From 2fa7dc18d777048fcce291eb6b93d339db9f97e7 Mon Sep 17 00:00:00 2001 From: Kelly O'Hair Date: Sat, 31 Jan 2009 17:31:21 -0800 Subject: [PATCH 01/16] 6799141: Build with --hash-style=both so that binaries can work on SuSE 10 Reviewed-by: tbell --- jdk/make/common/Defs-linux.gmk | 8 + jdk/make/common/shared/Compiler-gcc.gmk | 28 +-- jdk/make/common/shared/Compiler-msvc.gmk | 18 -- jdk/make/common/shared/Compiler-sun.gmk | 12 +- jdk/make/common/shared/Defs-versions.gmk | 183 ++++++++++++++++ jdk/make/common/shared/Defs-windows.gmk | 5 +- jdk/make/common/shared/Defs.gmk | 37 ++-- jdk/make/common/shared/Platform.gmk | 81 ------- jdk/make/common/shared/Sanity-Settings.gmk | 10 +- jdk/make/common/shared/Sanity.gmk | 238 ++++++++++----------- 10 files changed, 337 insertions(+), 283 deletions(-) create mode 100644 jdk/make/common/shared/Defs-versions.gmk diff --git a/jdk/make/common/Defs-linux.gmk b/jdk/make/common/Defs-linux.gmk index 28d58376fe2..9ecdd4d7156 100644 --- a/jdk/make/common/Defs-linux.gmk +++ b/jdk/make/common/Defs-linux.gmk @@ -116,6 +116,14 @@ LDFLAGS_COMMON_sparc += -m32 -mcpu=v9 CFLAGS_REQUIRED = $(CFLAGS_REQUIRED_$(ARCH)) LDFLAGS_COMMON += $(LDFLAGS_COMMON_$(ARCH)) +# If this is a --hash-style=gnu system, use --hash-style=both +# The gnu .hash section won't work on some Linux systems like SuSE 10. +_HAS_HASH_STYLE_GNU:=$(shell $(CC) -dumpspecs | $(GREP) -- '--hash-style=gnu') +ifneq ($(_HAS_HASH_STYLE_GNU),) + LDFLAGS_HASH_STYLE = -Wl,--hash-style=both +endif +LDFLAGS_COMMON += $(LDFLAGS_HASH_STYLE) + # # Selection of warning messages # diff --git a/jdk/make/common/shared/Compiler-gcc.gmk b/jdk/make/common/shared/Compiler-gcc.gmk index 27501956368..13feb4cf98c 100644 --- a/jdk/make/common/shared/Compiler-gcc.gmk +++ b/jdk/make/common/shared/Compiler-gcc.gmk @@ -68,24 +68,6 @@ ifeq ($(PLATFORM), linux) else CXX = $(COMPILER_PATH)g++ endif - ifneq ("$(findstring sparc,$(ARCH))", "") - # sparc or sparcv9 - REQUIRED_CC_VER = 4.0 - REQUIRED_GCC_VER = 4.0.* - else - REQUIRED_CC_VER = 3.2 - ifeq ($(ARCH_DATA_MODEL), 32) - REQUIRED_GCC_VER = 3.2.1* - REQUIRED_GCC_VER_INT = 3.2.1-7a - else - ifeq ($(ARCH), amd64) - REQUIRED_GCC_VER = 3.2.* - endif - ifeq ($(ARCH), ia64) - REQUIRED_GCC_VER = 2.9[56789].* - endif - endif - endif # Option used to create a shared library SHARED_LIBRARY_FLAG = -shared -mimpure-text SUN_COMP_VER := $(shell $(CC) --verbose 2>&1 ) @@ -98,18 +80,10 @@ ifeq ($(PLATFORM), solaris) CC = $(COMPILER_PATH)gcc CPP = $(COMPILER_PATH)gcc -E CXX = $(COMPILER_PATH)g++ - REQUIRED_CC_VER = 3.2 # Option used to create a shared library SHARED_LIBRARY_FLAG = -G - # But gcc is still needed no matter what on 32bit - ifeq ($(ARCH_DATA_MODEL), 32) - REQUIRED_GCC_VER = 2.95 - GCC =$(GCC_COMPILER_PATH)gcc - _GCC_VER :=$(shell $(GCC) -dumpversion 2>&1 ) - GCC_VER :=$(call GetVersion,"$(_GCC_VER)") - endif - + endif # Get gcc version diff --git a/jdk/make/common/shared/Compiler-msvc.gmk b/jdk/make/common/shared/Compiler-msvc.gmk index d23529f3935..4671366b5c3 100644 --- a/jdk/make/common/shared/Compiler-msvc.gmk +++ b/jdk/make/common/shared/Compiler-msvc.gmk @@ -41,8 +41,6 @@ ifeq ($(PLATFORM), windows) # Fill in unknown values COMPILER_NAME=Unknown MSVC Compiler COMPILER_VERSION= - REQUIRED_CC_VER= - REQUIRED_LINK_VER= # unset any GNU Make settings of MFLAGS and MAKEFLAGS which may mess up nmake NMAKE = MFLAGS= MAKEFLAGS= $(COMPILER_PATH)nmake -nologo @@ -56,8 +54,6 @@ ifeq ($(PLATFORM), windows) CC_MAJORVER :=$(call MajorVersion,$(CC_VER)) ifeq ($(CC_MAJORVER), 13) # This should be: CC_VER=13.10.3077 LINK_VER=7.10.3077 - REQUIRED_CC_VER = 13.10.3077 - REQUIRED_LINK_VER = 7.10.3077 COMPILER_NAME=Visual Studio .NET 2003 Professional C++ COMPILER_VERSION=VS2003 REBASE = $(COMPILER_PATH)../../Common7/Tools/Bin/rebase @@ -67,9 +63,6 @@ ifeq ($(PLATFORM), windows) endif endif ifeq ($(CC_MAJORVER), 14) - # This should be: CC_VER=14.00.50727.42 LINK_VER=8.00.50727.42 - REQUIRED_CC_VER = 14.00.50727.42 - REQUIRED_LINK_VER = 8.00.50727.42 COMPILER_NAME=Visual Studio 8 COMPILER_VERSION=VS2005 REBASE = $(COMPILER_PATH)../../Common8/Tools/Bin/rebase @@ -80,9 +73,6 @@ ifeq ($(PLATFORM), windows) endif endif ifeq ($(CC_MAJORVER), 15) - # This should be: CC_VER=15.00.21022.08 LINK_VER=9.00.21022.08 - REQUIRED_CC_VER = 15.00.21022.08 - REQUIRED_LINK_VER = 9.00.21022.08 COMPILER_NAME=Visual Studio 9 COMPILER_VERSION=VS2008 #rebase and midl moved out of Visual Studio into the SDK: @@ -99,14 +89,6 @@ ifeq ($(PLATFORM), windows) CC_MAJORVER :=$(call MajorVersion,$(CC_VER)) CC_MINORVER :=$(call MinorVersion,$(CC_VER)) CC_MICROVER :=$(call MicroVersion,$(CC_VER)) - ifeq ($(ARCH), ia64) - REQUIRED_CC_VER = 13.00.9337.7 - REQUIRED_LINK_VER = 7.00.9337.7 - endif - ifeq ($(ARCH), amd64) - REQUIRED_CC_VER = 14.00.40310.41 - REQUIRED_LINK_VER = 8.00.40310.39 - endif ifeq ($(CC_MAJORVER), 13) ifeq ($(ARCH), ia64) # This should be: CC_VER=13.00.9337.7 LINK_VER=7.00.9337.7 diff --git a/jdk/make/common/shared/Compiler-sun.gmk b/jdk/make/common/shared/Compiler-sun.gmk index b3c4e2a90b1..a22196b34f0 100644 --- a/jdk/make/common/shared/Compiler-sun.gmk +++ b/jdk/make/common/shared/Compiler-sun.gmk @@ -32,27 +32,19 @@ COMPILER_NAME=Sun Studio # Sun Studio Compiler settings specific to Solaris ifeq ($(PLATFORM), solaris) COMPILER_VERSION=SS12 - REQUIRED_CC_VER=5.9 CC = $(COMPILER_PATH)cc CPP = $(COMPILER_PATH)cc -E CXX = $(COMPILER_PATH)CC LINT = $(COMPILER_PATH)lint # Option used to create a shared library SHARED_LIBRARY_FLAG = -G - # But gcc is still needed no matter what on 32bit - ifeq ($(ARCH_DATA_MODEL), 32) - REQUIRED_GCC_VER = 2.95 - GCC =$(GCC_COMPILER_PATH)gcc - _GCC_VER :=$(shell $(GCC) -dumpversion 2>&1 ) - GCC_VER :=$(call GetVersion,"$(_GCC_VER)") - endif + GCC =$(GCC_COMPILER_PATH)gcc endif # Sun Studio Compiler settings specific to Linux ifeq ($(PLATFORM), linux) # This has not been tested COMPILER_VERSION=SS12 - REQUIRED_CC_VER=5.9 CC = $(COMPILER_PATH)cc CPP = $(COMPILER_PATH)cc -E CXX = $(COMPILER_PATH)CC @@ -73,7 +65,7 @@ endif # Get compiler version _CC_VER :=$(shell $(CC) -V 2>&1 | $(HEAD) -n 1) CC_VER :=$(call GetVersion,"$(_CC_VER)") - + # Arch specific settings (determines type of .o files and instruction set) # Starting in SS12 (5.9), the arch options changed. # The assembler /usr/ccs/bin/as wants older SS11 (5.8) style options. diff --git a/jdk/make/common/shared/Defs-versions.gmk b/jdk/make/common/shared/Defs-versions.gmk new file mode 100644 index 00000000000..007c08fd6bf --- /dev/null +++ b/jdk/make/common/shared/Defs-versions.gmk @@ -0,0 +1,183 @@ +# +# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. Sun designates this +# particular file as subject to the "Classpath" exception as provided +# by Sun in the LICENSE file that accompanied this code. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, +# CA 95054 USA or visit www.sun.com if you need additional information or +# have any questions. +# + +# +# WARNING: This file is shared with other workspaces. +# + +# This file needs these set: CC_VERSION, PLATFORM, ARCH_FAMILY, and ARCH_DATA_MODEL. + +########################################################################## +# +# List of JDK official minimum, expected, or required versions: +# +# REQUIRED_ALSA_VERSION +# Linux only: The ALSA sound library version expected. +# +# REQUIRED_ANT_VER +# The minimum 'ant' version. +# +# REQUIRED_BOOT_VER +# The minimum boot jdk version. +# +# REQUIRED_CC_VER +# The primary C compiler version expected. +# +# REQUIRED_CYGWIN_VER +# Windows only: If CYGWIN is used, the minimum CYGWIN version. +# +# REQUIRED_DXSDK_VER +# Windows only: The version of DirectX SDK expected. +# +# REQUIRED_FREE_SPACE +# The minimum disk space needed as determined by running 'du -sk' on a fully +# built workspace. +# +# REQUIRED_FREETYPE_VERSION +# If we are using freetype, the freetype version expected. +# +# REQUIRED_GCC_VER +# Solaris and Linux only. The required version of gcc/g++ for the plugin. +# +# REQUIRED_LINK_VER +# Windows only: The version of link.exe expected. +# +# REQUIRED_MAKE_VER +# The minimum version of GNU make. +# +# REQUIRED_MKS_VER +# Windows only: If MKS used instead of CYGWIN, the minimum version of MKS. +# +# REQUIRED_OS_VARIANT_NAME +# The OS variation name required. +# Solaris: Solaris or OpenSolaris +# Windows: Windows2000, WindowsXP, Windows2003, etc. +# Linux: Fedora, RedHat, SuSE, Ubuntu, etc. +# +# REQUIRED_OS_VARIANT_VERSION +# The version number associated with the above OS variant name. +# Solaris: output of uname -r +# Windows: 5.0 for Windows2000, 5.1 for WindowsXP, 5.2 for Windows2003, etc. +# Linux: number for the variant, e.g. 9 for Fedora 9 +# +# REQUIRED_OS_VERSION +# The formal OS version number. +# Solaris & Windows: same as REQUIRED_OS_VARIANT_VERSION +# Linux: the kernel version, or output of uname -r +# +# REQUIRED_UNZIP_VER +# The minimum version of unzip. +# +# REQUIRED_ZIP_VER +# The minimum version of unzip. +# +########### +# +# Differences in the build platform from these versions may trigger warnings +# messages during the sanity checking when building the JDK. +# +# When building the OpenJDK most of these required or expected versions are +# ignored or allowed to vary widely to accomodate the many build situations +# of the OpenJDK. +# +########################################################################## + +# Solaris specific +ifeq ($(PLATFORM), solaris) + REQUIRED_OS_VERSION = 5.10 + REQUIRED_OS_VARIANT_NAME = Solaris + REQUIRED_OS_VARIANT_VERSION = $(REQUIRED_OS_VERSION) + ifeq ($(ARCH_FAMILY), sparc) + REQUIRED_FREE_SPACE = 1300000 + else + REQUIRED_FREE_SPACE = 1040000 + endif + ifeq ($(CC_VERSION),sun) + REQUIRED_CC_VER = 5.9 + endif + ifeq ($(CC_VERSION),gcc) + REQUIRED_CC_VER = 3.4.3 + endif + REQUIRED_GCC_VER = 2.95.2 +endif + +# Linux specific +ifeq ($(PLATFORM), linux) + REQUIRED_OS_VERSION = 2.6 + REQUIRED_OS_VARIANT_NAME = Fedora + REQUIRED_OS_VARIANT_VERSION = 9 + REQUIRED_FREE_SPACE = 1460000 + REQUIRED_ALSA_VERSION = 0.9.1 + REQUIRED_GCC_VER = 2.95 + ifeq ($(CC_VERSION),gcc) + REQUIRED_CC_VER = 4.3.0 + endif + ifeq ($(CC_VERSION),sun) + REQUIRED_CC_VER = 5.9 + endif +endif + +# Windows specific +ifeq ($(PLATFORM), windows) + ifeq ($(ARCH_DATA_MODEL),64) + REQUIRED_OS_VERSION = 5.2 + REQUIRED_OS_VARIANT_NAME = Windows2003 + else + REQUIRED_OS_VERSION = 5.1 + REQUIRED_OS_VARIANT_NAME = WindowsXP + endif + REQUIRED_OS_VARIANT_VERSION = $(REQUIRED_OS_VERSION) + REQUIRED_CYGWIN_VER = 4.0 + REQUIRED_MKS_VER = 6.1 + REQUIRED_FREE_SPACE = 500000 + REQUIRED_DXSDK_VER = 0x0900 + ifeq ($(CC_VERSION),msvc) + ifeq ($(ARCH_DATA_MODEL), 32) + REQUIRED_CC_VER = 15.00.21022.08 + REQUIRED_LINK_VER = 9.00.21022.08 + else + ifeq ($(ARCH), ia64) + REQUIRED_CC_VER = 13.00.9337.7 + REQUIRED_LINK_VER = 7.00.9337.7 + endif + ifeq ($(ARCH), amd64) + REQUIRED_CC_VER = 14.00.40310.41 + REQUIRED_LINK_VER = 8.00.40310.39 + endif + endif + endif + ifeq ($(CC_VERSION),gcc) + REQUIRED_CC_VER = 3.4.3 + endif +endif + +# Generic +REQUIRED_ANT_VER = 1.6.3 +REQUIRED_BOOT_VER = 1.5 +REQUIRED_FREETYPE_VERSION = 2.3.0 +REQUIRED_MAKE_VER = 3.78 +REQUIRED_UNZIP_VER = 5.12 +REQUIRED_ZIP_VER = 2.2 + diff --git a/jdk/make/common/shared/Defs-windows.gmk b/jdk/make/common/shared/Defs-windows.gmk index 1ceb017b2f9..a7caa194893 100644 --- a/jdk/make/common/shared/Defs-windows.gmk +++ b/jdk/make/common/shared/Defs-windows.gmk @@ -136,10 +136,7 @@ endif UNIXCOMMAND_PATH:=$(call AltCheckSpaces,UNIXCOMMAND_PATH) # Get version of MKS or CYGWIN -ifdef USING_CYGWIN -_CYGWIN_VER :=$(shell $(UNAME)) -CYGWIN_VER :=$(call GetVersion,$(_CYGWIN_VER)) -else # MKS +ifndef USING_CYGWIN _MKS_VER :=$(shell $(MKSINFO) 2>&1 | $(GREP) Release | $(TAIL) -1 | $(SED) -e 's@.*\(Release.*\)@\1@') MKS_VER :=$(call GetVersion,$(_MKS_VER)) # At this point, we can re-define FullPath to use DOSNAME_CMD diff --git a/jdk/make/common/shared/Defs.gmk b/jdk/make/common/shared/Defs.gmk index 638cd363696..c297bfa4d08 100644 --- a/jdk/make/common/shared/Defs.gmk +++ b/jdk/make/common/shared/Defs.gmk @@ -116,9 +116,9 @@ $(shell \ fi) endef -# Given a line of text, get the major.minor version number from it +# Given a line of text, get the version number from it define GetVersion -$(shell echo $1 | sed -e 's@[^1-9]*\([1-9][0-9]*\.[0-9][0-9]*\).*@\1@' ) +$(shell echo $1 | sed -e 's@[^0-9]*\([0-9][0-9]*\.[0-9][.0-9]*\).*@\1@' ) endef # Given a major.minor.micro version, return the major, minor, or micro number @@ -133,26 +133,26 @@ $(if $(word 3, $(subst ., ,$1)),$(word 3, $(subst ., ,$1)),0) endef # Macro that returns missing, same, newer, or older $1=version $2=required -# (currently does not check the micro number) define CheckVersions $(shell \ if [ "$1" = "" -o "$2" = "" ]; then \ echo missing; \ + elif [ "$1" = "$2" ]; then \ + echo same; \ + elif [ $(call MajorVersion,$1) -lt $(call MajorVersion,$2) ] ; then \ + echo older; \ + elif [ $(call MajorVersion,$1) -gt $(call MajorVersion,$2) ] ; then \ + echo newer; \ + elif [ $(call MinorVersion,$1) -lt $(call MinorVersion,$2) ]; then \ + echo older; \ + elif [ $(call MinorVersion,$1) -gt $(call MinorVersion,$2) ]; then \ + echo newer; \ + elif [ $(call MicroVersion,$1) -lt $(call MicroVersion,$2) ]; then \ + echo older; \ + elif [ $(call MicroVersion,$1) -gt $(call MicroVersion,$2) ]; then \ + echo newer; \ else \ - if [ "$1" = "$2" ]; then \ - echo same; \ - else \ - if [ $(call MajorVersion,$1) -lt $(call MajorVersion,$2) ] ; then \ - echo older; \ - else \ - if [ $(call MajorVersion,$1) -eq $(call MajorVersion,$2) -a \ - $(call MinorVersion,$1) -lt $(call MinorVersion,$2) ]; then \ - echo older; \ - else \ - echo newer; \ - fi; \ - fi; \ - fi; \ + echo same; \ fi) endef @@ -561,3 +561,6 @@ endif # Get shared compiler settings include $(JDK_MAKE_SHARED_DIR)/Compiler.gmk +# Get the REQUIRED versions +include $(JDK_MAKE_SHARED_DIR)/Defs-versions.gmk + diff --git a/jdk/make/common/shared/Platform.gmk b/jdk/make/common/shared/Platform.gmk index 8da23c83fc4..d343cdea1c3 100644 --- a/jdk/make/common/shared/Platform.gmk +++ b/jdk/make/common/shared/Platform.gmk @@ -51,9 +51,6 @@ PLATFORM_SHARED=done # USER login name of user (minus blanks) # PLATFORM windows, solaris, or linux # VARIANT OPT or DBG, OPT is the default -# OS_NAME solaris, linux, or nt -# OS_VERSION specific version of os, 5.10, 2.4.9-e.3, etc. -# OS_VENDOR company name # TEMP_DISK /tmp or C:/temp # ARCH_DATA_MODEL 32 or 64 # ARCH sparc, sparcv9, i586, amd64, or ia64 @@ -72,29 +69,11 @@ PLATFORM_SHARED=done # ISA_DIR solaris only: /sparcv9 or /amd64 # LIBARCH32 solaris only: sparc or i386 # LIBARCH64 solaris only: sparcv9 or amd64 -# REQUIRED_WINDOWS_VERSION windows only: specific version of windows # USING_CYGWIN windows only: true or false -# WINDOWS_NT_VERSION_STRING windows only: long version name -# REQUIRED_OS_VERSION required OS version, e.g. 5.10, 2.4 -# REQUIRED_FREE_SPACE minimum disk space needed for outputdir # ISHIELD_TEMP_MIN windows only: minimum disk space in temp area -# REQUIRED_ZIP_VER required version of zip -# REQUIRED_UNZIP_VER required version of unzip -# REQUIRED_DXSDK_VER windows only: required version of DirectX -# LINUX_VERSION_INFO linux only: location of linux release file -# REQUIRED_LINUX_VER linux only: required version of linux -# REQUIRED_LINUX_FULLVER linux only: required full version of linux -# REQUIRED_ALSA_VERSION linux only: required version of ALSA -# REQUIRED_FREETYPE_VERSION openjdk only: required version of freetype SYSTEM_UNAME := $(shell uname) -# Normal boot jdk is previous release, but a hard requirement is a 1.5 boot -REQUIRED_BOOT_VER = 1.5 - -# If we are using freetype, this is the required version -REQUIRED_FREETYPE_VERSION=2.3.0 - # # Prune out all known SCM (Source Code Management) directories # so they will not be included when copying directory trees @@ -113,8 +92,6 @@ endif # Platform settings specific to Solaris ifeq ($(SYSTEM_UNAME), SunOS) PLATFORM = solaris - OS_NAME = solaris - OS_VERSION := $(shell uname -r) # Solaris sparc build can be either 32-bit or 64-bit. # Default to 32, but allow explicit setting to 32 or 64. ifndef ARCH_DATA_MODEL @@ -166,16 +143,6 @@ ifeq ($(SYSTEM_UNAME), SunOS) endif # Suffix for file bundles used in previous release BUNDLE_FILE_SUFFIX=.tar - OS_VENDOR = Sun Microsystems - # Required Solaris version - REQUIRED_OS_VERSION = 5.10 - # Minimum disk space needed as determined by running 'du -sk' on - # a fully built workspace. - ifeq ($(ARCH_FAMILY), sparc) - REQUIRED_FREE_SPACE=1300000 - else - REQUIRED_FREE_SPACE=1040000 - endif # How much RAM does this machine have: MB_OF_MEMORY=$(shell /etc/prtconf | fgrep 'Memory size:' | expand | cut -d' ' -f3) endif @@ -183,8 +150,6 @@ endif # Platform settings specific to Linux ifeq ($(SYSTEM_UNAME), Linux) PLATFORM = linux - OS_NAME = linux - OS_VERSION := $(shell uname -r) # Arch and OS name/version mach := $(shell uname -m) archExpr = case "$(mach)" in \ @@ -242,32 +207,6 @@ ifeq ($(SYSTEM_UNAME), Linux) # Suffix for file bundles used in previous release BUNDLE_FILE_SUFFIX=.tar.gz - # Minimum disk space needed as determined by running 'du -sk' on - # a fully built workspace. - REQUIRED_FREE_SPACE=1460000 - LINUX_VERSION_INFO = /etc/redhat-release - OS_VENDOR = Red Hat - ifeq ($(ARCH_DATA_MODEL), 32) - REQUIRED_LINUX_VER = Advanced Server - REQUIRED_LINUX_FULLVER = Advanced Server release 2.1AS - REQUIRED_OS_VERSION = 2.4.9-e.3 - else - ifeq ($(ARCH), amd64) - LINUX_VERSION_INFO = /etc/SuSE-release - OS_VENDOR = SuSE Enterprise - REQUIRED_LINUX_VER = 8.1 - REQUIRED_LINUX_FULLVER = $(REQUIRED_LINUX_VER) SLSE AMD64 - REQUIRED_OS_VERSION = 2.4.19-SMP - else - REQUIRED_LINUX_VER = Advanced Server - REQUIRED_LINUX_FULLVER = Advanced Server release 2.1AS 64 bit - REQUIRED_OS_VERSION = 2.4.19-SMP - endif - endif - ifneq ($(ARCH), ia64) - # ALSA 0.9.1 and above - REQUIRED_ALSA_VERSION = ^((0[.]9[.][1-9])|(1[.]0[.][0-9]))[0-9]* - endif # How much RAM does this machine have: MB_OF_MEMORY := $(shell free -m | fgrep Mem: | awk '{print $$2;}' ) endif @@ -275,23 +214,15 @@ endif # Windows with and without CYGWIN will be slightly different ifeq ($(SYSTEM_UNAME), Windows_NT) PLATFORM = windows - OS_VERSION := $(shell uname -r) - WINDOWS_NT_VERSION_STRING=Windows_NT - REQUIRED_MKS_VER=6.1 endif ifneq (,$(findstring CYGWIN,$(SYSTEM_UNAME))) PLATFORM = windows - OS_VERSION := 5 USING_CYGWIN = true export USING_CYGWIN - WINDOWS_NT_VERSION_STRING=CYGWIN_NT - REQUIRED_CYGWIN_VER=4.0 endif # Platform settings specific to Windows ifeq ($(PLATFORM), windows) - OS_NAME = nt - REQUIRED_OS_VERSION=5 # Windows builds default to the appropriate for the underlaying # architecture. # Temporary disk area @@ -314,7 +245,6 @@ ifeq ($(PLATFORM), windows) # If the user wants to perform a cross compile build then they must # - set ARCH_DATA_MODEL=64 and either # + set ARCH to ia64 or amd64, or - REQUIRED_WINDOWS_VERSION=Server 2003 Enterprise x64 Edition ifeq ($(word 1, $(PROCESSOR_IDENTIFIER)), AMD64) ARCH=amd64 else @@ -324,8 +254,6 @@ ifeq ($(PLATFORM), windows) # Value of Java os.arch property ARCHPROP=$(LIBARCH) else - REQUIRED_WINDOWS_VERSION=2000 or Unknown - #REQUIRED_WINDOWS_VERSION=XP Professional # LIBARCH is used to preserve the jre/lib/i386 directory name for 32-bit intel ARCH=i586 LIBARCH=i386 @@ -364,14 +292,9 @@ ifeq ($(PLATFORM), windows) ARCH_VM_SUBDIR=jre/bin # Suffix for file bundles used in previous release BUNDLE_FILE_SUFFIX=.tar - # Minimum disk space needed as determined by running 'du -sk' on - # a fully built workspace. - REQUIRED_FREE_SPACE=500000 # ISHIELD_TEMP_MIN is the difference of an empty C:\TEMP vs. one after a # bundles build on windows. ISHIELD_TEMP_MIN=250000 - REQUIRED_DXSDK_VER = 0x0900 - OS_VENDOR = Microsoft # How much RAM does this machine have: ifeq ($(JDK_HAS_MEM_INFO),) ifeq ($(USING_CYGWIN),true) @@ -410,10 +333,6 @@ ifeq ($(PLATFORM), windows) endif endif -REQUIRED_ZIP_VER = 2.2 -REQUIRED_UNZIP_VER = 5.12 -REQUIRED_MAKE_VER = 3.78 - # Unix type settings (same for all unix platforms) ifneq ($(PLATFORM), windows) # Temporary disk area diff --git a/jdk/make/common/shared/Sanity-Settings.gmk b/jdk/make/common/shared/Sanity-Settings.gmk index f3ea2b35a79..54f1f5fc143 100644 --- a/jdk/make/common/shared/Sanity-Settings.gmk +++ b/jdk/make/common/shared/Sanity-Settings.gmk @@ -167,8 +167,6 @@ ALL_SETTINGS+=$(call addRequiredSetting,ARCHPROP) ifeq ($(PLATFORM),windows) ALL_SETTINGS+=$(call addRequiredSetting,PROCESSOR_ARCHITECTURE) ALL_SETTINGS+=$(call addRequiredSetting,PROCESSOR_IDENTIFIER) - ALL_SETTINGS+=$(call addRequiredSetting,WINDOWS_VERSION) - ALL_SETTINGS+=$(call addRequiredSetting,WINDOWS_NT_VERSION_STRING) ifdef USING_CYGWIN ALL_SETTINGS+=$(call addRequiredSetting,USING_CYGWIN) ALL_SETTINGS+=$(call addRequiredVersionSetting,CYGWIN_VER) @@ -179,13 +177,11 @@ ifeq ($(PLATFORM),windows) endif endif ifeq ($(PLATFORM),linux) - ALL_SETTINGS+=$(call addRequiredSetting,LINUX_VERSION) - ifneq ($(ARCH), ia64) - ALL_SETTINGS+=$(call addRequiredSetting,ALSA_VERSION) - endif + ALL_SETTINGS+=$(call addRequiredSetting,ALSA_VERSION) endif ALL_SETTINGS+=$(call addRequiredVersionSetting,OS_VERSION) -ALL_SETTINGS+=$(call addRequiredSetting,OS_NAME) +ALL_SETTINGS+=$(call addOptionalSetting,OS_VARIANT_NAME) +ALL_SETTINGS+=$(call addOptionalSetting,OS_VARIANT_VERSION) ALL_SETTINGS+=$(call addRequiredSetting,TEMP_FREE_SPACE) ALL_SETTINGS+=$(call addRequiredSetting,FREE_SPACE) ALL_SETTINGS+=$(call addRequiredSetting,MB_OF_MEMORY) diff --git a/jdk/make/common/shared/Sanity.gmk b/jdk/make/common/shared/Sanity.gmk index 997e848904a..a3c421e74b3 100644 --- a/jdk/make/common/shared/Sanity.gmk +++ b/jdk/make/common/shared/Sanity.gmk @@ -38,60 +38,106 @@ SANITY_FILES = $(ERROR_FILE) $(WARNING_FILE) $(MESSAGE_FILE) # How to say "The Release Engineering people use this" -THE_OFFICIAL_USES=The official $(PLATFORM) builds use +THE_OFFICIAL_USES=The official builds on $(PLATFORM) use # How to say "You are using:" YOU_ARE_USING=You appear to be using +# Error message +define SanityError +$(ECHO) "ERROR: $1\n" >> $(ERROR_FILE) +endef + +# Warning message +define SanityWarning +$(ECHO) "WARNING: $1\n" >> $(WARNING_FILE) +endef + +# Official version error message: name version required_version +define OfficialErrorMessage +$(call SanityError,\ +$(THE_OFFICIAL_USES) $1 $3. Your $1 $(if $2,undefined,$2) will not work.) +endef + +# Official version warning message: name version required_version +define OfficialWarningMessage +$(call SanityWarning,\ +$(THE_OFFICIAL_USES) $1 $3. $(YOU_ARE_USING) $1 $2.) +endef + + # Settings and rules to validate the JDK build environment. ifeq ($(PLATFORM), solaris) FREE_SPACE := $(shell $(DF) -b $(OUTPUTDIR) | $(TAIL) -1 | $(NAWK) '{print $$2;}') TEMP_FREE_SPACE := $(shell $(DF) -b $(TEMP_DISK) | $(TAIL) -1 | $(NAWK) '{print $$2;}') + # What kind of system we are using (Variations are Solaris and OpenSolaris) + OS_VERSION := $(shell uname -r) + OS_VARIANT_NAME := $(strip $(shell head -1 /etc/release | awk '{print $$1;}') ) + OS_VARIANT_VERSION := $(OS_VERSION) REQ_PATCH_LIST = $(JDK_TOPDIR)/make/PatchList.solaris ifeq ($(ARCH_FAMILY), sparc) PATCH_POSITION = $$4 else PATCH_POSITION = $$6 endif + ifndef OPENJDK + _GCC_VER :=$(shell $(GCC) -dumpversion 2>&1 ) + GCC_VER :=$(call GetVersion,"$(_GCC_VER)") + endif endif ifeq ($(PLATFORM), linux) FREE_SPACE := $(shell $(DF) --sync -kP $(OUTPUTDIR) | $(TAIL) -1 | $(NAWK) '{print $$4;}') TEMP_FREE_SPACE := $(shell $(DF) --sync -kP $(TEMP_DISK) | $(TAIL) -1 | $(NAWK) '{print $$4;}') - ifeq ($(ARCH), amd64) - LINUX_VERSION := $(shell \ - if [ -r "$(LINUX_VERSION_INFO)" ] ; then \ - $(CAT) $(LINUX_VERSION_INFO) | $(TAIL) -1 | $(NAWK) '{ print $$3; }';\ - else \ - $(ECHO) "Unknown linux"; \ - fi ) - else - LINUX_VERSION := $(shell \ - if [ -r "$(LINUX_VERSION_INFO)" ] ; then \ - $(NAWK) '{ print $$4" "$$5; }' $(LINUX_VERSION_INFO) ; \ - else \ - $(ECHO) "Unknown linux"; \ - fi ) - endif - ifneq ($(ARCH), ia64) - # dummy program that outputs ALSA's version (created in target sane-alsa-versioncheck) - ALSA_VERSION_CHECK = $(TEMPDIR)/alsaversioncheck - ALSA_VERSION = `if [ -f "$(ALSA_VERSION_CHECK)" ] ; then $(ALSA_VERSION_CHECK) ; fi` - endif + # What kind of system we are using (Variation is the Linux vendor) + OS_VERSION := $(shell uname -r) + OS_VARIANT_NAME := $(shell \ + if [ -f /etc/fedora-release ] ; then \ + echo "Fedora"; \ + elif [ -f /etc/redhat-release ] ; then \ + echo "RedHat"; \ + elif [ -f /etc/SuSE-release ] ; then \ + echo "SuSE"; \ + else \ + echo "Unknown"; \ + fi) + OS_VARIANT_VERSION := $(shell \ + if [ "$(OS_VARIANT_NAME)" = "Fedora" ] ; then \ + $(CAT) /etc/fedora-release | $(HEAD) -1 | $(NAWK) '{ print $$3; }' ; \ + fi) + ALSA_INCLUDE=/usr/include/alsa/version.h + ALSA_LIBRARY=/usr/lib/libasound.so + _ALSA_VERSION := $(shell $(EGREP) SND_LIB_VERSION_STR $(ALSA_INCLUDE) | \ + $(SED) -e 's@.*\"\(.*\)\".*@\1@' ) + ALSA_VERSION := $(call GetVersion,$(_ALSA_VERSION)) endif ifeq ($(PLATFORM), windows) FREE_SPACE := $(shell $(DF) -kP $(OUTPUTDIR) | $(TAIL) -1 | $(NAWK) '{print $$4;}') TEMP_FREE_SPACE := $(shell $(DF) -kP $(TEMP_DISK) | $(TAIL) -1 | $(NAWK) '{print $$4;}') - # Localized systeminfo has localized labels, but not localized values. - _WINDOWS_VERSION := \ - $(shell systeminfo 2> $(DEV_NULL) | grep 'Microsoft' | grep 'Windows' | \ - cut -d':' -f2) - ifeq ($(_WINDOWS_VERSION),) - _WINDOWS_VERSION := Windows 2000 or Unknown (no systeminfo utility) + # Windows 2000 is 5.0, Windows XP is 5.1, Windows 2003 is 5.2 + # Assume 5.0 (Windows 2000) if systeminfo does not help + WINDOWS_MAPPING-5.0 := Windows2000 + WINDOWS_MAPPING-5.1 := WindowsXP + WINDOWS_MAPPING-5.2 := Windows2003 + # What kind of system we are using (Variation is the common name) + _OS_VERSION := \ + $(shell systeminfo 2> $(DEV_NULL) | \ + egrep '^OS Version:' | \ + awk '{print $$3;}' ) + ifeq ($(_OS_VERSION),) + OS_VERSION = 5.0 + else + OS_VERSION = $(_OS_VERSION) + endif + OS_VARIANT_NAME := $(WINDOWS_MAPPING-$(OS_VERSION)) + OS_VARIANT_VERSION := $(OS_VERSION) + ifdef USING_CYGWIN + # CYGWIN version + _CYGWIN_VER := $(SYSTEM_UNAME) + CYGWIN_VER :=$(call GetVersion,$(_CYGWIN_VER)) endif - WINDOWS_VERSION := $(strip $(_WINDOWS_VERSION)) DXSDK_VER := $(shell $(EGREP) DIRECT3D_VERSION $(DXSDK_INCLUDE_PATH)/d3d9.h 2>&1 | \ $(EGREP) "\#define" | $(NAWK) '{print $$3}') endif @@ -106,7 +152,6 @@ ZIP_VER :=$(call GetVersion,"$(_ZIP_VER)") UNZIP_VER :=$(call GetVersion,"$(_UNZIP_VER)") BOOT_VER :=$(call GetVersion,"$(_BOOT_VER)") -REQUIRED_ANT_VER := 1.6.3 _ANT_VER:=$(shell $(ANT) -version 2>&1 ) ANT_VER:=$(call GetVersion,"$(_ANT_VER)") @@ -167,7 +212,6 @@ include $(JDK_MAKE_SHARED_DIR)/Sanity-Settings.gmk sane-compiler \ sane-link \ sane-cacerts \ - sane-alsa-versioncheck \ sane-alsa-headers \ sane-ant_version \ sane-zip_version \ @@ -239,35 +283,29 @@ sane-arch_data_model: # generate a fatal sanity error, and a warning about the official # build platform just becomes clutter. ###################################################### -OS_CHECK :=$(call CheckVersions,$(OS_VERSION),$(REQUIRED_OS_VERSION)) +ifndef OPENJDK + OS_VERSION_CHECK := \ + $(call CheckVersions,$(OS_VERSION),$(REQUIRED_OS_VERSION)) + ifeq ($(OS_VARIANT_NAME),$(REQUIRED_OS_VARIANT_NAME)) + OS_VARIANT_VERSION_CHECK := \ + $(call CheckVersions,$(OS_VARIANT_VERSION),$(REQUIRED_OS_VARIANT_VERSION)) + endif +endif sane-os_version:: sane-arch_data_model sane-memory_check sane-locale sane-os_patch_level ifndef OPENJDK - @if [ "$(OS_CHECK)" = "missing" ]; then \ - $(ECHO) "ERROR: The $(PLATFORM) OS version is undefined (Try: uname -r). \n" \ - "" >> $(ERROR_FILE) ; \ - fi - @if [ "$(OS_CHECK)" != "same" ]; then \ - $(ECHO) "WARNING: $(THE_OFFICIAL_USES) OS version $(REQUIRED_OS_VERSION). \n" \ - " $(YOU_ARE_USING) OS version $(OS_VERSION). \n" \ - "" >> $(WARNING_FILE) ; \ - fi - ifeq ($(PLATFORM), windows) - @if [ "$(findstring $(REQUIRED_WINDOWS_VERSION),$(WINDOWS_VERSION))" = "" ]; then \ - $(ECHO) "WARNING: $(YOU_ARE_USING) an unknown version of Windows. \n" \ - " The required version is $(REQUIRED_WINDOWS_VERSION). \n" \ - " $(YOU_ARE_USING) $(WINDOWS_VERSION) \n" \ - "" >> $(WARNING_FILE) ; \ - fi - endif # windows - ifeq ($(PLATFORM), linux) - @if [ `$(ECHO) "$(LINUX_VERSION)" | $(EGREP) -c '$(REQUIRED_LINUX_VER)'` -ne 1 ]; then \ - $(ECHO) "WARNING: The build is being done on Linux $(LINUX_VERSION). \n" \ - " $(THE_OFFICIAL_USES) Linux $(REQUIRED_LINUX_VER), \n" \ - " specifically Linux $(REQUIRED_LINUX_FULLVER). \n" \ - " The version found was '$(OS_VERSION)'. \n" \ - "" >> $(WARNING_FILE) ; \ - fi - endif # linux + ifneq ($(OS_VARIANT_NAME),$(REQUIRED_OS_VARIANT_NAME)) + ifeq ($(OS_VERSION_CHECK),missing) + @$(call OfficialErrorMessage,OS version,$(OS_VERSION),$(REQUIRED_OS_VERSION)) + endif + ifneq ($(OS_VERSION_CHECK),same) + @$(call OfficialWarningMessage,OS version,$(OS_VERSION),$(REQUIRED_OS_VERSION)) + endif + @$(call OfficialWarningMessage,OS variant,$(OS_VARIANT_NAME),$(REQUIRED_OS_VARIANT_NAME)) + else + ifneq ($(OS_VARIANT_VERSION_CHECK),same) + @$(call OfficialWarningMessage,$(OS_VARIANT_NAME) version,$(OS_VARIANT_VERSION),$(REQUIRED_OS_VARIANT_VERSION)) + endif + endif endif # OPENJDK ifeq ($(PLATFORM), windows) @@ -308,16 +346,12 @@ ifeq ($(PLATFORM), windows) CYGWIN_CHECK :=$(call CheckVersions,$(CYGWIN_VER),$(REQUIRED_CYGWIN_VER)) sane-cygwin: ifdef USING_CYGWIN - @if [ "$(CYGWIN_CHECK)" = "missing" ]; then \ - $(ECHO) "ERROR: The CYGWIN version is undefined. \n" \ - " $(THE_OFFICIAL_USES) CYGWIN $(REQUIRED_CYGWIN_VER). \n" \ - "" >> $(ERROR_FILE) ; \ - fi - @if [ "$(CYGWIN_CHECK)" = "older" ]; then \ - $(ECHO) "ERROR: The build cannot be done on CYGWIN $(CYGWIN_VER). \n" \ - " Use CYGWIN $(REQUIRED_CYGWIN_VER) or higher. \n" \ - "" >> $(ERROR_FILE) ; \ - fi + ifeq ($(CYGWIN_CHECK),missing) + @$(call OfficialErrorMessage,CYGWIN version,$(CYGWIN_VER),$(REQUIRED_CYGWIN_VER)) + endif + ifeq ($(CYGWIN_CHECK),older) + @$(call OfficialWarningMessage,CYGWIN version,$(CYGWIN_VER),$(REQUIRED_CYGWIN_VER)) + endif endif endif @@ -345,16 +379,12 @@ ifeq ($(PLATFORM), windows) MKS_CHECK :=$(call CheckVersions,$(MKS_VER),$(REQUIRED_MKS_VER)) sane-mks: ifndef USING_CYGWIN - @if [ "$(MKS_CHECK)" = "missing" ]; then \ - $(ECHO) "ERROR: The MKS version is undefined. \n" \ - " $(THE_OFFICIAL_USES) MKS $(REQUIRED_MKS_VER). \n" \ - "" >> $(ERROR_FILE) ; \ - fi - @if [ "$(MKS_CHECK)" = "older" ]; then \ - $(ECHO) "ERROR: The build cannot be done on MKS $(MKS_VER). \n" \ - " Use MKS $(REQUIRED_MKS_VER) or higher. \n" \ - "" >> $(ERROR_FILE) ; \ - fi + ifeq ($(MKS_CHECK),missing) + @$(call OfficialErrorMessage,MKS version,$(MKS_VER),$(REQUIRED_MKS_VER)) + endif + ifeq ($(MKS_CHECK),older) + @$(call OfficialErrorMessage,MKS version,$(MKS_VER),$(REQUIRED_MKS_VER)) + endif endif endif @@ -1295,11 +1325,6 @@ endif # Check the compiler version(s) ###################################################### CC_CHECK :=$(call CheckVersions,$(CC_VER),$(REQUIRED_CC_VER)) -ifeq ($(PLATFORM), solaris) - ifeq ($(ARCH_DATA_MODEL), 32) - GCC_CHECK :=$(call CheckVersions,$(GCC_VER),$(REQUIRED_GCC_VER)) - endif -endif sane-compiler: sane-link @if [ "$(CC_CHECK)" = "missing" ]; then \ $(ECHO) "ERROR: The Compiler version is undefined. \n" \ @@ -1314,16 +1339,6 @@ ifndef OPENJDK " $(COMPILER_PATH) \n" \ "" >> $(WARNING_FILE) ; \ fi - ifdef GCC_CHECK - @if [ "$(GCC_CHECK)" != "same" ]; then \ - $(ECHO) "WARNING: The $(PLATFORM) GCC compiler must be version $(REQUIRED_GCC_VER) \n" \ - " $(YOU_ARE_USING) compiler version: $(GCC_VER) \n" \ - " The compiler was obtained from the following location: \n" \ - " $(GCC_COMPILER_PATH) \n" \ - " Please change your compiler. \n" \ - "" >> $(WARNING_FILE) ; \ - fi - endif ifeq ($(PLATFORM), windows) ifeq ($(ARCH_DATA_MODEL), 64) ifneq ($(COMPILER_VERSION), VS2005) @@ -1337,39 +1352,24 @@ endif ###################################################### # Check that ALSA headers and libs are installed and # that the header has the right version. We only -# need /usr/include/alsa/*.h and /usr/lib/libasound.so +# need /usr/include/alsa/version.h and /usr/lib/libasound.so ###################################################### -ifdef ALSA_VERSION_CHECK -$(ALSA_VERSION_CHECK): $(ALSA_VERSION_CHECK).c - @$(prep-target) - @$(CC) -lasound -o $@ $< - -$(ALSA_VERSION_CHECK).c: - @$(prep-target) - @$(ECHO) "#include \n" \ - "#include \n" \ - "int main(int argc, char** argv) {\n" \ - " printf(\"%s\", SND_LIB_VERSION_STR);\n" \ - " return 0;\n" \ - "}\n" \ - > $@ +ifdef REQUIRED_ALSA_VERSION + ALSA_CHECK := $(call CheckVersions,$(ALSA_VERSION),$(REQUIRED_ALSA_VERSION)) endif - -sane-alsa-versioncheck: $(ALSA_VERSION_CHECK) -sane-alsa-headers: sane-alsa-versioncheck -ifdef ALSA_VERSION_CHECK - @if [ -f "$(ALSA_VERSION_CHECK)" ]; then \ - if [ `$(ALSA_VERSION_CHECK) | $(EGREP) -c '$(REQUIRED_ALSA_VERSION)'` -ne 1 ] ; then \ - $(ECHO) "ERROR: The ALSA version must be 0.9.1 or higher. \n" \ - " You have the following ALSA version installed: $(ALSA_VERSION) \n" \ +sane-alsa-headers: +ifdef REQUIRED_ALSA_VERSION + if [ "$(ALSA_CHECK)" != "same" -a "$(ALSA_CHECK)" != "newer" ] ; then \ + $(ECHO) "ERROR: The ALSA version must be $(REQUIRED_ALSA_VERSION) or higher. \n" \ + " You have the following ALSA version installed: $${alsa_version) \n" \ " Please reinstall ALSA (drivers and lib). You can download \n" \ " the source distribution from http://www.alsa-project.org \n" \ " or go to http://www.freshrpms.net/docs/alsa/ for precompiled RPM packages. \n" \ "" >> $(ERROR_FILE) ; \ fi \ else \ - $(ECHO) "ERROR: You seem to not have installed ALSA 0.9.1 or higher. \n" \ + $(ECHO) "ERROR: You seem to not have installed ALSA $(REQUIRED_ALSA_VERSION) or higher. \n" \ " Please install ALSA (drivers and lib). You can download the \n" \ " source distribution from http://www.alsa-project.org or go to \n" \ " http://www.freshrpms.net/docs/alsa/ for precompiled RPM packages. \n" \ @@ -1384,7 +1384,7 @@ $(SANITY_FILES): ###################################################### # dump out the variable settings... ###################################################### -sane-settings:: sane-alsa-versioncheck +sane-settings:: @$(ECHO) >> $(MESSAGE_FILE) @$(ECHO) $(ALL_SETTINGS) >> $(MESSAGE_FILE) @$(ECHO) >> $(MESSAGE_FILE) @@ -1453,8 +1453,8 @@ sane-gcc-compiler: ifeq ($(PLATFORM), solaris) ifndef OPENJDK @if [ -r $(GCC_COMPILER_PATH) ]; then \ - if [ ! "$(GCC_VER)" = 2.95.2 ]; then \ - $(ECHO) "ERROR: The Solaris GCC compiler version must be 2.95.2. \n" \ + if [ ! "$(GCC_VER)" = $(REQUIRED_GCC_VERSION) ]; then \ + $(ECHO) "ERROR: The Solaris GCC compiler version must be $(REQUIRED_GCC_VERSION). \n" \ " You are using the following compiler version: $(GCC_VER) \n" \ " The compiler was obtained from the following location: \n" \ " $(GCC_COMPILER_PATH) \n" \ From ddd8b068abd679bf4cabb71534f33e524056dab0 Mon Sep 17 00:00:00 2001 From: Valerie Peng Date: Tue, 3 Mar 2009 19:50:59 -0800 Subject: [PATCH 02/16] 6812738: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes with PCKS11 provider Removed finalize() and add more error handling to native code Reviewed-by: vinnie --- .../classes/sun/security/pkcs11/P11Key.java | 94 +- .../sun/security/pkcs11/P11RSACipher.java | 9 +- .../security/pkcs11/P11SecretKeyFactory.java | 2 +- .../sun/security/pkcs11/wrapper/p11_convert.c | 889 ++++++++++++------ .../sun/security/pkcs11/wrapper/p11_crypt.c | 64 +- .../sun/security/pkcs11/wrapper/p11_digest.c | 62 +- .../sun/security/pkcs11/wrapper/p11_dual.c | 89 +- .../sun/security/pkcs11/wrapper/p11_general.c | 126 ++- .../sun/security/pkcs11/wrapper/p11_keymgmt.c | 263 +++--- .../sun/security/pkcs11/wrapper/p11_mutex.c | 79 +- .../sun/security/pkcs11/wrapper/p11_objmgmt.c | 90 +- .../security/pkcs11/wrapper/p11_sessmgmt.c | 71 +- .../sun/security/pkcs11/wrapper/p11_sign.c | 158 +++- .../sun/security/pkcs11/wrapper/p11_util.c | 563 ++++++----- .../security/pkcs11/wrapper/pkcs11wrapper.h | 23 +- 15 files changed, 1671 insertions(+), 911 deletions(-) diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11Key.java b/jdk/src/share/classes/sun/security/pkcs11/P11Key.java index 8949826b19e..c70642d3531 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11Key.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11Key.java @@ -1,5 +1,5 @@ /* - * Copyright 2003-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ package sun.security.pkcs11; import java.io.*; +import java.lang.ref.*; import java.math.BigInteger; import java.util.