From 94bafe8b8f1d219c38840dd076b6c7f96f5f6dda Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Tue, 18 Aug 2009 12:10:12 +0800 Subject: [PATCH 01/16] 6864911: ASN.1/DER input stream parser needs more work Reviewed-by: mullan, xuelei --- .../classes/com/sun/jndi/ldap/Connection.java | 28 ++--- .../classes/sun/applet/AppletClassLoader.java | 34 +---- .../sun/dyn/anon/AnonymousClassLoader.java | 11 +- jdk/src/share/classes/sun/misc/IOUtils.java | 80 ++++++++++++ jdk/src/share/classes/sun/misc/Resource.java | 71 +++++------ .../classes/sun/reflect/misc/MethodUtil.java | 32 +---- .../provider/certpath/OCSPChecker.java | 22 +--- .../security/timestamp/HttpTimestamper.java | 21 +--- .../classes/sun/security/util/DerValue.java | 7 +- .../sun/security/util/DerValue/BadValue.java | 119 ++++++++++++++++++ 10 files changed, 251 insertions(+), 174 deletions(-) create mode 100644 jdk/src/share/classes/sun/misc/IOUtils.java create mode 100644 jdk/test/sun/security/util/DerValue/BadValue.java diff --git a/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java b/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java index 2807e19d36f..364f000c839 100644 --- a/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java +++ b/jdk/src/share/classes/com/sun/jndi/ldap/Connection.java @@ -1,5 +1,5 @@ /* - * Copyright 1999-2005 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1999-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,12 +32,8 @@ import java.io.IOException; import java.io.OutputStream; import java.io.InputStream; import java.net.Socket; -import java.util.Vector; -import java.util.Hashtable; import javax.naming.CommunicationException; -import javax.naming.AuthenticationException; -import javax.naming.AuthenticationNotSupportedException; import javax.naming.ServiceUnavailableException; import javax.naming.NamingException; import javax.naming.InterruptedNamingException; @@ -47,6 +43,8 @@ import javax.naming.ldap.Control; import java.lang.reflect.Method; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; +import java.util.Arrays; +import sun.misc.IOUtils; //import javax.net.SocketFactory; /** @@ -799,7 +797,6 @@ public final class Connection implements Runnable { byte inbuf[]; // Buffer for reading incoming bytes int inMsgId; // Message id of incoming response int bytesread; // Number of bytes in inbuf - int bytesleft; // Number of bytes that need to read for completing resp int br; // Temp; number of bytes read from stream int offset; // Offset of where to store bytes in inbuf int seqlen; // Length of ASN sequence @@ -811,7 +808,7 @@ public final class Connection implements Runnable { try { while (true) { try { - inbuf = new byte[2048]; + inbuf = new byte[10]; offset = 0; seqlen = 0; @@ -871,19 +868,10 @@ public final class Connection implements Runnable { } // read in seqlen bytes - bytesleft = seqlen; - if ((offset + bytesleft) > inbuf.length) { - byte nbuf[] = new byte[offset + bytesleft]; - System.arraycopy(inbuf, 0, nbuf, 0, offset); - inbuf = nbuf; - } - while (bytesleft > 0) { - bytesread = in.read(inbuf, offset, bytesleft); - if (bytesread < 0) - break; // EOF - offset += bytesread; - bytesleft -= bytesread; - } + byte[] left = IOUtils.readFully(in, seqlen, false); + inbuf = Arrays.copyOf(inbuf, offset + left.length); + System.arraycopy(left, 0, inbuf, offset, left.length); + offset += left.length; /* if (dump > 0) { System.err.println("seqlen: " + seqlen); diff --git a/jdk/src/share/classes/sun/applet/AppletClassLoader.java b/jdk/src/share/classes/sun/applet/AppletClassLoader.java index 3489256ae4a..0eeba1582dd 100644 --- a/jdk/src/share/classes/sun/applet/AppletClassLoader.java +++ b/jdk/src/share/classes/sun/applet/AppletClassLoader.java @@ -1,5 +1,5 @@ /* - * Copyright 1995-2005 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1995-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -51,6 +51,7 @@ import java.security.Permission; import java.security.PermissionCollection; import sun.awt.AppContext; import sun.awt.SunToolkit; +import sun.misc.IOUtils; import sun.net.www.ParseUtil; import sun.security.util.SecurityConstants; @@ -331,36 +332,7 @@ public class AppletClassLoader extends URLClassLoader { byte[] b; try { - if (len != -1) { - // Read exactly len bytes from the input stream - b = new byte[len]; - while (len > 0) { - int n = in.read(b, b.length - len, len); - if (n == -1) { - throw new IOException("unexpected EOF"); - } - len -= n; - } - } else { - // Read until end of stream is reached - use 8K buffer - // to speed up performance [stanleyh] - b = new byte[8192]; - int total = 0; - while ((len = in.read(b, total, b.length - total)) != -1) { - total += len; - if (total >= b.length) { - byte[] tmp = new byte[total * 2]; - System.arraycopy(b, 0, tmp, 0, total); - b = tmp; - } - } - // Trim array to correct size, if necessary - if (total != b.length) { - byte[] tmp = new byte[total]; - System.arraycopy(b, 0, tmp, 0, total); - b = tmp; - } - } + b = IOUtils.readFully(in, len, true); } finally { in.close(); } diff --git a/jdk/src/share/classes/sun/dyn/anon/AnonymousClassLoader.java b/jdk/src/share/classes/sun/dyn/anon/AnonymousClassLoader.java index a182161271b..5515d93c423 100644 --- a/jdk/src/share/classes/sun/dyn/anon/AnonymousClassLoader.java +++ b/jdk/src/share/classes/sun/dyn/anon/AnonymousClassLoader.java @@ -26,9 +26,9 @@ package sun.dyn.anon; import java.io.IOException; -import java.io.InputStream; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; +import sun.misc.IOUtils; /** * Anonymous class loader. Will load any valid classfile, producing @@ -285,13 +285,6 @@ public class AnonymousClassLoader { if (contentLength < 0) throw new IOException("invalid content length "+contentLength); - byte[] classFile = new byte[contentLength]; - InputStream tcs = connection.getInputStream(); - for (int fill = 0, nr; fill < classFile.length; fill += nr) { - nr = tcs.read(classFile, fill, classFile.length - fill); - if (nr < 0) - throw new IOException("premature end of file"); - } - return classFile; + return IOUtils.readFully(connection.getInputStream(), contentLength, true); } } diff --git a/jdk/src/share/classes/sun/misc/IOUtils.java b/jdk/src/share/classes/sun/misc/IOUtils.java new file mode 100644 index 00000000000..c6f4fb2a13b --- /dev/null +++ b/jdk/src/share/classes/sun/misc/IOUtils.java @@ -0,0 +1,80 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Sun designates this + * particular file as subject to the "Classpath" exception as provided + * by Sun in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/** + * IOUtils: A collection of IO-related public static methods. + */ + +package sun.misc; + +import java.io.EOFException; +import java.io.IOException; +import java.io.InputStream; +import java.util.Arrays; + +public class IOUtils { + + /** + * Read up to length of bytes from in + * until EOF is detected. + * @param in input stream, must not be null + * @param length number of bytes to read, -1 or Integer.MAX_VALUE means + * read as much as possible + * @param readAll if true, an EOFException will be thrown if not enough + * bytes are read. Ignored when length is -1 or Integer.MAX_VALUE + * @return bytes read + * @throws IOException Any IO error or a premature EOF is detected + */ + public static byte[] readFully(InputStream is, int length, boolean readAll) + throws IOException { + byte[] output = {}; + if (length == -1) length = Integer.MAX_VALUE; + int pos = 0; + while (pos < length) { + int bytesToRead; + if (pos >= output.length) { // Only expand when there's no room + bytesToRead = Math.min(length - pos, output.length + 1024); + if (output.length < pos + bytesToRead) { + output = Arrays.copyOf(output, pos + bytesToRead); + } + } else { + bytesToRead = output.length - pos; + } + int cc = is.read(output, pos, bytesToRead); + if (cc < 0) { + if (readAll && length != Integer.MAX_VALUE) { + throw new EOFException("Detect premature EOF"); + } else { + if (output.length != pos) { + output = Arrays.copyOf(output, pos); + } + break; + } + } + pos += cc; + } + return output; + } +} diff --git a/jdk/src/share/classes/sun/misc/Resource.java b/jdk/src/share/classes/sun/misc/Resource.java index 0c3579bc334..43a82b03a70 100644 --- a/jdk/src/share/classes/sun/misc/Resource.java +++ b/jdk/src/share/classes/sun/misc/Resource.java @@ -1,5 +1,5 @@ /* - * Copyright 1998-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1998-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,14 +25,15 @@ package sun.misc; +import java.io.EOFException; import java.net.URL; import java.io.IOException; import java.io.InterruptedIOException; import java.io.InputStream; import java.security.CodeSigner; import java.util.jar.Manifest; -import java.util.jar.Attributes; import java.nio.ByteBuffer; +import java.util.Arrays; import sun.nio.ByteBuffered; /** @@ -105,49 +106,37 @@ public abstract class Resource { } try { - if (len != -1) { - // Read exactly len bytes from the input stream - b = new byte[len]; - while (len > 0) { - int n = 0; - try { - n = in.read(b, b.length - len, len); - } catch (InterruptedIOException iioe) { - Thread.interrupted(); - isInterrupted = true; + b = new byte[0]; + if (len == -1) len = Integer.MAX_VALUE; + int pos = 0; + while (pos < len) { + int bytesToRead; + if (pos >= b.length) { // Only expand when there's no room + bytesToRead = Math.min(len - pos, b.length + 1024); + if (b.length < pos + bytesToRead) { + b = Arrays.copyOf(b, pos + bytesToRead); } - if (n == -1) { - throw new IOException("unexpected EOF"); - } - len -= n; + } else { + bytesToRead = b.length - pos; } - } else { - // Read until end of stream is reached - b = new byte[1024]; - int total = 0; - for (;;) { - len = 0; - try { - len = in.read(b, total, b.length - total); - if (len == -1) - break; - } catch (InterruptedIOException iioe) { - Thread.interrupted(); - isInterrupted = true; - } - total += len; - if (total >= b.length) { - byte[] tmp = new byte[total * 2]; - System.arraycopy(b, 0, tmp, 0, total); - b = tmp; + int cc = 0; + try { + cc = in.read(b, pos, bytesToRead); + } catch (InterruptedIOException iioe) { + Thread.interrupted(); + isInterrupted = true; + } + if (cc < 0) { + if (len != Integer.MAX_VALUE) { + throw new EOFException("Detect premature EOF"); + } else { + if (b.length != pos) { + b = Arrays.copyOf(b, pos); + } + break; } } - // Trim array to correct size, if necessary - if (total != b.length) { - byte[] tmp = new byte[total]; - System.arraycopy(b, 0, tmp, 0, total); - b = tmp; - } + pos += cc; } } finally { try { diff --git a/jdk/src/share/classes/sun/reflect/misc/MethodUtil.java b/jdk/src/share/classes/sun/reflect/misc/MethodUtil.java index 09b14f521d1..39fa2d8afe9 100644 --- a/jdk/src/share/classes/sun/reflect/misc/MethodUtil.java +++ b/jdk/src/share/classes/sun/reflect/misc/MethodUtil.java @@ -1,5 +1,5 @@ /* - * Copyright 2005-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -44,6 +44,7 @@ import java.lang.reflect.Modifier; import java.util.Collection; import java.util.HashMap; import java.util.Map; +import sun.misc.IOUtils; import sun.net.www.ParseUtil; import sun.security.util.SecurityConstants; @@ -373,34 +374,7 @@ public final class MethodUtil extends SecureClassLoader { byte[] b; try { - if (len != -1) { - // Read exactly len bytes from the input stream - b = new byte[len]; - while (len > 0) { - int n = in.read(b, b.length - len, len); - if (n == -1) { - throw new IOException("unexpected EOF"); - } - len -= n; - } - } else { - b = new byte[8192]; - int total = 0; - while ((len = in.read(b, total, b.length - total)) != -1) { - total += len; - if (total >= b.length) { - byte[] tmp = new byte[total * 2]; - System.arraycopy(b, 0, tmp, 0, total); - b = tmp; - } - } - // Trim array to correct size, if necessary - if (total != b.length) { - byte[] tmp = new byte[total]; - System.arraycopy(b, 0, tmp, 0, total); - b = tmp; - } - } + b = IOUtils.readFully(in, len, true); } finally { in.close(); } diff --git a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java index 04e0649d8ff..b9d246c20b0 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java @@ -37,6 +37,7 @@ import java.security.cert.CertPathValidatorException.BasicReason; import java.net.*; import javax.security.auth.x500.X500Principal; +import sun.misc.IOUtils; import sun.security.util.*; import sun.security.x509.