
||||||
|
echo 12345 > file
|
||||||
|
|
||||||
|
ERR=""
|
||||||
|
|
||||||
|
# Normal signer expiring on 2100-01-01
|
||||||
|
$KT -alias s1 -dname CN=s1 -genkey -startdate 2000/01/01 -validity 36525 || ERR="$ERR keytool s1,"
|
||||||
|
# Cert expiring soon, informational warning
|
||||||
|
$KT -alias s2 -dname CN=s2 -genkey -validity 100 || ERR="$ERR keytool s2,"
|
||||||
|
# Cert expired, severe warning
|
||||||
|
$KT -alias s3 -dname CN=s3 -genkey -startdate -200d -validity 100 || ERR="$ERR keytool s3,"
|
||||||
|
|
||||||
|
# noTimestamp is informatiional warning and includes a date
|
||||||
|
$JAR cvf $JFILE file
|
||||||
|
$JARSIGNER $JFILE s1 > output1 || ERR="$ERR jarsigner s1,"
|
||||||
|
$JARSIGNER -strict $JFILE s1 >> output1 || ERR="$ERR jarsigner s1 strict,"
|
||||||
|
$JARSIGNER -verify $JFILE s1 >> output1 || ERR="$ERR jarsigner s1,"
|
||||||
|
$JARSIGNER -verify -strict $JFILE s1 >> output1 || ERR="$ERR jarsigner s1 strict,"
|
||||||
|
|
||||||
|
cat output1 | grep Warning || ERR="$ERR s1 warning,"
|
||||||
|
cat output1 | grep Error && ERR="$ERR s1 error,"
|
||||||
|
cat output1 | grep timestamp | grep 2100-01-01 || ERR="$ERR s1 timestamp,"
|
||||||
|
cat output1 | grep "with signer errors" && ERR="$ERR s1 err,"
|
||||||
|
|
||||||
|
# hasExpiringCert is informatiional warning
|
||||||
|
$JAR cvf $JFILE file
|
||||||
|
$JARSIGNER $JFILE s2 > output2 || ERR="$ERR jarsigner s2,"
|
||||||
|
$JARSIGNER -strict $JFILE s2 >> output2 || ERR="$ERR jarsigner s2 strict,"
|
||||||
|
$JARSIGNER -verify $JFILE s2 >> output2 || ERR="$ERR jarsigner s2,"
|
||||||
|
$JARSIGNER -verify -strict $JFILE s2 >> output2 || ERR="$ERR jarsigner s2 strict,"
|
||||||
|
|
||||||
|
cat output2 | grep Warning || ERR="$ERR s2 warning,"
|
||||||
|
cat output2 | grep Error && ERR="$ERR s2 error,"
|
||||||
|
cat output2 | grep timestamp || ERR="$ERR s2 timestamp,"
|
||||||
|
cat output2 | grep "will expire" || ERR="$ERR s2 expiring,"
|
||||||
|
cat output2 | grep "with signer errors" && ERR="$ERR s2 err,"
|
||||||
|
|
||||||
|
# hasExpiredCert is severe warning
|
||||||
|
$JAR cvf $JFILE file
|
||||||
|
$JARSIGNER $JFILE s3 > output3 || ERR="$ERR jarsigner s3,"
|
||||||
|
$JARSIGNER -strict $JFILE s3 > output3s && ERR="$ERR jarsigner s3 strict,"
|
||||||
|
$JARSIGNER -verify $JFILE s3 >> output3 || ERR="$ERR jarsigner s3,"
|
||||||
|
$JARSIGNER -verify -strict $JFILE s3 >> output3s && ERR="$ERR jarsigner s3 strict,"
|
||||||
|
|
||||||
|
# warning without -strict
|
||||||
|
cat output3 | grep Warning || ERR="$ERR s3 warning,"
|
||||||
|
cat output3 | grep Error && ERR="$ERR s3 error,"
|
||||||
|
cat output3 | grep "with signer errors" && ERR="$ERR s3 err,"
|
||||||
|
|
||||||
|
# error with -strict
|
||||||
|
cat output3s | grep Warning || ERR="$ERR s3s warning,"
|
||||||
|
cat output3s | grep Error || ERR="$ERR s3s error,"
|
||||||
|
cat output3s | grep "with signer errors" || ERR="$ERR s3 err,"
|
||||||
|
|
||||||
|
if [ "$ERR" = "" ]; then
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
echo "ERR is $ERR"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
Loading…
x
Reference in New Issue
Block a user