*; @@ -67,9 +68,6 @@ abstract class P11Key implements Key { // type of key, one of (PUBLIC, PRIVATE, SECRET) final String type; - // session in which the key was created, relevant for session objects - final Session session; - // token instance final Token token; @@ -85,10 +83,12 @@ abstract class P11Key implements Key { // flags indicating whether the key is a token object, sensitive, extractable final boolean tokenObject, sensitive, extractable; + // weak reference notification clean up for session keys + private final SessionKeyRef sessionKeyRef; + P11Key(String type, Session session, long keyID, String algorithm, int keyLength, CK_ATTRIBUTE[] attributes) { this.type = type; - this.session = session; this.token = session.token; this.keyID = keyID; this.algorithm = algorithm; @@ -111,7 +111,9 @@ abstract class P11Key implements Key { this.sensitive = sensitive; this.extractable = extractable; if (tokenObject == false) { - session.addObject(); + sessionKeyRef = new SessionKeyRef(this, keyID, session); + } else { + sessionKeyRef = null; } } @@ -236,24 +238,6 @@ abstract class P11Key implements Key { } } - protected void finalize() throws Throwable { - if (tokenObject || (token.isValid() == false)) { - super.finalize(); - return; - } - Session newSession = null; - try { - newSession = token.getOpSession(); - token.p11.C_DestroyObject(newSession.id(), keyID); - } catch (PKCS11Exception e) { - // ignore - } finally { - token.releaseSession(newSession); - session.removeObject(); - super.finalize(); - } - } - private final static CK_ATTRIBUTE[] A0 = new CK_ATTRIBUTE[0]; private static CK_ATTRIBUTE[] getAttributes(Session session, long keyID, @@ -1055,5 +1039,65 @@ abstract class P11Key implements Key { + "\n parameters: " + params; } } - +} + +final class SessionKeyRef extends WeakReference + implements Comparable { + private static ReferenceQueue refQueue = + new ReferenceQueue(); + private static Set refList = + Collections.synchronizedSortedSet(new TreeSet()); + + static ReferenceQueue referenceQueue() { + return refQueue; + } + + static final private int MAX_ITERATIONS = 2; + + private static void drainRefQueueBounded() { + int iterations = 0; + while (iterations < MAX_ITERATIONS) { + SessionKeyRef next = (SessionKeyRef) refQueue.poll(); + if (next != null) next.dispose(); + ++iterations; + } + } + + // handle to the native key + private long keyID; + private Session session; + + SessionKeyRef(P11Key key , long keyID, Session session) { + super(key, refQueue); + this.keyID = keyID; + this.session = session; + this.session.addObject(); + refList.add(this); + // TBD: run at some interval and not every time? + drainRefQueueBounded(); + } + + void dispose() { + refList.remove(this); + if (session.token.isValid()) { + Session newSession = null; + try { + newSession = session.token.getOpSession(); + session.token.p11.C_DestroyObject(newSession.id(), keyID); + } catch (PKCS11Exception e) { + // ignore + } finally { + session.token.releaseSession(newSession); + session.removeObject(); + } + } + } + + public int compareTo(SessionKeyRef other) { + if (this.keyID == other.keyID) { + return 0; + } else { + return (this.keyID < other.keyID) ? -1 : 1; + } + } } diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java b/jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java index 3b8244cc413..c3709ad5b13 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11RSACipher.java @@ -1,5 +1,5 @@ /* - * Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -191,7 +191,9 @@ final class P11RSACipher extends CipherSpi { throw new InvalidKeyException ("Unwrap has to be used with private keys"); } - encrypt = false; + // No further setup needed for C_Unwrap(). We'll initialize later + // if we can't use C_Unwrap(). + return; } else { throw new InvalidKeyException("Unsupported mode: " + opmode); } @@ -452,7 +454,7 @@ final class P11RSACipher extends CipherSpi { long keyID = token.p11.C_UnwrapKey(s.id(), new CK_MECHANISM(mechanism), p11Key.keyID, wrappedKey, attributes); - return P11Key.secretKey(session, keyID, algorithm, 48 << 3, + return P11Key.secretKey(s, keyID, algorithm, 48 << 3, attributes); } catch (PKCS11Exception e) { throw new InvalidKeyException("unwrap() failed", e); @@ -461,6 +463,7 @@ final class P11RSACipher extends CipherSpi { } } // XXX implement unwrap using C_Unwrap() for all keys + implInit(Cipher.DECRYPT_MODE, p11Key); if (wrappedKey.length > maxInputSize) { throw new InvalidKeyException("Key is too long for unwrapping"); } diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java b/jdk/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java index 59b59237a6f..d607900d651 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java @@ -151,7 +151,7 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { session = token.getObjSession(); long newKeyID = token.p11.C_CopyObject(session.id(), p11Key.keyID, extraAttrs); - p11Key = (P11Key) (P11Key.secretKey(p11Key.session, + p11Key = (P11Key) (P11Key.secretKey(session, newKeyID, p11Key.algorithm, p11Key.keyLength, extraAttrs)); } catch (PKCS11Exception p11e) { diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c index 81ecab813f9..473729437d0 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c @@ -1,5 +1,5 @@ /* - * Portions Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -89,21 +89,24 @@ jobject ckDatePtrToJDateObject(JNIEnv *env, const CK_DATE *ckpDate) /* load CK_DATE class */ jDateClass = (*env)->FindClass(env, CLASS_DATE); - assert(jDateClass != 0); + if (jDateClass == NULL) { return NULL; } /* load CK_DATE constructor */ jCtrId = (*env)->GetMethodID(env, jDateClass, "", "([C[C[C)V"); - assert(jCtrId != 0); + if (jCtrId == NULL) { return NULL; } /* prep all fields */ jYear = ckCharArrayToJCharArray(env, (CK_CHAR_PTR)(ckpDate->year), 4); + if (jYear == NULL) { return NULL; } jMonth = ckCharArrayToJCharArray(env, (CK_CHAR_PTR)(ckpDate->month), 2); + if (jMonth == NULL) { return NULL; } jDay = ckCharArrayToJCharArray(env, (CK_CHAR_PTR)(ckpDate->day), 2); + if (jDay == NULL) { return NULL; } /* create new CK_DATE object */ jDateObject = (*env)->NewObject(env, jDateClass, jCtrId, jYear, jMonth, jDay); - assert(jDateObject != 0); + if (jDateObject == NULL) { return NULL; } /* free local references */ (*env)->DeleteLocalRef(env, jDateClass); @@ -131,11 +134,11 @@ jobject ckVersionPtrToJVersion(JNIEnv *env, const CK_VERSION_PTR ckpVersion) /* load CK_VERSION class */ jVersionClass = (*env)->FindClass(env, CLASS_VERSION); - assert(jVersionClass != 0); + if (jVersionClass == NULL) { return NULL; } /* load CK_VERSION constructor */ jCtrId = (*env)->GetMethodID(env, jVersionClass, "", "(II)V"); - assert(jCtrId != 0); + if (jCtrId == NULL) { return NULL; } /* prep both fields */ jMajor = ckpVersion->major; @@ -144,7 +147,7 @@ jobject ckVersionPtrToJVersion(JNIEnv *env, const CK_VERSION_PTR ckpVersion) /* create new CK_VERSION object */ jVersionObject = (*env)->NewObject(env, jVersionClass, jCtrId, jMajor, jMinor); - assert(jVersionObject != 0); + if (jVersionObject == NULL) { return NULL; } /* free local references */ (*env)->DeleteLocalRef(env, jVersionClass); @@ -171,11 +174,11 @@ jobject ckSessionInfoPtrToJSessionInfo(JNIEnv *env, const CK_SESSION_INFO_PTR ck /* load CK_SESSION_INFO class */ jSessionInfoClass = (*env)->FindClass(env, CLASS_SESSION_INFO); - assert(jSessionInfoClass != 0); + if (jSessionInfoClass == NULL) { return NULL; } /* load CK_SESSION_INFO constructor */ jCtrId = (*env)->GetMethodID(env, jSessionInfoClass, "", "(JJJJ)V"); - assert(jCtrId != 0); + if (jCtrId == NULL) { return NULL; } /* prep all fields */ jSlotID = ckULongToJLong(ckpSessionInfo->slotID); @@ -187,7 +190,7 @@ jobject ckSessionInfoPtrToJSessionInfo(JNIEnv *env, const CK_SESSION_INFO_PTR ck jSessionInfoObject = (*env)->NewObject(env, jSessionInfoClass, jCtrId, jSlotID, jState, jFlags, jDeviceError); - assert(jSessionInfoObject != 0); + if (jSessionInfoObject == NULL) { return NULL; } /* free local references */ (*env)->DeleteLocalRef(env, jSessionInfoClass); @@ -211,20 +214,21 @@ jobject ckAttributePtrToJAttribute(JNIEnv *env, const CK_ATTRIBUTE_PTR ckpAttrib jobject jPValue = NULL; jAttributeClass = (*env)->FindClass(env, CLASS_ATTRIBUTE); - assert(jAttributeClass != 0); + if (jAttributeClass == NULL) { return NULL; } /* load CK_INFO constructor */ jCtrId = (*env)->GetMethodID(env, jAttributeClass, "", "(JLjava/lang/Object;)V"); - assert(jCtrId != 0); + if (jCtrId == NULL) { return NULL; } /* prep both fields */ jType = ckULongToJLong(ckpAttribute->type); jPValue = ckAttributeValueToJObject(env, ckpAttribute); + if ((*env)->ExceptionCheck(env)) { return NULL; } /* create new CK_ATTRIBUTE object */ jAttributeObject = (*env)->NewObject(env, jAttributeClass, jCtrId, jType, jPValue); - assert(jAttributeObject != 0); + if (jAttributeObject == NULL) { return NULL; } /* free local references */ (*env)->DeleteLocalRef(env, jAttributeClass); @@ -252,23 +256,27 @@ CK_VERSION_PTR jVersionToCKVersionPtr(JNIEnv *env, jobject jVersion) return NULL; } - /* allocate memory for CK_VERSION pointer */ - ckpVersion = (CK_VERSION_PTR) malloc(sizeof(CK_VERSION)); - /* get CK_VERSION class */ jVersionClass = (*env)->GetObjectClass(env, jVersion); - assert(jVersionClass != 0); + if (jVersionClass == NULL) { return NULL; } /* get Major */ jFieldID = (*env)->GetFieldID(env, jVersionClass, "major", "B"); - assert(jFieldID != 0); + if (jFieldID == NULL) { return NULL; } jMajor = (*env)->GetByteField(env, jVersion, jFieldID); - ckpVersion->major = jByteToCKByte(jMajor); /* get Minor */ jFieldID = (*env)->GetFieldID(env, jVersionClass, "minor", "B"); - assert(jFieldID != 0); + if (jFieldID == NULL) { return NULL; } jMinor = (*env)->GetByteField(env, jVersion, jFieldID); + + /* allocate memory for CK_VERSION pointer */ + ckpVersion = (CK_VERSION_PTR) malloc(sizeof(CK_VERSION)); + if (ckpVersion == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } + ckpVersion->major = jByteToCKByte(jMajor); ckpVersion->minor = jByteToCKByte(jMinor); return ckpVersion ; @@ -292,18 +300,36 @@ CK_DATE * jDateObjectPtrToCKDatePtr(JNIEnv *env, jobject jDate) jchar *jTempChars; CK_ULONG i; - /* allocate memory for CK_DATE pointer */ - ckpDate = (CK_DATE *) malloc(sizeof(CK_DATE)); + if (jDate == NULL) { + return NULL; + } /* get CK_DATE class */ jDateClass = (*env)->FindClass(env, CLASS_DATE); - assert(jDateClass != 0); + if (jDateClass == NULL) { return NULL; } /* get Year */ jFieldID = (*env)->GetFieldID(env, jDateClass, "year", "[C"); - assert(jFieldID != 0); + if (jFieldID == NULL) { return NULL; } jYear = (*env)->GetObjectField(env, jDate, jFieldID); + /* get Month */ + jFieldID = (*env)->GetFieldID(env, jDateClass, "month", "[C"); + if (jFieldID == NULL) { return NULL; } + jMonth = (*env)->GetObjectField(env, jDate, jFieldID); + + /* get Day */ + jFieldID = (*env)->GetFieldID(env, jDateClass, "day", "[C"); + if (jFieldID == NULL) { return NULL; } + jDay = (*env)->GetObjectField(env, jDate, jFieldID); + + /* allocate memory for CK_DATE pointer */ + ckpDate = (CK_DATE *) malloc(sizeof(CK_DATE)); + if (ckpDate == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } + if (jYear == NULL) { ckpDate->year[0] = 0; ckpDate->year[1] = 0; @@ -312,43 +338,66 @@ CK_DATE * jDateObjectPtrToCKDatePtr(JNIEnv *env, jobject jDate) } else { ckLength = (*env)->GetArrayLength(env, jYear); jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar)); + if (jTempChars == NULL) { + free(ckpDate); + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } (*env)->GetCharArrayRegion(env, jYear, 0, ckLength, jTempChars); + if ((*env)->ExceptionCheck(env)) { + free(ckpDate); + free(jTempChars); + return NULL; + } + for (i = 0; (i < ckLength) && (i < 4) ; i++) { ckpDate->year[i] = jCharToCKChar(jTempChars[i]); } free(jTempChars); } - /* get Month */ - jFieldID = (*env)->GetFieldID(env, jDateClass, "month", "[C"); - assert(jFieldID != 0); - jMonth = (*env)->GetObjectField(env, jDate, jFieldID); - if (jMonth == NULL) { ckpDate->month[0] = 0; ckpDate->month[1] = 0; } else { ckLength = (*env)->GetArrayLength(env, jMonth); jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar)); + if (jTempChars == NULL) { + free(ckpDate); + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } (*env)->GetCharArrayRegion(env, jMonth, 0, ckLength, jTempChars); + if ((*env)->ExceptionCheck(env)) { + free(ckpDate); + free(jTempChars); + return NULL; + } + for (i = 0; (i < ckLength) && (i < 4) ; i++) { ckpDate->month[i] = jCharToCKChar(jTempChars[i]); } free(jTempChars); } - /* get Day */ - jFieldID = (*env)->GetFieldID(env, jDateClass, "day", "[C"); - assert(jFieldID != 0); - jDay = (*env)->GetObjectField(env, jDate, jFieldID); - if (jDay == NULL) { ckpDate->day[0] = 0; ckpDate->day[1] = 0; } else { ckLength = (*env)->GetArrayLength(env, jDay); jTempChars = (jchar*) malloc((ckLength) * sizeof(jchar)); + if (jTempChars == NULL) { + free(ckpDate); + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } (*env)->GetCharArrayRegion(env, jDay, 0, ckLength, jTempChars); + if ((*env)->ExceptionCheck(env)) { + free(ckpDate); + free(jTempChars); + return NULL; + } + for (i = 0; (i < ckLength) && (i < 4) ; i++) { ckpDate->day[i] = jCharToCKChar(jTempChars[i]); } @@ -374,23 +423,25 @@ CK_ATTRIBUTE jAttributeToCKAttribute(JNIEnv *env, jobject jAttribute) jlong jType; jobject jPValue; + // TBD: what if jAttribute == NULL?! + TRACE0("\nDEBUG: jAttributeToCKAttribute"); /* get CK_ATTRIBUTE class */ TRACE0(", getting attribute object class"); jAttributeClass = (*env)->GetObjectClass(env, jAttribute); - assert(jAttributeClass != 0); + if (jAttributeClass == NULL) { return ckAttribute; } /* get type */ TRACE0(", getting type field"); jFieldID = (*env)->GetFieldID(env, jAttributeClass, "type", "J"); - assert(jFieldID != 0); + if (jFieldID == NULL) { return ckAttribute; } jType = (*env)->GetLongField(env, jAttribute, jFieldID); TRACE1(", type=0x%X", jType); /* get pValue */ TRACE0(", getting pValue field"); jFieldID = (*env)->GetFieldID(env, jAttributeClass, "pValue", "Ljava/lang/Object;"); - assert(jFieldID != 0); + if (jFieldID == NULL) { return ckAttribute; } jPValue = (*env)->GetObjectField(env, jAttribute, jFieldID); TRACE1(", pValue=%p", jPValue); @@ -417,36 +468,50 @@ CK_SSL3_MASTER_KEY_DERIVE_PARAMS jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriv { // XXX don't return structs // XXX prefetch class and field ids - jclass jSsl3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); + jclass jSsl3MasterKeyDeriveParamsClass; CK_SSL3_MASTER_KEY_DERIVE_PARAMS ckParam; jfieldID fieldID; - jobject jObject; jclass jSsl3RandomDataClass; - jobject jRandomInfo; + jobject jRandomInfo, jRIClientRandom, jRIServerRandom, jVersion; /* get RandomInfo */ - jSsl3RandomDataClass = (*env)->FindClass(env, CLASS_SSL3_RANDOM_DATA); + jSsl3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); + if (jSsl3MasterKeyDeriveParamsClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jSsl3MasterKeyDeriveParamsClass, "RandomInfo", "Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;"); - assert(fieldID != 0); + if (fieldID == NULL) { return ckParam; } jRandomInfo = (*env)->GetObjectField(env, jParam, fieldID); /* get pClientRandom and ulClientRandomLength out of RandomInfo */ + jSsl3RandomDataClass = (*env)->FindClass(env, CLASS_SSL3_RANDOM_DATA); + if (jSsl3RandomDataClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pClientRandom", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jRandomInfo, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.RandomInfo.pClientRandom), &(ckParam.RandomInfo.ulClientRandomLen)); + if (fieldID == NULL) { return ckParam; } + jRIClientRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID); /* get pServerRandom and ulServerRandomLength out of RandomInfo */ fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pServerRandom", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jRandomInfo, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.RandomInfo.pServerRandom), &(ckParam.RandomInfo.ulServerRandomLen)); + if (fieldID == NULL) { return ckParam; } + jRIServerRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID); /* get pVersion */ fieldID = (*env)->GetFieldID(env, jSsl3MasterKeyDeriveParamsClass, "pVersion", "Lsun/security/pkcs11/wrapper/CK_VERSION;"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - ckParam.pVersion = jVersionToCKVersionPtr(env, jObject); + if (fieldID == NULL) { return ckParam; } + jVersion = (*env)->GetObjectField(env, jParam, fieldID); + + /* populate java values */ + ckParam.pVersion = jVersionToCKVersionPtr(env, jVersion); + if ((*env)->ExceptionCheck(env)) { return ckParam; } + jByteArrayToCKByteArray(env, jRIClientRandom, &(ckParam.RandomInfo.pClientRandom), &(ckParam.RandomInfo.ulClientRandomLen)); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.pVersion); + return ckParam; + } + jByteArrayToCKByteArray(env, jRIServerRandom, &(ckParam.RandomInfo.pServerRandom), &(ckParam.RandomInfo.ulServerRandomLen)); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.pVersion); + free(ckParam.RandomInfo.pClientRandom); + return ckParam; + } return ckParam ; } @@ -457,27 +522,52 @@ CK_SSL3_MASTER_KEY_DERIVE_PARAMS jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriv */ CK_TLS_PRF_PARAMS jTlsPrfParamsToCKTlsPrfParam(JNIEnv *env, jobject jParam) { - jclass jTlsPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS); + jclass jTlsPrfParamsClass; CK_TLS_PRF_PARAMS ckParam; jfieldID fieldID; - jobject jObject; + jobject jSeed, jLabel, jOutput; + // TBD: what if jParam == NULL?! + + /* get pSeed */ + jTlsPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS); + if (jTlsPrfParamsClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jTlsPrfParamsClass, "pSeed", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pSeed), &(ckParam.ulSeedLen)); + if (fieldID == NULL) { return ckParam; } + jSeed = (*env)->GetObjectField(env, jParam, fieldID); + /* get pLabel */ fieldID = (*env)->GetFieldID(env, jTlsPrfParamsClass, "pLabel", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pLabel), &(ckParam.ulLabelLen)); - - ckParam.pulOutputLen = malloc(sizeof(CK_ULONG)); + if (fieldID == NULL) { return ckParam; } + jLabel = (*env)->GetObjectField(env, jParam, fieldID); + /* get pOutput */ fieldID = (*env)->GetFieldID(env, jTlsPrfParamsClass, "pOutput", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pOutput), ckParam.pulOutputLen); + if (fieldID == NULL) { return ckParam; } + jOutput = (*env)->GetObjectField(env, jParam, fieldID); + + /* populate java values */ + jByteArrayToCKByteArray(env, jSeed, &(ckParam.pSeed), &(ckParam.ulSeedLen)); + if ((*env)->ExceptionCheck(env)) { return ckParam; } + jByteArrayToCKByteArray(env, jLabel, &(ckParam.pLabel), &(ckParam.ulLabelLen)); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.pSeed); + return ckParam; + } + ckParam.pulOutputLen = malloc(sizeof(CK_ULONG)); + if (ckParam.pulOutputLen == NULL) { + free(ckParam.pSeed); + free(ckParam.pLabel); + JNU_ThrowOutOfMemoryError(env, 0); + return ckParam; + } + jByteArrayToCKByteArray(env, jOutput, &(ckParam.pOutput), ckParam.pulOutputLen); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.pSeed); + free(ckParam.pLabel); + free(ckParam.pulOutputLen); + return ckParam; + } return ckParam ; } @@ -493,68 +583,91 @@ CK_SSL3_KEY_MAT_PARAMS jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject { // XXX don't return structs // XXX prefetch class and field ids - jclass jSsl3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS); + jclass jSsl3KeyMatParamsClass, jSsl3RandomDataClass, jSsl3KeyMatOutClass; CK_SSL3_KEY_MAT_PARAMS ckParam; jfieldID fieldID; - jlong jLong; - jboolean jBoolean; - jobject jObject; - jobject jRandomInfo; - jobject jReturnedKeyMaterial; - jclass jSsl3RandomDataClass; - jclass jSsl3KeyMatOutClass; + jlong jMacSizeInBits, jKeySizeInBits, jIVSizeInBits; + jboolean jIsExport; + jobject jRandomInfo, jRIClientRandom, jRIServerRandom; + jobject jReturnedKeyMaterial, jRMIvClient, jRMIvServer; CK_ULONG ckTemp; /* get ulMacSizeInBits */ + jSsl3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS); + if (jSsl3KeyMatParamsClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "ulMacSizeInBits", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.ulMacSizeInBits = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jMacSizeInBits = (*env)->GetLongField(env, jParam, fieldID); /* get ulKeySizeInBits */ fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "ulKeySizeInBits", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.ulKeySizeInBits = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jKeySizeInBits = (*env)->GetLongField(env, jParam, fieldID); /* get ulIVSizeInBits */ fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "ulIVSizeInBits", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.ulIVSizeInBits = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jIVSizeInBits = (*env)->GetLongField(env, jParam, fieldID); /* get bIsExport */ fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "bIsExport", "Z"); - assert(fieldID != 0); - jBoolean = (*env)->GetBooleanField(env, jParam, fieldID); - ckParam.bIsExport = jBooleanToCKBBool(jBoolean); + if (fieldID == NULL) { return ckParam; } + jIsExport = (*env)->GetBooleanField(env, jParam, fieldID); /* get RandomInfo */ jSsl3RandomDataClass = (*env)->FindClass(env, CLASS_SSL3_RANDOM_DATA); + if (jSsl3RandomDataClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "RandomInfo", "Lsun/security/pkcs11/wrapper/CK_SSL3_RANDOM_DATA;"); - assert(fieldID != 0); + if (fieldID == NULL) { return ckParam; } jRandomInfo = (*env)->GetObjectField(env, jParam, fieldID); /* get pClientRandom and ulClientRandomLength out of RandomInfo */ fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pClientRandom", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jRandomInfo, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.RandomInfo.pClientRandom), &(ckParam.RandomInfo.ulClientRandomLen)); + if (fieldID == NULL) { return ckParam; } + jRIClientRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID); /* get pServerRandom and ulServerRandomLength out of RandomInfo */ fieldID = (*env)->GetFieldID(env, jSsl3RandomDataClass, "pServerRandom", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jRandomInfo, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.RandomInfo.pServerRandom), &(ckParam.RandomInfo.ulServerRandomLen)); + if (fieldID == NULL) { return ckParam; } + jRIServerRandom = (*env)->GetObjectField(env, jRandomInfo, fieldID); /* get pReturnedKeyMaterial */ jSsl3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT); + if (jSsl3KeyMatOutClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jSsl3KeyMatParamsClass, "pReturnedKeyMaterial", "Lsun/security/pkcs11/wrapper/CK_SSL3_KEY_MAT_OUT;"); - assert(fieldID != 0); + if (fieldID == NULL) { return ckParam; } jReturnedKeyMaterial = (*env)->GetObjectField(env, jParam, fieldID); + /* get pIVClient out of pReturnedKeyMaterial */ + fieldID = (*env)->GetFieldID(env, jSsl3KeyMatOutClass, "pIVClient", "[B"); + if (fieldID == NULL) { return ckParam; } + jRMIvClient = (*env)->GetObjectField(env, jReturnedKeyMaterial, fieldID); + + /* get pIVServer out of pReturnedKeyMaterial */ + fieldID = (*env)->GetFieldID(env, jSsl3KeyMatOutClass, "pIVServer", "[B"); + if (fieldID == NULL) { return ckParam; } + jRMIvServer = (*env)->GetObjectField(env, jReturnedKeyMaterial, fieldID); + + /* populate java values */ + ckParam.ulMacSizeInBits = jLongToCKULong(jMacSizeInBits); + ckParam.ulKeySizeInBits = jLongToCKULong(jKeySizeInBits); + ckParam.ulIVSizeInBits = jLongToCKULong(jIVSizeInBits); + ckParam.bIsExport = jBooleanToCKBBool(jIsExport); + jByteArrayToCKByteArray(env, jRIClientRandom, &(ckParam.RandomInfo.pClientRandom), &(ckParam.RandomInfo.ulClientRandomLen)); + if ((*env)->ExceptionCheck(env)) { return ckParam; } + jByteArrayToCKByteArray(env, jRIServerRandom, &(ckParam.RandomInfo.pServerRandom), &(ckParam.RandomInfo.ulServerRandomLen)); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.RandomInfo.pClientRandom); + return ckParam; + } /* allocate memory for pRetrunedKeyMaterial */ ckParam.pReturnedKeyMaterial = (CK_SSL3_KEY_MAT_OUT_PTR) malloc(sizeof(CK_SSL3_KEY_MAT_OUT)); + if (ckParam.pReturnedKeyMaterial == NULL) { + free(ckParam.RandomInfo.pClientRandom); + free(ckParam.RandomInfo.pServerRandom); + JNU_ThrowOutOfMemoryError(env, 0); + return ckParam; + } // the handles are output params only, no need to fetch them from Java ckParam.pReturnedKeyMaterial->hClientMacSecret = 0; @@ -562,17 +675,21 @@ CK_SSL3_KEY_MAT_PARAMS jSsl3KeyMatParamToCKSsl3KeyMatParam(JNIEnv *env, jobject ckParam.pReturnedKeyMaterial->hClientKey = 0; ckParam.pReturnedKeyMaterial->hServerKey = 0; - /* get pIVClient out of pReturnedKeyMaterial */ - fieldID = (*env)->GetFieldID(env, jSsl3KeyMatOutClass, "pIVClient", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jReturnedKeyMaterial, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pReturnedKeyMaterial->pIVClient), &ckTemp); - - /* get pIVServer out of pReturnedKeyMaterial */ - fieldID = (*env)->GetFieldID(env, jSsl3KeyMatOutClass, "pIVServer", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jReturnedKeyMaterial, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pReturnedKeyMaterial->pIVServer), &ckTemp); + jByteArrayToCKByteArray(env, jRMIvClient, &(ckParam.pReturnedKeyMaterial->pIVClient), &ckTemp); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.RandomInfo.pClientRandom); + free(ckParam.RandomInfo.pServerRandom); + free(ckParam.pReturnedKeyMaterial); + return ckParam; + } + jByteArrayToCKByteArray(env, jRMIvServer, &(ckParam.pReturnedKeyMaterial->pIVServer), &ckTemp); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.RandomInfo.pClientRandom); + free(ckParam.RandomInfo.pServerRandom); + free(ckParam.pReturnedKeyMaterial); + free(ckParam.pReturnedKeyMaterial->pIVClient); + return ckParam; + } return ckParam ; } @@ -811,7 +928,7 @@ void jMechanismParameterToCKMechanismParameter(JNIEnv *env, jobject jParam, CK_V *ckpParamPtr = jLongObjectToCKULongPtr(env, jParam); *ckpLength = sizeof(CK_ULONG); } else { - /* printf("slow path jMechanismParameterToCKMechanismParameter\n"); */ + TRACE0("\nSLOW PATH jMechanismParameterToCKMechanismParameter\n"); jMechanismParameterToCKMechanismParameterSlow(env, jParam, ckpParamPtr, ckpLength); } } @@ -819,40 +936,24 @@ void jMechanismParameterToCKMechanismParameter(JNIEnv *env, jobject jParam, CK_V void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, CK_VOID_PTR *ckpParamPtr, CK_ULONG *ckpLength) { /* get all Java mechanism parameter classes */ - jclass jVersionClass = (*env)->FindClass(env, CLASS_VERSION); - jclass jRsaPkcsOaepParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_OAEP_PARAMS); - jclass jPbeParamsClass = (*env)->FindClass(env, CLASS_PBE_PARAMS); - jclass jPkcs5Pbkd2ParamsClass = (*env)->FindClass(env, CLASS_PKCS5_PBKD2_PARAMS); - - jclass jRsaPkcsPssParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_PSS_PARAMS); - jclass jEcdh1DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH1_DERIVE_PARAMS); - jclass jEcdh2DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH2_DERIVE_PARAMS); - jclass jX942Dh1DeriveParamsClass = (*env)->FindClass(env, CLASS_X9_42_DH1_DERIVE_PARAMS); - jclass jX942Dh2DeriveParamsClass = (*env)->FindClass(env, CLASS_X9_42_DH2_DERIVE_PARAMS); - - jclass jSsl3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); - jclass jSsl3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS); - jclass jTlsPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS); + jclass jVersionClass, jSsl3MasterKeyDeriveParamsClass, jSsl3KeyMatParamsClass; + jclass jTlsPrfParamsClass, jRsaPkcsOaepParamsClass, jPbeParamsClass; + jclass jPkcs5Pbkd2ParamsClass, jRsaPkcsPssParamsClass; + jclass jEcdh1DeriveParamsClass, jEcdh2DeriveParamsClass; + jclass jX942Dh1DeriveParamsClass, jX942Dh2DeriveParamsClass; + /* get all Java mechanism parameter classes */ TRACE0("\nDEBUG: jMechanismParameterToCKMechanismParameter"); - /* first check the most common cases */ -/* - if (jParam == NULL) { - *ckpParamPtr = NULL; - *ckpLength = 0; - } else if ((*env)->IsInstanceOf(env, jParam, jByteArrayClass)) { - jByteArrayToCKByteArray(env, jParam, (CK_BYTE_PTR *)ckpParamPtr, ckpLength); - } else if ((*env)->IsInstanceOf(env, jParam, jLongClass)) { - *ckpParamPtr = jLongObjectToCKULongPtr(env, jParam); - *ckpLength = sizeof(CK_ULONG); - } else if ((*env)->IsInstanceOf(env, jParam, jVersionClass)) { -*/ + /* most common cases, i.e. NULL/byte[]/long, are already handled by + * jMechanismParameterToCKMechanismParameter before calling this method. + */ + jVersionClass = (*env)->FindClass(env, CLASS_VERSION); + if (jVersionClass == NULL) { return; } if ((*env)->IsInstanceOf(env, jParam, jVersionClass)) { /* * CK_VERSION used by CKM_SSL3_PRE_MASTER_KEY_GEN */ - CK_VERSION_PTR ckpParam; /* convert jParameter to CKParameter */ @@ -861,191 +962,312 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, /* get length and pointer of parameter */ *ckpLength = sizeof(CK_VERSION); *ckpParamPtr = ckpParam; + return; + } - } else if ((*env)->IsInstanceOf(env, jParam, jSsl3MasterKeyDeriveParamsClass)) { + jSsl3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); + if (jSsl3MasterKeyDeriveParamsClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jParam, jSsl3MasterKeyDeriveParamsClass)) { /* * CK_SSL3_MASTER_KEY_DERIVE_PARAMS */ - CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR ckpParam; ckpParam = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR) malloc(sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS)); + if (ckpParam == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } /* convert jParameter to CKParameter */ *ckpParam = jSsl3MasterKeyDeriveParamToCKSsl3MasterKeyDeriveParam(env, jParam); + if ((*env)->ExceptionCheck(env)) { + free(ckpParam); + return; + } /* get length and pointer of parameter */ *ckpLength = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); *ckpParamPtr = ckpParam; + return; + } - } else if ((*env)->IsInstanceOf(env, jParam, jSsl3KeyMatParamsClass)) { + jSsl3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS); + if (jSsl3KeyMatParamsClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jParam, jSsl3KeyMatParamsClass)) { /* * CK_SSL3_KEY_MAT_PARAMS */ - CK_SSL3_KEY_MAT_PARAMS_PTR ckpParam; ckpParam = (CK_SSL3_KEY_MAT_PARAMS_PTR) malloc(sizeof(CK_SSL3_KEY_MAT_PARAMS)); + if (ckpParam == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } /* convert jParameter to CKParameter */ *ckpParam = jSsl3KeyMatParamToCKSsl3KeyMatParam(env, jParam); + if ((*env)->ExceptionCheck(env)) { + free(ckpParam); + return; + } /* get length and pointer of parameter */ *ckpLength = sizeof(CK_SSL3_KEY_MAT_PARAMS); *ckpParamPtr = ckpParam; + return; + } - } else if ((*env)->IsInstanceOf(env, jParam, jTlsPrfParamsClass)) { - // - // CK_TLS_PRF_PARAMS - // - + jTlsPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS); + if (jTlsPrfParamsClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jParam, jTlsPrfParamsClass)) { + /* + * CK_TLS_PRF_PARAMS + */ CK_TLS_PRF_PARAMS_PTR ckpParam; ckpParam = (CK_TLS_PRF_PARAMS_PTR) malloc(sizeof(CK_TLS_PRF_PARAMS)); + if (ckpParam == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } - // convert jParameter to CKParameter + /* convert jParameter to CKParameter */ *ckpParam = jTlsPrfParamsToCKTlsPrfParam(env, jParam); + if ((*env)->ExceptionCheck(env)) { + free(ckpParam); + return; + } - // get length and pointer of parameter + /* get length and pointer of parameter */ *ckpLength = sizeof(CK_TLS_PRF_PARAMS); *ckpParamPtr = ckpParam; + return; + } - } else if ((*env)->IsInstanceOf(env, jParam, jRsaPkcsOaepParamsClass)) { + jRsaPkcsOaepParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_OAEP_PARAMS); + if (jRsaPkcsOaepParamsClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jParam, jRsaPkcsOaepParamsClass)) { /* * CK_RSA_PKCS_OAEP_PARAMS */ - CK_RSA_PKCS_OAEP_PARAMS_PTR ckpParam; ckpParam = (CK_RSA_PKCS_OAEP_PARAMS_PTR) malloc(sizeof(CK_RSA_PKCS_OAEP_PARAMS)); + if (ckpParam == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } /* convert jParameter to CKParameter */ *ckpParam = jRsaPkcsOaepParamToCKRsaPkcsOaepParam(env, jParam); + if ((*env)->ExceptionCheck(env)) { + free(ckpParam); + return; + } /* get length and pointer of parameter */ *ckpLength = sizeof(CK_RSA_PKCS_OAEP_PARAMS); *ckpParamPtr = ckpParam; + return; + } - } else if ((*env)->IsInstanceOf(env, jParam, jPbeParamsClass)) { + jPbeParamsClass = (*env)->FindClass(env, CLASS_PBE_PARAMS); + if (jPbeParamsClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jParam, jPbeParamsClass)) { /* * CK_PBE_PARAMS */ - CK_PBE_PARAMS_PTR ckpParam; ckpParam = (CK_PBE_PARAMS_PTR) malloc(sizeof(CK_PBE_PARAMS)); + if (ckpParam == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } /* convert jParameter to CKParameter */ *ckpParam = jPbeParamToCKPbeParam(env, jParam); + if ((*env)->ExceptionCheck(env)) { + free(ckpParam); + return; + } /* get length and pointer of parameter */ *ckpLength = sizeof(CK_PBE_PARAMS); *ckpParamPtr = ckpParam; + return; + } - } else if ((*env)->IsInstanceOf(env, jParam, jPkcs5Pbkd2ParamsClass)) { + jPkcs5Pbkd2ParamsClass = (*env)->FindClass(env, CLASS_PKCS5_PBKD2_PARAMS); + if (jPkcs5Pbkd2ParamsClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jParam, jPkcs5Pbkd2ParamsClass)) { /* * CK_PKCS5_PBKD2_PARAMS */ - CK_PKCS5_PBKD2_PARAMS_PTR ckpParam; ckpParam = (CK_PKCS5_PBKD2_PARAMS_PTR) malloc(sizeof(CK_PKCS5_PBKD2_PARAMS)); + if (ckpParam == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } /* convert jParameter to CKParameter */ *ckpParam = jPkcs5Pbkd2ParamToCKPkcs5Pbkd2Param(env, jParam); + if ((*env)->ExceptionCheck(env)) { + free(ckpParam); + return; + } /* get length and pointer of parameter */ *ckpLength = sizeof(CK_PKCS5_PBKD2_PARAMS); *ckpParamPtr = ckpParam; + return; + } - } else if ((*env)->IsInstanceOf(env, jParam, jRsaPkcsPssParamsClass)) { + jRsaPkcsPssParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_PSS_PARAMS); + if (jRsaPkcsPssParamsClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jParam, jRsaPkcsPssParamsClass)) { /* * CK_RSA_PKCS_PSS_PARAMS */ - CK_RSA_PKCS_PSS_PARAMS_PTR ckpParam; ckpParam = (CK_RSA_PKCS_PSS_PARAMS_PTR) malloc(sizeof(CK_RSA_PKCS_PSS_PARAMS)); + if (ckpParam == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } /* convert jParameter to CKParameter */ *ckpParam = jRsaPkcsPssParamToCKRsaPkcsPssParam(env, jParam); + if ((*env)->ExceptionCheck(env)) { + free(ckpParam); + return; + } /* get length and pointer of parameter */ *ckpLength = sizeof(CK_RSA_PKCS_PSS_PARAMS); *ckpParamPtr = ckpParam; + return; + } - } else if ((*env)->IsInstanceOf(env, jParam, jEcdh1DeriveParamsClass)) { + jEcdh1DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH1_DERIVE_PARAMS); + if (jEcdh1DeriveParamsClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jParam, jEcdh1DeriveParamsClass)) { /* * CK_ECDH1_DERIVE_PARAMS */ - CK_ECDH1_DERIVE_PARAMS_PTR ckpParam; ckpParam = (CK_ECDH1_DERIVE_PARAMS_PTR) malloc(sizeof(CK_ECDH1_DERIVE_PARAMS)); + if (ckpParam == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } /* convert jParameter to CKParameter */ *ckpParam = jEcdh1DeriveParamToCKEcdh1DeriveParam(env, jParam); + if ((*env)->ExceptionCheck(env)) { + free(ckpParam); + return; + } /* get length and pointer of parameter */ *ckpLength = sizeof(CK_ECDH1_DERIVE_PARAMS); *ckpParamPtr = ckpParam; + return; + } - } else if ((*env)->IsInstanceOf(env, jParam, jEcdh2DeriveParamsClass)) { + jEcdh2DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH2_DERIVE_PARAMS); + if (jEcdh2DeriveParamsClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jParam, jEcdh2DeriveParamsClass)) { /* * CK_ECDH2_DERIVE_PARAMS */ - CK_ECDH2_DERIVE_PARAMS_PTR ckpParam; ckpParam = (CK_ECDH2_DERIVE_PARAMS_PTR) malloc(sizeof(CK_ECDH2_DERIVE_PARAMS)); + if (ckpParam == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } /* convert jParameter to CKParameter */ *ckpParam = jEcdh2DeriveParamToCKEcdh2DeriveParam(env, jParam); + if ((*env)->ExceptionCheck(env)) { + free(ckpParam); + return; + } /* get length and pointer of parameter */ *ckpLength = sizeof(CK_ECDH2_DERIVE_PARAMS); *ckpParamPtr = ckpParam; + return; + } - } else if ((*env)->IsInstanceOf(env, jParam, jX942Dh1DeriveParamsClass)) { + jX942Dh1DeriveParamsClass = (*env)->FindClass(env, CLASS_X9_42_DH1_DERIVE_PARAMS); + if (jX942Dh1DeriveParamsClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jParam, jX942Dh1DeriveParamsClass)) { /* * CK_X9_42_DH1_DERIVE_PARAMS */ - CK_X9_42_DH1_DERIVE_PARAMS_PTR ckpParam; ckpParam = (CK_X9_42_DH1_DERIVE_PARAMS_PTR) malloc(sizeof(CK_X9_42_DH1_DERIVE_PARAMS)); + if (ckpParam == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } /* convert jParameter to CKParameter */ *ckpParam = jX942Dh1DeriveParamToCKX942Dh1DeriveParam(env, jParam); + if ((*env)->ExceptionCheck(env)) { + free(ckpParam); + return; + } /* get length and pointer of parameter */ *ckpLength = sizeof(CK_X9_42_DH1_DERIVE_PARAMS); *ckpParamPtr = ckpParam; + return; + } - } else if ((*env)->IsInstanceOf(env, jParam, jX942Dh2DeriveParamsClass)) { + jX942Dh2DeriveParamsClass = (*env)->FindClass(env, CLASS_X9_42_DH2_DERIVE_PARAMS); + if (jX942Dh2DeriveParamsClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jParam, jX942Dh2DeriveParamsClass)) { /* * CK_X9_42_DH2_DERIVE_PARAMS */ - CK_X9_42_DH2_DERIVE_PARAMS_PTR ckpParam; ckpParam = (CK_X9_42_DH2_DERIVE_PARAMS_PTR) malloc(sizeof(CK_X9_42_DH2_DERIVE_PARAMS)); + if (ckpParam == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } /* convert jParameter to CKParameter */ *ckpParam = jX942Dh2DeriveParamToCKX942Dh2DeriveParam(env, jParam); + if ((*env)->ExceptionCheck(env)) { + free(ckpParam); + return; + } /* get length and pointer of parameter */ *ckpLength = sizeof(CK_X9_42_DH2_DERIVE_PARAMS); *ckpParamPtr = ckpParam; - - } else { - /* if everything faild up to here */ - /* try if the parameter is a primitive Java type */ - jObjectToPrimitiveCKObjectPtrPtr(env, jParam, ckpParamPtr, ckpLength); - /* *ckpParamPtr = jObjectToCKVoidPtr(jParam); */ - /* *ckpLength = 1; */ + return; } + /* if everything faild up to here */ + /* try if the parameter is a primitive Java type */ + jObjectToPrimitiveCKObjectPtrPtr(env, jParam, ckpParamPtr, ckpLength); + /* *ckpParamPtr = jObjectToCKVoidPtr(jParam); */ + /* *ckpLength = 1; */ + TRACE0("FINISHED\n"); } @@ -1061,36 +1283,41 @@ void jMechanismParameterToCKMechanismParameterSlow(JNIEnv *env, jobject jParam, */ CK_RSA_PKCS_OAEP_PARAMS jRsaPkcsOaepParamToCKRsaPkcsOaepParam(JNIEnv *env, jobject jParam) { - jclass jRsaPkcsOaepParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_OAEP_PARAMS); + jclass jRsaPkcsOaepParamsClass; CK_RSA_PKCS_OAEP_PARAMS ckParam; jfieldID fieldID; - jlong jLong; - jobject jObject; + jlong jHashAlg, jMgf, jSource; + jobject jSourceData; CK_BYTE_PTR ckpByte; /* get hashAlg */ + jRsaPkcsOaepParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_OAEP_PARAMS); + if (jRsaPkcsOaepParamsClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jRsaPkcsOaepParamsClass, "hashAlg", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.hashAlg = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jHashAlg = (*env)->GetLongField(env, jParam, fieldID); /* get mgf */ fieldID = (*env)->GetFieldID(env, jRsaPkcsOaepParamsClass, "mgf", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.mgf = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jMgf = (*env)->GetLongField(env, jParam, fieldID); /* get source */ fieldID = (*env)->GetFieldID(env, jRsaPkcsOaepParamsClass, "source", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.source = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jSource = (*env)->GetLongField(env, jParam, fieldID); /* get sourceData and sourceDataLength */ fieldID = (*env)->GetFieldID(env, jRsaPkcsOaepParamsClass, "pSourceData", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &ckpByte, &(ckParam.ulSourceDataLen)); + if (fieldID == NULL) { return ckParam; } + jSourceData = (*env)->GetObjectField(env, jParam, fieldID); + + /* populate java values */ + ckParam.hashAlg = jLongToCKULong(jHashAlg); + ckParam.mgf = jLongToCKULong(jMgf); + ckParam.source = jLongToCKULong(jSource); + jByteArrayToCKByteArray(env, jSourceData, & ckpByte, &(ckParam.ulSourceDataLen)); + if ((*env)->ExceptionCheck(env)) { return ckParam; } ckParam.pSourceData = (CK_VOID_PTR) ckpByte; return ckParam ; @@ -1105,36 +1332,50 @@ CK_RSA_PKCS_OAEP_PARAMS jRsaPkcsOaepParamToCKRsaPkcsOaepParam(JNIEnv *env, jobje */ CK_PBE_PARAMS jPbeParamToCKPbeParam(JNIEnv *env, jobject jParam) { - jclass jPbeParamsClass = (*env)->FindClass(env, CLASS_PBE_PARAMS); + jclass jPbeParamsClass; CK_PBE_PARAMS ckParam; jfieldID fieldID; - jlong jLong; - jobject jObject; + jlong jIteration; + jobject jInitVector, jPassword, jSalt; CK_ULONG ckTemp; /* get pInitVector */ + jPbeParamsClass = (*env)->FindClass(env, CLASS_PBE_PARAMS); + if (jPbeParamsClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jPbeParamsClass, "pInitVector", "[C"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jCharArrayToCKCharArray(env, jObject, &(ckParam.pInitVector), &ckTemp); + if (fieldID == NULL) { return ckParam; } + jInitVector = (*env)->GetObjectField(env, jParam, fieldID); /* get pPassword and ulPasswordLength */ fieldID = (*env)->GetFieldID(env, jPbeParamsClass, "pPassword", "[C"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jCharArrayToCKCharArray(env, jObject, &(ckParam.pPassword), &(ckParam.ulPasswordLen)); + if (fieldID == NULL) { return ckParam; } + jPassword = (*env)->GetObjectField(env, jParam, fieldID); /* get pSalt and ulSaltLength */ fieldID = (*env)->GetFieldID(env, jPbeParamsClass, "pSalt", "[C"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jCharArrayToCKCharArray(env, jObject, &(ckParam.pSalt), &(ckParam.ulSaltLen)); + if (fieldID == NULL) { return ckParam; } + jSalt = (*env)->GetObjectField(env, jParam, fieldID); /* get ulIteration */ fieldID = (*env)->GetFieldID(env, jPbeParamsClass, "ulIteration", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.ulIteration = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jIteration = (*env)->GetLongField(env, jParam, fieldID); + + /* populate java values */ + ckParam.ulIteration = jLongToCKULong(jIteration); + jCharArrayToCKCharArray(env, jInitVector, &(ckParam.pInitVector), &ckTemp); + if ((*env)->ExceptionCheck(env)) { return ckParam; } + jCharArrayToCKCharArray(env, jPassword, &(ckParam.pPassword), &(ckParam.ulPasswordLen)); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.pInitVector); + return ckParam; + } + jCharArrayToCKCharArray(env, jSalt, &(ckParam.pSalt), &(ckParam.ulSaltLen)); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.pInitVector); + free(ckParam.pPassword); + return ckParam; + } return ckParam ; } @@ -1147,8 +1388,7 @@ CK_PBE_PARAMS jPbeParamToCKPbeParam(JNIEnv *env, jobject jParam) */ void copyBackPBEInitializationVector(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism) { - jclass jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM); - jclass jPbeParamsClass = (*env)->FindClass(env, CLASS_PBE_PARAMS); + jclass jMechanismClass, jPbeParamsClass; CK_PBE_PARAMS *ckParam; jfieldID fieldID; CK_MECHANISM_TYPE ckMechanismType; @@ -1161,8 +1401,10 @@ void copyBackPBEInitializationVector(JNIEnv *env, CK_MECHANISM *ckMechanism, job jchar* jInitVectorChars; /* get mechanism */ + jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM); + if (jMechanismClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); ckMechanismType = jLongToCKULong(jMechanismType); if (ckMechanismType != ckMechanism->mechanism) { @@ -1170,21 +1412,25 @@ void copyBackPBEInitializationVector(JNIEnv *env, CK_MECHANISM *ckMechanism, job return; } + jPbeParamsClass = (*env)->FindClass(env, CLASS_PBE_PARAMS); + if (jPbeParamsClass == NULL) { return; } ckParam = (CK_PBE_PARAMS *) ckMechanism->pParameter; if (ckParam != NULL_PTR) { initVector = ckParam->pInitVector; if (initVector != NULL_PTR) { /* get pParameter */ fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } jParameter = (*env)->GetObjectField(env, jMechanism, fieldID); fieldID = (*env)->GetFieldID(env, jPbeParamsClass, "pInitVektor", "[C"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } jInitVector = (*env)->GetObjectField(env, jParameter, fieldID); if (jInitVector != NULL) { jInitVectorLength = (*env)->GetArrayLength(env, jInitVector); jInitVectorChars = (*env)->GetCharArrayElements(env, jInitVector, NULL); + if (jInitVectorChars == NULL) { return; } + /* copy the chars to the Java buffer */ for (i=0; i < jInitVectorLength; i++) { jInitVectorChars[i] = ckCharToJChar(initVector[i]); @@ -1205,41 +1451,50 @@ void copyBackPBEInitializationVector(JNIEnv *env, CK_MECHANISM *ckMechanism, job */ CK_PKCS5_PBKD2_PARAMS jPkcs5Pbkd2ParamToCKPkcs5Pbkd2Param(JNIEnv *env, jobject jParam) { - jclass jPkcs5Pbkd2ParamsClass = (*env)->FindClass(env, CLASS_PKCS5_PBKD2_PARAMS); + jclass jPkcs5Pbkd2ParamsClass; CK_PKCS5_PBKD2_PARAMS ckParam; jfieldID fieldID; - jlong jLong; - jobject jObject; + jlong jSaltSource, jIteration, jPrf; + jobject jSaltSourceData, jPrfData; /* get saltSource */ + jPkcs5Pbkd2ParamsClass = (*env)->FindClass(env, CLASS_PKCS5_PBKD2_PARAMS); + if (jPkcs5Pbkd2ParamsClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jPkcs5Pbkd2ParamsClass, "saltSource", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.saltSource = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jSaltSource = (*env)->GetLongField(env, jParam, fieldID); /* get pSaltSourceData */ fieldID = (*env)->GetFieldID(env, jPkcs5Pbkd2ParamsClass, "pSaltSourceData", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, (CK_BYTE_PTR *) &(ckParam.pSaltSourceData), &(ckParam.ulSaltSourceDataLen)); + if (fieldID == NULL) { return ckParam; } + jSaltSourceData = (*env)->GetObjectField(env, jParam, fieldID); /* get iterations */ fieldID = (*env)->GetFieldID(env, jPkcs5Pbkd2ParamsClass, "iterations", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.iterations = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jIteration = (*env)->GetLongField(env, jParam, fieldID); /* get prf */ fieldID = (*env)->GetFieldID(env, jPkcs5Pbkd2ParamsClass, "prf", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.prf = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jPrf = (*env)->GetLongField(env, jParam, fieldID); /* get pPrfData and ulPrfDataLength in byte */ fieldID = (*env)->GetFieldID(env, jPkcs5Pbkd2ParamsClass, "pPrfData", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, (CK_BYTE_PTR *) &(ckParam.pPrfData), &(ckParam.ulPrfDataLen)); + if (fieldID == NULL) { return ckParam; } + jPrfData = (*env)->GetObjectField(env, jParam, fieldID); + + /* populate java values */ + ckParam.saltSource = jLongToCKULong(jSaltSource); + jByteArrayToCKByteArray(env, jSaltSourceData, (CK_BYTE_PTR *) &(ckParam.pSaltSourceData), &(ckParam.ulSaltSourceDataLen)); + if ((*env)->ExceptionCheck(env)) { return ckParam; } + ckParam.iterations = jLongToCKULong(jIteration); + ckParam.prf = jLongToCKULong(jPrf); + jByteArrayToCKByteArray(env, jPrfData, (CK_BYTE_PTR *) &(ckParam.pPrfData), &(ckParam.ulPrfDataLen)); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.pSaltSourceData); + return ckParam; + } return ckParam ; } @@ -1253,28 +1508,32 @@ CK_PKCS5_PBKD2_PARAMS jPkcs5Pbkd2ParamToCKPkcs5Pbkd2Param(JNIEnv *env, jobject j */ CK_RSA_PKCS_PSS_PARAMS jRsaPkcsPssParamToCKRsaPkcsPssParam(JNIEnv *env, jobject jParam) { - jclass jRsaPkcsPssParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_PSS_PARAMS); + jclass jRsaPkcsPssParamsClass; CK_RSA_PKCS_PSS_PARAMS ckParam; jfieldID fieldID; - jlong jLong; + jlong jHashAlg, jMgf, jSLen; /* get hashAlg */ + jRsaPkcsPssParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_PSS_PARAMS); + if (jRsaPkcsPssParamsClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jRsaPkcsPssParamsClass, "hashAlg", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.hashAlg = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jHashAlg = (*env)->GetLongField(env, jParam, fieldID); /* get mgf */ fieldID = (*env)->GetFieldID(env, jRsaPkcsPssParamsClass, "mgf", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.mgf = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jMgf = (*env)->GetLongField(env, jParam, fieldID); /* get sLen */ fieldID = (*env)->GetFieldID(env, jRsaPkcsPssParamsClass, "sLen", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.sLen = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jSLen = (*env)->GetLongField(env, jParam, fieldID); + + /* populate java values */ + ckParam.hashAlg = jLongToCKULong(jHashAlg); + ckParam.mgf = jLongToCKULong(jMgf); + ckParam.sLen = jLongToCKULong(jSLen); return ckParam ; } @@ -1288,29 +1547,39 @@ CK_RSA_PKCS_PSS_PARAMS jRsaPkcsPssParamToCKRsaPkcsPssParam(JNIEnv *env, jobject */ CK_ECDH1_DERIVE_PARAMS jEcdh1DeriveParamToCKEcdh1DeriveParam(JNIEnv *env, jobject jParam) { - jclass jEcdh1DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH1_DERIVE_PARAMS); + jclass jEcdh1DeriveParamsClass; CK_ECDH1_DERIVE_PARAMS ckParam; jfieldID fieldID; jlong jLong; - jobject jObject; + jobject jSharedData, jPublicData; /* get kdf */ + jEcdh1DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH1_DERIVE_PARAMS); + if (jEcdh1DeriveParamsClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jEcdh1DeriveParamsClass, "kdf", "J"); - assert(fieldID != 0); + if (fieldID == NULL) { return ckParam; } jLong = (*env)->GetLongField(env, jParam, fieldID); ckParam.kdf = jLongToCKULong(jLong); /* get pSharedData and ulSharedDataLen */ fieldID = (*env)->GetFieldID(env, jEcdh1DeriveParamsClass, "pSharedData", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pSharedData), &(ckParam.ulSharedDataLen)); + if (fieldID == NULL) { return ckParam; } + jSharedData = (*env)->GetObjectField(env, jParam, fieldID); /* get pPublicData and ulPublicDataLen */ fieldID = (*env)->GetFieldID(env, jEcdh1DeriveParamsClass, "pPublicData", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pPublicData), &(ckParam.ulPublicDataLen)); + if (fieldID == NULL) { return ckParam; } + jPublicData = (*env)->GetObjectField(env, jParam, fieldID); + + /* populate java values */ + ckParam.kdf = jLongToCKULong(jLong); + jByteArrayToCKByteArray(env, jSharedData, &(ckParam.pSharedData), &(ckParam.ulSharedDataLen)); + if ((*env)->ExceptionCheck(env)) { return ckParam; } + jByteArrayToCKByteArray(env, jPublicData, &(ckParam.pPublicData), &(ckParam.ulPublicDataLen)); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.pSharedData); + return ckParam; + } return ckParam ; } @@ -1324,48 +1593,61 @@ CK_ECDH1_DERIVE_PARAMS jEcdh1DeriveParamToCKEcdh1DeriveParam(JNIEnv *env, jobjec */ CK_ECDH2_DERIVE_PARAMS jEcdh2DeriveParamToCKEcdh2DeriveParam(JNIEnv *env, jobject jParam) { - jclass jEcdh2DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH2_DERIVE_PARAMS); + jclass jEcdh2DeriveParamsClass; CK_ECDH2_DERIVE_PARAMS ckParam; jfieldID fieldID; - jlong jLong; - jobject jObject; + jlong jKdf, jPrivateDataLen, jPrivateData; + jobject jSharedData, jPublicData, jPublicData2; /* get kdf */ + jEcdh2DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH2_DERIVE_PARAMS); + if (jEcdh2DeriveParamsClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jEcdh2DeriveParamsClass, "kdf", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.kdf = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jKdf = (*env)->GetLongField(env, jParam, fieldID); /* get pSharedData and ulSharedDataLen */ fieldID = (*env)->GetFieldID(env, jEcdh2DeriveParamsClass, "pSharedData", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pSharedData), &(ckParam.ulSharedDataLen)); + if (fieldID == NULL) { return ckParam; } + jSharedData = (*env)->GetObjectField(env, jParam, fieldID); /* get pPublicData and ulPublicDataLen */ fieldID = (*env)->GetFieldID(env, jEcdh2DeriveParamsClass, "pPublicData", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pPublicData), &(ckParam.ulPublicDataLen)); + if (fieldID == NULL) { return ckParam; } + jPublicData = (*env)->GetObjectField(env, jParam, fieldID); /* get ulPrivateDataLen */ fieldID = (*env)->GetFieldID(env, jEcdh2DeriveParamsClass, "ulPrivateDataLen", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.ulPrivateDataLen = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jPrivateDataLen = (*env)->GetLongField(env, jParam, fieldID); /* get hPrivateData */ fieldID = (*env)->GetFieldID(env, jEcdh2DeriveParamsClass, "hPrivateData", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.hPrivateData = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jPrivateData = (*env)->GetLongField(env, jParam, fieldID); /* get pPublicData2 and ulPublicDataLen2 */ fieldID = (*env)->GetFieldID(env, jEcdh2DeriveParamsClass, "pPublicData2", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pPublicData2), &(ckParam.ulPublicDataLen2)); + if (fieldID == NULL) { return ckParam; } + jPublicData2 = (*env)->GetObjectField(env, jParam, fieldID); + /* populate java values */ + ckParam.kdf = jLongToCKULong(jKdf); + jByteArrayToCKByteArray(env, jSharedData, &(ckParam.pSharedData), &(ckParam.ulSharedDataLen)); + if ((*env)->ExceptionCheck(env)) { return ckParam; } + jByteArrayToCKByteArray(env, jPublicData, &(ckParam.pPublicData), &(ckParam.ulPublicDataLen)); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.pSharedData); + return ckParam; + } + ckParam.ulPrivateDataLen = jLongToCKULong(jPrivateDataLen); + ckParam.hPrivateData = jLongToCKULong(jPrivateData); + jByteArrayToCKByteArray(env, jPublicData2, &(ckParam.pPublicData2), &(ckParam.ulPublicDataLen2)); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.pSharedData); + free(ckParam.pPublicData); + return ckParam; + } return ckParam ; } @@ -1378,29 +1660,38 @@ CK_ECDH2_DERIVE_PARAMS jEcdh2DeriveParamToCKEcdh2DeriveParam(JNIEnv *env, jobjec */ CK_X9_42_DH1_DERIVE_PARAMS jX942Dh1DeriveParamToCKX942Dh1DeriveParam(JNIEnv *env, jobject jParam) { - jclass jX942Dh1DeriveParamsClass = (*env)->FindClass(env, CLASS_X9_42_DH1_DERIVE_PARAMS); + jclass jX942Dh1DeriveParamsClass; CK_X9_42_DH1_DERIVE_PARAMS ckParam; jfieldID fieldID; - jlong jLong; - jobject jObject; + jlong jKdf; + jobject jOtherInfo, jPublicData; /* get kdf */ + jX942Dh1DeriveParamsClass = (*env)->FindClass(env, CLASS_X9_42_DH1_DERIVE_PARAMS); + if (jX942Dh1DeriveParamsClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jX942Dh1DeriveParamsClass, "kdf", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.kdf = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jKdf = (*env)->GetLongField(env, jParam, fieldID); /* get pOtherInfo and ulOtherInfoLen */ fieldID = (*env)->GetFieldID(env, jX942Dh1DeriveParamsClass, "pOtherInfo", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pOtherInfo), &(ckParam.ulOtherInfoLen)); + if (fieldID == NULL) { return ckParam; } + jOtherInfo = (*env)->GetObjectField(env, jParam, fieldID); /* get pPublicData and ulPublicDataLen */ fieldID = (*env)->GetFieldID(env, jX942Dh1DeriveParamsClass, "pPublicData", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pPublicData), &(ckParam.ulPublicDataLen)); + if (fieldID == NULL) { return ckParam; } + jPublicData = (*env)->GetObjectField(env, jParam, fieldID); + + /* populate java values */ + ckParam.kdf = jLongToCKULong(jKdf); + jByteArrayToCKByteArray(env, jOtherInfo, &(ckParam.pOtherInfo), &(ckParam.ulOtherInfoLen)); + if ((*env)->ExceptionCheck(env)) { return ckParam; } + jByteArrayToCKByteArray(env, jPublicData, &(ckParam.pPublicData), &(ckParam.ulPublicDataLen)); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.pOtherInfo); + return ckParam; + } return ckParam ; } @@ -1414,47 +1705,61 @@ CK_X9_42_DH1_DERIVE_PARAMS jX942Dh1DeriveParamToCKX942Dh1DeriveParam(JNIEnv *env */ CK_X9_42_DH2_DERIVE_PARAMS jX942Dh2DeriveParamToCKX942Dh2DeriveParam(JNIEnv *env, jobject jParam) { - jclass jX942Dh2DeriveParamsClass = (*env)->FindClass(env, CLASS_X9_42_DH2_DERIVE_PARAMS); + jclass jX942Dh2DeriveParamsClass; CK_X9_42_DH2_DERIVE_PARAMS ckParam; jfieldID fieldID; - jlong jLong; - jobject jObject; + jlong jKdf, jPrivateDataLen, jPrivateData; + jobject jOtherInfo, jPublicData, jPublicData2; /* get kdf */ + jX942Dh2DeriveParamsClass = (*env)->FindClass(env, CLASS_X9_42_DH2_DERIVE_PARAMS); + if (jX942Dh2DeriveParamsClass == NULL) { return ckParam; } fieldID = (*env)->GetFieldID(env, jX942Dh2DeriveParamsClass, "kdf", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.kdf = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jKdf = (*env)->GetLongField(env, jParam, fieldID); /* get pOtherInfo and ulOtherInfoLen */ fieldID = (*env)->GetFieldID(env, jX942Dh2DeriveParamsClass, "pOtherInfo", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pOtherInfo), &(ckParam.ulOtherInfoLen)); + if (fieldID == NULL) { return ckParam; } + jOtherInfo = (*env)->GetObjectField(env, jParam, fieldID); /* get pPublicData and ulPublicDataLen */ fieldID = (*env)->GetFieldID(env, jX942Dh2DeriveParamsClass, "pPublicData", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pPublicData), &(ckParam.ulPublicDataLen)); + if (fieldID == NULL) { return ckParam; } + jPublicData = (*env)->GetObjectField(env, jParam, fieldID); /* get ulPrivateDataLen */ fieldID = (*env)->GetFieldID(env, jX942Dh2DeriveParamsClass, "ulPrivateDataLen", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.ulPrivateDataLen = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jPrivateDataLen = (*env)->GetLongField(env, jParam, fieldID); /* get hPrivateData */ fieldID = (*env)->GetFieldID(env, jX942Dh2DeriveParamsClass, "hPrivateData", "J"); - assert(fieldID != 0); - jLong = (*env)->GetLongField(env, jParam, fieldID); - ckParam.hPrivateData = jLongToCKULong(jLong); + if (fieldID == NULL) { return ckParam; } + jPrivateData = (*env)->GetLongField(env, jParam, fieldID); /* get pPublicData2 and ulPublicDataLen2 */ fieldID = (*env)->GetFieldID(env, jX942Dh2DeriveParamsClass, "pPublicData2", "[B"); - assert(fieldID != 0); - jObject = (*env)->GetObjectField(env, jParam, fieldID); - jByteArrayToCKByteArray(env, jObject, &(ckParam.pPublicData2), &(ckParam.ulPublicDataLen2)); + if (fieldID == NULL) { return ckParam; } + jPublicData2 = (*env)->GetObjectField(env, jParam, fieldID); + + /* populate java values */ + ckParam.kdf = jLongToCKULong(jKdf); + jByteArrayToCKByteArray(env, jOtherInfo, &(ckParam.pOtherInfo), &(ckParam.ulOtherInfoLen)); + if ((*env)->ExceptionCheck(env)) { return ckParam; } + jByteArrayToCKByteArray(env, jPublicData, &(ckParam.pPublicData), &(ckParam.ulPublicDataLen)); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.pOtherInfo); + return ckParam; + } + ckParam.ulPrivateDataLen = jLongToCKULong(jPrivateDataLen); + ckParam.hPrivateData = jLongToCKULong(jPrivateData); + jByteArrayToCKByteArray(env, jPublicData2, &(ckParam.pPublicData2), &(ckParam.ulPublicDataLen2)); + if ((*env)->ExceptionCheck(env)) { + free(ckParam.pOtherInfo); + free(ckParam.pPublicData); + return ckParam; + } return ckParam ; } diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c index bbcbe90e317..63366d43580 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c @@ -1,5 +1,5 @@ /* - * Portions Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -81,6 +81,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1EncryptInit ckSessionHandle = jLongToCKULong(jSessionHandle); ckKeyHandle = jLongToCKULong(jKeyHandle); jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + if ((*env)->ExceptionCheck(env)) { return; } rv = (*ckpFunctions->C_EncryptInit)(ckSessionHandle, &ckMechanism, ckKeyHandle); @@ -126,14 +127,29 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1Encrypt if (jInLen > MAX_STACK_BUFFER_LEN) { inBufP = (CK_BYTE_PTR)malloc((size_t)jInLen); + if (inBufP == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return 0; + } } else { inBufP = IBUF; } (*env)->GetByteArrayRegion(env, jIn, jInOfs, jInLen, (jbyte *)inBufP); + if ((*env)->ExceptionCheck(env)) { + if (inBufP != IBUF) { free(inBufP); } + return 0; + } ckEncryptedPartLen = jOutLen; if (jOutLen > MAX_STACK_BUFFER_LEN) { outBufP = (CK_BYTE_PTR)malloc((size_t)jOutLen); + if (outBufP == NULL) { + if (inBufP != IBUF) { + free(inBufP); + } + JNU_ThrowOutOfMemoryError(env, 0); + return 0; + } } else { outBufP = OBUF; } @@ -193,10 +209,18 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1EncryptUpdate } else { if (jInLen > MAX_STACK_BUFFER_LEN) { inBufP = (CK_BYTE_PTR)malloc((size_t)jInLen); + if (inBufP == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return 0; + } } else { inBufP = IBUF; } (*env)->GetByteArrayRegion(env, jIn, jInOfs, jInLen, (jbyte *)inBufP); + if ((*env)->ExceptionCheck(env)) { + if (directIn == 0 && inBufP != IBUF) { free(inBufP); } + return 0; + } } ckEncryptedPartLen = jOutLen; @@ -205,6 +229,13 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1EncryptUpdate } else { if (jOutLen > MAX_STACK_BUFFER_LEN) { outBufP = (CK_BYTE_PTR)malloc((size_t)jOutLen); + if (outBufP == NULL) { + if (directIn == 0 && inBufP != IBUF) { + free(inBufP); + } + JNU_ThrowOutOfMemoryError(env, 0); + return 0; + } } else { outBufP = OBUF; } @@ -317,6 +348,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptInit ckSessionHandle = jLongToCKULong(jSessionHandle); ckKeyHandle = jLongToCKULong(jKeyHandle); jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + if ((*env)->ExceptionCheck(env)) { return; } rv = (*ckpFunctions->C_DecryptInit)(ckSessionHandle, &ckMechanism, ckKeyHandle); @@ -362,14 +394,29 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1Decrypt if (jInLen > MAX_STACK_BUFFER_LEN) { inBufP = (CK_BYTE_PTR)malloc((size_t)jInLen); + if (inBufP == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return 0; + } } else { inBufP = IBUF; } (*env)->GetByteArrayRegion(env, jIn, jInOfs, jInLen, (jbyte *)inBufP); + if ((*env)->ExceptionCheck(env)) { + if (inBufP != IBUF) { free(inBufP); } + return 0; + } ckPartLen = jOutLen; if (jOutLen > MAX_STACK_BUFFER_LEN) { outBufP = (CK_BYTE_PTR)malloc((size_t)jOutLen); + if (outBufP == NULL) { + if (inBufP != IBUF) { + free(inBufP); + } + JNU_ThrowOutOfMemoryError(env, 0); + return 0; + } } else { outBufP = OBUF; } @@ -429,10 +476,18 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptUpdate } else { if (jInLen > MAX_STACK_BUFFER_LEN) { inBufP = (CK_BYTE_PTR)malloc((size_t)jInLen); + if (inBufP == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return 0; + } } else { inBufP = IBUF; } (*env)->GetByteArrayRegion(env, jIn, jInOfs, jInLen, (jbyte *)inBufP); + if ((*env)->ExceptionCheck(env)) { + if (directIn == 0 && inBufP != IBUF) { free(inBufP); } + return 0; + } } ckDecryptedPartLen = jOutLen; @@ -441,6 +496,13 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptUpdate } else { if (jOutLen > MAX_STACK_BUFFER_LEN) { outBufP = (CK_BYTE_PTR)malloc((size_t)jOutLen); + if (outBufP == NULL) { + if (directIn == 0 && inBufP != IBUF) { + free(inBufP); + } + JNU_ThrowOutOfMemoryError(env, 0); + return 0; + } } else { outBufP = OBUF; } diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c index 978479bb311..8ff5ecc1b02 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c @@ -1,5 +1,5 @@ /* - * Portions Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -75,6 +75,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestInit ckSessionHandle = jLongToCKULong(jSessionHandle); jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + if ((*env)->ExceptionCheck(env)) { return; } rv = (*ckpFunctions->C_DigestInit)(ckSessionHandle, &ckMechanism); @@ -82,7 +83,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestInit free(ckMechanism.pParameter); } - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif @@ -114,6 +115,7 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestSingle ckSessionHandle = jLongToCKULong(jSessionHandle); jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + if ((*env)->ExceptionCheck(env)) { return 0; } rv = (*ckpFunctions->C_DigestInit)(ckSessionHandle, &ckMechanism); @@ -121,29 +123,32 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestSingle free(ckMechanism.pParameter); } - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return 0; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return 0; } if (jInLen <= MAX_STACK_BUFFER_LEN) { bufP = BUF; } else { /* always use single part op, even for large data */ - bufP = (CK_BYTE_PTR)malloc((size_t)jInLen); + bufP = (CK_BYTE_PTR) malloc((size_t)jInLen); + if (bufP == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return 0; + } } (*env)->GetByteArrayRegion(env, jIn, jInOfs, jInLen, (jbyte *)bufP); - rv = (*ckpFunctions->C_Digest)(ckSessionHandle, bufP, jInLen, DIGESTBUF, &ckDigestLength); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { - if (bufP != BUF) { - free(bufP); - } + if ((*env)->ExceptionCheck(env)) { + if (bufP != BUF) { free(bufP); } return 0; } - (*env)->SetByteArrayRegion(env, jDigest, jDigestOfs, ckDigestLength, (jbyte *)DIGESTBUF); - - if (bufP != BUF) { - free(bufP); + rv = (*ckpFunctions->C_Digest)(ckSessionHandle, bufP, jInLen, DIGESTBUF, &ckDigestLength); + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + (*env)->SetByteArrayRegion(env, jDigest, jDigestOfs, ckDigestLength, (jbyte *)DIGESTBUF); } + + if (bufP != BUF) { free(bufP); } + return ckDigestLength; } #endif @@ -183,17 +188,23 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestUpdate bufP = BUF; } else { bufLen = min(MAX_HEAP_BUFFER_LEN, jInLen); - bufP = (CK_BYTE_PTR)malloc((size_t)bufLen); + bufP = (CK_BYTE_PTR) malloc((size_t)bufLen); + if (bufP == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } } while (jInLen > 0) { jsize chunkLen = min(bufLen, jInLen); (*env)->GetByteArrayRegion(env, jIn, jInOfs, chunkLen, (jbyte *)bufP); + if ((*env)->ExceptionCheck(env)) { + if (bufP != BUF) { free(bufP); } + return; + } rv = (*ckpFunctions->C_DigestUpdate)(ckSessionHandle, bufP, chunkLen); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { - if (bufP != BUF) { - free(bufP); - } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { + if (bufP != BUF) { free(bufP); } return; } jInOfs += chunkLen; @@ -229,7 +240,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestKey ckKeyHandle = jLongToCKULong(jKeyHandle); rv = (*ckpFunctions->C_DigestKey)(ckSessionHandle, ckKeyHandle); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif @@ -257,10 +268,9 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestFinal ckSessionHandle = jLongToCKULong(jSessionHandle); rv = (*ckpFunctions->C_DigestFinal)(ckSessionHandle, BUF, &ckDigestLength); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return 0 ; } - - (*env)->SetByteArrayRegion(env, jDigest, jDigestOfs, ckDigestLength, (jbyte *)BUF); - + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + (*env)->SetByteArrayRegion(env, jDigest, jDigestOfs, ckDigestLength, (jbyte *)BUF); + } return ckDigestLength; } #endif @@ -288,12 +298,13 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SeedRandom ckSessionHandle = jLongToCKULong(jSessionHandle); jByteArrayToCKByteArray(env, jSeed, &ckpSeed, &ckSeedLength); + if ((*env)->ExceptionCheck(env)) { return; } rv = (*ckpFunctions->C_SeedRandom)(ckSessionHandle, ckpSeed, ckSeedLength); free(ckpSeed); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif @@ -322,6 +333,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateRandom jRandomBufferLength = (*env)->GetArrayLength(env, jRandomData); jRandomBuffer = (*env)->GetByteArrayElements(env, jRandomData, NULL); + if (jRandomBuffer == NULL) { return; } rv = (*ckpFunctions->C_GenerateRandom)(ckSessionHandle, (CK_BYTE_PTR) jRandomBuffer, @@ -330,6 +342,6 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateRandom /* copy back generated bytes */ (*env)->ReleaseByteArrayElements(env, jRandomData, jRandomBuffer, 0); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_dual.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_dual.c index ead1fe42989..24bae5e1626 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_dual.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_dual.c @@ -1,5 +1,5 @@ /* - * Portions Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -73,7 +73,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestEn CK_SESSION_HANDLE ckSessionHandle; CK_BYTE_PTR ckpPart = NULL_PTR, ckpEncryptedPart; CK_ULONG ckPartLength, ckEncryptedPartLength = 0; - jbyteArray jEncryptedPart; + jbyteArray jEncryptedPart = NULL; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); @@ -81,20 +81,28 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DigestEn ckSessionHandle = jLongToCKULong(jSessionHandle); jByteArrayToCKByteArray(env, jPart, &ckpPart, &ckPartLength); + if ((*env)->ExceptionCheck(env)) { return NULL; } rv = (*ckpFunctions->C_DigestEncryptUpdate)(ckSessionHandle, ckpPart, ckPartLength, NULL_PTR, &ckEncryptedPartLength); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { + free(ckpPart); + return NULL; + } ckpEncryptedPart = (CK_BYTE_PTR) malloc(ckEncryptedPartLength * sizeof(CK_BYTE)); + if (ckpEncryptedPart == NULL) { + free(ckpPart); + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } rv = (*ckpFunctions->C_DigestEncryptUpdate)(ckSessionHandle, ckpPart, ckPartLength, ckpEncryptedPart, &ckEncryptedPartLength); - - jEncryptedPart = ckByteArrayToJByteArray(env, ckpEncryptedPart, ckEncryptedPartLength); + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jEncryptedPart = ckByteArrayToJByteArray(env, ckpEncryptedPart, ckEncryptedPartLength); + } free(ckpPart); free(ckpEncryptedPart); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } - return jEncryptedPart ; } #endif @@ -117,7 +125,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptD CK_SESSION_HANDLE ckSessionHandle; CK_BYTE_PTR ckpPart, ckpEncryptedPart = NULL_PTR; CK_ULONG ckPartLength = 0, ckEncryptedPartLength; - jbyteArray jPart; + jbyteArray jPart = NULL; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); @@ -125,19 +133,27 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptD ckSessionHandle = jLongToCKULong(jSessionHandle); jByteArrayToCKByteArray(env, jEncryptedPart, &ckpEncryptedPart, &ckEncryptedPartLength); + if ((*env)->ExceptionCheck(env)) { return NULL; } rv = (*ckpFunctions->C_DecryptDigestUpdate)(ckSessionHandle, ckpEncryptedPart, ckEncryptedPartLength, NULL_PTR, &ckPartLength); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { + free(ckpEncryptedPart); + return NULL; + } ckpPart = (CK_BYTE_PTR) malloc(ckPartLength * sizeof(CK_BYTE)); + if (ckpPart == NULL) { + free(ckpEncryptedPart); + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } rv = (*ckpFunctions->C_DecryptDigestUpdate)(ckSessionHandle, ckpEncryptedPart, ckEncryptedPartLength, ckpPart, &ckPartLength); - - jPart = ckByteArrayToJByteArray(env, ckpPart, ckPartLength); - free(ckpPart); + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jPart = ckByteArrayToJByteArray(env, ckpPart, ckPartLength); + } free(ckpEncryptedPart); - - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } + free(ckpPart); return jPart ; } @@ -161,7 +177,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignEncr CK_SESSION_HANDLE ckSessionHandle; CK_BYTE_PTR ckpPart = NULL_PTR, ckpEncryptedPart; CK_ULONG ckPartLength, ckEncryptedPartLength = 0; - jbyteArray jEncryptedPart; + jbyteArray jEncryptedPart = NULL; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); @@ -169,20 +185,28 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignEncr ckSessionHandle = jLongToCKULong(jSessionHandle); jByteArrayToCKByteArray(env, jPart, &ckpPart, &ckPartLength); + if ((*env)->ExceptionCheck(env)) { return NULL; } rv = (*ckpFunctions->C_SignEncryptUpdate)(ckSessionHandle, ckpPart, ckPartLength, NULL_PTR, &ckEncryptedPartLength); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { + free(ckpPart); + return NULL; + } ckpEncryptedPart = (CK_BYTE_PTR) malloc(ckEncryptedPartLength * sizeof(CK_BYTE)); + if (ckpEncryptedPart == NULL) { + free(ckpPart); + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } rv = (*ckpFunctions->C_SignEncryptUpdate)(ckSessionHandle, ckpPart, ckPartLength, ckpEncryptedPart, &ckEncryptedPartLength); - - jEncryptedPart = ckByteArrayToJByteArray(env, ckpEncryptedPart, ckEncryptedPartLength); + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jEncryptedPart = ckByteArrayToJByteArray(env, ckpEncryptedPart, ckEncryptedPartLength); + } free(ckpPart); free(ckpEncryptedPart); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } - return jEncryptedPart ; } #endif @@ -205,7 +229,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptV CK_SESSION_HANDLE ckSessionHandle; CK_BYTE_PTR ckpPart, ckpEncryptedPart = NULL_PTR; CK_ULONG ckPartLength = 0, ckEncryptedPartLength; - jbyteArray jPart; + jbyteArray jPart = NULL; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); @@ -213,19 +237,28 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DecryptV ckSessionHandle = jLongToCKULong(jSessionHandle); jByteArrayToCKByteArray(env, jEncryptedPart, &ckpEncryptedPart, &ckEncryptedPartLength); + if ((*env)->ExceptionCheck(env)) { return NULL; } rv = (*ckpFunctions->C_DecryptVerifyUpdate)(ckSessionHandle, ckpEncryptedPart, ckEncryptedPartLength, NULL_PTR, &ckPartLength); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { + free(ckpEncryptedPart); + return NULL; + } ckpPart = (CK_BYTE_PTR) malloc(ckPartLength * sizeof(CK_BYTE)); + if (ckpPart == NULL) { + free(ckpEncryptedPart); + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } rv = (*ckpFunctions->C_DecryptVerifyUpdate)(ckSessionHandle, ckpEncryptedPart, ckEncryptedPartLength, ckpPart, &ckPartLength); - jPart = ckByteArrayToJByteArray(env, ckpPart, ckPartLength); - free(ckpPart); + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jPart = ckByteArrayToJByteArray(env, ckpPart, ckPartLength); + } free(ckpEncryptedPart); - - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } + free(ckpPart); return jPart ; } @@ -252,7 +285,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetFunctionSta /* C_GetFunctionStatus should always return CKR_FUNCTION_NOT_PARALLEL */ rv = (*ckpFunctions->C_GetFunctionStatus)(ckSessionHandle); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif @@ -277,6 +310,6 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1CancelFunction /* C_GetFunctionStatus should always return CKR_FUNCTION_NOT_PARALLEL */ rv = (*ckpFunctions->C_CancelFunction)(ckSessionHandle); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c index 05821a15d36..e6cbe2b6d91 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_general.c @@ -1,5 +1,5 @@ /* - * Portions Copyright 2003-2006 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -102,6 +102,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_initializeLibrary jclass fetchClass(JNIEnv *env, const char *name) { jclass tmpClass = (*env)->FindClass(env, name); + if (tmpClass == NULL) { return NULL; } return (*env)->NewGlobalRef(env, tmpClass); } @@ -110,14 +111,18 @@ void prefetchFields(JNIEnv *env, jclass thisClass) { /* PKCS11 */ pNativeDataID = (*env)->GetFieldID(env, thisClass, "pNativeData", "J"); + if (pNativeDataID == NULL) { return; } /* CK_MECHANISM */ tmpClass = (*env)->FindClass(env, CLASS_MECHANISM); + if (tmpClass == NULL) { return; } mech_mechanismID = (*env)->GetFieldID(env, tmpClass, "mechanism", "J"); + if (mech_mechanismID == NULL) { return; } mech_pParameterID = (*env)->GetFieldID(env, tmpClass, "pParameter", "Ljava/lang/Object;"); - + if (mech_pParameterID == NULL) { return; } jByteArrayClass = fetchClass(env, "[B"); + if (jByteArrayClass == NULL) { return; } jLongClass = fetchClass(env, "java/lang/Long"); } @@ -252,10 +257,9 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetInfo if (ckpFunctions == NULL) { return NULL; } rv = (*ckpFunctions->C_GetInfo)(&ckLibInfo); - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } - - jInfoObject = ckInfoPtrToJInfo(env, &ckLibInfo); - + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jInfoObject = ckInfoPtrToJInfo(env, &ckLibInfo); + } return jInfoObject ; } @@ -279,28 +283,31 @@ jobject ckInfoPtrToJInfo(JNIEnv *env, const CK_INFO_PTR ckpInfo) /* load CK_INFO class */ jInfoClass = (*env)->FindClass(env, CLASS_INFO); - assert(jInfoClass != 0); + if (jInfoClass == NULL) { return NULL; }; /* load CK_INFO constructor */ jCtrId = (*env)->GetMethodID (env, jInfoClass, "", "(Lsun/security/pkcs11/wrapper/CK_VERSION;[CJ[CLsun/security/pkcs11/wrapper/CK_VERSION;)V"); - - assert(jCtrId != 0); + if (jCtrId == NULL) { return NULL; } /* prep all fields */ jCryptokiVer = ckVersionPtrToJVersion(env, &(ckpInfo->cryptokiVersion)); + if (jCryptokiVer == NULL) { return NULL; } jVendor = ckUTF8CharArrayToJCharArray(env, &(ckpInfo->manufacturerID[0]), 32); + if (jVendor == NULL) { return NULL; } jFlags = ckULongToJLong(ckpInfo->flags); jLibraryDesc = ckUTF8CharArrayToJCharArray(env, &(ckpInfo->libraryDescription[0]), 32); + if (jLibraryDesc == NULL) { return NULL; } jLibraryVer = ckVersionPtrToJVersion(env, &(ckpInfo->libraryVersion)); + if (jLibraryVer == NULL) { return NULL; } /* create new CK_INFO object */ jInfoObject = (*env)->NewObject(env, jInfoClass, jCtrId, jCryptokiVer, jVendor, jFlags, jLibraryDesc, jLibraryVer); - assert(jInfoObject != 0); + if (jInfoObject == NULL) { return NULL; } /* free local references */ (*env)->DeleteLocalRef(env, jInfoClass); @@ -343,15 +350,18 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetSlotList if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } ckpSlotList = (CK_SLOT_ID_PTR) malloc(ckTokenNumber * sizeof(CK_SLOT_ID)); + if (ckpSlotList == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } rv = (*ckpFunctions->C_GetSlotList)(ckTokenPresent, ckpSlotList, &ckTokenNumber); - - jSlotList = ckULongArrayToJLongArray(env, ckpSlotList, ckTokenNumber); + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jSlotList = ckULongArrayToJLongArray(env, ckpSlotList, ckTokenNumber); + } free(ckpSlotList); - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } - return jSlotList ; } #endif @@ -380,10 +390,9 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetSlotInfo ckSlotID = jLongToCKULong(jSlotID); rv = (*ckpFunctions->C_GetSlotInfo)(ckSlotID, &ckSlotInfo); - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } - - jSlotInfoObject = ckSlotInfoPtrToJSlotInfo(env, &ckSlotInfo); - + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jSlotInfoObject = ckSlotInfoPtrToJSlotInfo(env, &ckSlotInfo); + } return jSlotInfoObject ; } @@ -410,28 +419,32 @@ ckSlotInfoPtrToJSlotInfo /* load CK_SLOT_INFO class */ jSlotInfoClass = (*env)->FindClass(env, CLASS_SLOT_INFO); - assert(jSlotInfoClass != 0); + if (jSlotInfoClass == NULL) { return NULL; }; /* load CK_SLOT_INFO constructor */ jCtrId = (*env)->GetMethodID (env, jSlotInfoClass, "", "([C[CJLsun/security/pkcs11/wrapper/CK_VERSION;Lsun/security/pkcs11/wrapper/CK_VERSION;)V"); - assert(jCtrId != 0); + if (jCtrId == NULL) { return NULL; } /* prep all fields */ jSlotDesc = ckUTF8CharArrayToJCharArray(env, &(ckpSlotInfo->slotDescription[0]), 64); + if (jSlotDesc == NULL) { return NULL; } jVendor = ckUTF8CharArrayToJCharArray(env, &(ckpSlotInfo->manufacturerID[0]), 32); + if (jVendor == NULL) { return NULL; } jFlags = ckULongToJLong(ckpSlotInfo->flags); jHardwareVer = ckVersionPtrToJVersion(env, &(ckpSlotInfo->hardwareVersion)); + if (jHardwareVer == NULL) { return NULL; } jFirmwareVer = ckVersionPtrToJVersion(env, &(ckpSlotInfo->firmwareVersion)); + if (jFirmwareVer == NULL) { return NULL; } /* create new CK_SLOT_INFO object */ jSlotInfoObject = (*env)->NewObject (env, jSlotInfoClass, jCtrId, jSlotDesc, jVendor, jFlags, jHardwareVer, jFirmwareVer); - assert(jSlotInfoObject != 0); + if (jSlotInfoObject == NULL) { return NULL; } /* free local references */ (*env)->DeleteLocalRef(env, jSlotInfoClass); @@ -460,7 +473,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetTokenInfo { CK_SLOT_ID ckSlotID; CK_TOKEN_INFO ckTokenInfo; - jobject jInfoTokenObject; + jobject jInfoTokenObject = NULL; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); @@ -469,10 +482,9 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetTokenInfo ckSlotID = jLongToCKULong(jSlotID); rv = (*ckpFunctions->C_GetTokenInfo)(ckSlotID, &ckTokenInfo); - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } - - jInfoTokenObject = ckTokenInfoPtrToJTokenInfo(env, &ckTokenInfo); - + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jInfoTokenObject = ckTokenInfoPtrToJTokenInfo(env, &ckTokenInfo); + } return jInfoTokenObject ; } @@ -512,21 +524,25 @@ ckTokenInfoPtrToJTokenInfo /* load CK_TOKEN_INFO class */ jTokenInfoClass = (*env)->FindClass(env, CLASS_TOKEN_INFO); - assert(jTokenInfoClass != 0); + if (jTokenInfoClass == NULL) { return NULL; }; /* load CK_TOKEN_INFO constructor */ jCtrId = (*env)->GetMethodID (env, jTokenInfoClass, "", "([C[C[C[CJJJJJJJJJJJLsun/security/pkcs11/wrapper/CK_VERSION;Lsun/security/pkcs11/wrapper/CK_VERSION;[C)V"); - assert(jCtrId != 0); + if (jCtrId == NULL) { return NULL; }; /* prep all fields */ jLabel = ckUTF8CharArrayToJCharArray(env, &(ckpTokenInfo->label[0]), 32); + if (jLabel == NULL) { return NULL; }; jVendor = ckUTF8CharArrayToJCharArray(env, &(ckpTokenInfo->manufacturerID[0]), 32); + if (jVendor == NULL) { return NULL; }; jModel = ckUTF8CharArrayToJCharArray(env, &(ckpTokenInfo->model[0]), 16); + if (jModel == NULL) { return NULL; }; jSerialNo = ckUTF8CharArrayToJCharArray(env, &(ckpTokenInfo->serialNumber[0]), 16); + if (jSerialNo == NULL) { return NULL; }; jFlags = ckULongToJLong(ckpTokenInfo->flags); jMaxSnCnt = ckULongSpecialToJLong(ckpTokenInfo->ulMaxSessionCount); jSnCnt = ckULongSpecialToJLong(ckpTokenInfo->ulSessionCount); @@ -540,10 +556,13 @@ ckTokenInfoPtrToJTokenInfo jFreePrivMem = ckULongSpecialToJLong(ckpTokenInfo->ulFreePrivateMemory); jHardwareVer = ckVersionPtrToJVersion(env, &(ckpTokenInfo->hardwareVersion)); + if (jHardwareVer == NULL) { return NULL; } jFirmwareVer = ckVersionPtrToJVersion(env, &(ckpTokenInfo->firmwareVersion)); + if (jFirmwareVer == NULL) { return NULL; } jUtcTime = ckUTF8CharArrayToJCharArray(env, &(ckpTokenInfo->utcTime[0]), 16); + if (jUtcTime == NULL) { return NULL; } /* create new CK_TOKEN_INFO object */ jTokenInfoObject = @@ -553,7 +572,7 @@ ckTokenInfoPtrToJTokenInfo jMaxPinLen, jMinPinLen, jTotalPubMem, jFreePubMem, jTotalPrivMem, jFreePrivMem, jHardwareVer, jFirmwareVer, jUtcTime); - assert(jTokenInfoObject != 0); + if (jTokenInfoObject == NULL) { return NULL; } /* free local references */ (*env)->DeleteLocalRef(env, jTokenInfoClass); @@ -584,7 +603,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1WaitForSlotEvent { CK_FLAGS ckFlags; CK_SLOT_ID ckSlotID; - jlong jSlotID; + jlong jSlotID = 0L; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); @@ -593,9 +612,9 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1WaitForSlotEvent ckFlags = jLongToCKULong(jFlags); rv = (*ckpFunctions->C_WaitForSlotEvent)(ckFlags, &ckSlotID, NULL_PTR); - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return 0L; } - - jSlotID = ckULongToJLong(ckSlotID); + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jSlotID = ckULongToJLong(ckSlotID); + } return jSlotID ; } @@ -632,16 +651,19 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetMechanismList ckpMechanismList = (CK_MECHANISM_TYPE_PTR) malloc(ckMechanismNumber * sizeof(CK_MECHANISM_TYPE)); + if (ckpMechanismList == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } rv = (*ckpFunctions->C_GetMechanismList)(ckSlotID, ckpMechanismList, &ckMechanismNumber); - - jMechanismList = ckULongArrayToJLongArray(env, ckpMechanismList, - ckMechanismNumber); + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jMechanismList = ckULongArrayToJLongArray(env, ckpMechanismList, + ckMechanismNumber); + } free(ckpMechanismList); - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } - return jMechanismList ; } #endif @@ -663,7 +685,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetMechanismInfo CK_SLOT_ID ckSlotID; CK_MECHANISM_TYPE ckMechanismType; CK_MECHANISM_INFO ckMechanismInfo; - jobject jMechanismInfo; + jobject jMechanismInfo = NULL; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); @@ -674,10 +696,9 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetMechanismInfo rv = (*ckpFunctions->C_GetMechanismInfo)(ckSlotID, ckMechanismType, &ckMechanismInfo); - if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } - - jMechanismInfo = ckMechanismInfoPtrToJMechanismInfo(env, &ckMechanismInfo); - + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jMechanismInfo = ckMechanismInfoPtrToJMechanismInfo(env, &ckMechanismInfo); + } return jMechanismInfo ; } @@ -703,11 +724,11 @@ ckMechanismInfoPtrToJMechanismInfo /* load CK_MECHANISM_INFO class */ jMechanismInfoClass = (*env)->FindClass(env, CLASS_MECHANISM_INFO); - assert(jMechanismInfoClass != 0); + if (jMechanismInfoClass == NULL) { return NULL; }; /* load CK_MECHANISM_INFO constructor */ jCtrId = (*env)->GetMethodID(env, jMechanismInfoClass, "", "(JJJ)V"); - assert(jCtrId != 0); + if (jCtrId == NULL) { return NULL; }; /* prep all fields */ jMinKeySize = ckULongToJLong(ckpMechanismInfo->ulMinKeySize); @@ -717,7 +738,7 @@ ckMechanismInfoPtrToJMechanismInfo /* create new CK_MECHANISM_INFO object */ jMechanismInfoObject = (*env)->NewObject(env, jMechanismInfoClass, jCtrId, jMinKeySize, jMaxKeySize, jFlags); - assert(jMechanismInfoObject != 0); + if (jMechanismInfoObject == NULL) { return NULL; }; /* free local references */ (*env)->DeleteLocalRef(env, jMechanismInfoClass); @@ -753,8 +774,13 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1InitToken ckSlotID = jLongToCKULong(jSlotID); jCharArrayToCKCharArray(env, jPin, &ckpPin, &ckPinLength); - jCharArrayToCKUTF8CharArray(env, jLabel, &ckpLabel, &ckLabelLength); + if ((*env)->ExceptionCheck(env)) { return; } /* ckLabelLength <= 32 !!! */ + jCharArrayToCKUTF8CharArray(env, jLabel, &ckpLabel, &ckLabelLength); + if ((*env)->ExceptionCheck(env)) { + free(ckpPin); + return; + } rv = (*ckpFunctions->C_InitToken)(ckSlotID, ckpPin, ckPinLength, ckpLabel); TRACE1("InitToken return code: %d", rv); @@ -790,6 +816,7 @@ Java_sun_security_pkcs11_wrapper_PKCS11_C_1InitPIN ckSessionHandle = jLongToCKULong(jSessionHandle); jCharArrayToCKCharArray(env, jPin, &ckpPin, &ckPinLength); + if ((*env)->ExceptionCheck(env)) { return; } rv = (*ckpFunctions->C_InitPIN)(ckSessionHandle, ckpPin, ckPinLength); @@ -828,7 +855,12 @@ jcharArray jNewPin) ckSessionHandle = jLongToCKULong(jSessionHandle); jCharArrayToCKCharArray(env, jOldPin, &ckpOldPin, &ckOldPinLength); + if ((*env)->ExceptionCheck(env)) { return; } jCharArrayToCKCharArray(env, jNewPin, &ckpNewPin, &ckNewPinLength); + if ((*env)->ExceptionCheck(env)) { + free(ckpOldPin); + return; + } rv = (*ckpFunctions->C_SetPIN)(ckSessionHandle, ckpOldPin, ckOldPinLength, ckpNewPin, ckNewPinLength); diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c index 65fbfd80057..aab0491a30e 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_keymgmt.c @@ -1,5 +1,5 @@ /* - * Portions Copyright 2003-2006 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -74,7 +74,7 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKey CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR; CK_ULONG ckAttributesLength; CK_OBJECT_HANDLE ckKeyHandle; - jlong jKeyHandle; + jlong jKeyHandle = 0L; CK_ULONG i; CK_RV rv; @@ -83,21 +83,23 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GenerateKey ckSessionHandle = jLongToCKULong(jSessionHandle); jMechanismToCKMechanism(env, jMechanism, &ckMechanism); - if ((*env)->ExceptionOccurred(env)) { return 0L ; } + if ((*env)->ExceptionCheck(env)) { return 0L ; } + jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); + if ((*env)->ExceptionCheck(env)) { + if (ckMechanism.pParameter != NULL_PTR) { + free(ckMechanism.pParameter); + } + return 0L; + } rv = (*ckpFunctions->C_GenerateKey)(ckSessionHandle, &ckMechanism, ckpAttributes, ckAttributesLength, &ckKeyHandle); - jKeyHandle = ckULongToJLong(ckKeyHandle); - for(i=0; iExceptionCheck(env)) { return NULL; } + ckpKeyHandles = (CK_OBJECT_HANDLE_PTR) malloc(2 * sizeof(CK_OBJECT_HANDLE)); + if (ckpKeyHandles == NULL) { + if (ckMechanism.pParameter != NULL_PTR) { + free(ckMechanism.pParameter); + } + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } ckpPublicKeyHandle = ckpKeyHandles; /* first element of array is Public Key */ ckpPrivateKeyHandle = (ckpKeyHandles + 1); /* second element of array is Private Key */ + jAttributeArrayToCKAttributeArray(env, jPublicKeyTemplate, &ckpPublicKeyAttributes, &ckPublicKeyAttributesLength); + if ((*env)->ExceptionCheck(env)) { + if (ckMechanism.pParameter != NULL_PTR) { + free(ckMechanism.pParameter); + } + free(ckpKeyHandles); + return NULL; + } + + jAttributeArrayToCKAttributeArray(env, jPrivateKeyTemplate, &ckpPrivateKeyAttributes, &ckPrivateKeyAttributesLength); + if ((*env)->ExceptionCheck(env)) { + if (ckMechanism.pParameter != NULL_PTR) { + free(ckMechanism.pParameter); + } + free(ckpKeyHandles); + freeCKAttributeArray(ckpPublicKeyAttributes, ckPublicKeyAttributesLength); + return NULL; + } + rv = (*ckpFunctions->C_GenerateKeyPair)(ckSessionHandle, &ckMechanism, ckpPublicKeyAttributes, ckPublicKeyAttributesLength, ckpPrivateKeyAttributes, ckPrivateKeyAttributesLength, ckpPublicKeyHandle, ckpPrivateKeyHandle); - jKeyHandles = ckULongArrayToJLongArray(env, ckpKeyHandles, 2); - - for(i=0; iExceptionCheck(env)) { return NULL; } + ckWrappingKeyHandle = jLongToCKULong(jWrappingKeyHandle); ckKeyHandle = jLongToCKULong(jKeyHandle); rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength); if (rv == CKR_BUFFER_TOO_SMALL) { ckpWrappedKey = (CK_BYTE_PTR) malloc(ckWrappedKeyLength); + if (ckpWrappedKey == NULL) { + if (ckMechanism.pParameter != NULL_PTR) { + free(ckMechanism.pParameter); + } + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } + rv = (*ckpFunctions->C_WrapKey)(ckSessionHandle, &ckMechanism, ckWrappingKeyHandle, ckKeyHandle, ckpWrappedKey, &ckWrappedKeyLength); } if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { jWrappedKey = ckByteArrayToJByteArray(env, ckpWrappedKey, ckWrappedKeyLength); } - if (ckpWrappedKey != BUF) { - free(ckpWrappedKey); - } - if(ckMechanism.pParameter != NULL_PTR) + if (ckpWrappedKey != BUF) { free(ckpWrappedKey); } + if (ckMechanism.pParameter != NULL_PTR) { free(ckMechanism.pParameter); - + } return jWrappedKey ; } #endif @@ -277,7 +300,7 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR; CK_ULONG ckAttributesLength; CK_OBJECT_HANDLE ckKeyHandle; - jlong jKeyHandle; + jlong jKeyHandle = 0L; CK_ULONG i; CK_RV rv; @@ -286,37 +309,48 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1UnwrapKey ckSessionHandle = jLongToCKULong(jSessionHandle); jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + if ((*env)->ExceptionCheck(env)) { return 0L; } + ckUnwrappingKeyHandle = jLongToCKULong(jUnwrappingKeyHandle); jByteArrayToCKByteArray(env, jWrappedKey, &ckpWrappedKey, &ckWrappedKeyLength); + if ((*env)->ExceptionCheck(env)) { + if (ckMechanism.pParameter != NULL_PTR) { + free(ckMechanism.pParameter); + } + return 0L; + } + jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); + if ((*env)->ExceptionCheck(env)) { + if (ckMechanism.pParameter != NULL_PTR) { + free(ckMechanism.pParameter); + } + free(ckpWrappedKey); + return 0L; + } + rv = (*ckpFunctions->C_UnwrapKey)(ckSessionHandle, &ckMechanism, ckUnwrappingKeyHandle, ckpWrappedKey, ckWrappedKeyLength, ckpAttributes, ckAttributesLength, &ckKeyHandle); - jKeyHandle = ckLongToJLong(ckKeyHandle); - - for(i=0; iFindClass(env, CLASS_MECHANISM); - jclass jTLSPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS); + jclass jMechanismClass, jTLSPrfParamsClass; CK_TLS_PRF_PARAMS *ckTLSPrfParams; jobject jTLSPrfParams; jfieldID fieldID; @@ -374,8 +407,10 @@ void copyBackTLSPrfParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMecha int i; /* get mechanism */ + jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM); + if (jMechanismClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); ckMechanismType = jLongToCKULong(jMechanismType); if (ckMechanismType != ckMechanism->mechanism) { @@ -388,12 +423,14 @@ void copyBackTLSPrfParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMecha if (ckTLSPrfParams != NULL_PTR) { /* get the Java CK_TLS_PRF_PARAMS object (pParameter) */ fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } jTLSPrfParams = (*env)->GetObjectField(env, jMechanism, fieldID); /* copy back the client IV */ + jTLSPrfParamsClass = (*env)->FindClass(env, CLASS_TLS_PRF_PARAMS); + if (jTLSPrfParamsClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jTLSPrfParamsClass, "pOutput", "[B"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } jOutput = (*env)->GetObjectField(env, jTLSPrfParams, fieldID); output = ckTLSPrfParams->pOutput; @@ -402,26 +439,21 @@ void copyBackTLSPrfParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMecha if (jOutput != NULL) { jLength = (*env)->GetArrayLength(env, jOutput); jBytes = (*env)->GetByteArrayElements(env, jOutput, NULL); + if (jBytes == NULL) { return; } + /* copy the bytes to the Java buffer */ for (i=0; i < jLength; i++) { jBytes[i] = ckByteToJByte(output[i]); } /* copy back the Java buffer to the object */ (*env)->ReleaseByteArrayElements(env, jOutput, jBytes, 0); - // free malloc'd data - free(output); } // free malloc'd data - if (ckTLSPrfParams->pSeed != NULL) { - free(ckTLSPrfParams->pSeed); - } - if (ckTLSPrfParams->pLabel != NULL) { - free(ckTLSPrfParams->pLabel); - } - if (ckTLSPrfParams->pulOutputLen != NULL) { - free(ckTLSPrfParams->pulOutputLen); - } + free(ckTLSPrfParams->pSeed); + free(ckTLSPrfParams->pLabel); + free(ckTLSPrfParams->pulOutputLen); + free(ckTLSPrfParams->pOutput); } } @@ -456,8 +488,16 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey ckSessionHandle = jLongToCKULong(jSessionHandle); jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + if ((*env)->ExceptionCheck(env)) { return 0L; } + ckBaseKeyHandle = jLongToCKULong(jBaseKeyHandle); jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); + if ((*env)->ExceptionCheck(env)) { + if (ckMechanism.pParameter != NULL_PTR) { + free(ckMechanism.pParameter); + } + return 0L; + } switch (ckMechanism.mechanism) { case CKM_SSL3_KEY_AND_MAC_DERIVE: @@ -476,14 +516,8 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey ckpAttributes, ckAttributesLength, phKey); jKeyHandle = ckLongToJLong(ckKeyHandle); - for(i=0; iFindClass(env, CLASS_MECHANISM); - jclass jSSL3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); - jclass jVersionClass = (*env)->FindClass(env, CLASS_VERSION); + jclass jMechanismClass, jSSL3MasterKeyDeriveParamsClass, jVersionClass; CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ckSSL3MasterKeyDeriveParams; CK_VERSION *ckVersion; jfieldID fieldID; @@ -541,8 +572,10 @@ void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMech jobject jVersion; /* get mechanism */ + jMechanismClass = (*env)->FindClass(env, CLASS_MECHANISM); + if (jMechanismClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); ckMechanismType = jLongToCKULong(jMechanismType); if (ckMechanismType != ckMechanism->mechanism) { @@ -558,27 +591,31 @@ void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMech if (ckVersion != NULL_PTR) { /* get the Java CK_SSL3_MASTER_KEY_DERIVE_PARAMS (pParameter) */ fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } + jSSL3MasterKeyDeriveParams = (*env)->GetObjectField(env, jMechanism, fieldID); /* get the Java CK_VERSION */ + jSSL3MasterKeyDeriveParamsClass = (*env)->FindClass(env, CLASS_SSL3_MASTER_KEY_DERIVE_PARAMS); + if (jSSL3MasterKeyDeriveParamsClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jSSL3MasterKeyDeriveParamsClass, "pVersion", "L"CLASS_VERSION";"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } jVersion = (*env)->GetObjectField(env, jSSL3MasterKeyDeriveParams, fieldID); /* now copy back the version from the native structure to the Java structure */ /* copy back the major version */ + jVersionClass = (*env)->FindClass(env, CLASS_VERSION); + if (jVersionClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jVersionClass, "major", "B"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->major)); /* copy back the minor version */ fieldID = (*env)->GetFieldID(env, jVersionClass, "minor", "B"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } (*env)->SetByteField(env, jVersion, fieldID, ckByteToJByte(ckVersion->minor)); } - } } @@ -591,9 +628,7 @@ void copyBackClientVersion(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMech */ void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMechanism) { - jclass jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM); - jclass jSSL3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS); - jclass jSSL3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT); + jclass jMechanismClass, jSSL3KeyMatParamsClass, jSSL3KeyMatOutClass; CK_SSL3_KEY_MAT_PARAMS *ckSSL3KeyMatParam; CK_SSL3_KEY_MAT_OUT *ckSSL3KeyMatOut; jfieldID fieldID; @@ -608,8 +643,10 @@ void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMe int i; /* get mechanism */ + jMechanismClass= (*env)->FindClass(env, CLASS_MECHANISM); + if (jMechanismClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jMechanismClass, "mechanism", "J"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } jMechanismType = (*env)->GetLongField(env, jMechanism, fieldID); ckMechanismType = jLongToCKULong(jMechanismType); if (ckMechanismType != ckMechanism->mechanism) { @@ -633,74 +670,78 @@ void copyBackSSLKeyMatParams(JNIEnv *env, CK_MECHANISM *ckMechanism, jobject jMe if (ckSSL3KeyMatOut != NULL_PTR) { /* get the Java CK_SSL3_KEY_MAT_PARAMS (pParameter) */ fieldID = (*env)->GetFieldID(env, jMechanismClass, "pParameter", "Ljava/lang/Object;"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } jSSL3KeyMatParam = (*env)->GetObjectField(env, jMechanism, fieldID); /* get the Java CK_SSL3_KEY_MAT_OUT */ + jSSL3KeyMatParamsClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_PARAMS); + if (jSSL3KeyMatParamsClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jSSL3KeyMatParamsClass, "pReturnedKeyMaterial", "L"CLASS_SSL3_KEY_MAT_OUT";"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } jSSL3KeyMatOut = (*env)->GetObjectField(env, jSSL3KeyMatParam, fieldID); /* now copy back all the key handles and the initialization vectors */ /* copy back client MAC secret handle */ + jSSL3KeyMatOutClass = (*env)->FindClass(env, CLASS_SSL3_KEY_MAT_OUT); + if (jSSL3KeyMatOutClass == NULL) { return; } fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientMacSecret", "J"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientMacSecret)); /* copy back server MAC secret handle */ fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerMacSecret", "J"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerMacSecret)); /* copy back client secret key handle */ fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hClientKey", "J"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hClientKey)); /* copy back server secret key handle */ fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "hServerKey", "J"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } (*env)->SetLongField(env, jSSL3KeyMatOut, fieldID, ckULongToJLong(ckSSL3KeyMatOut->hServerKey)); /* copy back the client IV */ fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVClient", "[B"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID); iv = ckSSL3KeyMatOut->pIVClient; if (jIV != NULL) { jLength = (*env)->GetArrayLength(env, jIV); jBytes = (*env)->GetByteArrayElements(env, jIV, NULL); + if (jBytes == NULL) { return; } /* copy the bytes to the Java buffer */ for (i=0; i < jLength; i++) { jBytes[i] = ckByteToJByte(iv[i]); } /* copy back the Java buffer to the object */ (*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0); - // free malloc'd data - free(iv); } + // free malloc'd data + free(ckSSL3KeyMatOut->pIVClient); /* copy back the server IV */ fieldID = (*env)->GetFieldID(env, jSSL3KeyMatOutClass, "pIVServer", "[B"); - assert(fieldID != 0); + if (fieldID == NULL) { return; } jIV = (*env)->GetObjectField(env, jSSL3KeyMatOut, fieldID); iv = ckSSL3KeyMatOut->pIVServer; if (jIV != NULL) { jLength = (*env)->GetArrayLength(env, jIV); jBytes = (*env)->GetByteArrayElements(env, jIV, NULL); + if (jBytes == NULL) { return; } /* copy the bytes to the Java buffer */ for (i=0; i < jLength; i++) { jBytes[i] = ckByteToJByte(iv[i]); } /* copy back the Java buffer to the object */ (*env)->ReleaseByteArrayElements(env, jIV, jBytes, 0); - // free malloc'd data - free(iv); } - // free malloc'd data + free(ckSSL3KeyMatOut->pIVServer); free(ckSSL3KeyMatOut); } } diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c index 31674f4ef9c..cb04af5a373 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_mutex.c @@ -1,5 +1,5 @@ /* - * Portions Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -76,7 +76,7 @@ CK_C_INITIALIZE_ARGS_PTR ckpGlobalInitArgs; CK_C_INITIALIZE_ARGS_PTR makeCKInitArgsAdapter(JNIEnv *env, jobject jInitArgs) { CK_C_INITIALIZE_ARGS_PTR ckpInitArgs; - jclass jInitArgsClass = (*env)->FindClass(env, CLASS_C_INITIALIZE_ARGS); + jclass jInitArgsClass; jfieldID fieldID; jlong jFlags; jobject jReserved; @@ -91,10 +91,20 @@ CK_C_INITIALIZE_ARGS_PTR makeCKInitArgsAdapter(JNIEnv *env, jobject jInitArgs) /* convert the Java InitArgs object to a pointer to a CK_C_INITIALIZE_ARGS structure */ ckpInitArgs = (CK_C_INITIALIZE_ARGS_PTR) malloc(sizeof(CK_C_INITIALIZE_ARGS)); + if (ckpInitArgs == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL_PTR; + } /* Set the mutex functions that will call the Java mutex functions, but * only set it, if the field is not null. */ + jInitArgsClass = (*env)->FindClass(env, CLASS_C_INITIALIZE_ARGS); + if (jInitArgsClass == NULL) { + free(ckpInitArgs); + return NULL; + } + #ifdef NO_CALLBACKS ckpInitArgs->CreateMutex = NULL_PTR; ckpInitArgs->DestroyMutex = NULL_PTR; @@ -102,22 +112,22 @@ CK_C_INITIALIZE_ARGS_PTR makeCKInitArgsAdapter(JNIEnv *env, jobject jInitArgs) ckpInitArgs->UnlockMutex = NULL_PTR; #else fieldID = (*env)->GetFieldID(env, jInitArgsClass, "CreateMutex", "Lsun/security/pkcs11/wrapper/CK_CREATEMUTEX;"); - assert(fieldID != 0); + if (fieldID == NULL) { return NULL; } jMutexHandler = (*env)->GetObjectField(env, jInitArgs, fieldID); ckpInitArgs->CreateMutex = (jMutexHandler != NULL) ? &callJCreateMutex : NULL_PTR; fieldID = (*env)->GetFieldID(env, jInitArgsClass, "DestroyMutex", "Lsun/security/pkcs11/wrapper/CK_DESTROYMUTEX;"); - assert(fieldID != 0); + if (fieldID == NULL) { return NULL; } jMutexHandler = (*env)->GetObjectField(env, jInitArgs, fieldID); ckpInitArgs->DestroyMutex = (jMutexHandler != NULL) ? &callJDestroyMutex : NULL_PTR; fieldID = (*env)->GetFieldID(env, jInitArgsClass, "LockMutex", "Lsun/security/pkcs11/wrapper/CK_LOCKMUTEX;"); - assert(fieldID != 0); + if (fieldID == NULL) { return NULL; } jMutexHandler = (*env)->GetObjectField(env, jInitArgs, fieldID); ckpInitArgs->LockMutex = (jMutexHandler != NULL) ? &callJLockMutex : NULL_PTR; fieldID = (*env)->GetFieldID(env, jInitArgsClass, "UnlockMutex", "Lsun/security/pkcs11/wrapper/CK_UNLOCKMUTEX;"); - assert(fieldID != 0); + if (fieldID == NULL) { return NULL; } jMutexHandler = (*env)->GetObjectField(env, jInitArgs, fieldID); ckpInitArgs->UnlockMutex = (jMutexHandler != NULL) ? &callJUnlockMutex : NULL_PTR; @@ -129,19 +139,25 @@ CK_C_INITIALIZE_ARGS_PTR makeCKInitArgsAdapter(JNIEnv *env, jobject jInitArgs) /* set the global object jInitArgs so that the right Java mutex functions will be called */ jInitArgsObject = (*env)->NewGlobalRef(env, jInitArgs); ckpGlobalInitArgs = (CK_C_INITIALIZE_ARGS_PTR) malloc(sizeof(CK_C_INITIALIZE_ARGS)); + if (ckpGlobalInitArgs == NULL) { + free(ckpInitArgs); + JNU_ThrowOutOfMemoryError(env, 0); + return NULL_PTR; + } + memcpy(ckpGlobalInitArgs, ckpInitArgs, sizeof(CK_C_INITIALIZE_ARGS)); } #endif /* NO_CALLBACKS */ /* convert and set the flags field */ fieldID = (*env)->GetFieldID(env, jInitArgsClass, "flags", "J"); - assert(fieldID != 0); + if (fieldID == NULL) { return NULL; } jFlags = (*env)->GetLongField(env, jInitArgs, fieldID); ckpInitArgs->flags = jLongToCKULong(jFlags); /* pReserved should be NULL_PTR in this version */ fieldID = (*env)->GetFieldID(env, jInitArgsClass, "pReserved", "Ljava/lang/Object;"); - assert(fieldID != 0); + if (fieldID == NULL) { return NULL; } jReserved = (*env)->GetObjectField(env, jInitArgs, fieldID); /* we try to convert the reserved parameter also */ @@ -201,20 +217,21 @@ CK_RV callJCreateMutex(CK_VOID_PTR_PTR ppMutex) wasAttached = 1; } - jCreateMutexClass = (*env)->FindClass(env, CLASS_CREATEMUTEX); + if (jCreateMutexClass == NULL) { return rv; } jInitArgsClass = (*env)->FindClass(env, CLASS_C_INITIALIZE_ARGS); + if (jInitArgsClass == NULL) { return rv; } /* get the CreateMutex object out of the jInitArgs object */ fieldID = (*env)->GetFieldID(env, jInitArgsClass, "CreateMutex", "Lsun/security/pkcs11/wrapper/CK_CREATEMUTEX;"); - assert(fieldID != 0); + if (fieldID == NULL) { return rv; } jCreateMutex = (*env)->GetObjectField(env, jInitArgsObject, fieldID); assert(jCreateMutex != 0); /* call the CK_CREATEMUTEX function of the CreateMutex object */ /* and get the new Java mutex object */ methodID = (*env)->GetMethodID(env, jCreateMutexClass, "CK_CREATEMUTEX", "()Ljava/lang/Object;"); - assert(methodID != 0); + if (methodID == NULL) { return rv; } jMutex = (*env)->CallObjectMethod(env, jCreateMutex, methodID); /* set a global reference on the Java mutex */ @@ -227,10 +244,13 @@ CK_RV callJCreateMutex(CK_VOID_PTR_PTR ppMutex) pkcs11Exception = (*env)->ExceptionOccurred(env); if (pkcs11Exception != NULL) { + /* TBD: clear the pending exception with ExceptionClear? */ /* The was an exception thrown, now we get the error-code from it */ pkcs11ExceptionClass = (*env)->FindClass(env, CLASS_PKCS11EXCEPTION); + if (pkcs11ExceptionClass == NULL) { return rv; } methodID = (*env)->GetMethodID(env, pkcs11ExceptionClass, "getErrorCode", "()J"); - assert(methodID != 0); + if (methodID == NULL) { return rv; } + errorCode = (*env)->CallLongMethod(env, pkcs11Exception, methodID); rv = jLongToCKULong(errorCode); } @@ -292,22 +312,23 @@ CK_RV callJDestroyMutex(CK_VOID_PTR pMutex) wasAttached = 1; } - jDestroyMutexClass = (*env)->FindClass(env, CLASS_DESTROYMUTEX); + if (jDestroyMutexClass == NULL) { return rv; } jInitArgsClass = (*env)->FindClass(env, CLASS_C_INITIALIZE_ARGS); + if (jInitArgsClass == NULL) { return rv; } /* convert the CK mutex to a Java mutex */ jMutex = ckVoidPtrToJObject(pMutex); /* get the DestroyMutex object out of the jInitArgs object */ fieldID = (*env)->GetFieldID(env, jInitArgsClass, "DestroyMutex", "Lsun/security/pkcs11/wrapper/CK_DESTROYMUTEX;"); - assert(fieldID != 0); + if (fieldID == NULL) { return rv; } jDestroyMutex = (*env)->GetObjectField(env, jInitArgsObject, fieldID); assert(jDestroyMutex != 0); /* call the CK_DESTROYMUTEX method of the DestroyMutex object */ methodID = (*env)->GetMethodID(env, jDestroyMutexClass, "CK_DESTROYMUTEX", "(Ljava/lang/Object;)V"); - assert(methodID != 0); + if (methodID == NULL) { return rv; } (*env)->CallVoidMethod(env, jDestroyMutex, methodID, jMutex); /* delete the global reference on the Java mutex */ @@ -318,10 +339,12 @@ CK_RV callJDestroyMutex(CK_VOID_PTR pMutex) pkcs11Exception = (*env)->ExceptionOccurred(env); if (pkcs11Exception != NULL) { + /* TBD: clear the pending exception with ExceptionClear? */ /* The was an exception thrown, now we get the error-code from it */ pkcs11ExceptionClass = (*env)->FindClass(env, CLASS_PKCS11EXCEPTION); + if (pkcs11ExceptionClass == NULL) { return rv; } methodID = (*env)->GetMethodID(env, pkcs11ExceptionClass, "getErrorCode", "()J"); - assert(methodID != 0); + if (methodID == NULL) { return rv; } errorCode = (*env)->CallLongMethod(env, pkcs11Exception, methodID); rv = jLongToCKULong(errorCode); } @@ -383,33 +406,35 @@ CK_RV callJLockMutex(CK_VOID_PTR pMutex) wasAttached = 1; } - jLockMutexClass = (*env)->FindClass(env, CLASS_LOCKMUTEX); + if (jLockMutexClass == NULL) { return rv; } jInitArgsClass = (*env)->FindClass(env, CLASS_C_INITIALIZE_ARGS); + if (jInitArgsClass == NULL) { return rv; } /* convert the CK mutex to a Java mutex */ jMutex = ckVoidPtrToJObject(pMutex); /* get the LockMutex object out of the jInitArgs object */ fieldID = (*env)->GetFieldID(env, jInitArgsClass, "LockMutex", "Lsun/security/pkcs11/wrapper/CK_LOCKMUTEX;"); - assert(fieldID != 0); + if (fieldID == NULL) { return rv; } jLockMutex = (*env)->GetObjectField(env, jInitArgsObject, fieldID); assert(jLockMutex != 0); /* call the CK_LOCKMUTEX method of the LockMutex object */ methodID = (*env)->GetMethodID(env, jLockMutexClass, "CK_LOCKMUTEX", "(Ljava/lang/Object;)V"); - assert(methodID != 0); + if (methodID == NULL) { return rv; } (*env)->CallVoidMethod(env, jLockMutex, methodID, jMutex); - /* check, if callback threw an exception */ pkcs11Exception = (*env)->ExceptionOccurred(env); if (pkcs11Exception != NULL) { + /* TBD: clear the pending exception with ExceptionClear? */ /* The was an exception thrown, now we get the error-code from it */ pkcs11ExceptionClass = (*env)->FindClass(env, CLASS_PKCS11EXCEPTION); + if (pkcs11ExceptionClass == NULL) { return rv; } methodID = (*env)->GetMethodID(env, pkcs11ExceptionClass, "getErrorCode", "()J"); - assert(methodID != 0); + if (methodID == NULL) { return rv; } errorCode = (*env)->CallLongMethod(env, pkcs11Exception, methodID); rv = jLongToCKULong(errorCode); } @@ -471,33 +496,35 @@ CK_RV callJUnlockMutex(CK_VOID_PTR pMutex) wasAttached = 1; } - jUnlockMutexClass = (*env)->FindClass(env, CLASS_UNLOCKMUTEX); + if (jUnlockMutexClass == NULL) { return rv; } jInitArgsClass = (*env)->FindClass(env, CLASS_C_INITIALIZE_ARGS); + if (jInitArgsClass == NULL) { return rv; } /* convert the CK-type mutex to a Java mutex */ jMutex = ckVoidPtrToJObject(pMutex); /* get the UnlockMutex object out of the jInitArgs object */ fieldID = (*env)->GetFieldID(env, jInitArgsClass, "UnlockMutex", "Lsun/security/pkcs11/wrapper/CK_UNLOCKMUTEX;"); - assert(fieldID != 0); + if (fieldID == NULL) { return rv; } jUnlockMutex = (*env)->GetObjectField(env, jInitArgsObject, fieldID); assert(jUnlockMutex != 0); /* call the CK_UNLOCKMUTEX method of the UnLockMutex object */ methodID = (*env)->GetMethodID(env, jUnlockMutexClass, "CK_UNLOCKMUTEX", "(Ljava/lang/Object;)V"); - assert(methodID != 0); + if (methodID == NULL) { return rv; } (*env)->CallVoidMethod(env, jUnlockMutex, methodID, jMutex); - /* check, if callback threw an exception */ pkcs11Exception = (*env)->ExceptionOccurred(env); if (pkcs11Exception != NULL) { + /* TBD: clear the pending exception with ExceptionClear? */ /* The was an exception thrown, now we get the error-code from it */ pkcs11ExceptionClass = (*env)->FindClass(env, CLASS_PKCS11EXCEPTION); + if (pkcs11ExceptionClass == NULL) { return rv; } methodID = (*env)->GetMethodID(env, pkcs11ExceptionClass, "getErrorCode", "()J"); - assert(methodID != 0); + if (methodID == NULL) { return rv; } errorCode = (*env)->CallLongMethod(env, pkcs11Exception, methodID); rv = jLongToCKULong(errorCode); } diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_objmgmt.