*; @@ -351,27 +352,8 @@ class OCSPChecker extends PKIXCertPathChecker { } in = con.getInputStream(); - byte[] response = null; - int total = 0; int contentLength = con.getContentLength(); - if (contentLength != -1) { - response = new byte[contentLength]; - } else { - response = new byte[2048]; - contentLength = Integer.MAX_VALUE; - } - - while (total < contentLength) { - int count = in.read(response, total, response.length - total); - if (count < 0) - break; - - total += count; - if (total >= response.length && total < contentLength) { - response = Arrays.copyOf(response, total * 2); - } - } - response = Arrays.copyOf(response, total); + byte[] response = IOUtils.readFully(in, contentLength, false); OCSPResponse ocspResponse = new OCSPResponse(response, pkixParams, responderCert); diff --git a/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java b/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java index bb735141159..04c0b67ee82 100644 --- a/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java +++ b/jdk/src/share/classes/sun/security/timestamp/HttpTimestamper.java @@ -34,6 +34,7 @@ import java.util.Iterator; import java.util.Set; import java.util.Arrays; +import sun.misc.IOUtils; import sun.security.pkcs.*; /** @@ -142,25 +143,7 @@ public class HttpTimestamper implements Timestamper { int total = 0; int contentLength = connection.getContentLength(); - if (contentLength != -1) { - replyBuffer = new byte[contentLength]; - } else { - replyBuffer = new byte[2048]; - contentLength = Integer.MAX_VALUE; - } - - while (total < contentLength) { - int count = input.read(replyBuffer, total, - replyBuffer.length - total); - if (count < 0) - break; - - total += count; - if (total >= replyBuffer.length && total < contentLength) { - replyBuffer = Arrays.copyOf(replyBuffer, total * 2); - } - } - replyBuffer = Arrays.copyOf(replyBuffer, total); + replyBuffer = IOUtils.readFully(input, contentLength, false); if (DEBUG) { System.out.println("received timestamp response (length=" + diff --git a/jdk/src/share/classes/sun/security/util/DerValue.java b/jdk/src/share/classes/sun/security/util/DerValue.java index 114788beb26..c0f920d5e33 100644 --- a/jdk/src/share/classes/sun/security/util/DerValue.java +++ b/jdk/src/share/classes/sun/security/util/DerValue.java @@ -28,6 +28,7 @@ package sun.security.util; import java.io.*; import java.math.BigInteger; import java.util.Date; +import sun.misc.IOUtils; /** * Represents a single DER-encoded value. DER encoding rules are a subset @@ -382,12 +383,8 @@ public class DerValue { if (fullyBuffered && in.available() != length) throw new IOException("extra data given to DerValue constructor"); - byte[] bytes = new byte[length]; + byte[] bytes = IOUtils.readFully(in, length, true); - // n.b. readFully not needed in normal fullyBuffered case - DataInputStream dis = new DataInputStream(in); - - dis.readFully(bytes); buffer = new DerInputBuffer(bytes); return new DerInputStream(buffer); } diff --git a/jdk/test/sun/security/util/DerValue/BadValue.java b/jdk/test/sun/security/util/DerValue/BadValue.java new file mode 100644 index 00000000000..cbe2c6ab45f --- /dev/null +++ b/jdk/test/sun/security/util/DerValue/BadValue.java @@ -0,0 +1,119 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6864911 + * @summary ASN.1/DER input stream parser needs more work + */ + +import java.io.*; +import sun.security.util.*; +import sun.misc.IOUtils; + +public class BadValue { + + public static void main(String[] args) throws Exception { + + // Test IOUtils.readFully + + // We have 4 bytes + InputStream in = new ByteArrayInputStream(new byte[10]); + byte[] bs = IOUtils.readFully(in, 4, true); + if (bs.length != 4 || in.available() != 6) { + throw new Exception("First read error"); + } + // But only 6 left + bs = IOUtils.readFully(in, 10, false); + if (bs.length != 6 || in.available() != 0) { + throw new Exception("Second read error"); + } + // MAX read as much as it can + in = new ByteArrayInputStream(new byte[10]); + bs = IOUtils.readFully(in, Integer.MAX_VALUE, true); + if (bs.length != 10 || in.available() != 0) { + throw new Exception("Second read error"); + } + // MAX ignore readAll + in = new ByteArrayInputStream(new byte[10]); + bs = IOUtils.readFully(in, Integer.MAX_VALUE, false); + if (bs.length != 10 || in.available() != 0) { + throw new Exception("Second read error"); + } + // 20>10, readAll means failure + in = new ByteArrayInputStream(new byte[10]); + try { + bs = IOUtils.readFully(in, 20, true); + throw new Exception("Third read error"); + } catch (EOFException e) { + // OK + } + int bignum = 10 * 1024 * 1024; + bs = IOUtils.readFully(new SuperSlowStream(bignum), -1, true); + if (bs.length != bignum) { + throw new Exception("Fourth read error"); + } + + // Test DerValue + byte[] input = {0x04, (byte)0x84, 0x40, 0x00, 0x42, 0x46, 0x4b}; + try { + new DerValue(new ByteArrayInputStream(input)); + } catch (IOException ioe) { + // This is OK + } + } +} + +/** + * An InputStream contains a given number of bytes, but only returns one byte + * per read. + */ +class SuperSlowStream extends InputStream { + private int p; + /** + * @param Initial capacity + */ + public SuperSlowStream(int capacity) { + p = capacity; + } + @Override + public int read() throws IOException { + if (p > 0) { + p--; + return 0; + } else { + return -1; + } + } + @Override + public int read(byte b[], int off, int len) throws IOException { + if (len == 0) return 0; + if (p > 0) { + p--; + b[off] = 0; + return 1; + } else { + return -1; + } + } +} From c14324faa56dae86e7732827ab626495b6b48bde Mon Sep 17 00:00:00 2001 From: Xue-Lei Andrew Fan Date: Tue, 18 Aug 2009 20:47:13 -0700 Subject: [PATCH 02/16] 6861062: Disable MD2 support Reviewed-by: mullan, weijun --- .../provider/certpath/AlgorithmChecker.java | 119 ++++ .../certpath/DistributionPointFetcher.java | 10 + .../provider/certpath/ForwardBuilder.java | 5 + .../provider/certpath/OCSPChecker.java | 27 +- .../provider/certpath/OCSPResponse.java | 11 + .../certpath/PKIXCertPathValidator.java | 4 +- .../provider/certpath/ReverseBuilder.java | 5 +- .../security/validator/SimpleValidator.java | 9 + .../validator/ValidatorException.java | 5 +- .../DisabledAlgorithms/CPBuilder.java | 442 ++++++++++++ .../CPValidatorEndEntity.java | 363 ++++++++++ .../CPValidatorIntermediate.java | 256 +++++++ .../CPValidatorTrustAnchor.java | 169 +++++ .../certpath/DisabledAlgorithms/README | 640 ++++++++++++++++++ .../certpath/DisabledAlgorithms/generate.sh | 255 +++++++ .../certpath/DisabledAlgorithms/openssl.cnf | 206 ++++++ 16 files changed, 2518 insertions(+), 8 deletions(-) create mode 100644 jdk/src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java create mode 100644 jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilder.java create mode 100644 jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorEndEntity.java create mode 100644 jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorIntermediate.java create mode 100644 jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorTrustAnchor.java create mode 100644 jdk/test/sun/security/provider/certpath/DisabledAlgorithms/README create mode 100644 jdk/test/sun/security/provider/certpath/DisabledAlgorithms/generate.sh create mode 100644 jdk/test/sun/security/provider/certpath/DisabledAlgorithms/openssl.cnf diff --git a/jdk/src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java b/jdk/src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java new file mode 100644 index 00000000000..0921351863e --- /dev/null +++ b/jdk/src/share/classes/sun/security/provider/certpath/AlgorithmChecker.java @@ -0,0 +1,119 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Sun designates this + * particular file as subject to the "Classpath" exception as provided + * by Sun in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +package sun.security.provider.certpath; + +import java.util.Set; +import java.util.Collection; +import java.util.Locale; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.security.cert.X509CRL; +import java.security.cert.CertPathValidatorException; +import java.security.cert.PKIXCertPathChecker; + +import sun.security.x509.AlgorithmId; + +/** + * AlgorithmChecker is a PKIXCertPathChecker that checks that + * the signature algorithm of the specified certificate is not disabled. + * + * @author Xuelei Fan + */ +final public class AlgorithmChecker extends PKIXCertPathChecker { + + // the disabled algorithms + private static final String[] disabledAlgorithms = new String[] {"md2"}; + + // singleton instance + static final AlgorithmChecker INSTANCE = new AlgorithmChecker(); + + /** + * Default Constructor + */ + private AlgorithmChecker() { + // do nothing + } + + /** + * Return a AlgorithmChecker instance. + */ + static AlgorithmChecker getInstance() { + return INSTANCE; + } + + /** + * Initializes the internal state of the checker from parameters + * specified in the constructor. + */ + public void init(boolean forward) throws CertPathValidatorException { + // do nothing + } + + public boolean isForwardCheckingSupported() { + return false; + } + + public Set getSupportedExtensions() { + return null; + } + + /** + * Checks the signature algorithm of the specified certificate. + */ + public void check(Certificate cert, Collection unresolvedCritExts) + throws CertPathValidatorException { + check(cert); + } + + public static void check(Certificate cert) + throws CertPathValidatorException { + X509Certificate xcert = (X509Certificate)cert; + check(xcert.getSigAlgName()); + } + + static void check(AlgorithmId aid) throws CertPathValidatorException { + check(aid.getName()); + } + + static void check(X509CRL crl) throws CertPathValidatorException { + check(crl.getSigAlgName()); + } + + private static void check(String algName) + throws CertPathValidatorException { + + String lowerCaseAlgName = algName.toLowerCase(Locale.ENGLISH); + + for (String disabled : disabledAlgorithms) { + // checking the signature algorithm name + if (lowerCaseAlgName.indexOf(disabled) != -1) { + throw new CertPathValidatorException( + "algorithm check failed: " + algName + " is disabled"); + } + } + } + +} diff --git a/jdk/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java b/jdk/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java index 39ee1f1dad6..8d94adb32cc 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java @@ -309,6 +309,16 @@ class DistributionPointFetcher { X500Name certIssuer = (X500Name) certImpl.getIssuerDN(); X500Name crlIssuer = (X500Name) crlImpl.getIssuerDN(); + // check the crl signature algorithm + try { + AlgorithmChecker.check(crl); + } catch (CertPathValidatorException cpve) { + if (debug != null) { + debug.println("CRL signature algorithm check failed: " + cpve); + } + return false; + } + // if crlIssuer is set, verify that it matches the issuer of the // CRL and the CRL contains an IDP extension with the indirectCRL // boolean asserted. Otherwise, verify that the CRL issuer matches the diff --git a/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java b/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java index 393a7663c91..59b95dc9d1d 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java @@ -715,6 +715,11 @@ class ForwardBuilder extends Builder { /* we don't perform any validation of the trusted cert */ if (!isTrustedCert) { + /* + * check that the signature algorithm is not disabled. + */ + AlgorithmChecker.check(cert); + /* * Check CRITICAL private extensions for user checkers that * support forward checking (forwardCheckers) and remove diff --git a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java index b9d246c20b0..39c25025738 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java @@ -297,12 +297,29 @@ class OCSPChecker extends PKIXCertPathChecker { } if (filter != null) { List certStores = pkixParams.getCertStores(); + AlgorithmChecker algChecker= + AlgorithmChecker.getInstance(); for (CertStore certStore : certStores) { - Iterator i = - certStore.getCertificates(filter).iterator(); - if (i.hasNext()) { - responderCert = (X509Certificate) i.next(); - seekResponderCert = false; // done + for (Certificate selected : + certStore.getCertificates(filter)) { + try { + // don't bother to trust algorithm disabled + // certificate as responder + algChecker.check(selected); + + responderCert = (X509Certificate)selected; + seekResponderCert = false; // done + break; + } catch (CertPathValidatorException cpve) { + if (DEBUG != null) { + DEBUG.println( + "OCSP responder certificate " + + "algorithm check failed: " + cpve); + } + } + } + + if (!seekResponderCert) { break; } } diff --git a/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java b/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java index cdadc45f66c..f7c5dbc5cad 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java @@ -230,6 +230,11 @@ class OCSPResponse { new DerInputStream(derIn.getOctetString()); DerValue[] seqTmp = basicOCSPResponse.getSequence(2); + + if (seqTmp.length < 3) { + throw new IOException("Unexpected BasicOCSPResponse value"); + } + DerValue responseData = seqTmp[0]; // Need the DER encoded ResponseData to verify the signature later @@ -312,6 +317,9 @@ class OCSPResponse { // signatureAlgorithmId sigAlgId = AlgorithmId.parse(seqTmp[1]); + // check that the signature algorithm is not disabled. + AlgorithmChecker.check(sigAlgId); + // signature byte[] signature = seqTmp[2].getBitString(); X509CertImpl[] x509Certs = null; @@ -345,6 +353,9 @@ class OCSPResponse { } else if (cert.getIssuerX500Principal().equals( responderCert.getSubjectX500Principal())) { + // check the certificate algorithm + AlgorithmChecker.check(cert); + // Check for the OCSPSigning key purpose List keyPurposes = cert.getExtendedKeyUsage(); if (keyPurposes == null || diff --git a/jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java b/jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java index 63335d2342c..3511ad7de54 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java @@ -1,5 +1,5 @@ /* - * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -276,6 +276,7 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi { int certPathLen = certList.size(); basicChecker = new BasicChecker(anchor, testDate, sigProvider, false); + AlgorithmChecker algorithmChecker= AlgorithmChecker.getInstance(); KeyChecker keyChecker = new KeyChecker(certPathLen, pkixParam.getTargetCertConstraints()); ConstraintsChecker constraintsChecker = @@ -292,6 +293,7 @@ public class PKIXCertPathValidator extends CertPathValidatorSpi { ArrayList certPathCheckers = new ArrayList(); // add standard checkers that we will be using + certPathCheckers.add(algorithmChecker); certPathCheckers.add(keyChecker); certPathCheckers.add(constraintsChecker); certPathCheckers.add(policyChecker); diff --git a/jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java b/jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java index 6f826026caf..c8762ef7447 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/ReverseBuilder.java @@ -1,5 +1,5 @@ /* - * Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -347,6 +347,9 @@ class ReverseBuilder extends Builder { return; } + /* check that the signature algorithm is not disabled. */ + AlgorithmChecker.check(cert); + /* * check for looping - abort a loop if * ((we encounter the same certificate twice) AND diff --git a/jdk/src/share/classes/sun/security/validator/SimpleValidator.java b/jdk/src/share/classes/sun/security/validator/SimpleValidator.java index d21466a608b..eff9045c2f6 100644 --- a/jdk/src/share/classes/sun/security/validator/SimpleValidator.java +++ b/jdk/src/share/classes/sun/security/validator/SimpleValidator.java @@ -40,6 +40,8 @@ import sun.security.util.DerInputStream; import sun.security.util.DerOutputStream; import sun.security.util.ObjectIdentifier; +import sun.security.provider.certpath.AlgorithmChecker; + /** * A simple validator implementation. It is based on code from the JSSE * X509TrustManagerImpl. This implementation is designed for compatibility with @@ -134,6 +136,13 @@ public final class SimpleValidator extends Validator { X509Certificate issuerCert = chain[i + 1]; X509Certificate cert = chain[i]; + // check certificate algorithm + try { + AlgorithmChecker.check(cert); + } catch (CertPathValidatorException cpve) { + throw new ValidatorException + (ValidatorException.T_ALGORITHM_DISABLED, cert, cpve); + } // no validity check for code signing certs if ((variant.equals(VAR_CODE_SIGNING) == false) diff --git a/jdk/src/share/classes/sun/security/validator/ValidatorException.java b/jdk/src/share/classes/sun/security/validator/ValidatorException.java index 67f42cfa472..53b8667f29f 100644 --- a/jdk/src/share/classes/sun/security/validator/ValidatorException.java +++ b/jdk/src/share/classes/sun/security/validator/ValidatorException.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2003 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2002-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -55,6 +55,9 @@ public class ValidatorException extends CertificateException { public final static Object T_NAME_CHAINING = "Certificate chaining error"; + public final static Object T_ALGORITHM_DISABLED = + "Certificate signature algorithm disabled"; + private Object type; private X509Certificate cert; diff --git a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilder.java b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilder.java new file mode 100644 index 00000000000..891967fd7e7 --- /dev/null +++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPBuilder.java @@ -0,0 +1,442 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/** + * @test + * + * @bug 6861062 + * @summary Disable MD2 support + * + * @run main/othervm CPBuilder trustAnchor_SHA1withRSA_1024 0 true + * @run main/othervm CPBuilder trustAnchor_SHA1withRSA_512 0 true + * @run main/othervm CPBuilder intermediate_SHA1withRSA_1024_1024 1 true + * @run main/othervm CPBuilder intermediate_SHA1withRSA_1024_512 1 true + * @run main/othervm CPBuilder intermediate_SHA1withRSA_512_1024 1 true + * @run main/othervm CPBuilder intermediate_SHA1withRSA_512_512 1 true + * @run main/othervm CPBuilder intermediate_MD2withRSA_1024_1024 1 false + * @run main/othervm CPBuilder intermediate_MD2withRSA_1024_512 1 false + * @run main/othervm CPBuilder endentiry_SHA1withRSA_1024_1024 2 true + * @run main/othervm CPBuilder endentiry_SHA1withRSA_1024_512 2 true + * @run main/othervm CPBuilder endentiry_SHA1withRSA_512_1024 2 true + * @run main/othervm CPBuilder endentiry_SHA1withRSA_512_512 2 true + * @run main/othervm CPBuilder endentiry_MD2withRSA_1024_1024 2 false + * @run main/othervm CPBuilder endentiry_MD2withRSA_1024_512 2 false + * + * @author Xuelei Fan + */ + +import java.io.*; +import java.net.SocketException; +import java.util.*; +import java.security.Security; +import java.security.cert.