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_objmgmt.c index 0fb10f151a0..a72f20d2719 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_objmgmt.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_objmgmt.c @@ -1,5 +1,5 @@ /* - * Portions Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -81,16 +81,14 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1CreateObject ckSessionHandle = jLongToCKULong(jSessionHandle); jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); + if ((*env)->ExceptionCheck(env)) { return 0L; } rv = (*ckpFunctions->C_CreateObject)(ckSessionHandle, ckpAttributes, ckAttributesLength, &ckObjectHandle); jObjectHandle = ckULongToJLong(ckObjectHandle); - for(i=0; iExceptionCheck(env)) { return 0L; } rv = (*ckpFunctions->C_CopyObject)(ckSessionHandle, ckObjectHandle, ckpAttributes, ckAttributesLength, &ckNewObjectHandle); jNewObjectHandle = ckULongToJLong(ckNewObjectHandle); - for(i=0; iC_DestroyObject)(ckSessionHandle, ckObjectHandle); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif @@ -194,7 +190,7 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetObjectSize ckObjectHandle = jLongToCKULong(jObjectHandle); rv = (*ckpFunctions->C_GetObjectSize)(ckSessionHandle, ckObjectHandle, &ckObjectSize); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return 0L ; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return 0L ; } jObjectSize = ckULongToJLong(ckObjectSize); @@ -221,7 +217,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetAttributeVa CK_ATTRIBUTE_PTR ckpAttributes = NULL_PTR; CK_ULONG ckAttributesLength; CK_ULONG ckBufferLength; - CK_ULONG i; + CK_ULONG i, j; jobject jAttribute; CK_RV rv; @@ -238,19 +234,20 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetAttributeVa ckObjectHandle = jLongToCKULong(jObjectHandle); TRACE1("jAttributeArrayToCKAttributeArray now with jTemplate = %d", jTemplate); jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); + if ((*env)->ExceptionCheck(env)) { return; } + TRACE2("DEBUG: jAttributeArrayToCKAttributeArray finished with ckpAttribute = %d, Length = %d\n", ckpAttributes, ckAttributesLength); /* first set all pValue to NULL, to get the needed buffer length */ for(i = 0; i < ckAttributesLength; i++) { - if(ckpAttributes[i].pValue != NULL_PTR) { + if (ckpAttributes[i].pValue != NULL_PTR) { free(ckpAttributes[i].pValue); + ckpAttributes[i].pValue = NULL_PTR; } } - for (i = 0; i < ckAttributesLength; i++) { - ckpAttributes[i].pValue = NULL_PTR; - } + rv = (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle, ckpAttributes, ckAttributesLength); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { free(ckpAttributes); return ; } @@ -261,27 +258,34 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetAttributeVa for (i = 0; i < ckAttributesLength; i++) { ckBufferLength = sizeof(CK_BYTE) * ckpAttributes[i].ulValueLen; ckpAttributes[i].pValue = (void *) malloc(ckBufferLength); + if (ckpAttributes[i].pValue == NULL) { + freeCKAttributeArray(ckpAttributes, i); + JNU_ThrowOutOfMemoryError(env, 0); + return; + } ckpAttributes[i].ulValueLen = ckBufferLength; } /* now get the attributes with all values */ rv = (*ckpFunctions->C_GetAttributeValue)(ckSessionHandle, ckObjectHandle, ckpAttributes, ckAttributesLength); - /* copy back the values to the Java attributes */ - for (i = 0; i < ckAttributesLength; i++) { - jAttribute = ckAttributePtrToJAttribute(env, &(ckpAttributes[i])); - (*env)->SetObjectArrayElement(env, jTemplate, i, jAttribute); - } - - for(i=0; iSetObjectArrayElement(env, jTemplate, i, jAttribute); + if ((*env)->ExceptionCheck(env)) { + freeCKAttributeArray(ckpAttributes, ckAttributesLength); + return; + } } } - free(ckpAttributes); + freeCKAttributeArray(ckpAttributes, ckAttributesLength); TRACE0("FINISHED\n"); - - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return ; } } #endif @@ -312,15 +316,11 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SetAttributeVa ckSessionHandle = jLongToCKULong(jSessionHandle); ckObjectHandle = jLongToCKULong(jObjectHandle); jAttributeArrayToCKAttributeArray(env, jTemplate, &ckpAttributes, &ckAttributesLength); + if ((*env)->ExceptionCheck(env)) { return; } rv = (*ckpFunctions->C_SetAttributeValue)(ckSessionHandle, ckObjectHandle, ckpAttributes, ckAttributesLength); - for(i=0; iExceptionCheck(env)) { return; } rv = (*ckpFunctions->C_FindObjectsInit)(ckSessionHandle, ckpAttributes, ckAttributesLength); - for(i=0; iC_FindObjects)(ckSessionHandle, ckpObjectHandleArray, ckMaxObjectLength, &ckActualObjectCount); + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jObjectHandleArray = ckULongArrayToJLongArray(env, ckpObjectHandleArray, ckActualObjectCount); + } - jObjectHandleArray = ckULongArrayToJLongArray(env, ckpObjectHandleArray, ckActualObjectCount); free(ckpObjectHandleArray); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } - return jObjectHandleArray ; } #endif diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c index cc2364cd7d9..950b9064170 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c @@ -1,5 +1,5 @@ /* - * Portions Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -97,6 +97,10 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1OpenSession #ifndef NO_CALLBACKS if (jNotify != NULL) { notifyEncapsulation = (NotifyEncapsulation *) malloc(sizeof(NotifyEncapsulation)); + if (notifyEncapsulation == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return 0L; + } notifyEncapsulation->jApplicationData = (jApplication != NULL) ? (*env)->NewGlobalRef(env, jApplication) : NULL; @@ -118,7 +122,18 @@ JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1OpenSession TRACE0(" ... "); rv = (*ckpFunctions->C_OpenSession)(ckSlotID, ckFlags, ckpApplication, ckNotify, &ckSessionHandle); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return 0L ; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { +#ifndef NO_CALLBACKS + if (notifyEncapsulation != NULL) { + if (notifyEncapsulation->jApplicationData != NULL) { + (*env)->DeleteGlobalRef(env, jApplication); + } + (*env)->DeleteGlobalRef(env, jNotify); + free(notifyEncapsulation); + } +#endif /* NO_CALLBACKS */ + return 0L; + } TRACE0("got session"); TRACE1(", SessionHandle=%u", ckSessionHandle); @@ -163,7 +178,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1CloseSession ckSessionHandle = jLongToCKULong(jSessionHandle); rv = (*ckpFunctions->C_CloseSession)(ckSessionHandle); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } #ifndef NO_CALLBACKS notifyEncapsulation = removeNotifyEntry(env, ckSessionHandle); @@ -208,7 +223,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1CloseAllSessio ckSlotID = jLongToCKULong(jSlotID); rv = (*ckpFunctions->C_CloseAllSessions)(ckSlotID); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } #ifndef NO_CALLBACKS /* Remove all notify callback helper objects. */ @@ -250,10 +265,9 @@ JNIEXPORT jobject JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetSessionI ckSessionHandle = jLongToCKULong(jSessionHandle); rv = (*ckpFunctions->C_GetSessionInfo)(ckSessionHandle, &ckSessionInfo); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } - - jSessionInfo = ckSessionInfoPtrToJSessionInfo(env, &ckSessionInfo); - + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jSessionInfo = ckSessionInfoPtrToJSessionInfo(env, &ckSessionInfo); + } return jSessionInfo ; } #endif @@ -274,7 +288,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetOpera CK_SESSION_HANDLE ckSessionHandle; CK_BYTE_PTR ckpState; CK_ULONG ckStateLength; - jbyteArray jState; + jbyteArray jState = NULL; CK_RV rv; CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj); @@ -283,17 +297,20 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1GetOpera ckSessionHandle = jLongToCKULong(jSessionHandle); rv = (*ckpFunctions->C_GetOperationState)(ckSessionHandle, NULL_PTR, &ckStateLength); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } ckpState = (CK_BYTE_PTR) malloc(ckStateLength); + if (ckpState == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } rv = (*ckpFunctions->C_GetOperationState)(ckSessionHandle, ckpState, &ckStateLength); - - jState = ckByteArrayToJByteArray(env, ckpState, ckStateLength); + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jState = ckByteArrayToJByteArray(env, ckpState, ckStateLength); + } free(ckpState); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } - return jState ; } #endif @@ -325,6 +342,8 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SetOperationSt ckSessionHandle = jLongToCKULong(jSessionHandle); jByteArrayToCKByteArray(env, jOperationState, &ckpState, &ckStateLength); + if ((*env)->ExceptionCheck(env)) { return; } + ckEncryptionKeyHandle = jLongToCKULong(jEncryptionKeyHandle); ckAuthenticationKeyHandle = jLongToCKULong(jAuthenticationKeyHandle); @@ -332,7 +351,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SetOperationSt free(ckpState); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif @@ -362,12 +381,13 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Login ckSessionHandle = jLongToCKULong(jSessionHandle); ckUserType = jLongToCKULong(jUserType); jCharArrayToCKCharArray(env, jPin, &ckpPinArray, &ckPinLength); + if ((*env)->ExceptionCheck(env)) { return; } rv = (*ckpFunctions->C_Login)(ckSessionHandle, ckUserType, ckpPinArray, ckPinLength); free(ckpPinArray); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif @@ -391,7 +411,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Logout ckSessionHandle = jLongToCKULong(jSessionHandle); rv = (*ckpFunctions->C_Logout)(ckSessionHandle); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif @@ -410,10 +430,14 @@ void putNotifyEntry(JNIEnv *env, CK_SESSION_HANDLE hSession, NotifyEncapsulation NotifyListNode *currentNode, *newNode; if (notifyEncapsulation == NULL) { - return ; + return; } newNode = (NotifyListNode *) malloc(sizeof(NotifyListNode)); + if (newNode == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } newNode->hSession = hSession; newNode->notifyEncapsulation = notifyEncapsulation; newNode->next = NULL; @@ -578,9 +602,10 @@ CK_RV notifyCallback( jEvent = ckULongToJLong(event); ckNotifyClass = (*env)->FindClass(env, CLASS_NOTIFY); - assert(ckNotifyClass != 0); + if (ckNotifyClass == NULL) { return rv; } jmethod = (*env)->GetMethodID(env, ckNotifyClass, "CK_NOTIFY", "(JJLjava/lang/Object;)V"); - assert(jmethod != 0); + if (jmethod == NULL) { return rv; } + (*env)->CallVoidMethod(env, notifyEncapsulation->jNotifyObject, jmethod, jSessionHandle, jEvent, notifyEncapsulation->jApplicationData); @@ -588,10 +613,14 @@ CK_RV notifyCallback( pkcs11Exception = (*env)->ExceptionOccurred(env); if (pkcs11Exception != NULL) { + /* TBD: clear the pending exception with ExceptionClear? */ /* The was an exception thrown, now we get the error-code from it */ pkcs11ExceptionClass = (*env)->FindClass(env, CLASS_PKCS11EXCEPTION); + if (pkcs11ExceptionClass == NULL) { return rv; } + jmethod = (*env)->GetMethodID(env, pkcs11ExceptionClass, "getErrorCode", "()J"); - assert(jmethod != 0); + if (jmethod == NULL) { return rv; } + errorCode = (*env)->CallLongMethod(env, pkcs11Exception, jmethod); rv = jLongToCKULong(errorCode); } diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c index 0ac75784c83..e55755d1cf0 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c @@ -1,5 +1,5 @@ /* - * Portions Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -77,15 +77,16 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignInit ckSessionHandle = jLongToCKULong(jSessionHandle); jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + if ((*env)->ExceptionCheck(env)) { return; } ckKeyHandle = jLongToCKULong(jKeyHandle); rv = (*ckpFunctions->C_SignInit)(ckSessionHandle, &ckMechanism, ckKeyHandle); - if(ckMechanism.pParameter != NULL_PTR) { + if (ckMechanism.pParameter != NULL_PTR) { free(ckMechanism.pParameter); } - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif @@ -117,14 +118,23 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Sign ckSessionHandle = jLongToCKULong(jSessionHandle); jByteArrayToCKByteArray(env, jData, &ckpData, &ckDataLength); + if ((*env)->ExceptionCheck(env)) { return NULL; } /* START standard code */ /* first determine the length of the signature */ rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, NULL_PTR, &ckSignatureLength); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { + free(ckpData); + return NULL; + } ckpSignature = (CK_BYTE_PTR) malloc(ckSignatureLength * sizeof(CK_BYTE)); + if (ckpSignature == NULL) { + free(ckpData); + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } /* now get the signature */ rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength); @@ -134,22 +144,31 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Sign /* START workaround code for operation abort bug in pkcs#11 of Datakey and iButton */ /* ckpSignature = (CK_BYTE_PTR) malloc(256 * sizeof(CK_BYTE)); + if (ckpSignature == NULL) { + free(ckpData); + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength); if (rv == CKR_BUFFER_TOO_SMALL) { free(ckpSignature); ckpSignature = (CK_BYTE_PTR) malloc(ckSignatureLength * sizeof(CK_BYTE)); + if (ckpSignature == NULL) { + free(ckpData); + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength); } */ /* END workaround code */ - - jSignature = ckByteArrayToJByteArray(env, ckpSignature, ckSignatureLength); + if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { + jSignature = ckByteArrayToJByteArray(env, ckpSignature, ckSignatureLength); + } free(ckpData); free(ckpSignature); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return NULL ; } - return jSignature ; } #endif @@ -189,14 +208,22 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignUpdate bufP = BUF; } else { bufLen = min(MAX_HEAP_BUFFER_LEN, jInLen); - bufP = (CK_BYTE_PTR)malloc((size_t)bufLen); + bufP = (CK_BYTE_PTR) malloc((size_t)bufLen); + if (bufP == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } } while (jInLen > 0) { jsize chunkLen = min(bufLen, jInLen); (*env)->GetByteArrayRegion(env, jIn, jInOfs, chunkLen, (jbyte *)bufP); + if ((*env)->ExceptionCheck(env)) { + if (bufP != BUF) { free(bufP); } + return; + } rv = (*ckpFunctions->C_SignUpdate)(ckSessionHandle, bufP, chunkLen); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { if (bufP != BUF) { free(bufP); } @@ -206,9 +233,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignUpdate jInLen -= chunkLen; } - if (bufP != BUF) { - free(bufP); - } + if (bufP != BUF) { free(bufP); } } #endif @@ -244,15 +269,18 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignFina rv = (*ckpFunctions->C_SignFinal)(ckSessionHandle, bufP, &ckSignatureLength); if (rv == CKR_BUFFER_TOO_SMALL) { bufP = (CK_BYTE_PTR) malloc(ckSignatureLength); + if (bufP == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } rv = (*ckpFunctions->C_SignFinal)(ckSessionHandle, bufP, &ckSignatureLength); } if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { jSignature = ckByteArrayToJByteArray(env, bufP, ckSignatureLength); } - if (bufP != BUF) { - free(bufP); - } + if (bufP != BUF) { free(bufP); } + return jSignature; } #endif @@ -280,11 +308,13 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignRecoverIni ckSessionHandle = jLongToCKULong(jSessionHandle); jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + if ((*env)->ExceptionCheck(env)) { return; } + ckKeyHandle = jLongToCKULong(jKeyHandle); rv = (*ckpFunctions->C_SignRecoverInit)(ckSessionHandle, &ckMechanism, ckKeyHandle); - if(ckMechanism.pParameter != NULL_PTR) { + if (ckMechanism.pParameter != NULL_PTR) { free(ckMechanism.pParameter); } @@ -323,26 +353,38 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignRecover if (jInLen <= MAX_STACK_BUFFER_LEN) { inBufP = INBUF; } else { - inBufP = (CK_BYTE_PTR)malloc((size_t)jInLen); + inBufP = (CK_BYTE_PTR) malloc((size_t)jInLen); + if (inBufP == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return 0; + } } (*env)->GetByteArrayRegion(env, jIn, jInOfs, jInLen, (jbyte *)inBufP); + if ((*env)->ExceptionCheck(env)) { + if (inBufP != INBUF) { free(inBufP); } + return 0; + } rv = (*ckpFunctions->C_SignRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckSignatureLength); /* re-alloc larger buffer if it fits into our Java buffer */ if ((rv == CKR_BUFFER_TOO_SMALL) && (ckSignatureLength <= jIntToCKULong(jOutLen))) { outBufP = (CK_BYTE_PTR) malloc(ckSignatureLength); + if (outBufP == NULL) { + if (inBufP != INBUF) { + free(inBufP); + } + JNU_ThrowOutOfMemoryError(env, 0); + return 0; + } rv = (*ckpFunctions->C_SignRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckSignatureLength); } if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { (*env)->SetByteArrayRegion(env, jOut, jOutOfs, ckSignatureLength, (jbyte *)outBufP); } - if (inBufP != INBUF) { - free(inBufP); - } - if (outBufP != OUTBUF) { - free(outBufP); - } + if (inBufP != INBUF) { free(inBufP); } + if (outBufP != OUTBUF) { free(outBufP); } + return ckSignatureLength; } #endif @@ -370,6 +412,8 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyInit ckSessionHandle = jLongToCKULong(jSessionHandle); jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + if ((*env)->ExceptionCheck(env)) { return; } + ckKeyHandle = jLongToCKULong(jKeyHandle); rv = (*ckpFunctions->C_VerifyInit)(ckSessionHandle, &ckMechanism, ckKeyHandle); @@ -378,7 +422,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyInit free(ckMechanism.pParameter); } - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif @@ -409,7 +453,13 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Verify ckSessionHandle = jLongToCKULong(jSessionHandle); jByteArrayToCKByteArray(env, jData, &ckpData, &ckDataLength); + if ((*env)->ExceptionCheck(env)) { return; } + jByteArrayToCKByteArray(env, jSignature, &ckpSignature, &ckSignatureLength); + if ((*env)->ExceptionCheck(env)) { + free(ckpData); + return; + } /* verify the signature */ rv = (*ckpFunctions->C_Verify)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, ckSignatureLength); @@ -417,7 +467,7 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Verify free(ckpData); free(ckpSignature); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif @@ -456,26 +506,31 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyUpdate bufP = BUF; } else { bufLen = min(MAX_HEAP_BUFFER_LEN, jInLen); - bufP = (CK_BYTE_PTR)malloc((size_t)bufLen); + bufP = (CK_BYTE_PTR) malloc((size_t)bufLen); + if (bufP == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } } while (jInLen > 0) { jsize chunkLen = min(bufLen, jInLen); (*env)->GetByteArrayRegion(env, jIn, jInOfs, chunkLen, (jbyte *)bufP); + if ((*env)->ExceptionCheck(env)) { + if (bufP != BUF) { free(bufP); } + return; + } + rv = (*ckpFunctions->C_VerifyUpdate)(ckSessionHandle, bufP, chunkLen); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { - if (bufP != BUF) { - free(bufP); - } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { + if (bufP != BUF) { free(bufP); } return; } jInOfs += chunkLen; jInLen -= chunkLen; } - if (bufP != BUF) { - free(bufP); - } + if (bufP != BUF) { free(bufP); } } #endif @@ -502,13 +557,14 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyFinal ckSessionHandle = jLongToCKULong(jSessionHandle); jByteArrayToCKByteArray(env, jSignature, &ckpSignature, &ckSignatureLength); + if ((*env)->ExceptionCheck(env)) { return; } /* verify the signature */ rv = (*ckpFunctions->C_VerifyFinal)(ckSessionHandle, ckpSignature, ckSignatureLength); free(ckpSignature); - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif @@ -535,15 +591,17 @@ JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyRecoverI ckSessionHandle = jLongToCKULong(jSessionHandle); jMechanismToCKMechanism(env, jMechanism, &ckMechanism); + if ((*env)->ExceptionCheck(env)) { return; } + ckKeyHandle = jLongToCKULong(jKeyHandle); rv = (*ckpFunctions->C_VerifyRecoverInit)(ckSessionHandle, &ckMechanism, ckKeyHandle); - if(ckMechanism.pParameter != NULL_PTR) { + if (ckMechanism.pParameter != NULL_PTR) { free(ckMechanism.pParameter); } - if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } + if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; } } #endif @@ -578,26 +636,38 @@ JNIEXPORT jint JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyRecover if (jInLen <= MAX_STACK_BUFFER_LEN) { inBufP = INBUF; } else { - inBufP = (CK_BYTE_PTR)malloc((size_t)jInLen); + inBufP = (CK_BYTE_PTR) malloc((size_t)jInLen); + if (inBufP == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return 0; + } } (*env)->GetByteArrayRegion(env, jIn, jInOfs, jInLen, (jbyte *)inBufP); + if ((*env)->ExceptionCheck(env)) { + if (inBufP != INBUF) { free(inBufP); } + return 0; + } + rv = (*ckpFunctions->C_VerifyRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckDataLength); + /* re-alloc larger buffer if it fits into our Java buffer */ if ((rv == CKR_BUFFER_TOO_SMALL) && (ckDataLength <= jIntToCKULong(jOutLen))) { outBufP = (CK_BYTE_PTR) malloc(ckDataLength); + if (outBufP == NULL) { + if (inBufP != INBUF) { free(inBufP); } + JNU_ThrowOutOfMemoryError(env, 0); + return 0; + } rv = (*ckpFunctions->C_VerifyRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckDataLength); } if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) { (*env)->SetByteArrayRegion(env, jOut, jOutOfs, ckDataLength, (jbyte *)outBufP); } - if (inBufP != INBUF) { - free(inBufP); - } - if (outBufP != OUTBUF) { - free(outBufP); - } + if (inBufP != INBUF) { free(inBufP); } + if (outBufP != OUTBUF) { free(outBufP); } + return ckDataLength; } #endif diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_util.c b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_util.c index 2276cb101c5..d4c12a06baa 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_util.c +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/p11_util.c @@ -1,5 +1,5 @@ /* - * Portions Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -73,11 +73,11 @@ jobject createLockObject(JNIEnv *env) { jmethodID jConstructor; jObjectClass = (*env)->FindClass(env, "java/lang/Object"); - assert(jObjectClass != 0); + if (jObjectClass == NULL) { return NULL; } jConstructor = (*env)->GetMethodID(env, jObjectClass, "", "()V"); - assert(jConstructor != 0); + if (jConstructor == NULL) { return NULL; } jLockObject = (*env)->NewObject(env, jObjectClass, jConstructor); - assert(jLockObject != 0); + if (jLockObject == NULL) { return NULL; } jLockObject = (*env)->NewGlobalRef(env, jLockObject); return jLockObject ; @@ -200,84 +200,30 @@ jlong ckAssertReturnValueOK(JNIEnv *env, CK_RV returnValue) return 0L ; } else { jPKCS11ExceptionClass = (*env)->FindClass(env, CLASS_PKCS11EXCEPTION); - assert(jPKCS11ExceptionClass != 0); - jConstructor = (*env)->GetMethodID(env, jPKCS11ExceptionClass, "", "(J)V"); - assert(jConstructor != 0); - jErrorCode = ckULongToJLong(returnValue); - jPKCS11Exception = (jthrowable) (*env)->NewObject(env, jPKCS11ExceptionClass, jConstructor, jErrorCode); - (*env)->Throw(env, jPKCS11Exception); + if (jPKCS11ExceptionClass != NULL) { + jConstructor = (*env)->GetMethodID(env, jPKCS11ExceptionClass, "", "(J)V"); + if (jConstructor != NULL) { + jErrorCode = ckULongToJLong(returnValue); + jPKCS11Exception = (jthrowable) (*env)->NewObject(env, jPKCS11ExceptionClass, jConstructor, jErrorCode); + if (jPKCS11Exception != NULL) { + (*env)->Throw(env, jPKCS11Exception); + } + } + } + (*env)->DeleteLocalRef(env, jPKCS11ExceptionClass); return jErrorCode ; } } /* - * this function simply throws a FileNotFoundException - * - * @param env Used to call JNI funktions and to get the Exception class. - * @param jmessage The message string of the Exception object. - */ -void throwFileNotFoundException(JNIEnv *env, jstring jmessage) -{ - jclass jFileNotFoundExceptionClass; - jmethodID jConstructor; - jthrowable jFileNotFoundException; - - jFileNotFoundExceptionClass = (*env)->FindClass(env, CLASS_FILE_NOT_FOUND_EXCEPTION); - assert(jFileNotFoundExceptionClass != 0); - - jConstructor = (*env)->GetMethodID(env, jFileNotFoundExceptionClass, "", "(Ljava/lang/String;)V"); - assert(jConstructor != 0); - jFileNotFoundException = (jthrowable) (*env)->NewObject(env, jFileNotFoundExceptionClass, jConstructor, jmessage); - (*env)->Throw(env, jFileNotFoundException); -} - -/* - * this function simply throws an IOException + * This function simply throws an IOException * * @param env Used to call JNI funktions and to get the Exception class. * @param message The message string of the Exception object. */ -void throwIOException(JNIEnv *env, const char * message) +void throwIOException(JNIEnv *env, const char *message) { - jclass jIOExceptionClass; - - jIOExceptionClass = (*env)->FindClass(env, CLASS_IO_EXCEPTION); - assert(jIOExceptionClass != 0); - - (*env)->ThrowNew(env, jIOExceptionClass, message); -} - -/* - * this function simply throws an IOException and takes a unicode - * messge. - * - * @param env Used to call JNI funktions and to get the Exception class. - * @param message The unicode message string of the Exception object. - */ -void throwIOExceptionUnicodeMessage(JNIEnv *env, const short *message) -{ - jclass jIOExceptionClass; - jmethodID jConstructor; - jthrowable jIOException; - jstring jmessage; - jsize length; - short *currentCharacter; - - jIOExceptionClass = (*env)->FindClass(env, CLASS_IO_EXCEPTION); - assert(jIOExceptionClass != 0); - - length = 0; - if (message != NULL) { - currentCharacter = (short *) message; - while (*(currentCharacter++) != 0) length++; - } - - jmessage = (*env)->NewString(env, (const jchar *)message, length); - - jConstructor = (*env)->GetMethodID(env, jIOExceptionClass, "", "(Ljava/lang/String;)V"); - assert(jConstructor != 0); - jIOException = (jthrowable) (*env)->NewObject(env, jIOExceptionClass, jConstructor, jmessage); - (*env)->Throw(env, jIOException); + JNU_ThrowByName(env, CLASS_IO_EXCEPTION, message); } /* @@ -288,26 +234,9 @@ void throwIOExceptionUnicodeMessage(JNIEnv *env, const short *message) * @param env Used to call JNI funktions and to get the Exception class. * @param jmessage The message string of the Exception object. */ -void throwPKCS11RuntimeException(JNIEnv *env, jstring jmessage) +void throwPKCS11RuntimeException(JNIEnv *env, const char *message) { - jclass jPKCS11RuntimeExceptionClass; - jmethodID jConstructor; - jthrowable jPKCS11RuntimeException; - - jPKCS11RuntimeExceptionClass = (*env)->FindClass(env, CLASS_PKCS11RUNTIMEEXCEPTION); - assert(jPKCS11RuntimeExceptionClass != 0); - - if (jmessage == NULL) { - jConstructor = (*env)->GetMethodID(env, jPKCS11RuntimeExceptionClass, "", "()V"); - assert(jConstructor != 0); - jPKCS11RuntimeException = (jthrowable) (*env)->NewObject(env, jPKCS11RuntimeExceptionClass, jConstructor); - (*env)->Throw(env, jPKCS11RuntimeException); - } else { - jConstructor = (*env)->GetMethodID(env, jPKCS11RuntimeExceptionClass, "", "(Ljava/lang/String;)V"); - assert(jConstructor != 0); - jPKCS11RuntimeException = (jthrowable) (*env)->NewObject(env, jPKCS11RuntimeExceptionClass, jConstructor, jmessage); - (*env)->Throw(env, jPKCS11RuntimeException); - } + JNU_ThrowByName(env, CLASS_PKCS11RUNTIMEEXCEPTION, message); } /* @@ -318,9 +247,24 @@ void throwPKCS11RuntimeException(JNIEnv *env, jstring jmessage) */ void throwDisconnectedRuntimeException(JNIEnv *env) { - jstring jExceptionMessage = (*env)->NewStringUTF(env, "This object is not connected to a module."); + throwPKCS11RuntimeException(env, "This object is not connected to a module."); +} - throwPKCS11RuntimeException(env, jExceptionMessage); +/* This function frees the specified CK_ATTRIBUTE array. + * + * @param attrPtr pointer to the to-be-freed CK_ATTRIBUTE array. + * @param len the length of the array + */ +void freeCKAttributeArray(CK_ATTRIBUTE_PTR attrPtr, int len) +{ + int i; + + for (i=0; iGetArrayLength(env, jArray); jpTemp = (jboolean*) malloc((*ckpLength) * sizeof(jboolean)); + if (jpTemp == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } (*env)->GetBooleanArrayRegion(env, jArray, 0, *ckpLength, jpTemp); + if ((*env)->ExceptionCheck(env)) { + free(jpTemp); + return; + } + *ckpArray = (CK_BBOOL*) malloc ((*ckpLength) * sizeof(CK_BBOOL)); + if (*ckpArray == NULL) { + free(jpTemp); + JNU_ThrowOutOfMemoryError(env, 0); + return; + } for (i=0; i<(*ckpLength); i++) { (*ckpArray)[i] = jBooleanToCKBBool(jpTemp[i]); } @@ -403,13 +361,26 @@ void jByteArrayToCKByteArray(JNIEnv *env, const jbyteArray jArray, CK_BYTE_PTR * } *ckpLength = (*env)->GetArrayLength(env, jArray); jpTemp = (jbyte*) malloc((*ckpLength) * sizeof(jbyte)); + if (jpTemp == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } (*env)->GetByteArrayRegion(env, jArray, 0, *ckpLength, jpTemp); + if ((*env)->ExceptionCheck(env)) { + free(jpTemp); + return; + } /* if CK_BYTE is the same size as jbyte, we save an additional copy */ if (sizeof(CK_BYTE) == sizeof(jbyte)) { *ckpArray = (CK_BYTE_PTR) jpTemp; } else { *ckpArray = (CK_BYTE_PTR) malloc ((*ckpLength) * sizeof(CK_BYTE)); + if (*ckpArray == NULL) { + free(jpTemp); + JNU_ThrowOutOfMemoryError(env, 0); + return; + } for (i=0; i<(*ckpLength); i++) { (*ckpArray)[i] = jByteToCKByte(jpTemp[i]); } @@ -437,8 +408,22 @@ void jLongArrayToCKULongArray(JNIEnv *env, const jlongArray jArray, CK_ULONG_PTR } *ckpLength = (*env)->GetArrayLength(env, jArray); jTemp = (jlong*) malloc((*ckpLength) * sizeof(jlong)); + if (jTemp == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } (*env)->GetLongArrayRegion(env, jArray, 0, *ckpLength, jTemp); + if ((*env)->ExceptionCheck(env)) { + free(jTemp); + return; + } + *ckpArray = (CK_ULONG_PTR) malloc (*ckpLength * sizeof(CK_ULONG)); + if (*ckpArray == NULL) { + free(jTemp); + JNU_ThrowOutOfMemoryError(env, 0); + return; + } for (i=0; i<(*ckpLength); i++) { (*ckpArray)[i] = jLongToCKULong(jTemp[i]); } @@ -465,8 +450,22 @@ void jCharArrayToCKCharArray(JNIEnv *env, const jcharArray jArray, CK_CHAR_PTR * } *ckpLength = (*env)->GetArrayLength(env, jArray); jpTemp = (jchar*) malloc((*ckpLength) * sizeof(jchar)); + if (jpTemp == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } (*env)->GetCharArrayRegion(env, jArray, 0, *ckpLength, jpTemp); + if ((*env)->ExceptionCheck(env)) { + free(jpTemp); + return; + } + *ckpArray = (CK_CHAR_PTR) malloc (*ckpLength * sizeof(CK_CHAR)); + if (*ckpArray == NULL) { + free(jpTemp); + JNU_ThrowOutOfMemoryError(env, 0); + return; + } for (i=0; i<(*ckpLength); i++) { (*ckpArray)[i] = jCharToCKChar(jpTemp[i]); } @@ -493,8 +492,22 @@ void jCharArrayToCKUTF8CharArray(JNIEnv *env, const jcharArray jArray, CK_UTF8CH } *ckpLength = (*env)->GetArrayLength(env, jArray); jTemp = (jchar*) malloc((*ckpLength) * sizeof(jchar)); + if (jTemp == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } (*env)->GetCharArrayRegion(env, jArray, 0, *ckpLength, jTemp); + if ((*env)->ExceptionCheck(env)) { + free(jTemp); + return; + } + *ckpArray = (CK_UTF8CHAR_PTR) malloc (*ckpLength * sizeof(CK_UTF8CHAR)); + if (*ckpArray == NULL) { + free(jTemp); + JNU_ThrowOutOfMemoryError(env, 0); + return; + } for (i=0; i<(*ckpLength); i++) { (*ckpArray)[i] = jCharToCKUTF8Char(jTemp[i]); } @@ -521,8 +534,15 @@ void jStringToCKUTF8CharArray(JNIEnv *env, const jstring jArray, CK_UTF8CHAR_PTR } pCharArray = (*env)->GetStringUTFChars(env, jArray, &isCopy); + if (pCharArray == NULL) { return; } + *ckpLength = strlen(pCharArray); *ckpArray = (CK_UTF8CHAR_PTR) malloc((*ckpLength + 1) * sizeof(CK_UTF8CHAR)); + if (*ckpArray == NULL) { + (*env)->ReleaseStringUTFChars(env, (jstring) jArray, pCharArray); + JNU_ThrowOutOfMemoryError(env, 0); + return; + } strcpy((char*)*ckpArray, pCharArray); (*env)->ReleaseStringUTFChars(env, (jstring) jArray, pCharArray); } @@ -552,55 +572,36 @@ void jAttributeArrayToCKAttributeArray(JNIEnv *env, jobjectArray jArray, CK_ATTR jLength = (*env)->GetArrayLength(env, jArray); *ckpLength = jLongToCKULong(jLength); *ckpArray = (CK_ATTRIBUTE_PTR) malloc(*ckpLength * sizeof(CK_ATTRIBUTE)); + if (*ckpArray == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return; + } TRACE1(", converting %d attibutes", jLength); for (i=0; i<(*ckpLength); i++) { TRACE1(", getting %d. attibute", i); jAttribute = (*env)->GetObjectArrayElement(env, jArray, i); + if ((*env)->ExceptionCheck(env)) { + freeCKAttributeArray(*ckpArray, i); + return; + } TRACE1(", jAttribute = %d", jAttribute); TRACE1(", converting %d. attibute", i); (*ckpArray)[i] = jAttributeToCKAttribute(env, jAttribute); + if ((*env)->ExceptionCheck(env)) { + freeCKAttributeArray(*ckpArray, i); + return; + } } TRACE0("FINISHED\n"); } -/* - * converts a jobjectArray to a CK_VOID_PTR array. The allocated memory has to be freed after - * use! - * NOTE: this function does not work and is not used yet - * - * @param env - used to call JNI funktions to get the array informtaion - * @param jArray - the Java object array to convert - * @param ckpArray - the reference, where the pointer to the new CK_VOID_PTR array will be stored - * @param ckpLength - the reference, where the array length will be stored - */ -/* -void jObjectArrayToCKVoidPtrArray(JNIEnv *env, const jobjectArray jArray, CK_VOID_PTR_PTR *ckpArray, CK_ULONG_PTR ckpLength) -{ - jobject jTemp; - CK_ULONG i; - - if(jArray == NULL) { - *ckpArray = NULL_PTR; - *ckpLength = 0L; - return; - } - *ckpLength = (*env)->GetArrayLength(env, jArray); - *ckpArray = (CK_VOID_PTR_PTR) malloc (*ckpLength * sizeof(CK_VOID_PTR)); - for (i=0; i<(*ckpLength); i++) { - jTemp = (*env)->GetObjectArrayElement(env, jArray, i); - (*ckpArray)[i] = jObjectToCKVoidPtr(jTemp); - } - free(jTemp); -} -*/ - /* * converts a CK_BYTE array and its length to a jbyteArray. * * @param env - used to call JNI funktions to create the new Java array * @param ckpArray - the pointer to the CK_BYTE array to convert * @param ckpLength - the length of the array to convert - * @return - the new Java byte array + * @return - the new Java byte array or NULL if error occurred */ jbyteArray ckByteArrayToJByteArray(JNIEnv *env, const CK_BYTE_PTR ckpArray, CK_ULONG ckLength) { @@ -613,18 +614,22 @@ jbyteArray ckByteArrayToJByteArray(JNIEnv *env, const CK_BYTE_PTR ckpArray, CK_U jpTemp = (jbyte*) ckpArray; } else { jpTemp = (jbyte*) malloc((ckLength) * sizeof(jbyte)); + if (jpTemp == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } for (i=0; iNewByteArray(env, ckULongToJSize(ckLength)); - (*env)->SetByteArrayRegion(env, jArray, 0, ckULongToJSize(ckLength), jpTemp); - - if (sizeof(CK_BYTE) != sizeof(jbyte)) { - free(jpTemp); + if (jArray != NULL) { + (*env)->SetByteArrayRegion(env, jArray, 0, ckULongToJSize(ckLength), jpTemp); } + if (sizeof(CK_BYTE) != sizeof(jbyte)) { free(jpTemp); } + return jArray ; } @@ -643,11 +648,17 @@ jlongArray ckULongArrayToJLongArray(JNIEnv *env, const CK_ULONG_PTR ckpArray, CK jlongArray jArray; jpTemp = (jlong*) malloc((ckLength) * sizeof(jlong)); + if (jpTemp == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } for (i=0; iNewLongArray(env, ckULongToJSize(ckLength)); - (*env)->SetLongArrayRegion(env, jArray, 0, ckULongToJSize(ckLength), jpTemp); + if (jArray != NULL) { + (*env)->SetLongArrayRegion(env, jArray, 0, ckULongToJSize(ckLength), jpTemp); + } free(jpTemp); return jArray ; @@ -668,11 +679,17 @@ jcharArray ckCharArrayToJCharArray(JNIEnv *env, const CK_CHAR_PTR ckpArray, CK_U jcharArray jArray; jpTemp = (jchar*) malloc(ckLength * sizeof(jchar)); + if (jpTemp == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } for (i=0; iNewCharArray(env, ckULongToJSize(ckLength)); - (*env)->SetCharArrayRegion(env, jArray, 0, ckULongToJSize(ckLength), jpTemp); + if (jArray != NULL) { + (*env)->SetCharArrayRegion(env, jArray, 0, ckULongToJSize(ckLength), jpTemp); + } free(jpTemp); return jArray ; @@ -693,11 +710,17 @@ jcharArray ckUTF8CharArrayToJCharArray(JNIEnv *env, const CK_UTF8CHAR_PTR ckpArr jcharArray jArray; jpTemp = (jchar*) malloc(ckLength * sizeof(jchar)); + if (jpTemp == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } for (i=0; iNewCharArray(env, ckULongToJSize(ckLength)); - (*env)->SetCharArrayRegion(env, jArray, 0, ckULongToJSize(ckLength), jpTemp); + if (jArray != NULL) { + (*env)->SetCharArrayRegion(env, jArray, 0, ckULongToJSize(ckLength), jpTemp); + } free(jpTemp); return jArray ; @@ -736,12 +759,11 @@ jobject ckBBoolPtrToJBooleanObject(JNIEnv *env, const CK_BBOOL *ckpValue) jboolean jValue; jValueObjectClass = (*env)->FindClass(env, "java/lang/Boolean"); - assert(jValueObjectClass != 0); + if (jValueObjectClass == NULL) { return NULL; } jConstructor = (*env)->GetMethodID(env, jValueObjectClass, "", "(Z)V"); - assert(jConstructor != 0); + if (jConstructor == NULL) { return NULL; } jValue = ckBBoolToJBoolean(*ckpValue); jValueObject = (*env)->NewObject(env, jValueObjectClass, jConstructor, jValue); - assert(jValueObject != 0); return jValueObject ; } @@ -761,12 +783,11 @@ jobject ckULongPtrToJLongObject(JNIEnv *env, const CK_ULONG_PTR ckpValue) jlong jValue; jValueObjectClass = (*env)->FindClass(env, "java/lang/Long"); - assert(jValueObjectClass != 0); + if (jValueObjectClass == NULL) { return NULL; } jConstructor = (*env)->GetMethodID(env, jValueObjectClass, "", "(J)V"); - assert(jConstructor != 0); + if (jConstructor == NULL) { return NULL; } jValue = ckULongToJLong(*ckpValue); jValueObject = (*env)->NewObject(env, jValueObjectClass, jConstructor, jValue); - assert(jValueObject != 0); return jValueObject ; } @@ -787,11 +808,15 @@ CK_BBOOL* jBooleanObjectToCKBBoolPtr(JNIEnv *env, jobject jObject) CK_BBOOL *ckpValue; jObjectClass = (*env)->FindClass(env, "java/lang/Boolean"); - assert(jObjectClass != 0); + if (jObjectClass == NULL) { return NULL; } jValueMethod = (*env)->GetMethodID(env, jObjectClass, "booleanValue", "()Z"); - assert(jValueMethod != 0); + if (jValueMethod == NULL) { return NULL; } jValue = (*env)->CallBooleanMethod(env, jObject, jValueMethod); ckpValue = (CK_BBOOL *) malloc(sizeof(CK_BBOOL)); + if (ckpValue == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } *ckpValue = jBooleanToCKBBool(jValue); return ckpValue ; @@ -813,13 +838,16 @@ CK_BYTE_PTR jByteObjectToCKBytePtr(JNIEnv *env, jobject jObject) CK_BYTE_PTR ckpValue; jObjectClass = (*env)->FindClass(env, "java/lang/Byte"); - assert(jObjectClass != 0); + if (jObjectClass == NULL) { return NULL; } jValueMethod = (*env)->GetMethodID(env, jObjectClass, "byteValue", "()B"); - assert(jValueMethod != 0); + if (jValueMethod == NULL) { return NULL; } jValue = (*env)->CallByteMethod(env, jObject, jValueMethod); ckpValue = (CK_BYTE_PTR) malloc(sizeof(CK_BYTE)); + if (ckpValue == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } *ckpValue = jByteToCKByte(jValue); - return ckpValue ; } @@ -839,13 +867,16 @@ CK_ULONG* jIntegerObjectToCKULongPtr(JNIEnv *env, jobject jObject) CK_ULONG *ckpValue; jObjectClass = (*env)->FindClass(env, "java/lang/Integer"); - assert(jObjectClass != 0); + if (jObjectClass == NULL) { return NULL; } jValueMethod = (*env)->GetMethodID(env, jObjectClass, "intValue", "()I"); - assert(jValueMethod != 0); + if (jValueMethod == NULL) { return NULL; } jValue = (*env)->CallIntMethod(env, jObject, jValueMethod); ckpValue = (CK_ULONG *) malloc(sizeof(CK_ULONG)); + if (ckpValue == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } *ckpValue = jLongToCKLong(jValue); - return ckpValue ; } @@ -865,11 +896,15 @@ CK_ULONG* jLongObjectToCKULongPtr(JNIEnv *env, jobject jObject) CK_ULONG *ckpValue; jObjectClass = (*env)->FindClass(env, "java/lang/Long"); - assert(jObjectClass != 0); + if (jObjectClass == NULL) { return NULL; } jValueMethod = (*env)->GetMethodID(env, jObjectClass, "longValue", "()J"); - assert(jValueMethod != 0); + if (jValueMethod == NULL) { return NULL; } jValue = (*env)->CallLongMethod(env, jObject, jValueMethod); ckpValue = (CK_ULONG *) malloc(sizeof(CK_ULONG)); + if (ckpValue == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } *ckpValue = jLongToCKULong(jValue); return ckpValue ; @@ -891,11 +926,15 @@ CK_CHAR_PTR jCharObjectToCKCharPtr(JNIEnv *env, jobject jObject) CK_CHAR_PTR ckpValue; jObjectClass = (*env)->FindClass(env, "java/lang/Char"); - assert(jObjectClass != 0); + if (jObjectClass == NULL) { return NULL; } jValueMethod = (*env)->GetMethodID(env, jObjectClass, "charValue", "()C"); - assert(jValueMethod != 0); + if (jValueMethod == NULL) { return NULL; } jValue = (*env)->CallCharMethod(env, jObject, jValueMethod); ckpValue = (CK_CHAR_PTR) malloc(sizeof(CK_CHAR)); + if (ckpValue == NULL) { + JNU_ThrowOutOfMemoryError(env, 0); + return NULL; + } *ckpValue = jCharToCKChar(jValue); return ckpValue ; @@ -913,124 +952,172 @@ CK_CHAR_PTR jCharObjectToCKCharPtr(JNIEnv *env, jobject jObject) */ void jObjectToPrimitiveCKObjectPtrPtr(JNIEnv *env, jobject jObject, CK_VOID_PTR *ckpObjectPtr, CK_ULONG *ckpLength) { - jclass jBooleanClass = (*env)->FindClass(env, "java/lang/Boolean"); - jclass jByteClass = (*env)->FindClass(env, "java/lang/Byte"); - jclass jCharacterClass = (*env)->FindClass(env, "java/lang/Character"); - jclass jClassClass = (*env)->FindClass(env, "java/lang/Class"); - /* jclass jShortClass = (*env)->FindClass(env, "java/lang/Short"); */ - jclass jIntegerClass = (*env)->FindClass(env, "java/lang/Integer"); - jclass jLongClass = (*env)->FindClass(env, "java/lang/Long"); - /* jclass jFloatClass = (*env)->FindClass(env, "java/lang/Float"); */ - /* jclass jDoubleClass = (*env)->FindClass(env, "java/lang/Double"); */ - jclass jDateClass = (*env)->FindClass(env, CLASS_DATE); - jclass jStringClass = (*env)->FindClass(env, "java/lang/String"); - jclass jStringBufferClass = (*env)->FindClass(env, "java/lang/StringBuffer"); - jclass jBooleanArrayClass = (*env)->FindClass(env, "[Z"); - jclass jByteArrayClass = (*env)->FindClass(env, "[B"); - jclass jCharArrayClass = (*env)->FindClass(env, "[C"); - /* jclass jShortArrayClass = (*env)->FindClass(env, "[S"); */ - jclass jIntArrayClass = (*env)->FindClass(env, "[I"); - jclass jLongArrayClass = (*env)->FindClass(env, "[J"); - /* jclass jFloatArrayClass = (*env)->FindClass(env, "[F"); */ - /* jclass jDoubleArrayClass = (*env)->FindClass(env, "[D"); */ - jclass jObjectClass = (*env)->FindClass(env, "java/lang/Object"); - /* jclass jObjectArrayClass = (*env)->FindClass(env, "[java/lang/Object"); */ - /* ATTENTION: jObjectArrayClass is always NULL !! */ - /* CK_ULONG ckArrayLength; */ - /* CK_VOID_PTR *ckpElementObject; */ - /* CK_ULONG ckElementLength; */ - /* CK_ULONG i; */ + jclass jLongClass, jBooleanClass, jByteArrayClass, jCharArrayClass; + jclass jByteClass, jDateClass, jCharacterClass, jIntegerClass; + jclass jBooleanArrayClass, jIntArrayClass, jLongArrayClass; + jclass jStringClass; + jclass jObjectClass, jClassClass; CK_VOID_PTR ckpVoid = *ckpObjectPtr; jmethodID jMethod; jobject jClassObject; jstring jClassNameString; - jstring jExceptionMessagePrefix; - jobject jExceptionMessageStringBuffer; - jstring jExceptionMessage; + char *classNameString, *exceptionMsgPrefix, *exceptionMsg; TRACE0("\nDEBUG: jObjectToPrimitiveCKObjectPtrPtr"); if (jObject == NULL) { *ckpObjectPtr = NULL; *ckpLength = 0; - } else if ((*env)->IsInstanceOf(env, jObject, jLongClass)) { + return; + } + + jLongClass = (*env)->FindClass(env, "java/lang/Long"); + if (jLongClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jObject, jLongClass)) { *ckpObjectPtr = jLongObjectToCKULongPtr(env, jObject); *ckpLength = sizeof(CK_ULONG); TRACE1("", *((CK_ULONG *) *ckpObjectPtr)); - } else if ((*env)->IsInstanceOf(env, jObject, jBooleanClass)) { + return; + } + + jBooleanClass = (*env)->FindClass(env, "java/lang/Boolean"); + if (jBooleanClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jObject, jBooleanClass)) { *ckpObjectPtr = jBooleanObjectToCKBBoolPtr(env, jObject); *ckpLength = sizeof(CK_BBOOL); TRACE0(" " : "FALSE>"); - } else if ((*env)->IsInstanceOf(env, jObject, jByteArrayClass)) { + return; + } + + jByteArrayClass = (*env)->FindClass(env, "[B"); + if (jByteArrayClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jObject, jByteArrayClass)) { jByteArrayToCKByteArray(env, jObject, (CK_BYTE_PTR*)ckpObjectPtr, ckpLength); - } else if ((*env)->IsInstanceOf(env, jObject, jCharArrayClass)) { + return; + } + + jCharArrayClass = (*env)->FindClass(env, "[C"); + if (jCharArrayClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jObject, jCharArrayClass)) { jCharArrayToCKUTF8CharArray(env, jObject, (CK_UTF8CHAR_PTR*)ckpObjectPtr, ckpLength); - } else if ((*env)->IsInstanceOf(env, jObject, jByteClass)) { + return; + } + + jByteClass = (*env)->FindClass(env, "java/lang/Byte"); + if (jByteClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jObject, jByteClass)) { *ckpObjectPtr = jByteObjectToCKBytePtr(env, jObject); *ckpLength = sizeof(CK_BYTE); TRACE1("", *((CK_BYTE *) *ckpObjectPtr)); - } else if ((*env)->IsInstanceOf(env, jObject, jDateClass)) { + return; + } + + jDateClass = (*env)->FindClass(env, CLASS_DATE); + if (jDateClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jObject, jDateClass)) { *ckpObjectPtr = jDateObjectPtrToCKDatePtr(env, jObject); *ckpLength = sizeof(CK_DATE); - TRACE3("", (*((CK_DATE *) *ckpObjectPtr)).year, - (*((CK_DATE *) *ckpObjectPtr)).month, - (*((CK_DATE *) *ckpObjectPtr)).day); - } else if ((*env)->IsInstanceOf(env, jObject, jCharacterClass)) { + TRACE3("", (*((CK_DATE *) *ckpObjectPtr)).year, (*((CK_DATE *) *ckpObjectPtr)).month, (*((CK_DATE *) *ckpObjectPtr)).day); + return; + } + + jCharacterClass = (*env)->FindClass(env, "java/lang/Character"); + if (jCharacterClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jObject, jCharacterClass)) { *ckpObjectPtr = jCharObjectToCKCharPtr(env, jObject); *ckpLength = sizeof(CK_UTF8CHAR); TRACE1("", *((CK_CHAR *) *ckpObjectPtr)); - } else if ((*env)->IsInstanceOf(env, jObject, jIntegerClass)) { + return; + } + + jIntegerClass = (*env)->FindClass(env, "java/lang/Integer"); + if (jIntegerClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jObject, jIntegerClass)) { *ckpObjectPtr = jIntegerObjectToCKULongPtr(env, jObject); *ckpLength = sizeof(CK_ULONG); TRACE1("", *((CK_ULONG *) *ckpObjectPtr)); - } else if ((*env)->IsInstanceOf(env, jObject, jBooleanArrayClass)) { - jBooleanArrayToCKBBoolArray(env, jObject, (CK_BBOOL**)ckpObjectPtr, ckpLength); - } else if ((*env)->IsInstanceOf(env, jObject, jIntArrayClass)) { - jLongArrayToCKULongArray(env, jObject, (CK_ULONG_PTR*)ckpObjectPtr, ckpLength); - } else if ((*env)->IsInstanceOf(env, jObject, jLongArrayClass)) { - jLongArrayToCKULongArray(env, jObject, (CK_ULONG_PTR*)ckpObjectPtr, ckpLength); - } else if ((*env)->IsInstanceOf(env, jObject, jStringClass)) { - jStringToCKUTF8CharArray(env, jObject, (CK_UTF8CHAR_PTR*)ckpObjectPtr, ckpLength); - - /* a Java object array is not used by CK_ATTRIBUTE by now... */ -/* } else if ((*env)->IsInstanceOf(env, jObject, jObjectArrayClass)) { - ckArrayLength = (*env)->GetArrayLength(env, (jarray) jObject); - ckpObjectPtr = (CK_VOID_PTR_PTR) malloc(sizeof(CK_VOID_PTR) * ckArrayLength); - *ckpLength = 0; - for (i = 0; i < ckArrayLength; i++) { - jObjectToPrimitiveCKObjectPtrPtr(env, (*env)->GetObjectArrayElement(env, (jarray) jObject, i), - ckpElementObject, &ckElementLength); - (*ckpObjectPtr)[i] = *ckpElementObject; - *ckpLength += ckElementLength; - } -*/ - } else { - /* type of jObject unknown, throw PKCS11RuntimeException */ - jMethod = (*env)->GetMethodID(env, jObjectClass, "getClass", "()Ljava/lang/Class;"); - assert(jMethod != 0); - jClassObject = (*env)->CallObjectMethod(env, jObject, jMethod); - assert(jClassObject != 0); - jMethod = (*env)->GetMethodID(env, jClassClass, "getName", "()Ljava/lang/String;"); - assert(jMethod != 0); - jClassNameString = (jstring) - (*env)->CallObjectMethod(env, jClassObject, jMethod); - assert(jClassNameString != 0); - jExceptionMessagePrefix = (*env)->NewStringUTF(env, "Java object of this class cannot be converted to native PKCS#11 type: "); - jMethod = (*env)->GetMethodID(env, jStringBufferClass, "", "(Ljava/lang/String;)V"); - assert(jMethod != 0); - jExceptionMessageStringBuffer = (*env)->NewObject(env, jStringBufferClass, jMethod, jExceptionMessagePrefix); - assert(jClassNameString != 0); - jMethod = (*env)->GetMethodID(env, jStringBufferClass, "append", "(Ljava/lang/String;)Ljava/lang/StringBuffer;"); - assert(jMethod != 0); - jExceptionMessage = (jstring) - (*env)->CallObjectMethod(env, jExceptionMessageStringBuffer, jMethod, jClassNameString); - assert(jExceptionMessage != 0); - - throwPKCS11RuntimeException(env, jExceptionMessage); - - *ckpObjectPtr = NULL; - *ckpLength = 0; + return; } + jBooleanArrayClass = (*env)->FindClass(env, "[Z"); + if (jBooleanArrayClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jObject, jBooleanArrayClass)) { + jBooleanArrayToCKBBoolArray(env, jObject, (CK_BBOOL**)ckpObjectPtr, ckpLength); + return; + } + + jIntArrayClass = (*env)->FindClass(env, "[I"); + if (jIntArrayClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jObject, jIntArrayClass)) { + jLongArrayToCKULongArray(env, jObject, (CK_ULONG_PTR*)ckpObjectPtr, ckpLength); + return; + } + + jLongArrayClass = (*env)->FindClass(env, "[J"); + if (jLongArrayClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jObject, jLongArrayClass)) { + jLongArrayToCKULongArray(env, jObject, (CK_ULONG_PTR*)ckpObjectPtr, ckpLength); + return; + } + + jStringClass = (*env)->FindClass(env, "java/lang/String"); + if (jStringClass == NULL) { return; } + if ((*env)->IsInstanceOf(env, jObject, jStringClass)) { + jStringToCKUTF8CharArray(env, jObject, (CK_UTF8CHAR_PTR*)ckpObjectPtr, ckpLength); + return; + } + + /* type of jObject unknown, throw PKCS11RuntimeException */ + jObjectClass = (*env)->FindClass(env, "java/lang/Object"); + if (jObjectClass == NULL) { return; } + jMethod = (*env)->GetMethodID(env, jObjectClass, "getClass", "()Ljava/lang/Class;"); + if (jMethod == NULL) { return; } + jClassObject = (*env)->CallObjectMethod(env, jObject, jMethod); + assert(jClassObject != 0); + jClassClass = (*env)->FindClass(env, "java/lang/Class"); + if (jClassClass == NULL) { return; } + jMethod = (*env)->GetMethodID(env, jClassClass, "getName", "()Ljava/lang/String;"); + if (jMethod == NULL) { return; } + jClassNameString = (jstring) + (*env)->CallObjectMethod(env, jClassObject, jMethod); + assert(jClassNameString != 0); + classNameString = (char*) + (*env)->GetStringUTFChars(env, jClassNameString, NULL); + if (classNameString == NULL) { return; } + exceptionMsgPrefix = "Java object of this class cannot be converted to native PKCS#11 type: "; + exceptionMsg = (char *) + malloc((strlen(exceptionMsgPrefix) + strlen(classNameString) + 1)); + if (exceptionMsg == NULL) { + (*env)->ReleaseStringUTFChars(env, jClassNameString, classNameString); + JNU_ThrowOutOfMemoryError(env, 0); + return; + } + strcpy(exceptionMsg, exceptionMsgPrefix); + strcat(exceptionMsg, classNameString); + (*env)->ReleaseStringUTFChars(env, jClassNameString, classNameString); + throwPKCS11RuntimeException(env, exceptionMsg); + free(exceptionMsg); + *ckpObjectPtr = NULL; + *ckpLength = 0; + TRACE0("FINISHED\n"); } + +#ifdef P11_MEMORYDEBUG + +#undef malloc +#undef free + +void *p11malloc(size_t c, char *file, int line) { + void *p = malloc(c); + printf("malloc\t%08x\t%d\t%s:%d\n", p, c, file, line); fflush(stdout); + return p; +} + +void p11free(void *p, char *file, int line) { + printf("free\t%08x\t\t%s:%d\n", p, file, line); fflush(stdout); + free(p); +} + +#endif + diff --git a/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h b/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h index 2b67e2b3df7..9dd90c30466 100644 --- a/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h +++ b/jdk/src/share/native/sun/security/pkcs11/wrapper/pkcs11wrapper.h @@ -1,5 +1,5 @@ /* - * Portions Copyright 2003-2006 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -154,6 +154,7 @@ #include "pkcs11.h" #include +#include #define MAX_STACK_BUFFER_LEN (4 * 1024) #define MAX_HEAP_BUFFER_LEN (64 * 1024) @@ -277,12 +278,14 @@ */ jlong ckAssertReturnValueOK(JNIEnv *env, CK_RV returnValue); -void throwPKCS11RuntimeException(JNIEnv *env, jstring jmessage); -void throwFileNotFoundException(JNIEnv *env, jstring jmessage); void throwIOException(JNIEnv *env, const char *message); -void throwIOExceptionUnicodeMessage(JNIEnv *env, const short *message); +void throwPKCS11RuntimeException(JNIEnv *env, const char *message); void throwDisconnectedRuntimeException(JNIEnv *env); +/* function to free CK_ATTRIBUTE array + */ +void freeCKAttributeArray(CK_ATTRIBUTE_PTR attrPtr, int len); + /* funktions to convert Java arrays to a CK-type array and the array length */ void jBooleanArrayToCKBBoolArray(JNIEnv *env, const jbooleanArray jArray, CK_BBOOL **ckpArray, CK_ULONG_PTR ckLength); @@ -438,3 +441,15 @@ extern jobject notifyListLock; extern jobject jInitArgsObject; extern CK_C_INITIALIZE_ARGS_PTR ckpGlobalInitArgs; #endif /* NO_CALLBACKS */ + +#ifdef P11_MEMORYDEBUG +#include + +/* Simple malloc/free dumper */ +void *p11malloc(size_t c, char *file, int line); +void p11free(void *p, char *file, int line); + +#define malloc(c) (p11malloc((c), __FILE__, __LINE__)) +#define free(c) (p11free((c), __FILE__, __LINE__)) + +#endif From 5f12c03c564978a1e25ac200ea63a09969de0eac Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Thu, 5 Mar 2009 14:49:55 +0800 Subject: [PATCH 03/16] 6813402: keytool cannot -printcert entries without extensions Reviewed-by: xuelei --- .../classes/sun/security/tools/KeyTool.java | 8 ++- .../sun/security/tools/keytool/NoExtNPE.sh | 65 +++++++++++++++++++ 2 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 jdk/test/sun/security/tools/keytool/NoExtNPE.sh diff --git a/jdk/src/share/classes/sun/security/tools/KeyTool.java b/jdk/src/share/classes/sun/security/tools/KeyTool.java index e99c40d9d8c..ca2d6a384ab 100644 --- a/jdk/src/share/classes/sun/security/tools/KeyTool.java +++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java @@ -1910,7 +1910,9 @@ public final class KeyTool { ObjectIdentifier oid = attr.getAttributeId(); if (oid.equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) { CertificateExtensions exts = (CertificateExtensions)attr.getAttributeValue(); - printExtensions(rb.getString("Extension Request:"), exts, out); + if (exts != null) { + printExtensions(rb.getString("Extension Request:"), exts, out); + } } else { out.println(attr.getAttributeId()); out.println(attr.getAttributeValue()); @@ -2495,7 +2497,9 @@ public final class KeyTool { X509CertImpl.INFO); CertificateExtensions exts = (CertificateExtensions) certInfo.get(X509CertInfo.EXTENSIONS); - printExtensions(rb.getString("Extensions: "), exts, out); + if (exts != null) { + printExtensions(rb.getString("Extensions: "), exts, out); + } } } diff --git a/jdk/test/sun/security/tools/keytool/NoExtNPE.sh b/jdk/test/sun/security/tools/keytool/NoExtNPE.sh new file mode 100644 index 00000000000..3e929b5354f --- /dev/null +++ b/jdk/test/sun/security/tools/keytool/NoExtNPE.sh @@ -0,0 +1,65 @@ +# +# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, +# CA 95054 USA or visit www.sun.com if you need additional information or +# have any questions. +# + +# @test +# @bug 6813402 +# @summary keytool cannot -printcert entries without extensions +# +# @run shell NoExtNPE.sh + +# set a few environment variables so that the shell-script can run stand-alone +# in the source directory +if [ "${TESTSRC}" = "" ] ; then + TESTSRC="." +fi + +if [ "${TESTJAVA}" = "" ] ; then + echo "TESTJAVA not set. Test cannot execute." + echo "FAILED!!!" + exit 1 +fi + +# set platform-dependent variables +OS=`uname -s` +case "$OS" in + SunOS ) + FILESEP="/" + ;; + Linux ) + FILESEP="/" + ;; + Windows* ) + FILESEP="\\" + ;; + * ) + echo "Unrecognized system!" + exit 1; + ;; +esac + +${TESTJAVA}${FILESEP}bin${FILESEP}keytool \ + -list -v \ + -keystore ${TESTSRC}${FILESEP}CloneKeyAskPassword.jks \ + -storepass test123 + +exit $? From 4e539172f697778afdd74fe52a187de5050ea2d2 Mon Sep 17 00:00:00 2001 From: Xiomara Jayasena Date: Thu, 5 Mar 2009 09:49:16 -0800 Subject: [PATCH 04/16] Added tag jdk7-b50 for changeset 6075b2a504ac --- jdk/.hgtags | 1 + 1 file changed, 1 insertion(+) diff --git a/jdk/.hgtags b/jdk/.hgtags index 6a5bcb2becb..6512bd4e1e6 100644 --- a/jdk/.hgtags +++ b/jdk/.hgtags @@ -24,3 +24,4 @@ d8eb2738db6b148911177d9bcfe888109b7f2f71 jdk7-b44 b4ac413b1f129eeef0acab3f31081c1b7dfe3b27 jdk7-b47 5fbd9ea7def17186693b6f7099b5d0dc73903eee jdk7-b48 8311105ea7a3db7bcbcb2b696459127c7f2297a4 jdk7-b49 +58ba2cd5a25053684ec53205d95edeeaa0006f13 jdk7-b50 From d541bcf9430d2cec37ea16431d605bd606d24c88 Mon Sep 17 00:00:00 2001 From: Sean Mullan Date: Mon, 9 Mar 2009 09:46:43 -0400 Subject: [PATCH 05/16] 6787130: java.policy file contains stale link to http://java.sun.com/notes Reviewed-by: weijun --- jdk/src/share/lib/security/java.policy | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jdk/src/share/lib/security/java.policy b/jdk/src/share/lib/security/java.policy index bcb5a6c4d86..3312bdf92f2 100644 --- a/jdk/src/share/lib/security/java.policy +++ b/jdk/src/share/lib/security/java.policy @@ -15,7 +15,8 @@ grant { // It is strongly recommended that you either remove this permission // from this policy file or further restrict it to code sources // that you specify, because Thread.stop() is potentially unsafe. - // See "http://java.sun.com/notes" for more information. + // See the API specification of java.lang.Thread.stop() for more + // information. permission java.lang.RuntimePermission "stopThread"; // allows anyone to listen on un-privileged ports From f038343dc28c958c857fdcc75c5abc705c186ccf Mon Sep 17 00:00:00 2001 From: Xiomara Jayasena Date: Mon, 9 Mar 2009 13:29:01 -0700 Subject: [PATCH 06/16] 6814575: Update copyright year Update copyright for files that have been modified in 2009, up to 03/09 Reviewed-by: katleman, tbell, ohair --- jdk/src/share/classes/java/lang/Thread.java | 2 +- jdk/src/share/classes/java/util/regex/Matcher.java | 2 +- jdk/src/share/classes/java/util/regex/Pattern.java | 2 +- jdk/src/share/classes/sun/security/krb5/Realm.java | 2 +- .../classes/sun/security/x509/AuthorityInfoAccessExtension.java | 2 +- jdk/src/share/native/java/util/zip/zip_util.c | 2 +- jdk/src/share/native/java/util/zip/zip_util.h | 2 +- jdk/src/solaris/native/java/net/NetworkInterface.c | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/jdk/src/share/classes/java/lang/Thread.java b/jdk/src/share/classes/java/lang/Thread.java index 3922f702c0b..d5d163bd6e3 100644 --- a/jdk/src/share/classes/java/lang/Thread.java +++ b/jdk/src/share/classes/java/lang/Thread.java @@ -1,5 +1,5 @@ /* - * Copyright 1994-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1994-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it diff --git a/jdk/src/share/classes/java/util/regex/Matcher.java b/jdk/src/share/classes/java/util/regex/Matcher.java index 61b75ebc73e..488e47da89a 100644 --- a/jdk/src/share/classes/java/util/regex/Matcher.java +++ b/jdk/src/share/classes/java/util/regex/Matcher.java @@ -1,5 +1,5 @@ /* - * Copyright 1999-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1999-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it diff --git a/jdk/src/share/classes/java/util/regex/Pattern.java b/jdk/src/share/classes/java/util/regex/Pattern.java index 919c1bf3c55..bfc6d5925e9 100644 --- a/jdk/src/share/classes/java/util/regex/Pattern.java +++ b/jdk/src/share/classes/java/util/regex/Pattern.java @@ -1,5 +1,5 @@ /* - * Copyright 1999-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1999-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it diff --git a/jdk/src/share/classes/sun/security/krb5/Realm.java b/jdk/src/share/classes/sun/security/krb5/Realm.java index a34745d8770..bf57e7a54ce 100644 --- a/jdk/src/share/classes/sun/security/krb5/Realm.java +++ b/jdk/src/share/classes/sun/security/krb5/Realm.java @@ -1,5 +1,5 @@ /* - * Portions Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved. + * Portions Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it diff --git a/jdk/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java b/jdk/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java index da14007cd16..9e332b10c55 100644 --- a/jdk/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java +++ b/jdk/src/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java @@ -1,5 +1,5 @@ /* - * Copyright 2004-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2004-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it diff --git a/jdk/src/share/native/java/util/zip/zip_util.c b/jdk/src/share/native/java/util/zip/zip_util.c index 9767dba451e..f381629712c 100644 --- a/jdk/src/share/native/java/util/zip/zip_util.c +++ b/jdk/src/share/native/java/util/zip/zip_util.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1995-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it diff --git a/jdk/src/share/native/java/util/zip/zip_util.h b/jdk/src/share/native/java/util/zip/zip_util.h index 353ebd23862..3814ad02d4f 100644 --- a/jdk/src/share/native/java/util/zip/zip_util.h +++ b/jdk/src/share/native/java/util/zip/zip_util.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1995-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it diff --git a/jdk/src/solaris/native/java/net/NetworkInterface.c b/jdk/src/solaris/native/java/net/NetworkInterface.c index a741f86ad2f..9580c816455 100644 --- a/jdk/src/solaris/native/java/net/NetworkInterface.c +++ b/jdk/src/solaris/native/java/net/NetworkInterface.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it From e4661801352674f01f64ba70f4d735afab05a102 Mon Sep 17 00:00:00 2001 From: Daniel Fuchs Date: Thu, 12 Mar 2009 15:36:14 +0100 Subject: [PATCH 07/16] 6661448: Make the SNMP agent optional when OPENJDK=true and IMPORT_BINARY_PLUGS=false Reviewed-by: mchung, ohair --- jdk/make/com/sun/jmx/Makefile | 10 +- jdk/make/java/management/Makefile | 2 + jdk/make/javax/management/Makefile | 1 + jdk/make/sun/management/Makefile | 11 +- .../share/classes/sun/management/Agent.java | 38 ++++- .../com/sun/jmx/snmp/SnmpOidHashCode.java | 74 ++++++++- .../com/sun/jmx/snmp/TimeTicksWrapping.java | 157 ++++++++++++++++-- 7 files changed, 268 insertions(+), 25 deletions(-) diff --git a/jdk/make/com/sun/jmx/Makefile b/jdk/make/com/sun/jmx/Makefile index c529dd4be31..81470f0befe 100644 --- a/jdk/make/com/sun/jmx/Makefile +++ b/jdk/make/com/sun/jmx/Makefile @@ -41,7 +41,15 @@ include $(BUILDDIR)/common/Defs.gmk # Note : some targets are double colon rules and some single colon rules # within common included gmk files : that is why the following for loop # has been duplicated. -SUBDIRS = snmp + +# When building the openjdk, build snmp only if importing binary plugs, +ifdef OPENJDK + ifeq ($(IMPORT_BINARY_PLUGS),true) + SUBDIRS = snmp + endif +else + SUBDIRS = snmp +endif all build: $(SUBDIRS-loop) diff --git a/jdk/make/java/management/Makefile b/jdk/make/java/management/Makefile index 466d2212afe..f579e10c105 100644 --- a/jdk/make/java/management/Makefile +++ b/jdk/make/java/management/Makefile @@ -46,6 +46,8 @@ include $(BUILDDIR)/common/Mapfile-vers.gmk # include FILES_c.gmk +# We don't need snmp here. +AUTO_JAVA_PRUNE = snmp AUTO_FILES_JAVA_DIRS = java/lang/management com/sun/management sun/management include Exportedfiles.gmk diff --git a/jdk/make/javax/management/Makefile b/jdk/make/javax/management/Makefile index 2085e38a88b..02527ec2d21 100644 --- a/jdk/make/javax/management/Makefile +++ b/jdk/make/javax/management/Makefile @@ -35,6 +35,7 @@ include $(BUILDDIR)/common/Defs.gmk # # Files to compile # +AUTO_JAVA_PRUNE = snmp AUTO_FILES_JAVA_DIRS = javax/management com/sun/jmx com/sun/management/jmx # diff --git a/jdk/make/sun/management/Makefile b/jdk/make/sun/management/Makefile index 6ae5d85d817..bb7ad8935c9 100644 --- a/jdk/make/sun/management/Makefile +++ b/jdk/make/sun/management/Makefile @@ -35,7 +35,16 @@ MGMT_LIB_SRC = $(SHARE_SRC)/lib/management all build:: properties aclfile jmxremotefiles -SUBDIRS = snmp jmxremote +# When building the openjdk, build snmp only if importing binary plugs, +ifdef OPENJDK + ifeq ($(IMPORT_BINARY_PLUGS),true) + SUBDIRS = snmp + endif +else + SUBDIRS = snmp +endif +SUBDIRS += jmxremote + all build clean clobber:: $(SUBDIRS-loop) diff --git a/jdk/src/share/classes/sun/management/Agent.java b/jdk/src/share/classes/sun/management/Agent.java index e247412ba91..edc53f93c6e 100644 --- a/jdk/src/share/classes/sun/management/Agent.java +++ b/jdk/src/share/classes/sun/management/Agent.java @@ -31,9 +31,9 @@ import java.io.FileInputStream; import java.io.BufferedInputStream; import java.io.FileNotFoundException; import java.io.IOException; +import java.lang.reflect.InvocationTargetException; import java.text.MessageFormat; import java.util.Properties; -import java.util.Enumeration; import java.util.ResourceBundle; import java.util.MissingResourceException; import java.lang.management.ManagementFactory; @@ -41,7 +41,6 @@ import java.lang.reflect.Method; import javax.management.remote.JMXConnectorServer; -import sun.management.snmp.AdaptorBootstrap; import sun.management.jmxremote.ConnectorBootstrap; import static sun.management.AgentConfigurationError.*; import sun.misc.VMSupport; @@ -69,6 +68,9 @@ public class Agent { private static final String LOCAL_CONNECTOR_ADDRESS_PROP = "com.sun.management.jmxremote.localConnectorAddress"; + private static final String SNMP_ADAPTOR_BOOTSTRAP_CLASS_NAME = + "sun.management.snmp.AdaptorBootstrap"; + // invoked by -javaagent or -Dcom.sun.management.agent.class public static void premain(String args) throws Exception { agentmain(args); @@ -128,7 +130,7 @@ public class Agent { try { if (snmpPort != null) { - AdaptorBootstrap.initialize(snmpPort, props); + loadSnmpAgent(snmpPort, props); } /* @@ -204,6 +206,36 @@ public class Agent { return mgmtProps; } + private static void loadSnmpAgent(String snmpPort, Properties props) { + try { + // invoke the following through reflection: + // AdaptorBootstrap.initialize(snmpPort, props); + final Class adaptorClass = + Class.forName(SNMP_ADAPTOR_BOOTSTRAP_CLASS_NAME,true,null); + final Method initializeMethod = + adaptorClass.getMethod("initialize", + String.class, Properties.class); + initializeMethod.invoke(null,snmpPort,props); + } catch (ClassNotFoundException x) { + // The SNMP packages are not present: throws an exception. + throw new UnsupportedOperationException("Unsupported management property: " + SNMP_PORT,x); + } catch (NoSuchMethodException x) { + // should not happen... + throw new UnsupportedOperationException("Unsupported management property: " + SNMP_PORT,x); + } catch (InvocationTargetException x) { + final Throwable cause = x.getCause(); + if (cause instanceof RuntimeException) + throw (RuntimeException) cause; + else if (cause instanceof Error) + throw (Error) cause; + // should not happen... + throw new UnsupportedOperationException("Unsupported management property: " + SNMP_PORT,cause); + } catch (IllegalAccessException x) { + // should not happen... + throw new UnsupportedOperationException("Unsupported management property: " + SNMP_PORT,x); + } + } + // read config file and initialize the properties private static void readConfiguration(String fname, Properties p) { if (fname == null) { diff --git a/jdk/test/com/sun/jmx/snmp/SnmpOidHashCode.java b/jdk/test/com/sun/jmx/snmp/SnmpOidHashCode.java index 907d00913f4..4a815de0386 100644 --- a/jdk/test/com/sun/jmx/snmp/SnmpOidHashCode.java +++ b/jdk/test/com/sun/jmx/snmp/SnmpOidHashCode.java @@ -1,5 +1,5 @@ /* - * Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,8 @@ * @build SnmpOidHashCode * @run main SnmpOidHashCode */ -import com.sun.jmx.snmp.SnmpOid; +import java.lang.reflect.Constructor; +import java.lang.reflect.InvocationTargetException; public class SnmpOidHashCode { public static final String[] oids = { @@ -57,16 +58,81 @@ public class SnmpOidHashCode { ".39."+0xFFFFFFFFL }; + // We use an SnmpOidBuilder in order to adapt this test case to a + // configuration where the SNMP packages are not present in rt.jar. + // + public static final class SnmpOidBuilder { + public static final String SNMP_OID_CLASS_NAME = + "com.sun.jmx.snmp.SnmpOid"; + private static final Class SNMP_OID_CLASS; + private static final Constructor SNMP_OID_CTOR; + static { + Class snmpOidClass; + try { + snmpOidClass = + Class.forName(SNMP_OID_CLASS_NAME, true, null); + } catch (ClassNotFoundException x) { + snmpOidClass = null; + System.err.println("WARNING: can't load "+SNMP_OID_CLASS_NAME); + } catch (NoClassDefFoundError x) { + snmpOidClass = null; + System.err.println("WARNING: can't load "+SNMP_OID_CLASS_NAME); + } + SNMP_OID_CLASS = snmpOidClass; + if (SNMP_OID_CLASS != null) { + try { + SNMP_OID_CTOR = snmpOidClass.getConstructor(String.class); + } catch (Exception x) { + throw new ExceptionInInitializerError(x); + } + } else { + SNMP_OID_CTOR = null; + } + } + + public static boolean isSnmpPresent() { + System.out.println(SnmpOidHashCode.class.getName()+ + ": Testing for SNMP Packages..."); + return SNMP_OID_CLASS != null; + } + + public static Object newSnmpOid(String oid) + throws InstantiationException, + IllegalAccessException, + InvocationTargetException { + return SNMP_OID_CTOR.newInstance(oid); + } + + } + + private static Object newSnmpOid(String oid) throws Exception { + try { + return SnmpOidBuilder.newSnmpOid(oid); + } catch (InvocationTargetException x) { + final Throwable cause = x.getCause(); + if (cause instanceof Exception) throw (Exception)cause; + if (cause instanceof Error) throw (Error)cause; + throw x; + } + } + public static void main(String args[]) { + if (!SnmpOidBuilder.isSnmpPresent()) { + System.err.println("WARNING: "+ + SnmpOidBuilder.SNMP_OID_CLASS_NAME+" not present."); + System.err.println(SnmpOidHashCode.class.getName()+ + ": test skipped."); + return; + } try { int errCount=0; int collisions=0; for (int i=0;i SNMP_TIME_TICKS_CLASS; + private static final Constructor SNMP_long_CTOR; + private static final Constructor SNMP_LONG_CTOR; + private static final Method SNMP_LONG_VALUE; + static { + Class snmpTimeTicksClass; + try { + snmpTimeTicksClass = + Class.forName(SNMP_TIME_TICKS_CLASS_NAME, true, null); + } catch (ClassNotFoundException x) { + snmpTimeTicksClass = null; + System.err.println("WARNING: can't load "+ + SNMP_TIME_TICKS_CLASS_NAME); + } catch (NoClassDefFoundError x) { + snmpTimeTicksClass = null; + System.err.println("WARNING: can't load "+ + SNMP_TIME_TICKS_CLASS_NAME); + } + SNMP_TIME_TICKS_CLASS = snmpTimeTicksClass; + if (SNMP_TIME_TICKS_CLASS != null) { + try { + SNMP_long_CTOR = + SNMP_TIME_TICKS_CLASS.getConstructor(long.class); + } catch (Exception x) { + throw new ExceptionInInitializerError(x); + } + } else { + SNMP_long_CTOR = null; + } + if (SNMP_TIME_TICKS_CLASS != null) { + try { + SNMP_LONG_CTOR = + SNMP_TIME_TICKS_CLASS.getConstructor(Long.class); + } catch (Exception x) { + throw new ExceptionInInitializerError(x); + } + } else { + SNMP_LONG_CTOR = null; + } + if (SNMP_TIME_TICKS_CLASS != null) { + try { + SNMP_LONG_VALUE = + SNMP_TIME_TICKS_CLASS.getMethod("longValue"); + } catch (Exception x) { + throw new ExceptionInInitializerError(x); + } + } else { + SNMP_LONG_VALUE = null; + } + + } + + private final Object timeticks; + + public SnmpTimeticksBuilder(long ticks) throws Exception { + timeticks = newSnmpTimeticks(ticks); + } + public SnmpTimeticksBuilder(Long ticks) throws Exception { + timeticks = newSnmpTimeticks(ticks); + } + public long longValue() throws Exception { + return longValue(timeticks); + } + + public static boolean isSnmpPresent() { + System.out.println(TimeTicksWrapping.class.getName()+ + ": Testing for SNMP Packages..."); + return SNMP_TIME_TICKS_CLASS != null; + } + + private static Object newSnmpTimeticks(long time) + throws Exception { + try { + return SNMP_long_CTOR.newInstance(time); + } catch (InvocationTargetException x) { + final Throwable cause = x.getCause(); + if (cause instanceof Exception) throw (Exception) cause; + if (cause instanceof Error) throw (Error) cause; + throw x; + } + } + + private static Object newSnmpTimeticks(Long time) + throws Exception { + try { + return SNMP_LONG_CTOR.newInstance(time); + } catch (InvocationTargetException x) { + final Throwable cause = x.getCause(); + if (cause instanceof Exception) throw (Exception) cause; + if (cause instanceof Error) throw (Error) cause; + throw x; + } + } + + private static long longValue(Object o) + throws Exception { + try { + return ((Long)SNMP_LONG_VALUE.invoke(o)).longValue(); + } catch (InvocationTargetException x) { + final Throwable cause = x.getCause(); + if (cause instanceof Exception) throw (Exception) cause; + if (cause instanceof Error) throw (Error) cause; + throw x; + } + } + + } + public static final long[] oks = { 0L, 1L, (long)Integer.MAX_VALUE, (long)Integer.MAX_VALUE*2, (long)Integer.MAX_VALUE*2+1L, (long)Integer.MAX_VALUE*2+2L, (long)Integer.MAX_VALUE*3, - SnmpUnsignedInt.MAX_VALUE, SnmpUnsignedInt.MAX_VALUE+1L, - SnmpUnsignedInt.MAX_VALUE*3-1L, Long.MAX_VALUE + SnmpTimeticksBuilder.MAX_VALUE, SnmpTimeticksBuilder.MAX_VALUE+1L, + SnmpTimeticksBuilder.MAX_VALUE*3-1L, Long.MAX_VALUE }; public static final long[] kos = { -1L, (long)Integer.MIN_VALUE, (long)Integer.MIN_VALUE*2, (long)Integer.MIN_VALUE*2-1L, (long)Integer.MIN_VALUE*3, - -SnmpUnsignedInt.MAX_VALUE, -(SnmpUnsignedInt.MAX_VALUE+1L), - -(SnmpUnsignedInt.MAX_VALUE*3-1L), Long.MIN_VALUE + -SnmpTimeticksBuilder.MAX_VALUE, -(SnmpTimeticksBuilder.MAX_VALUE+1L), + -(SnmpTimeticksBuilder.MAX_VALUE*3-1L), Long.MIN_VALUE }; + public static void main(String args[]) { + if (!SnmpTimeticksBuilder.isSnmpPresent()) { + System.err.println("WARNING: "+ + SnmpTimeticksBuilder.SNMP_TIME_TICKS_CLASS_NAME+ + " not present."); + System.err.println(TimeTicksWrapping.class.getName()+ + ": test skipped."); + return; + } try { - SnmpTimeticks t; + SnmpTimeticksBuilder t = null; for (int i=0;i SnmpUnsignedInt.MAX_VALUE) + if (t1 > SnmpTimeticksBuilder.MAX_VALUE) throw new Exception("Value should have wrapped " + "for " + oks[i] + ": " + t1 + " exceeds max: " + - SnmpUnsignedInt.MAX_VALUE); - if (t2 > SnmpUnsignedInt.MAX_VALUE) + SnmpTimeticksBuilder.MAX_VALUE); + if (t2 > SnmpTimeticksBuilder.MAX_VALUE) throw new Exception("Value should have wrapped " + "for " + oks[i] + ": " + t2 + " exceeds max: " + - SnmpUnsignedInt.MAX_VALUE); + SnmpTimeticksBuilder.MAX_VALUE); if (t1 < 0) throw new Exception("Value should have wrapped: " + @@ -90,14 +215,14 @@ public class TimeTicksWrapping { for (int i=0;i Date: Thu, 12 Mar 2009 10:27:22 -0700 Subject: [PATCH 08/16] 6810254: Lazily instantiate the shared secret access objects Register the shutdown hooks only when needed and remove JavaIODeleteOnExitAccess Reviewed-by: alanb --- jdk/make/java/java/FILES_java.gmk | 1 - jdk/src/share/classes/java/io/Console.java | 29 +++++++------- .../classes/java/io/DeleteOnExitHook.java | 19 +++++----- jdk/src/share/classes/java/io/File.java | 12 ------ .../java/lang/ApplicationShutdownHooks.java | 20 +++++----- jdk/src/share/classes/java/lang/Shutdown.java | 38 +++++++------------ jdk/src/share/classes/java/lang/System.java | 11 ++---- .../share/classes/sun/misc/JavaIOAccess.java | 1 - .../sun/misc/JavaIODeleteOnExitAccess.java | 30 --------------- .../classes/sun/misc/JavaLangAccess.java | 3 ++ .../share/classes/sun/misc/SharedSecrets.java | 12 ------ 11 files changed, 54 insertions(+), 122 deletions(-) delete mode 100644 jdk/src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java diff --git a/jdk/make/java/java/FILES_java.gmk b/jdk/make/java/java/FILES_java.gmk index 3117af8461f..83f3af7d968 100644 --- a/jdk/make/java/java/FILES_java.gmk +++ b/jdk/make/java/java/FILES_java.gmk @@ -449,7 +449,6 @@ JAVA_JAVA_java = \ sun/misc/Service.java \ sun/misc/JavaLangAccess.java \ sun/misc/JavaIOAccess.java \ - sun/misc/JavaIODeleteOnExitAccess.java \ sun/misc/JavaIOFileDescriptorAccess.java \ sun/misc/JavaNioAccess.java diff --git a/jdk/src/share/classes/java/io/Console.java b/jdk/src/share/classes/java/io/Console.java index 9e009943a95..201b66f71b5 100644 --- a/jdk/src/share/classes/java/io/Console.java +++ b/jdk/src/share/classes/java/io/Console.java @@ -503,6 +503,21 @@ public final class Console implements Flushable // Set up JavaIOAccess in SharedSecrets static { + + // Add a shutdown hook to restore console's echo state should + // it be necessary. + sun.misc.SharedSecrets.getJavaLangAccess() + .registerShutdownHook(0 /* shutdown hook invocation order */, + new Runnable() { + public void run() { + try { + if (echoOff) { + echo(true); + } + } catch (IOException x) { } + } + }); + sun.misc.SharedSecrets.setJavaIOAccess(new sun.misc.JavaIOAccess() { public Console console() { if (istty()) { @@ -513,20 +528,6 @@ public final class Console implements Flushable return null; } - // Add a shutdown hook to restore console's echo state should - // it be necessary. - public Runnable consoleRestoreHook() { - return new Runnable() { - public void run() { - try { - if (echoOff) { - echo(true); - } - } catch (IOException x) {} - } - }; - } - public Charset charset() { // This method is called in sun.security.util.Password, // cons already exists when this method is called diff --git a/jdk/src/share/classes/java/io/DeleteOnExitHook.java b/jdk/src/share/classes/java/io/DeleteOnExitHook.java index bf4d9e7f20f..1dc5c9d85bc 100644 --- a/jdk/src/share/classes/java/io/DeleteOnExitHook.java +++ b/jdk/src/share/classes/java/io/DeleteOnExitHook.java @@ -34,17 +34,18 @@ import java.io.File; */ class DeleteOnExitHook { - private static DeleteOnExitHook instance = null; + static { + sun.misc.SharedSecrets.getJavaLangAccess() + .registerShutdownHook(2 /* Shutdown hook invocation order */, + new Runnable() { + public void run() { + runHooks(); + } + }); + } private static LinkedHashSet files = new LinkedHashSet(); - static DeleteOnExitHook hook() { - if (instance == null) - instance = new DeleteOnExitHook(); - - return instance; - } - private DeleteOnExitHook() {} static synchronized void add(String file) { @@ -54,7 +55,7 @@ class DeleteOnExitHook { files.add(file); } - void run() { + static void runHooks() { LinkedHashSet theFiles; synchronized (DeleteOnExitHook.class) { diff --git a/jdk/src/share/classes/java/io/File.java b/jdk/src/share/classes/java/io/File.java index 6a0415101fb..6e58efbbd6b 100644 --- a/jdk/src/share/classes/java/io/File.java +++ b/jdk/src/share/classes/java/io/File.java @@ -2147,18 +2147,6 @@ public class File /** use serialVersionUID from JDK 1.0.2 for interoperability */ private static final long serialVersionUID = 301077366599181567L; - // Set up JavaIODeleteOnExitAccess in SharedSecrets - // Added here as DeleteOnExitHook is package-private and SharedSecrets cannot easily access it. - static { - sun.misc.SharedSecrets.setJavaIODeleteOnExitAccess( - new sun.misc.JavaIODeleteOnExitAccess() { - public void run() { - DeleteOnExitHook.hook().run(); - } - } - ); - } - // -- Integration with java.nio.file -- private volatile transient Path filePath; diff --git a/jdk/src/share/classes/java/lang/ApplicationShutdownHooks.java b/jdk/src/share/classes/java/lang/ApplicationShutdownHooks.java index 8eeb0fef8d0..b3341de15a4 100644 --- a/jdk/src/share/classes/java/lang/ApplicationShutdownHooks.java +++ b/jdk/src/share/classes/java/lang/ApplicationShutdownHooks.java @@ -34,19 +34,19 @@ import java.util.*; * @see java.lang.Runtime#removeShutdownHook */ -class ApplicationShutdownHooks implements Runnable { - private static ApplicationShutdownHooks instance = null; +class ApplicationShutdownHooks { + static { + Shutdown.add(1 /* shutdown hook invocation order */, + new Runnable() { + public void run() { + runHooks(); + } + }); + } /* The set of registered hooks */ private static IdentityHashMap hooks = new IdentityHashMap(); - static synchronized ApplicationShutdownHooks hook() { - if (instance == null) - instance = new ApplicationShutdownHooks(); - - return instance; - } - private ApplicationShutdownHooks() {} /* Add a new shutdown hook. Checks the shutdown state and the hook itself, @@ -82,7 +82,7 @@ class ApplicationShutdownHooks implements Runnable { * to run in. Hooks are run concurrently and this method waits for * them to finish. */ - public void run() { + static void runHooks() { Collection threads; synchronized(ApplicationShutdownHooks.class) { threads = hooks.keySet(); diff --git a/jdk/src/share/classes/java/lang/Shutdown.java b/jdk/src/share/classes/java/lang/Shutdown.java index 18e32d96f8e..b77b45056a7 100644 --- a/jdk/src/share/classes/java/lang/Shutdown.java +++ b/jdk/src/share/classes/java/lang/Shutdown.java @@ -25,8 +25,6 @@ package java.lang; -import java.util.ArrayList; - /** * Package-private utility class containing data structures and logic @@ -47,8 +45,13 @@ class Shutdown { /* Should we run all finalizers upon exit? */ private static boolean runFinalizersOnExit = false; - /* The set of registered, wrapped hooks, or null if there aren't any */ - private static ArrayList hooks = new ArrayList(); + // The system shutdown hooks are registered with a predefined slot. + // The list of shutdown hooks is as follows: + // (0) Console restore hook + // (1) Application hooks + // (2) DeleteOnExit hook + private static final int MAX_SYSTEM_HOOKS = 10; + private static final Runnable[] hooks = new Runnable[MAX_SYSTEM_HOOKS]; /* The preceding static fields are protected by this lock */ private static class Lock { }; @@ -68,33 +71,18 @@ class Shutdown { /* Add a new shutdown hook. Checks the shutdown state and the hook itself, * but does not do any security checks. */ - static void add(Runnable hook) { + static void add(int slot, Runnable hook) { synchronized (lock) { if (state > RUNNING) throw new IllegalStateException("Shutdown in progress"); - hooks.add(hook); + if (hooks[slot] != null) + throw new InternalError("Shutdown hook at slot " + slot + " already registered"); + + hooks[slot] = hook; } } - - /* Remove a previously-registered hook. Like the add method, this method - * does not do any security checks. - */ - static boolean remove(Runnable hook) { - synchronized (lock) { - if (state > RUNNING) - throw new IllegalStateException("Shutdown in progress"); - if (hook == null) throw new NullPointerException(); - if (hooks == null) { - return false; - } else { - return hooks.remove(hook); - } - } - } - - /* Run all registered shutdown hooks */ private static void runHooks() { @@ -103,7 +91,7 @@ class Shutdown { */ for (Runnable hook : hooks) { try { - hook.run(); + if (hook != null) hook.run(); } catch(Throwable t) { if (t instanceof ThreadDeath) { ThreadDeath td = (ThreadDeath)t; diff --git a/jdk/src/share/classes/java/lang/System.java b/jdk/src/share/classes/java/lang/System.java index a81bfa70152..eb62b4087e9 100644 --- a/jdk/src/share/classes/java/lang/System.java +++ b/jdk/src/share/classes/java/lang/System.java @@ -1121,14 +1121,6 @@ public final class System { // Setup Java signal handlers for HUP, TERM, and INT (where available). Terminator.setup(); - // The order in with the hooks are added here is important as it - // determines the order in which they are run. - // (1)Console restore hook needs to be called first. - // (2)Application hooks must be run before calling deleteOnExitHook. - Shutdown.add(sun.misc.SharedSecrets.getJavaIOAccess().consoleRestoreHook()); - Shutdown.add(ApplicationShutdownHooks.hook()); - Shutdown.add(sun.misc.SharedSecrets.getJavaIODeleteOnExitAccess()); - // Initialize any miscellenous operating system settings that need to be // set for the class libraries. Currently this is no-op everywhere except // for Windows where the process-wide error mode is set before the java.io @@ -1174,6 +1166,9 @@ public final class System { public void blockedOn(Thread t, Interruptible b) { t.blockedOn(b); } + public void registerShutdownHook(int slot, Runnable r) { + Shutdown.add(slot, r); + } }); } diff --git a/jdk/src/share/classes/sun/misc/JavaIOAccess.java b/jdk/src/share/classes/sun/misc/JavaIOAccess.java index 2a076a9d84d..f0b50a8ac4e 100644 --- a/jdk/src/share/classes/sun/misc/JavaIOAccess.java +++ b/jdk/src/share/classes/sun/misc/JavaIOAccess.java @@ -29,6 +29,5 @@ import java.nio.charset.Charset; public interface JavaIOAccess { public Console console(); - public Runnable consoleRestoreHook(); public Charset charset(); } diff --git a/jdk/src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java b/jdk/src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java deleted file mode 100644 index 54aef8b428a..00000000000 --- a/jdk/src/share/classes/sun/misc/JavaIODeleteOnExitAccess.java +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Sun designates this - * particular file as subject to the "Classpath" exception as provided - * by Sun in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, - * CA 95054 USA or visit www.sun.com if you need additional information or - * have any questions. - */ - -package sun.misc; - -public interface JavaIODeleteOnExitAccess extends Runnable { - public void run(); -} diff --git a/jdk/src/share/classes/sun/misc/JavaLangAccess.java b/jdk/src/share/classes/sun/misc/JavaLangAccess.java index 7c1cc55032f..c288bc8402f 100644 --- a/jdk/src/share/classes/sun/misc/JavaLangAccess.java +++ b/jdk/src/share/classes/sun/misc/JavaLangAccess.java @@ -54,4 +54,7 @@ public interface JavaLangAccess { /** Set thread's blocker field. */ void blockedOn(Thread t, Interruptible b); + + /** register shutdown hook */ + void registerShutdownHook(int slot, Runnable r); } diff --git a/jdk/src/share/classes/sun/misc/SharedSecrets.java b/jdk/src/share/classes/sun/misc/SharedSecrets.java index 938e54c6c50..16b5727c604 100644 --- a/jdk/src/share/classes/sun/misc/SharedSecrets.java +++ b/jdk/src/share/classes/sun/misc/SharedSecrets.java @@ -44,7 +44,6 @@ public class SharedSecrets { private static JavaUtilJarAccess javaUtilJarAccess; private static JavaLangAccess javaLangAccess; private static JavaIOAccess javaIOAccess; - private static JavaIODeleteOnExitAccess javaIODeleteOnExitAccess; private static JavaNetAccess javaNetAccess; private static JavaNioAccess javaNioAccess; private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess; @@ -103,17 +102,6 @@ public class SharedSecrets { return javaIOAccess; } - public static void setJavaIODeleteOnExitAccess(JavaIODeleteOnExitAccess jida) { - javaIODeleteOnExitAccess = jida; - } - - public static JavaIODeleteOnExitAccess getJavaIODeleteOnExitAccess() { - if (javaIODeleteOnExitAccess == null) { - unsafe.ensureClassInitialized(File.class); - } - return javaIODeleteOnExitAccess; - } - public static void setJavaIOFileDescriptorAccess(JavaIOFileDescriptorAccess jiofda) { javaIOFileDescriptorAccess = jiofda; } From 2f06b83dfcf601211b83b31d99b95b368f266493 Mon Sep 17 00:00:00 2001 From: Mandy Chung Date: Thu, 12 Mar 2009 10:32:58 -0700 Subject: [PATCH 09/16] 6813240: Remove dead code in sun.misc.FormattedFloatingDecimal class Remove unused methods from FormattedFloatingDecimal that were originally copied from FloatingDecimal Reviewed-by: darcy --- .../sun/misc/FormattedFloatingDecimal.java | 812 ------------------ 1 file changed, 812 deletions(-) diff --git a/jdk/src/share/classes/sun/misc/FormattedFloatingDecimal.java b/jdk/src/share/classes/sun/misc/FormattedFloatingDecimal.java index a1a658a3e6f..99ba5224950 100644 --- a/jdk/src/share/classes/sun/misc/FormattedFloatingDecimal.java +++ b/jdk/src/share/classes/sun/misc/FormattedFloatingDecimal.java @@ -978,15 +978,6 @@ public class FormattedFloatingDecimal{ return new String(result); } - // This method should only ever be called if this object is constructed - // without Form.DECIMAL_FLOAT because the perThreadBuffer is not large - // enough to handle floating-point numbers of large precision. - public String toJavaFormatString() { - char result[] = (char[])(perThreadBuffer.get()); - int i = getChars(result); - return new String(result, 0, i); - } - // returns the exponent before rounding public int getExponent() { return decExponent - 1; @@ -1157,265 +1148,6 @@ public class FormattedFloatingDecimal{ } }; - // This method should only ever be called if this object is constructed - // without Form.DECIMAL_FLOAT because the perThreadBuffer is not large - // enough to handle floating-point numbers of large precision. - public void appendTo(Appendable buf) { - char result[] = (char[])(perThreadBuffer.get()); - int i = getChars(result); - if (buf instanceof StringBuilder) - ((StringBuilder) buf).append(result, 0, i); - else if (buf instanceof StringBuffer) - ((StringBuffer) buf).append(result, 0, i); - else - assert false; - } - - public static FormattedFloatingDecimal - readJavaFormatString( String in ) throws NumberFormatException { - boolean isNegative = false; - boolean signSeen = false; - int decExp; - char c; - - parseNumber: - try{ - in = in.trim(); // don't fool around with white space. - // throws NullPointerException if null - int l = in.length(); - if ( l == 0 ) throw new NumberFormatException("empty String"); - int i = 0; - switch ( c = in.charAt( i ) ){ - case '-': - isNegative = true; - //FALLTHROUGH - case '+': - i++; - signSeen = true; - } - - // Check for NaN and Infinity strings - c = in.charAt(i); - if(c == 'N' || c == 'I') { // possible NaN or infinity - boolean potentialNaN = false; - char targetChars[] = null; // char arrary of "NaN" or "Infinity" - - if(c == 'N') { - targetChars = notANumber; - potentialNaN = true; - } else { - targetChars = infinity; - } - - // compare Input string to "NaN" or "Infinity" - int j = 0; - while(i < l && j < targetChars.length) { - if(in.charAt(i) == targetChars[j]) { - i++; j++; - } - else // something is amiss, throw exception - break parseNumber; - } - - // For the candidate string to be a NaN or infinity, - // all characters in input string and target char[] - // must be matched ==> j must equal targetChars.length - // and i must equal l - if( (j == targetChars.length) && (i == l) ) { // return NaN or infinity - return (potentialNaN ? new FormattedFloatingDecimal(Double.NaN) // NaN has no sign - : new FormattedFloatingDecimal(isNegative? - Double.NEGATIVE_INFINITY: - Double.POSITIVE_INFINITY)) ; - } - else { // something went wrong, throw exception - break parseNumber; - } - - } else if (c == '0') { // check for hexadecimal floating-point number - if (l > i+1 ) { - char ch = in.charAt(i+1); - if (ch == 'x' || ch == 'X' ) // possible hex string - return parseHexString(in); - } - } // look for and process decimal floating-point string - - char[] digits = new char[ l ]; - int nDigits= 0; - boolean decSeen = false; - int decPt = 0; - int nLeadZero = 0; - int nTrailZero= 0; - digitLoop: - while ( i < l ){ - switch ( c = in.charAt( i ) ){ - case '0': - if ( nDigits > 0 ){ - nTrailZero += 1; - } else { - nLeadZero += 1; - } - break; // out of switch. - case '1': - case '2': - case '3': - case '4': - case '5': - case '6': - case '7': - case '8': - case '9': - while ( nTrailZero > 0 ){ - digits[nDigits++] = '0'; - nTrailZero -= 1; - } - digits[nDigits++] = c; - break; // out of switch. - case '.': - if ( decSeen ){ - // already saw one ., this is the 2nd. - throw new NumberFormatException("multiple points"); - } - decPt = i; - if ( signSeen ){ - decPt -= 1; - } - decSeen = true; - break; // out of switch. - default: - break digitLoop; - } - i++; - } - /* - * At this point, we've scanned all the digits and decimal - * point we're going to see. Trim off leading and trailing - * zeros, which will just confuse us later, and adjust - * our initial decimal exponent accordingly. - * To review: - * we have seen i total characters. - * nLeadZero of them were zeros before any other digits. - * nTrailZero of them were zeros after any other digits. - * if ( decSeen ), then a . was seen after decPt characters - * ( including leading zeros which have been discarded ) - * nDigits characters were neither lead nor trailing - * zeros, nor point - */ - /* - * special hack: if we saw no non-zero digits, then the - * answer is zero! - * Unfortunately, we feel honor-bound to keep parsing! - */ - if ( nDigits == 0 ){ - digits = zero; - nDigits = 1; - if ( nLeadZero == 0 ){ - // we saw NO DIGITS AT ALL, - // not even a crummy 0! - // this is not allowed. - break parseNumber; // go throw exception - } - - } - - /* Our initial exponent is decPt, adjusted by the number of - * discarded zeros. Or, if there was no decPt, - * then its just nDigits adjusted by discarded trailing zeros. - */ - if ( decSeen ){ - decExp = decPt - nLeadZero; - } else { - decExp = nDigits+nTrailZero; - } - - /* - * Look for 'e' or 'E' and an optionally signed integer. - */ - if ( (i < l) && (((c = in.charAt(i) )=='e') || (c == 'E') ) ){ - int expSign = 1; - int expVal = 0; - int reallyBig = Integer.MAX_VALUE / 10; - boolean expOverflow = false; - switch( in.charAt(++i) ){ - case '-': - expSign = -1; - //FALLTHROUGH - case '+': - i++; - } - int expAt = i; - expLoop: - while ( i < l ){ - if ( expVal >= reallyBig ){ - // the next character will cause integer - // overflow. - expOverflow = true; - } - switch ( c = in.charAt(i++) ){ - case '0': - case '1': - case '2': - case '3': - case '4': - case '5': - case '6': - case '7': - case '8': - case '9': - expVal = expVal*10 + ( (int)c - (int)'0' ); - continue; - default: - i--; // back up. - break expLoop; // stop parsing exponent. - } - } - int expLimit = bigDecimalExponent+nDigits+nTrailZero; - if ( expOverflow || ( expVal > expLimit ) ){ - // - // The intent here is to end up with - // infinity or zero, as appropriate. - // The reason for yielding such a small decExponent, - // rather than something intuitive such as - // expSign*Integer.MAX_VALUE, is that this value - // is subject to further manipulation in - // doubleValue() and floatValue(), and I don't want - // it to be able to cause overflow there! - // (The only way we can get into trouble here is for - // really outrageous nDigits+nTrailZero, such as 2 billion. ) - // - decExp = expSign*expLimit; - } else { - // this should not overflow, since we tested - // for expVal > (MAX+N), where N >= abs(decExp) - decExp = decExp + expSign*expVal; - } - - // if we saw something not a digit ( or end of string ) - // after the [Ee][+-], without seeing any digits at all - // this is certainly an error. If we saw some digits, - // but then some trailing garbage, that might be ok. - // so we just fall through in that case. - // HUMBUG - if ( i == expAt ) - break parseNumber; // certainly bad - } - /* - * We parsed everything we could. - * If there are leftovers, then this is not good input! - */ - if ( i < l && - ((i != l - 1) || - (in.charAt(i) != 'f' && - in.charAt(i) != 'F' && - in.charAt(i) != 'd' && - in.charAt(i) != 'D'))) { - break parseNumber; // go throw exception - } - - return new FormattedFloatingDecimal( isNegative, decExp, digits, nDigits, false, Integer.MAX_VALUE, Form.COMPATIBLE ); - } catch ( StringIndexOutOfBoundsException e ){ } - throw new NumberFormatException("For input string: \"" + in + "\""); - } - /* * Take a FormattedFloatingDecimal, which we presumably just scanned in, * and find out what its value is, as a double. @@ -2035,548 +1767,4 @@ public class FormattedFloatingDecimal{ private static final char infinity[] = { 'I', 'n', 'f', 'i', 'n', 'i', 't', 'y' }; private static final char notANumber[] = { 'N', 'a', 'N' }; private static final char zero[] = { '0', '0', '0', '0', '0', '0', '0', '0' }; - - - /* - * Grammar is compatible with hexadecimal floating-point constants - * described in section 6.4.4.2 of the C99 specification. - */ - private static Pattern hexFloatPattern = Pattern.compile( - //1 234 56 7 8 9 - "([-+])?0[xX](((\\p{XDigit}+)\\.?)|((\\p{XDigit}*)\\.(\\p{XDigit}+)))[pP]([-+])?(\\p{Digit}+)[fFdD]?" - ); - - /* - * Convert string s to a suitable floating decimal; uses the - * double constructor and set the roundDir variable appropriately - * in case the value is later converted to a float. - */ - static FormattedFloatingDecimal parseHexString(String s) { - // Verify string is a member of the hexadecimal floating-point - // string language. - Matcher m = hexFloatPattern.matcher(s); - boolean validInput = m.matches(); - - if (!validInput) { - // Input does not match pattern - throw new NumberFormatException("For input string: \"" + s + "\""); - } else { // validInput - /* - * We must isolate the sign, significand, and exponent - * fields. The sign value is straightforward. Since - * floating-point numbers are stored with a normalized - * representation, the significand and exponent are - * interrelated. - * - * After extracting the sign, we normalized the - * significand as a hexadecimal value, calculating an - * exponent adjust for any shifts made during - * normalization. If the significand is zero, the - * exponent doesn't need to be examined since the output - * will be zero. - * - * Next the exponent in the input string is extracted. - * Afterwards, the significand is normalized as a *binary* - * value and the input value's normalized exponent can be - * computed. The significand bits are copied into a - * double significand; if the string has more logical bits - * than can fit in a double, the extra bits affect the - * round and sticky bits which are used to round the final - * value. - */ - - // Extract significand sign - String group1 = m.group(1); - double sign = (( group1 == null ) || group1.equals("+"))? 1.0 : -1.0; - - - // Extract Significand magnitude - /* - * Based on the form of the significand, calculate how the - * binary exponent needs to be adjusted to create a - * normalized *hexadecimal* floating-point number; that - * is, a number where there is one nonzero hex digit to - * the left of the (hexa)decimal point. Since we are - * adjusting a binary, not hexadecimal exponent, the - * exponent is adjusted by a multiple of 4. - * - * There are a number of significand scenarios to consider; - * letters are used in indicate nonzero digits: - * - * 1. 000xxxx => x.xxx normalized - * increase exponent by (number of x's - 1)*4 - * - * 2. 000xxx.yyyy => x.xxyyyy normalized - * increase exponent by (number of x's - 1)*4 - * - * 3. .000yyy => y.yy normalized - * decrease exponent by (number of zeros + 1)*4 - * - * 4. 000.00000yyy => y.yy normalized - * decrease exponent by (number of zeros to right of point + 1)*4 - * - * If the significand is exactly zero, return a properly - * signed zero. - */ - - String significandString =null; - int signifLength = 0; - int exponentAdjust = 0; - { - int leftDigits = 0; // number of meaningful digits to - // left of "decimal" point - // (leading zeros stripped) - int rightDigits = 0; // number of digits to right of - // "decimal" point; leading zeros - // must always be accounted for - /* - * The significand is made up of either - * - * 1. group 4 entirely (integer portion only) - * - * OR - * - * 2. the fractional portion from group 7 plus any - * (optional) integer portions from group 6. - */ - String group4; - if( (group4 = m.group(4)) != null) { // Integer-only significand - // Leading zeros never matter on the integer portion - significandString = stripLeadingZeros(group4); - leftDigits = significandString.length(); - } - else { - // Group 6 is the optional integer; leading zeros - // never matter on the integer portion - String group6 = stripLeadingZeros(m.group(6)); - leftDigits = group6.length(); - - // fraction - String group7 = m.group(7); - rightDigits = group7.length(); - - // Turn "integer.fraction" into "integer"+"fraction" - significandString = - ((group6 == null)?"":group6) + // is the null - // check necessary? - group7; - } - - significandString = stripLeadingZeros(significandString); - signifLength = significandString.length(); - - /* - * Adjust exponent as described above - */ - if (leftDigits >= 1) { // Cases 1 and 2 - exponentAdjust = 4*(leftDigits - 1); - } else { // Cases 3 and 4 - exponentAdjust = -4*( rightDigits - signifLength + 1); - } - - // If the significand is zero, the exponent doesn't - // matter; return a properly signed zero. - - if (signifLength == 0) { // Only zeros in input - return new FormattedFloatingDecimal(sign * 0.0); - } - } - - // Extract Exponent - /* - * Use an int to read in the exponent value; this should - * provide more than sufficient range for non-contrived - * inputs. If reading the exponent in as an int does - * overflow, examine the sign of the exponent and - * significand to determine what to do. - */ - String group8 = m.group(8); - boolean positiveExponent = ( group8 == null ) || group8.equals("+"); - long unsignedRawExponent; - try { - unsignedRawExponent = Integer.parseInt(m.group(9)); - } - catch (NumberFormatException e) { - // At this point, we know the exponent is - // syntactically well-formed as a sequence of - // digits. Therefore, if an NumberFormatException - // is thrown, it must be due to overflowing int's - // range. Also, at this point, we have already - // checked for a zero significand. Thus the signs - // of the exponent and significand determine the - // final result: - // - // significand - // + - - // exponent + +infinity -infinity - // - +0.0 -0.0 - return new FormattedFloatingDecimal(sign * (positiveExponent ? - Double.POSITIVE_INFINITY : 0.0)); - } - - long rawExponent = - (positiveExponent ? 1L : -1L) * // exponent sign - unsignedRawExponent; // exponent magnitude - - // Calculate partially adjusted exponent - long exponent = rawExponent + exponentAdjust ; - - // Starting copying non-zero bits into proper position in - // a long; copy explicit bit too; this will be masked - // later for normal values. - - boolean round = false; - boolean sticky = false; - int bitsCopied=0; - int nextShift=0; - long significand=0L; - // First iteration is different, since we only copy - // from the leading significand bit; one more exponent - // adjust will be needed... - - // IMPORTANT: make leadingDigit a long to avoid - // surprising shift semantics! - long leadingDigit = getHexDigit(significandString, 0); - - /* - * Left shift the leading digit (53 - (bit position of - * leading 1 in digit)); this sets the top bit of the - * significand to 1. The nextShift value is adjusted - * to take into account the number of bit positions of - * the leadingDigit actually used. Finally, the - * exponent is adjusted to normalize the significand - * as a binary value, not just a hex value. - */ - if (leadingDigit == 1) { - significand |= leadingDigit << 52; - nextShift = 52 - 4; - /* exponent += 0 */ } - else if (leadingDigit <= 3) { // [2, 3] - significand |= leadingDigit << 51; - nextShift = 52 - 5; - exponent += 1; - } - else if (leadingDigit <= 7) { // [4, 7] - significand |= leadingDigit << 50; - nextShift = 52 - 6; - exponent += 2; - } - else if (leadingDigit <= 15) { // [8, f] - significand |= leadingDigit << 49; - nextShift = 52 - 7; - exponent += 3; - } else { - throw new AssertionError("Result from digit converstion too large!"); - } - // The preceding if-else could be replaced by a single - // code block based on the high-order bit set in - // leadingDigit. Given leadingOnePosition, - - // significand |= leadingDigit << (SIGNIFICAND_WIDTH - leadingOnePosition); - // nextShift = 52 - (3 + leadingOnePosition); - // exponent += (leadingOnePosition-1); - - - /* - * Now the exponent variable is equal to the normalized - * binary exponent. Code below will make representation - * adjustments if the exponent is incremented after - * rounding (includes overflows to infinity) or if the - * result is subnormal. - */ - - // Copy digit into significand until the significand can't - // hold another full hex digit or there are no more input - // hex digits. - int i = 0; - for(i = 1; - i < signifLength && nextShift >= 0; - i++) { - long currentDigit = getHexDigit(significandString, i); - significand |= (currentDigit << nextShift); - nextShift-=4; - } - - // After the above loop, the bulk of the string is copied. - // Now, we must copy any partial hex digits into the - // significand AND compute the round bit and start computing - // sticky bit. - - if ( i < signifLength ) { // at least one hex input digit exists - long currentDigit = getHexDigit(significandString, i); - - // from nextShift, figure out how many bits need - // to be copied, if any - switch(nextShift) { // must be negative - case -1: - // three bits need to be copied in; can - // set round bit - significand |= ((currentDigit & 0xEL) >> 1); - round = (currentDigit & 0x1L) != 0L; - break; - - case -2: - // two bits need to be copied in; can - // set round and start sticky - significand |= ((currentDigit & 0xCL) >> 2); - round = (currentDigit &0x2L) != 0L; - sticky = (currentDigit & 0x1L) != 0; - break; - - case -3: - // one bit needs to be copied in - significand |= ((currentDigit & 0x8L)>>3); - // Now set round and start sticky, if possible - round = (currentDigit &0x4L) != 0L; - sticky = (currentDigit & 0x3L) != 0; - break; - - case -4: - // all bits copied into significand; set - // round and start sticky - round = ((currentDigit & 0x8L) != 0); // is top bit set? - // nonzeros in three low order bits? - sticky = (currentDigit & 0x7L) != 0; - break; - - default: - throw new AssertionError("Unexpected shift distance remainder."); - // break; - } - - // Round is set; sticky might be set. - - // For the sticky bit, it suffices to check the - // current digit and test for any nonzero digits in - // the remaining unprocessed input. - i++; - while(i < signifLength && !sticky) { - currentDigit = getHexDigit(significandString,i); - sticky = sticky || (currentDigit != 0); - i++; - } - - } - // else all of string was seen, round and sticky are - // correct as false. - - - // Check for overflow and update exponent accordingly. - - if (exponent > DoubleConsts.MAX_EXPONENT) { // Infinite result - // overflow to properly signed infinity - return new FormattedFloatingDecimal(sign * Double.POSITIVE_INFINITY); - } else { // Finite return value - if (exponent <= DoubleConsts.MAX_EXPONENT && // (Usually) normal result - exponent >= DoubleConsts.MIN_EXPONENT) { - - // The result returned in this block cannot be a - // zero or subnormal; however after the - // significand is adjusted from rounding, we could - // still overflow in infinity. - - // AND exponent bits into significand; if the - // significand is incremented and overflows from - // rounding, this combination will update the - // exponent correctly, even in the case of - // Double.MAX_VALUE overflowing to infinity. - - significand = (( ((long)exponent + - (long)DoubleConsts.EXP_BIAS) << - (DoubleConsts.SIGNIFICAND_WIDTH-1)) - & DoubleConsts.EXP_BIT_MASK) | - (DoubleConsts.SIGNIF_BIT_MASK & significand); - - } else { // Subnormal or zero - // (exponent < DoubleConsts.MIN_EXPONENT) - - if (exponent < (DoubleConsts.MIN_SUB_EXPONENT -1 )) { - // No way to round back to nonzero value - // regardless of significand if the exponent is - // less than -1075. - return new FormattedFloatingDecimal(sign * 0.0); - } else { // -1075 <= exponent <= MIN_EXPONENT -1 = -1023 - /* - * Find bit position to round to; recompute - * round and sticky bits, and shift - * significand right appropriately. - */ - - sticky = sticky || round; - round = false; - - // Number of bits of significand to preserve is - // exponent - abs_min_exp +1 - // check: - // -1075 +1074 + 1 = 0 - // -1023 +1074 + 1 = 52 - - int bitsDiscarded = 53 - - ((int)exponent - DoubleConsts.MIN_SUB_EXPONENT + 1); - assert bitsDiscarded >= 1 && bitsDiscarded <= 53; - - // What to do here: - // First, isolate the new round bit - round = (significand & (1L << (bitsDiscarded -1))) != 0L; - if (bitsDiscarded > 1) { - // create mask to update sticky bits; low - // order bitsDiscarded bits should be 1 - long mask = ~((~0L) << (bitsDiscarded -1)); - sticky = sticky || ((significand & mask) != 0L ) ; - } - - // Now, discard the bits - significand = significand >> bitsDiscarded; - - significand = (( ((long)(DoubleConsts.MIN_EXPONENT -1) + // subnorm exp. - (long)DoubleConsts.EXP_BIAS) << - (DoubleConsts.SIGNIFICAND_WIDTH-1)) - & DoubleConsts.EXP_BIT_MASK) | - (DoubleConsts.SIGNIF_BIT_MASK & significand); - } - } - - // The significand variable now contains the currently - // appropriate exponent bits too. - - /* - * Determine if significand should be incremented; - * making this determination depends on the least - * significant bit and the round and sticky bits. - * - * Round to nearest even rounding table, adapted from - * table 4.7 in "Computer Arithmetic" by IsraelKoren. - * The digit to the left of the "decimal" point is the - * least significant bit, the digits to the right of - * the point are the round and sticky bits - * - * Number Round(x) - * x0.00 x0. - * x0.01 x0. - * x0.10 x0. - * x0.11 x1. = x0. +1 - * x1.00 x1. - * x1.01 x1. - * x1.10 x1. + 1 - * x1.11 x1. + 1 - */ - boolean incremented = false; - boolean leastZero = ((significand & 1L) == 0L); - if( ( leastZero && round && sticky ) || - ((!leastZero) && round )) { - incremented = true; - significand++; - } - - FormattedFloatingDecimal fd = new FormattedFloatingDecimal(FpUtils.rawCopySign( - Double.longBitsToDouble(significand), - sign)); - - /* - * Set roundingDir variable field of fd properly so - * that the input string can be properly rounded to a - * float value. There are two cases to consider: - * - * 1. rounding to double discards sticky bit - * information that would change the result of a float - * rounding (near halfway case between two floats) - * - * 2. rounding to double rounds up when rounding up - * would not occur when rounding to float. - * - * For former case only needs to be considered when - * the bits rounded away when casting to float are all - * zero; otherwise, float round bit is properly set - * and sticky will already be true. - * - * The lower exponent bound for the code below is the - * minimum (normalized) subnormal exponent - 1 since a - * value with that exponent can round up to the - * minimum subnormal value and the sticky bit - * information must be preserved (i.e. case 1). - */ - if ((exponent >= FloatConsts.MIN_SUB_EXPONENT-1) && - (exponent <= FloatConsts.MAX_EXPONENT ) ){ - // Outside above exponent range, the float value - // will be zero or infinity. - - /* - * If the low-order 28 bits of a rounded double - * significand are 0, the double could be a - * half-way case for a rounding to float. If the - * double value is a half-way case, the double - * significand may have to be modified to round - * the the right float value (see the stickyRound - * method). If the rounding to double has lost - * what would be float sticky bit information, the - * double significand must be incremented. If the - * double value's significand was itself - * incremented, the float value may end up too - * large so the increment should be undone. - */ - if ((significand & 0xfffffffL) == 0x0L) { - // For negative values, the sign of the - // roundDir is the same as for positive values - // since adding 1 increasing the significand's - // magnitude and subtracting 1 decreases the - // significand's magnitude. If neither round - // nor sticky is true, the double value is - // exact and no adjustment is required for a - // proper float rounding. - if( round || sticky) { - if (leastZero) { // prerounding lsb is 0 - // If round and sticky were both true, - // and the least significant - // significand bit were 0, the rounded - // significand would not have its - // low-order bits be zero. Therefore, - // we only need to adjust the - // significand if round XOR sticky is - // true. - if (round ^ sticky) { - fd.roundDir = 1; - } - } - else { // prerounding lsb is 1 - // If the prerounding lsb is 1 and the - // resulting significand has its - // low-order bits zero, the significand - // was incremented. Here, we undo the - // increment, which will ensure the - // right guard and sticky bits for the - // float rounding. - if (round) - fd.roundDir = -1; - } - } - } - } - - fd.fromHex = true; - return fd; - } - } - } - - /** - * Return s with any leading zeros removed. - */ - static String stripLeadingZeros(String s) { - return s.replaceFirst("^0+", ""); - } - - /** - * Extract a hexadecimal digit from position position - * of string s. - */ - static int getHexDigit(String s, int position) { - int value = Character.digit(s.charAt(position), 16); - if (value <= -1 || value >= 16) { - throw new AssertionError("Unxpected failure of digit converstion of " + - s.charAt(position)); - } - return value; - } - - } From 78ae650f8f866b0e9341c928fff17bed67e5ad58 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Fri, 13 Mar 2009 09:20:56 +0800 Subject: [PATCH 10/16] 6815182: GSSAPI/SPNEGO does not work with server using MIT Kerberos library Reviewed-by: valeriep --- .../security/jgss/spnego/NegTokenInit.java | 10 +- .../security/jgss/spnego/SpNegoContext.java | 35 ++----- .../security/krb5/auto/SpnegoReqFlags.java | 92 +++++++++++++++++++ 3 files changed, 107 insertions(+), 30 deletions(-) create mode 100644 jdk/test/sun/security/krb5/auto/SpnegoReqFlags.java diff --git a/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenInit.java b/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenInit.java index 6003cdfaeab..9bb77fd7a1d 100644 --- a/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenInit.java +++ b/jdk/src/share/classes/sun/security/jgss/spnego/NegTokenInit.java @@ -1,5 +1,5 @@ /* - * Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -66,11 +66,11 @@ public class NegTokenInit extends SpNegoToken { private byte[] mechTypes = null; private Oid[] mechTypeList = null; - private byte[] reqFlags = null; + private BitArray reqFlags = null; private byte[] mechToken = null; private byte[] mechListMIC = null; - NegTokenInit(byte[] mechTypes, byte[] flags, + NegTokenInit(byte[] mechTypes, BitArray flags, byte[] token, byte[] mechListMIC) { super(NEG_TOKEN_INIT_ID); @@ -101,7 +101,7 @@ public class NegTokenInit extends SpNegoToken { // write context flags with CONTEXT 01 if (reqFlags != null) { DerOutputStream flags = new DerOutputStream(); - flags.putBitString(reqFlags); + flags.putUnalignedBitString(reqFlags); initToken.