*; +import sun.security.util.DerInputStream; + +public class CPBuilder { + + // SHA1withRSA 1024 + static String trustAnchor_SHA1withRSA_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" + + "AQUAA4GNADCBiQKBgQC8UdC863pFk1Rvd7xUYd60+e9KsLhb6SqOfU42ZA715FcH\n" + + "E1TRvQPmYzAnHcO04TrWZQtO6E+E2RCmeBnetBvIMVka688QkO14wnrIrf2tRodd\n" + + "rZNZEBzkX+zyXCRo9tKEUDFf9Qze7Ilbb+Zzm9CUfu4M1Oz6iQcXRx7aM0jEAQID\n" + + "AQABo4GJMIGGMB0GA1UdDgQWBBTn0C+xmZY/BTab4W9gBp3dGa7WgjBHBgNVHSME\n" + + "QDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" + + "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" + + "DQYJKoZIhvcNAQEFBQADgYEAiCXL2Yp4ruyRXAIJ8zBEaPC9oV2agqgbSbly2z8z\n" + + "Ik5SeSRysP+GHBpb8uNyANJnQKv+T0GrJiTLMBjKCOiJl6xzk3EZ2wbQB6G/SQ9+\n" + + "UWcsXSC8oGSEPpkj5In/9/UbuUIfT9H8jmdyLNKQvlqgq6kyfnskME7ptGgT95Hc\n" + + "tas=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 + static String trustAnchor_SHA1withRSA_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" + + "BQADSwAwSAJBAM0Kn4ieCdCHsrm78ZMMN4jQEEEqACAMKB7O8j9g4gfz2oAfmHwv\n" + + "7JH/hZ0Xen1zUmBbwe+e2J5D/4Fisp9Bn98CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" + + "g4Kwd47hdNQBp8grZsRJ5XvhvxAwRwYDVR0jBEAwPoAUg4Kwd47hdNQBp8grZsRJ\n" + + "5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" + + "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAn77b\n" + + "FJx+HvyRvjZYCzMjnUct3Ql4iLOkURYDh93J5TXi/l9ajvAMEuwzYj0qZ+Ktm/ia\n" + + "U5r+8B9nzx+j2Zh3kw==\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 1024 + static String intermediate_SHA1withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDhaFw0yOTA0MjMwMTExNDha\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + + "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + + "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + + "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + + "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEAHze3wAcIe84zNOoN\n" + + "P8l9EmlVVoU30z3LB3hxq3m/dC/4gE5Z9Z8EG1wJw4qaxlTZ4dif12nbTTdofVhb\n" + + "Bd4syjo6fcUA4q7sfg9TFpoHQ+Ap7PgjK99moMKdMy50Xy8s6FPvaVkF89s66Z6y\n" + + "e4q7TSwe6QevGOZaL5N/iy2XGEs=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 512 + static String intermediate_SHA1withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDzCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + + "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + + "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + + "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + + "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQCYNmdkONfuk07XjRze\n" + + "WQyq2cfdae4uIdyUfa2rpgYMtSXuQW3/XrQGiz4G6WBXA2wo7folOOpAKYgvHPrm\n" + + "w6Dd\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 1024 + static String intermediate_SHA1withRSA_512_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDDCCAXWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" + + "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" + + "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" + + "PoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + + "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + + "CSqGSIb3DQEBBQUAA4GBAE2VOlw5ySLT3gUzKCYEga4QPaSrf6lHHPi2g48LscEY\n" + + "h9qQXh4nuIVugReBIEf6N49RdT+M2cgRJo4sZ3ukYLGQzxNuttL5nPSuuvrAR1oG\n" + + "LUyzOWcUpKHbVHi6zlTt79RvTKZvLcduLutmtPtLJcM9PdiAI1wEooSgxTwZtB/Z\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 512 + static String intermediate_SHA1withRSA_512_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIByzCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" + + "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" + + "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" + + "PoAUg4Kwd47hdNQBp8grZsRJ5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + + "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + + "CSqGSIb3DQEBBQUAA0EAoCf0Zu559qcB4xPpzqkVsYiyW49S4Yc0mmQXb1yoQgLx\n" + + "O+DCkjG5d14+t1MsnkhB2izoQUMxQ3vDc1YnA/tEpw==\n" + + "-----END CERTIFICATE-----"; + + // MD2withRSA 1024 signed with RSA 1024 + static String intermediate_MD2withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICUDCCAbmgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + + "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + + "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + + "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + + "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEAPtEjwbWuC5kc4DPc\n" + + "Ttf/wdbD8ZCdAWzcc3XF9q1TlvwVMNk6mbfM05y6ZVsztKTkwZ4EcvFu/yIqw1EB\n" + + "E1zlXQCaWXT3/ZMbqYZV4+mx+RUl8spUCb1tda25jnTg3mTOzB1iztm4gy903EMd\n" + + "m8omKDKeCgcw5dR4ITQYvyxe1as=\n" + + "-----END CERTIFICATE-----"; + + // MD2withRSA 1024 signed with RSA 512 + static String intermediate_MD2withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDzCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + + "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + + "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + + "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + + "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADQQBHok1v6xymtpB7N9xy\n" + + "0OmDT27uhmzlP0eOzJvXVxj3Oi9TLQJgCUJ9122MzfRAs1E1uJTtvuu+UmI80NQx\n" + + "KQdp\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 1024 + static String endentiry_SHA1withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + + "NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" + + "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" + + "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" + + "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" + + "OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG\n" + + "9w0BAQUFAAOBgQAOfIeasDg91CR3jGfuAEVKwncM1OPFmniAUcdPm74cCAyJ90Me\n" + + "dhUElWPGoAuXGfiyZlOlGUYWqEroe/dnkmnotJjLWR+MA4ZyX3O1YI8T4W3deWcC\n" + + "J4WMCF7mp17SaYYKX9F0AxwNJFpUkbB41IkTxPr0MmzB1871/pbY8dLAvA==\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 512 + static String endentiry_SHA1withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + + "NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" + + "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" + + "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" + + "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" + + "OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG\n" + + "9w0BAQUFAANBADV6X+ea0ftEKXy7yKNAbdIp35893T6AVwbdclomPkeOs86OtoTG\n" + + "1BIzWSK9QE7W6Wbf63e2RdcqoLK+DxsuwUg=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 1024 + static String endentiry_SHA1withRSA_512_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + + "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + + "DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo\n" + + "uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE\n" + + "AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU\n" + + "31g/ZkU6aXFAJVKhrrv0ebfAgeYwDQYJKoZIhvcNAQEFBQADgYEAUyW8PrEdbzLu\n" + + "B+h6UemBOJ024rYq90hJE/5wUEKPvxZ9vPEUgl+io6cGhL3cLfxfh6z5xtEGp4Tb\n" + + "NB0Ye3Qi01FBiNDY8s3rQRrmel6VysU8u+0Oi2jmQY6vZXn/zXN5rrTLITCaSicG\n" + + "dOMv1xLM83Ee432WWlDwKOUxhzDGpWc=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 512 + static String endentiry_SHA1withRSA_512_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + + "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + + "DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo\n" + + "uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE\n" + + "AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU\n" + + "N0CHiTYPtjyvpP2a6y6mhsZ6U40wDQYJKoZIhvcNAQEFBQADQQBG4grtrVEHick0\n" + + "z/6Lcl/MGyHT0c8KTXE0AMVXG1NRjAicAmYno/yDaJ9OmfymObKZKV9fF7yCW/N/\n" + + "TMU6m7N0\n" + + "-----END CERTIFICATE-----"; + + // MD2withRSA 1024 signed with RSA 1024 + static String endentiry_MD2withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + + "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" + + "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" + + "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" + + "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" + + "OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG\n" + + "9w0BAQIFAAOBgQBxKsFf8NNQcXjDoKJJSG4Rk6ikcrhiGYuUI32+XHvs6hnav1Zc\n" + + "aJUpy7J4gMj/MnysMh/4AF9+m6zEEjuisXKUbYZhgtJxz+ukGSo163mJ8QJiAlRb\n" + + "Iwsy81r08mlSCR6jx2YhDAUxJIPC92R5Vb4CEutB7tWTwwz7vIHq330erA==\n" + + "-----END CERTIFICATE-----"; + + // MD2withRSA 1024 signed with RSA 512 + static String endentiry_MD2withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + + "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" + + "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" + + "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" + + "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" + + "OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG\n" + + "9w0BAQIFAANBAIX63Ypi9P71RnC/pcMbhD+wekRFsTzU593X3MC7tyBJtEXwvAZG\n" + + "iMxXF5A+ohlr7/CrkV7ZTL8PLxnJdY5Y8rQ=\n" + + "-----END CERTIFICATE-----"; + + static HashMap certmap = new HashMap(); + static { + certmap.put("trustAnchor_SHA1withRSA_1024", + trustAnchor_SHA1withRSA_1024); + certmap.put("trustAnchor_SHA1withRSA_512", + trustAnchor_SHA1withRSA_512); + certmap.put("intermediate_SHA1withRSA_1024_1024", + intermediate_SHA1withRSA_1024_1024); + certmap.put("intermediate_SHA1withRSA_1024_512", + intermediate_SHA1withRSA_1024_512); + certmap.put("intermediate_SHA1withRSA_512_1024", + intermediate_SHA1withRSA_512_1024); + certmap.put("intermediate_SHA1withRSA_512_512", + intermediate_SHA1withRSA_512_512); + certmap.put("intermediate_MD2withRSA_1024_1024", + intermediate_MD2withRSA_1024_1024); + certmap.put("intermediate_MD2withRSA_1024_512", + intermediate_MD2withRSA_1024_512); + certmap.put("endentiry_SHA1withRSA_1024_1024", + endentiry_SHA1withRSA_1024_1024); + certmap.put("endentiry_SHA1withRSA_1024_512", + endentiry_SHA1withRSA_1024_512); + certmap.put("endentiry_SHA1withRSA_512_1024", + endentiry_SHA1withRSA_512_1024); + certmap.put("endentiry_SHA1withRSA_512_512", + endentiry_SHA1withRSA_512_512); + certmap.put("endentiry_MD2withRSA_1024_1024", + endentiry_MD2withRSA_1024_1024); + certmap.put("endentiry_MD2withRSA_1024_512", + endentiry_MD2withRSA_1024_512); + } + + private static Set generateTrustAnchors() + throws CertificateException { + // generate certificate from cert string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + HashSet anchors = new HashSet(); + + ByteArrayInputStream is = + new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes()); + Certificate cert = cf.generateCertificate(is); + TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null); + anchors.add(anchor); + + is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes()); + cert = cf.generateCertificate(is); + anchor = new TrustAnchor((X509Certificate)cert, null); + anchors.add(anchor); + + return anchors; + } + + private static CertStore generateCertificateStore() throws Exception { + Collection entries = new HashSet(); + + // generate certificate from certificate string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + for (String key : certmap.keySet()) { + String certStr = certmap.get(key); + ByteArrayInputStream is = + new ByteArrayInputStream(certStr.getBytes());; + Certificate cert = cf.generateCertificate(is); + entries.add(cert); + } + + return CertStore.getInstance("Collection", + new CollectionCertStoreParameters(entries)); + } + + private static X509CertSelector generateSelector(String name) + throws Exception { + X509CertSelector selector = new X509CertSelector(); + + String certStr = certmap.get(name); + if (certStr == null) { + return null; + } + + // generate certificate from certificate string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); + X509Certificate target = (X509Certificate)cf.generateCertificate(is); + + selector.setCertificate(target); + + return selector; + } + + private static boolean match(String name, Certificate cert) + throws Exception { + X509CertSelector selector = new X509CertSelector(); + + String certStr = certmap.get(name); + if (certStr == null) { + return false; + } + + // generate certificate from certificate string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + ByteArrayInputStream is = new ByteArrayInputStream(certStr.getBytes()); + X509Certificate target = (X509Certificate)cf.generateCertificate(is); + + return target.equals(cert); + } + + public static void main(String args[]) throws Exception { + + CertPathBuilder builder = CertPathBuilder.getInstance("PKIX"); + + X509CertSelector selector = generateSelector(args[0]); + if (selector == null) { + // no target certificate, ignore it + return; + } + + Set anchors = generateTrustAnchors(); + CertStore certs = generateCertificateStore(); + + PKIXBuilderParameters params = + new PKIXBuilderParameters(anchors, selector); + params.addCertStore(certs); + params.setRevocationEnabled(false); + params.setDate(new Date(109, 9, 