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), flags); } @@ -237,7 +237,7 @@ public class NegTokenInit extends SpNegoToken { return mechTypeList; } - byte[] getReqFlags() { + BitArray getReqFlags() { return reqFlags; } diff --git a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java index 7185b0e08a7..a84e8a26001 100644 --- a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java +++ b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java @@ -1,5 +1,5 @@ /* - * Copyright 2005-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -53,13 +53,6 @@ public class SpNegoContext implements GSSContextSpi { private int state = STATE_NEW; - private static final int CHECKSUM_DELEG_FLAG = 1; - private static final int CHECKSUM_MUTUAL_FLAG = 2; - private static final int CHECKSUM_REPLAY_FLAG = 4; - private static final int CHECKSUM_SEQUENCE_FLAG = 8; - private static final int CHECKSUM_CONF_FLAG = 16; - private static final int CHECKSUM_INTEG_FLAG = 32; - /* * Optional features that the application can set and their default * values. @@ -697,25 +690,17 @@ public class SpNegoContext implements GSSContextSpi { /** * get the context flags */ - private byte[] getContextFlags() { - int flags = 0; + private BitArray getContextFlags() { + BitArray out = new BitArray(7); - if (getCredDelegState()) - flags |= CHECKSUM_DELEG_FLAG; - if (getMutualAuthState()) - flags |= CHECKSUM_MUTUAL_FLAG; - if (getReplayDetState()) - flags |= CHECKSUM_REPLAY_FLAG; - if (getSequenceDetState()) - flags |= CHECKSUM_SEQUENCE_FLAG; - if (getIntegState()) - flags |= CHECKSUM_INTEG_FLAG; - if (getConfState()) - flags |= CHECKSUM_CONF_FLAG; + if (getCredDelegState()) out.set(0, true); + if (getMutualAuthState()) out.set(1, true); + if (getReplayDetState()) out.set(2, true); + if (getSequenceDetState()) out.set(3, true); + if (getConfState()) out.set(5, true); + if (getIntegState()) out.set(6, true); - byte[] temp = new byte[1]; - temp[0] = (byte)(flags & 0xff); - return temp; + return out; } private void setContextFlags() { diff --git a/jdk/test/sun/security/krb5/auto/SpnegoReqFlags.java b/jdk/test/sun/security/krb5/auto/SpnegoReqFlags.java new file mode 100644 index 00000000000..a94a2b5d1ac --- /dev/null +++ b/jdk/test/sun/security/krb5/auto/SpnegoReqFlags.java @@ -0,0 +1,92 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6815182 + * @summary GSSAPI/SPNEGO does not work with server using MIT Kerberos library + */ + +import sun.security.jgss.GSSUtil; +import sun.security.util.BitArray; +import sun.security.util.DerInputStream; +import sun.security.util.DerValue; + +public class SpnegoReqFlags { + + public static void main(String[] args) + throws Exception { + + // Create and start the KDC + new OneKDC(null).writeJAASConf(); + new SpnegoReqFlags().go(); + } + + void go() throws Exception { + Context c = Context.fromJAAS("client"); + c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID); + + byte[] token = c.doAs(new Action() { + @Override + public byte[] run(Context me, byte[] input) throws Exception { + me.x().requestCredDeleg(true); + me.x().requestReplayDet(false); + me.x().requestSequenceDet(false); + return me.x().initSecContext(new byte[0], 0, 0); + } + }, null); + + DerValue d = new DerValue(token); // GSSToken + DerInputStream ins = d.data; // OID + mech token + d.data.getDerValue(); // skip OID + d = d.data.getDerValue(); // NegTokenInit + d = d.data.getDerValue(); // The SEQUENCE inside + + boolean found = false; + + // Go through all fields inside NegTokenInit. The reqFlags field + // is optional. It's even not recommended in RFC 4178. + while (d.data.available() > 0) { + DerValue d2 = d.data.getDerValue(); + if (d2.isContextSpecific((byte)1)) { + found = true; + System.out.println("regFlags field located."); + BitArray ba = d2.data.getUnalignedBitString(); + if (ba.length() != 7) { + throw new Exception("reqFlags should contain 7 bits"); + } + if (!ba.get(0)) { + throw new Exception("delegFlag should be true"); + } + if (ba.get(2) || ba.get(3)) { + throw new Exception("replay/sequenceFlag should be false"); + } + } + } + + if (!found) { + System.out.println("Warning: regFlags field not found, too new?"); + } + c.dispose(); + } +} From d6f2afc28f0e2d6681d0b3d5d412bade9c4a1502 Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Fri, 13 Mar 2009 09:21:13 +0800 Subject: [PATCH 11/16] 6550221: jaas, jgss and smartcardio javadoc files do not contain Copyrights Reviewed-by: ohair --- jdk/make/docs/Makefile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/jdk/make/docs/Makefile b/jdk/make/docs/Makefile index 492fa059160..301acde0826 100644 --- a/jdk/make/docs/Makefile +++ b/jdk/make/docs/Makefile @@ -1,5 +1,5 @@ # -# Copyright 1997-2008 Sun Microsystems, Inc. All Rights Reserved. +# Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -204,6 +204,9 @@ JDI_DOCTITLE = "Java$(TRADEMARK) Debug Interface" JDI_HEADER = "Java Debug Interface" # JDI_PKGS is located in NON_CORE_PKGS.gmk +# Variables used by security components +SECURITYAPI_JAVADOCBOTTOM = 'Report a bug or request a feature.
Copyright $(THIS_YEAR) Sun Microsystems, Inc. All Rights Reserved. Use is subject to license terms.' + # # Variables used by JAAS target # @@ -221,6 +224,7 @@ JAAS_JAVADOCFLAGS = $(COMMON_JAVADOCFLAGS) \ -windowtitle $(JAAS_WINDOWTITLE) \ -doctitle $(JAAS_DOCTITLE) \ -header $(JAAS_JAVADOCHEADER) \ + -bottom $(SECURITYAPI_JAVADOCBOTTOM) \ -linkoffline ../../../../../api $(DOCSDIR)/api/ \ -overview $(TOPDIR)/src/share/classes/com/sun/security/auth/jaas-overview.html JAAS_WINDOWTITLE = "Java Authentication and Authorization Service " @@ -243,6 +247,7 @@ JGSS_JAVADOCFLAGS = $(COMMON_JAVADOCFLAGS) \ -windowtitle $(JGSS_WINDOWTITLE) \ -doctitle $(JGSS_DOCTITLE) \ -header $(JGSS_JAVADOCHEADER) \ + -bottom $(SECURITYAPI_JAVADOCBOTTOM) \ -linkoffline ../../../../../api $(DOCSDIR)/api/ \ -overview $(JGSS_SOURCEPATH)/com/sun/security/jgss/jgss-overview.html @@ -266,6 +271,7 @@ SMARTCARDIO_JAVADOCFLAGS = $(COMMON_JAVADOCFLAGS) \ -windowtitle $(SMARTCARDIO_WINDOWTITLE) \ -doctitle $(SMARTCARDIO_DOCTITLE) \ -header $(SMARTCARDIO_JAVADOCHEADER) \ + -bottom $(SECURITYAPI_JAVADOCBOTTOM) \ -linkoffline ../../../../../api $(DOCSDIR)/api/ SMARTCARDIO_WINDOWTITLE = "Java Smart Card I/O" From 95ef28ff0d979d4b1664e9ec8a6cc136ce5a1839 Mon Sep 17 00:00:00 2001 From: Xue-Lei Andrew Fan Date: Fri, 13 Mar 2009 12:59:25 +0800 Subject: [PATCH 12/16] 6798714: OCSPResponse class has to check the validity of signing certificate for OCSP response Checking validity and ocsp-nocheck extension. Reviewed-by: mullan, vinnie --- .../provider/certpath/OCSPResponse.java | 55 +++++++- .../security/x509/OCSPNoCheckExtension.java | 132 ++++++++++++++++++ .../classes/sun/security/x509/OIDMap.java | 4 + .../sun/security/x509/PKIXExtensions.java | 11 +- 4 files changed, 195 insertions(+), 7 deletions(-) create mode 100644 jdk/src/share/classes/sun/security/x509/OCSPNoCheckExtension.java diff --git a/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java b/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java index 20bac34f2cc..62cd4288ed0 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java @@ -1,5 +1,5 @@ /* - * Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2003-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,8 +28,6 @@ package sun.security.provider.certpath; import java.io.*; import java.math.BigInteger; import java.security.*; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; import java.security.cert.CertPathValidatorException; import java.security.cert.CRLReason; import java.security.cert.X509Certificate; @@ -335,7 +333,7 @@ class OCSPResponse { // Check whether the cert returned by the responder is trusted if (x509Certs != null && x509Certs[0] != null) { - X509Certificate cert = x509Certs[0]; + X509CertImpl cert = x509Certs[0]; // First check if the cert matches the responder cert which // was set locally. @@ -344,8 +342,8 @@ class OCSPResponse { // Next check if the cert was issued by the responder cert // which was set locally. - } else if (cert.getIssuerDN().equals( - responderCert.getSubjectDN())) { + } else if (cert.getIssuerX500Principal().equals( + responderCert.getSubjectX500Principal())) { // Check for the OCSPSigning key purpose List keyPurposes = cert.getExtendedKeyUsage(); @@ -360,6 +358,43 @@ class OCSPResponse { "OCSP responses"); } + // check the validity + try { + Date dateCheckedAgainst = params.getDate(); + if (dateCheckedAgainst == null) { + cert.checkValidity(); + } else { + cert.checkValidity(dateCheckedAgainst); + } + } catch (GeneralSecurityException e) { + if (DEBUG != null) { + DEBUG.println("Responder's certificate is not " + + "within the validity period."); + } + throw new CertPathValidatorException( + "Responder's certificate not within the " + + "validity period"); + } + + // check for revocation + // + // A CA may specify that an OCSP client can trust a + // responder for the lifetime of the responder's + // certificate. The CA does so by including the + // extension id-pkix-ocsp-nocheck. + // + Extension noCheck = + cert.getExtension(PKIXExtensions.OCSPNoCheck_Id); + if (noCheck != null) { + if (DEBUG != null) { + DEBUG.println("Responder's certificate includes " + + "the extension id-pkix-ocsp-nocheck."); + } + } else { + // we should do the revocating checking of the + // authorized responder in a future update. + } + // verify the signature try { cert.verify(responderCert.getPublicKey()); @@ -369,6 +404,14 @@ class OCSPResponse { } catch (GeneralSecurityException e) { responderCert = null; } + } else { + if (DEBUG != null) { + DEBUG.println("Responder's certificate is not " + + "authorized to sign OCSP responses."); + } + throw new CertPathValidatorException( + "Responder's certificate not authorized to sign " + + "OCSP responses"); } } diff --git a/jdk/src/share/classes/sun/security/x509/OCSPNoCheckExtension.java b/jdk/src/share/classes/sun/security/x509/OCSPNoCheckExtension.java new file mode 100644 index 00000000000..b721439d5c9 --- /dev/null +++ b/jdk/src/share/classes/sun/security/x509/OCSPNoCheckExtension.java @@ -0,0 +1,132 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Sun designates this + * particular file as subject to the "Classpath" exception as provided + * by Sun in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +package sun.security.x509; + +import java.io.IOException; +import java.io.OutputStream; +import java.util.Enumeration; + +import sun.security.util.*; + +/** + * Represent the OCSP NoCheck Extension from RFC2560. + *

+ * A CA may specify that an OCSP client can trust a responder for the + * lifetime of the responder's certificate. The CA does so by including + * the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical + * extension. The value of the extension should be NULL. CAs issuing + * such a certificate should realized that a compromise of the + * responder's key, is as serious as the compromise of a CA key used to + * sign CRLs, at least for the validity period of this certificate. CA's + * may choose to issue this type of certificate with a very short + * lifetime and renew it frequently. + * 

+ * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+ *
+ * + * @author Xuelei Fan + * @see Extension + * @see CertAttrSet + */ +public class OCSPNoCheckExtension extends Extension + implements CertAttrSet { + + /** + * Identifier for this attribute, to be used with the + * get, set, delete methods of Certificate, x509 type. + */ + public static final String IDENT = + "x509.info.extensions.OCSPNoCheck"; + /** + * Attribute names. + */ + public static final String NAME = "OCSPNoCheck"; + + /** + * Create a OCSPNoCheckExtension + */ + public OCSPNoCheckExtension() throws IOException { + this.extensionId = PKIXExtensions.OCSPNoCheck_Id; + this.critical = false; + this.extensionValue = new byte[0]; + } + + /** + * Create the extension from the passed DER encoded value. + * + * @param critical true if the extension is to be treated as critical. + * @param value an array of DER encoded bytes of the actual value. + * @exception IOException on error. + */ + public OCSPNoCheckExtension(Boolean critical, Object value) + throws IOException { + + this.extensionId = PKIXExtensions.OCSPNoCheck_Id; + this.critical = critical.booleanValue(); + + // the value should be null, just ignore it here. + this.extensionValue = new byte[0]; + } + + /** + * Set the attribute value. + */ + public void set(String name, Object obj) throws IOException { + throw new IOException("No attribute is allowed by " + + "CertAttrSet:OCSPNoCheckExtension."); + } + + /** + * Get the attribute value. + */ + public Object get(String name) throws IOException { + throw new IOException("No attribute is allowed by " + + "CertAttrSet:OCSPNoCheckExtension."); + } + + /** + * Delete the attribute value. + */ + public void delete(String name) throws IOException { + throw new IOException("No attribute is allowed by " + + "CertAttrSet:OCSPNoCheckExtension."); + } + + /** + * Return an enumeration of names of attributes existing within this + * attribute. + */ + public Enumeration getElements() { + return (new AttributeNameEnumeration()).elements(); + } + + /** + * Return the name of this attribute. + */ + public String getName() { + return NAME; + } +} diff --git a/jdk/src/share/classes/sun/security/x509/OIDMap.java b/jdk/src/share/classes/sun/security/x509/OIDMap.java index bb7cffef343..f52fab3eeef 100644 --- a/jdk/src/share/classes/sun/security/x509/OIDMap.java +++ b/jdk/src/share/classes/sun/security/x509/OIDMap.java @@ -100,6 +100,8 @@ public class OIDMap { DeltaCRLIndicatorExtension.NAME; private static final String FRESHEST_CRL = ROOT + "." + FreshestCRLExtension.NAME; + private static final String OCSPNOCHECK = ROOT + "." + + OCSPNoCheckExtension.NAME; private static final int NetscapeCertType_data[] = { 2, 16, 840, 1, 113730, 1, 1 }; @@ -161,6 +163,8 @@ public class OIDMap { "sun.security.x509.DeltaCRLIndicatorExtension"); addInternal(FRESHEST_CRL, PKIXExtensions.FreshestCRL_Id, "sun.security.x509.FreshestCRLExtension"); + addInternal(OCSPNOCHECK, PKIXExtensions.OCSPNoCheck_Id, + "sun.security.x509.OCSPNoCheckExtension"); } /** diff --git a/jdk/src/share/classes/sun/security/x509/PKIXExtensions.java b/jdk/src/share/classes/sun/security/x509/PKIXExtensions.java index 78177944c08..f140c548551 100644 --- a/jdk/src/share/classes/sun/security/x509/PKIXExtensions.java +++ b/jdk/src/share/classes/sun/security/x509/PKIXExtensions.java @@ -1,5 +1,5 @@ /* - * Copyright 1997-2005 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -74,6 +74,8 @@ public class PKIXExtensions { private static final int AuthInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 1}; private static final int SubjectInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 11}; private static final int FreshestCRL_data [] = { 2, 5, 29, 46 }; + private static final int OCSPNoCheck_data [] = { 1, 3, 6, 1, 5, 5, 7, + 48, 1, 5}; /** * Identifies the particular public key used to sign the certificate. @@ -216,6 +218,12 @@ public class PKIXExtensions { */ public static final ObjectIdentifier FreshestCRL_Id; + /** + * Identifies the OCSP client can trust the responder for the + * lifetime of the responder's certificate. + */ + public static final ObjectIdentifier OCSPNoCheck_Id; + static { AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data); SubjectKey_Id = ObjectIdentifier.newInternal(SubjectKey_data); @@ -257,5 +265,6 @@ public class PKIXExtensions { SubjectInfoAccess_Id = ObjectIdentifier.newInternal(SubjectInfoAccess_data); FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data); + OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data); } } From 6a44e920f6bf1f66d7ecff817763f35052d7e1ea Mon Sep 17 00:00:00 2001 From: Xue-Lei Andrew Fan Date: Tue, 17 Mar 2009 11:54:13 +0800 Subject: [PATCH 13/16] 6383095: CRL revoked certificate failures masked by OCSP failures Remove the mask if certificate revoked Reviewed-by: mullan --- .../certpath/PKIXMasterCertPathValidator.java | 14 +- .../CertPathValidator/OCSP/FailoverToCRL.java | 265 ++++++++++++++++++ 2 files changed, 274 insertions(+), 5 deletions(-) create mode 100644 jdk/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java diff --git a/jdk/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java b/jdk/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java index d5f12168dda..7c3bfc37843 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/PKIXMasterCertPathValidator.java @@ -1,5 +1,5 @@ /* - * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -143,11 +143,15 @@ class PKIXMasterCertPathValidator { } } catch (CertPathValidatorException cpve) { - // Throw the saved OCSP exception - // (when the CRL check has also failed) + // Throw the saved OCSP exception unless the CRL + // checker has determined that the cert is revoked if (ocspCause != null && - currChecker instanceof CrlRevocationChecker) { - throw ocspCause; + currChecker instanceof CrlRevocationChecker) { + if (cpve.getReason() == BasicReason.REVOKED) { + throw cpve; + } else { + throw ocspCause; + } } /* * Handle failover from OCSP to CRLs diff --git a/jdk/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java b/jdk/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java new file mode 100644 index 00000000000..56367cd2ae3 --- /dev/null +++ b/jdk/test/java/security/cert/CertPathValidator/OCSP/FailoverToCRL.java @@ -0,0 +1,265 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/** + * @test + * @bug 6383095 + * @summary CRL revoked certificate failures masked by OCSP failures + * + * Note that the certificate validity is from Mar 16 14:55:35 2009 GMT to + * Dec 1 14:55:35 2028 GMT, please update it with newer certificate if + * expires. + * + * @author Xuelei Fan + */ + +/* + * Certificates used in the test. + * + * end entity certificate: + * Data: + * Version: 3 (0x2) + * Serial Number: 25 (0x19) + * Signature Algorithm: md5WithRSAEncryption + * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org + * Validity + * Not Before: Mar 16 14:55:35 2009 GMT + * Not After : Dec 1 14:55:35 2028 GMT + * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org, OU=SSL-Client, + * CN=localhost + * Subject Public Key Info: + * Public Key Algorithm: rsaEncryption + * RSA Public Key: (1024 bit) + * Modulus (1024 bit): + * 00:bb:f0:40:36:ac:26:54:4e:f4:a3:5a:00:2f:69: + * 21:6f:b9:7a:3a:93:ec:a2:f6:e1:8e:c7:63:d8:2f: + * 12:30:99:2e:b0:f2:8f:f8:27:2d:24:78:28:84:f7: + * 01:bf:8d:44:79:dd:3b:d2:55:f3:ce:3c:b2:5b:21: + * 7d:ef:fd:33:4a:b1:a3:ff:c6:c8:9b:b9:0f:7c:41: + * 35:97:f9:db:3a:05:60:05:15:af:59:17:92:a3:10: + * ad:16:1c:e4:07:53:af:a8:76:a2:56:2a:92:d3:f9: + * 28:e0:78:cf:5e:1f:48:ab:5c:19:dd:e1:67:43:ba: + * 75:8d:f5:82:ac:43:92:44:1b + * Exponent: 65537 (0x10001) + * X509v3 extensions: + * X509v3 Basic Constraints: + * CA:FALSE + * X509v3 Key Usage: + * Digital Signature, Non Repudiation, Key Encipherment + * X509v3 Subject Key Identifier: + * CD:BB:C8:85:AA:91:BD:FD:1D:BE:CD:67:7C:FF:B3:E9:4C:A8:22:E6 + * X509v3 Authority Key Identifier: + * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 + * Signature Algorithm: md5WithRSAEncryption + * + * + * trusted certificate authority: + * Data: + * Version: 3 (0x2) + * Serial Number: 0 (0x0) + * Signature Algorithm: md5WithRSAEncryption + * Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org + * Validity + * Not Before: Dec 8 02:43:36 2008 GMT + * Not After : Aug 25 02:43:36 2028 GMT + * Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org + * Subject Public Key Info: + * Public Key Algorithm: rsaEncryption + * RSA Public Key: (1024 bit) + * Modulus (1024 bit): + * 00:cb:c4:38:20:07:be:88:a7:93:b0:a1:43:51:2d: + * d7:8e:85:af:54:dd:ad:a2:7b:23:5b:cf:99:13:53: + * 99:45:7d:ee:6d:ba:2d:bf:e3:ad:6e:3d:9f:1a:f9: + * 03:97:e0:17:55:ae:11:26:57:de:01:29:8e:05:3f: + * 21:f7:e7:36:e8:2e:37:d7:48:ac:53:d6:60:0e:c7: + * 50:6d:f6:c5:85:f7:8b:a6:c5:91:35:72:3c:94:ee: + * f1:17:f0:71:e3:ec:1b:ce:ca:4e:40:42:b0:6d:ee: + * 6a:0e:d6:e5:ad:3c:0f:c9:ba:82:4f:78:f8:89:97: + * 89:2a:95:12:4c:d8:09:2a:e9 + * Exponent: 65537 (0x10001) + * X509v3 extensions: + * X509v3 Subject Key Identifier: + * FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 + * X509v3 Authority Key Identifier: + * keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14 + * DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org + * X509v3 Basic Constraints: + * CA:TRUE + * Signature Algorithm: md5WithRSAEncryption + * + * CRL: + * Certificate Revocation List (CRL): + * Version 2 (0x1) + * Signature Algorithm: md5WithRSAEncryption + * Issuer: /C=US/ST=Some-State/L=Some-City/O=Some-Org + * Last Update: Mar 16 16:27:14 2009 GMT + * Next Update: May 15 16:27:14 2028 GMT + * CRL extensions: + * X509v3 CRL Number: + * 2 + * Revoked Certificates: + * Serial Number: 19 + * Revocation Date: Mar 16 16:22:08 2009 GMT + * CRL entry extensions: + * X509v3 CRL Reason Code: + * Superseded + * Signature Algorithm: md5WithRSAEncryption + */ + +import java.io.*; +import java.net.SocketException; +import java.util.*; +import java.security.Security; +import java.security.cert.*; +import java.security.InvalidAlgorithmParameterException; +import java.security.cert.CertPathValidatorException.BasicReason; + +public class FailoverToCRL { + + static String trusedCertStr = + "-----BEGIN CERTIFICATE-----\n" + + "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + + "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + + "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" + + "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + + "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" + + "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" + + "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" + + "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" + + "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" + + "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" + + "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" + + "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" + + "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" + + "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" + + "6Mvf0r1PNTY2hwTJLJmKtg==\n" + + "-----END CERTIFICATE-----"; + + static String targetCertStr = + "-----BEGIN CERTIFICATE-----\n" + + "MIICizCCAfSgAwIBAgIBGTANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" + + "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" + + "EwhTb21lLU9yZzAeFw0wOTAzMTYxNDU1MzVaFw0yODEyMDExNDU1MzVaMHIxCzAJ\n" + + "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" + + "dHkxETAPBgNVBAoTCFNvbWUtT3JnMRMwEQYDVQQLEwpTU0wtQ2xpZW50MRIwEAYD\n" + + "VQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvwQDas\n" + + "JlRO9KNaAC9pIW+5ejqT7KL24Y7HY9gvEjCZLrDyj/gnLSR4KIT3Ab+NRHndO9JV\n" + + "8848slshfe/9M0qxo//GyJu5D3xBNZf52zoFYAUVr1kXkqMQrRYc5AdTr6h2olYq\n" + + "ktP5KOB4z14fSKtcGd3hZ0O6dY31gqxDkkQbAgMBAAGjWjBYMAkGA1UdEwQCMAAw\n" + + "CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTNu8iFqpG9/R2+zWd8/7PpTKgi5jAfBgNV\n" + + "HSMEGDAWgBT6uVG/TOfZhpgz+efLHvEzSfeoFDANBgkqhkiG9w0BAQQFAAOBgQBv\n" + + "p7JjCDOrMBNun46xs4Gz7Y4ygM5VHaFP0oO7369twvRSu0pCuIdZd5OIMPFeRqQw\n" + + "PA68ZdhYVR0pG5W7isV+jB+Dfge/IOgOA85sZ/6FlP3PBRW+YMQKKdRr5So3ook9\n" + + "PimQ7rbxRAofPECv20IUKFBbOUkU+gFcn+WbTKYxBw==\n" + + "-----END CERTIFICATE-----"; + + static String crlStr = + "-----BEGIN X509 CRL-----\n" + + "MIIBRTCBrwIBATANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzETMBEGA1UE\n" + + "CBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQKEwhTb21l\n" + + "LU9yZxcNMDkwMzE2MTYyNzE0WhcNMjgwNTE1MTYyNzE0WjAiMCACARkXDTA5MDMx\n" + + "NjE2MjIwOFowDDAKBgNVHRUEAwoBBKAOMAwwCgYDVR0UBAMCAQIwDQYJKoZIhvcN\n" + + "AQEEBQADgYEAMixJI9vBwYpOGosn46+T/MTEtlm2S5pIVT/xPDrHkCPfw8l4Zrgp\n" + + "dGPuUkglWdrGdxY9MNRUj2YFNfdZi6zZ7JF6XbkDHYOAKYgPDJRjS/0VcBntn5RJ\n" + + "sQfZsBqc9fFSP8gknRRn3LT41kr9xNRxTT1t3YYjv7J3zkMYyInqeUA=\n" + + "-----END X509 CRL-----"; + + + private static CertPath generateCertificatePath() + throws CertificateException { + // generate certificate from cert strings + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + ByteArrayInputStream is = + new ByteArrayInputStream(targetCertStr.getBytes()); + Certificate targetCert = cf.generateCertificate(is); + + // generate certification path + List list = Arrays.asList(new Certificate[] {targetCert}); + + return cf.generateCertPath(list); + } + + private static Set generateTrustAnchors() + throws CertificateException { + // generate certificate from cert string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + ByteArrayInputStream is = + new ByteArrayInputStream(trusedCertStr.getBytes()); + Certificate trusedCert = cf.generateCertificate(is); + + // generate a trust anchor + TrustAnchor anchor = new TrustAnchor((X509Certificate)trusedCert, null); + + return Collections.singleton(anchor); + } + + private static CertStore generateCertificateStore() throws Exception { + // generate CRL from CRL string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + ByteArrayInputStream is = + new ByteArrayInputStream(crlStr.getBytes()); + + // generate a cert store + Collection crls = cf.generateCRLs(is); + return CertStore.getInstance("Collection", + new CollectionCertStoreParameters(crls)); + } + + public static void main(String args[]) throws Exception { + CertPath path = generateCertificatePath(); + Set anchors = generateTrustAnchors(); + CertStore crls = generateCertificateStore(); + + PKIXParameters params = new PKIXParameters(anchors); + + // add the CRL store + params.addCertStore(crls); + + // Activate certificate revocation checking + params.setRevocationEnabled(true); + + // Activate OCSP + Security.setProperty("ocsp.enable", "true"); + System.setProperty("com.sun.security.enableCRLDP", "true"); + + // Ensure that the ocsp.responderURL property is not set. + if (Security.getProperty("ocsp.responderURL") != null) { + throw new + Exception("The ocsp.responderURL property must not be set"); + } + + CertPathValidator validator = CertPathValidator.getInstance("PKIX"); + + try { + validator.validate(path, params); + } catch (CertPathValidatorException cpve) { + if (cpve.getReason() != BasicReason.REVOKED) { + throw new Exception( + "unexpect exception, should be a REVOKED CPVE", cpve); + } + } + } +} From a787d51eea2fc9dfa9272e4ca90d018c2833a80f Mon Sep 17 00:00:00 2001 From: Tim Bell Date: Tue, 17 Mar 2009 13:20:56 -0700 Subject: [PATCH 14/16] 6814587: Legal notice repair needed in jdk/src/share/classes/java/nio 6814590: Legal notice repair needed in jdk/test/java/awt/Frame/FrameSize/TestFrameSize.java 6814591: Legal notice repair needed in jdk/test/javax/script/Test3.java Reviewed-by: alanb, xdono --- .../share/classes/java/nio/file/SecureDirectoryStream.java | 2 +- .../classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java | 2 +- .../sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java | 2 +- jdk/test/java/awt/Frame/FrameSize/TestFrameSize.java | 4 ++++ jdk/test/javax/script/Test3.java | 1 - 5 files changed, 7 insertions(+), 4 deletions(-) diff --git a/jdk/src/share/classes/java/nio/file/SecureDirectoryStream.java b/jdk/src/share/classes/java/nio/file/SecureDirectoryStream.java index 11df095ceb3..b2555c14185 100644 --- a/jdk/src/share/classes/java/nio/file/SecureDirectoryStream.java +++ b/jdk/src/share/classes/java/nio/file/SecureDirectoryStream.java @@ -5,7 +5,7 @@ * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Sun designates this - * particular file as subject to the "Classname" exception as provided + * particular file as subject to the "Classpath" exception as provided * by Sun in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT diff --git a/jdk/src/solaris/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java b/jdk/src/solaris/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java index 702b28cbbeb..78ed152d3a1 100644 --- a/jdk/src/solaris/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java +++ b/jdk/src/solaris/classes/sun/nio/ch/UnixAsynchronousSocketChannelImpl.java @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA conne02110-1301 USA. + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, * CA 95054 USA or visit www.sun.com if you need additional information or diff --git a/jdk/src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java b/jdk/src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java index fe9920c15cc..d1f8c9307d5 100644 --- a/jdk/src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java +++ b/jdk/src/windows/classes/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.java @@ -16,7 +16,7 @@ * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA conne02110-1301 USA. + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, * CA 95054 USA or visit www.sun.com if you need additional information or diff --git a/jdk/test/java/awt/Frame/FrameSize/TestFrameSize.java b/jdk/test/java/awt/Frame/FrameSize/TestFrameSize.java index f8a98ea3216..b220ec5cc01 100644 --- a/jdk/test/java/awt/Frame/FrameSize/TestFrameSize.java +++ b/jdk/test/java/awt/Frame/FrameSize/TestFrameSize.java @@ -15,6 +15,10 @@ * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. */ /* diff --git a/jdk/test/javax/script/Test3.java b/jdk/test/javax/script/Test3.java index 8aa876ba24a..66fa23af07a 100644 --- a/jdk/test/javax/script/Test3.java +++ b/jdk/test/javax/script/Test3.java @@ -4,7 +4,6 @@ * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT From e85a4d85368f38ede58ac8bf35f46959221c47dd Mon Sep 17 00:00:00 2001 From: Mandy Chung Date: Wed, 18 Mar 2009 17:37:39 -0700 Subject: [PATCH 15/16] 6817246: Redundant call to set InetAddressCachePolicy to FOREVER if not set during initialization Remove InetAddressCachePolicy.setIfNotSet call from System.setSecurityManager0 Reviewed-by: alanb, jccollet --- jdk/src/share/classes/java/lang/System.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/jdk/src/share/classes/java/lang/System.java b/jdk/src/share/classes/java/lang/System.java index eb62b4087e9..68958dd0898 100644 --- a/jdk/src/share/classes/java/lang/System.java +++ b/jdk/src/share/classes/java/lang/System.java @@ -34,7 +34,6 @@ import java.security.AllPermission; import java.nio.channels.Channel; import java.nio.channels.spi.SelectorProvider; import sun.nio.ch.Interruptible; -import sun.net.InetAddressCachePolicy; import sun.reflect.Reflection; import sun.security.util.SecurityConstants; import sun.reflect.annotation.AnnotationType; @@ -310,7 +309,6 @@ public final class System { } security = s; - InetAddressCachePolicy.setIfNotSet(InetAddressCachePolicy.FOREVER); } /** From 827d42556046082a905e321e4ff2eadca747615f Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Thu, 19 Mar 2009 11:17:06 +0800 Subject: [PATCH 16/16] 6819272: keytool -importcert should read the whole input Reviewed-by: xuelei --- .../classes/sun/security/tools/KeyTool.java | 12 ++++ .../security/tools/keytool/importreadall.sh | 62 +++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 jdk/test/sun/security/tools/keytool/importreadall.sh diff --git a/jdk/src/share/classes/sun/security/tools/KeyTool.java b/jdk/src/share/classes/sun/security/tools/KeyTool.java index ca2d6a384ab..a3aa50f435d 100644 --- a/jdk/src/share/classes/sun/security/tools/KeyTool.java +++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java @@ -875,6 +875,18 @@ public final class KeyTool { if (filename != null) { inStream = new FileInputStream(filename); } + // Read the full stream before feeding to X509Factory, + // otherwise, keytool -gencert | keytool -importcert + // might not work properly, since -gencert is slow + // and there's no data in the pipe at the beginning. + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + byte[] b = new byte[4096]; + while (true) { + int len = inStream.read(b); + if (len < 0) break; + bout.write(b, 0, len); + } + inStream = new ByteArrayInputStream(bout.toByteArray()); try { String importAlias = (alias!=null)?alias:keyAlias; if (keyStore.entryInstanceOf(importAlias, KeyStore.PrivateKeyEntry.class)) { diff --git a/jdk/test/sun/security/tools/keytool/importreadall.sh b/jdk/test/sun/security/tools/keytool/importreadall.sh new file mode 100644 index 00000000000..6c0c65dedc7 --- /dev/null +++ b/jdk/test/sun/security/tools/keytool/importreadall.sh @@ -0,0 +1,62 @@ +# +# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, +# CA 95054 USA or visit www.sun.com if you need additional information or +# have any questions. +# + +# @test +# @bug 6819272 +# @summary keytool -importcert should read the whole input +# +# @run shell importreadall.sh + +# set a few environment variables so that the shell-script can run stand-alone +# in the source directory +if [ "${TESTSRC}" = "" ] ; then + TESTSRC="." +fi + +if [ "${TESTJAVA}" = "" ] ; then + JAVA_CMD=`which java` + TESTJAVA=`dirname $JAVA_CMD`/.. +fi + +# set platform-dependent variables +OS=`uname -s` +case "$OS" in + Windows_* ) + FS="\\" + ;; + * ) + FS="/" + ;; +esac + +KEYTOOL="${TESTJAVA}${FS}bin${FS}keytool -keystore importreadall.jks -storepass changeit -keypass changeit" + +# In case the test is run twice in the same directory + +$KEYTOOL -delete -alias a +$KEYTOOL -delete -alias ca +$KEYTOOL -genkeypair -alias a -dname CN=a || exit 1 +$KEYTOOL -genkeypair -alias ca -dname CN=ca || exit 2 +$KEYTOOL -certreq -alias a | $KEYTOOL -gencert -alias ca | $KEYTOOL -importcert -alias a + +exit $?