1)); // 2009-09-01 + + boolean success = Boolean.valueOf(args[2]); + try { + PKIXCertPathBuilderResult result = + (PKIXCertPathBuilderResult)builder.build(params); + if (!success) { + throw new Exception("expected algorithm disabled exception"); + } + + int length = Integer.parseInt(args[1]); + List path = + result.getCertPath().getCertificates(); + if (length != path.size()) { + throw new Exception("unexpected certification path length"); + } + + if (!path.isEmpty()) { // the target is not a trust anchor + if (!match(args[0], path.get(0))) { + throw new Exception("unexpected certificate"); + } + } + } catch (CertPathBuilderException cpbe) { + if (success) { + throw new Exception("unexpected exception"); + } else { + System.out.println("Get the expected exception " + cpbe); + } + } + } + +} diff --git a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorEndEntity.java b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorEndEntity.java new file mode 100644 index 00000000000..bb0e886133e --- /dev/null +++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorEndEntity.java @@ -0,0 +1,363 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/** + * @test + * + * @bug 6861062 + * @summary Disable MD2 support + * + * @author Xuelei Fan + */ + +import java.io.*; +import java.net.SocketException; +import java.util.*; +import java.security.Security; +import java.security.cert.*; + +public class CPValidatorEndEntity { + + // SHA1withRSA 1024 + static String trustAnchor_SHA1withRSA_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" + + "AQUAA4GNADCBiQKBgQC8UdC863pFk1Rvd7xUYd60+e9KsLhb6SqOfU42ZA715FcH\n" + + "E1TRvQPmYzAnHcO04TrWZQtO6E+E2RCmeBnetBvIMVka688QkO14wnrIrf2tRodd\n" + + "rZNZEBzkX+zyXCRo9tKEUDFf9Qze7Ilbb+Zzm9CUfu4M1Oz6iQcXRx7aM0jEAQID\n" + + "AQABo4GJMIGGMB0GA1UdDgQWBBTn0C+xmZY/BTab4W9gBp3dGa7WgjBHBgNVHSME\n" + + "QDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" + + "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" + + "DQYJKoZIhvcNAQEFBQADgYEAiCXL2Yp4ruyRXAIJ8zBEaPC9oV2agqgbSbly2z8z\n" + + "Ik5SeSRysP+GHBpb8uNyANJnQKv+T0GrJiTLMBjKCOiJl6xzk3EZ2wbQB6G/SQ9+\n" + + "UWcsXSC8oGSEPpkj5In/9/UbuUIfT9H8jmdyLNKQvlqgq6kyfnskME7ptGgT95Hc\n" + + "tas=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 + static String trustAnchor_SHA1withRSA_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" + + "BQADSwAwSAJBAM0Kn4ieCdCHsrm78ZMMN4jQEEEqACAMKB7O8j9g4gfz2oAfmHwv\n" + + "7JH/hZ0Xen1zUmBbwe+e2J5D/4Fisp9Bn98CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" + + "g4Kwd47hdNQBp8grZsRJ5XvhvxAwRwYDVR0jBEAwPoAUg4Kwd47hdNQBp8grZsRJ\n" + + "5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" + + "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAn77b\n" + + "FJx+HvyRvjZYCzMjnUct3Ql4iLOkURYDh93J5TXi/l9ajvAMEuwzYj0qZ+Ktm/ia\n" + + "U5r+8B9nzx+j2Zh3kw==\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 1024 + static String intermediate_SHA1withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDhaFw0yOTA0MjMwMTExNDha\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + + "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + + "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + + "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + + "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEAHze3wAcIe84zNOoN\n" + + "P8l9EmlVVoU30z3LB3hxq3m/dC/4gE5Z9Z8EG1wJw4qaxlTZ4dif12nbTTdofVhb\n" + + "Bd4syjo6fcUA4q7sfg9TFpoHQ+Ap7PgjK99moMKdMy50Xy8s6FPvaVkF89s66Z6y\n" + + "e4q7TSwe6QevGOZaL5N/iy2XGEs=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 512 + static String intermediate_SHA1withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDzCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + + "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + + "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + + "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + + "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQCYNmdkONfuk07XjRze\n" + + "WQyq2cfdae4uIdyUfa2rpgYMtSXuQW3/XrQGiz4G6WBXA2wo7folOOpAKYgvHPrm\n" + + "w6Dd\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 1024 + static String intermediate_SHA1withRSA_512_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDDCCAXWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" + + "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" + + "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" + + "PoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + + "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + + "CSqGSIb3DQEBBQUAA4GBAE2VOlw5ySLT3gUzKCYEga4QPaSrf6lHHPi2g48LscEY\n" + + "h9qQXh4nuIVugReBIEf6N49RdT+M2cgRJo4sZ3ukYLGQzxNuttL5nPSuuvrAR1oG\n" + + "LUyzOWcUpKHbVHi6zlTt79RvTKZvLcduLutmtPtLJcM9PdiAI1wEooSgxTwZtB/Z\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 512 + static String intermediate_SHA1withRSA_512_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIByzCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" + + "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" + + "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" + + "PoAUg4Kwd47hdNQBp8grZsRJ5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + + "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + + "CSqGSIb3DQEBBQUAA0EAoCf0Zu559qcB4xPpzqkVsYiyW49S4Yc0mmQXb1yoQgLx\n" + + "O+DCkjG5d14+t1MsnkhB2izoQUMxQ3vDc1YnA/tEpw==\n" + + "-----END CERTIFICATE-----"; + + // MD2withRSA 1024 signed with RSA 1024 + static String intermediate_MD2withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICUDCCAbmgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + + "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + + "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + + "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + + "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEAPtEjwbWuC5kc4DPc\n" + + "Ttf/wdbD8ZCdAWzcc3XF9q1TlvwVMNk6mbfM05y6ZVsztKTkwZ4EcvFu/yIqw1EB\n" + + "E1zlXQCaWXT3/ZMbqYZV4+mx+RUl8spUCb1tda25jnTg3mTOzB1iztm4gy903EMd\n" + + "m8omKDKeCgcw5dR4ITQYvyxe1as=\n" + + "-----END CERTIFICATE-----"; + + // MD2withRSA 1024 signed with RSA 512 + static String intermediate_MD2withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDzCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + + "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + + "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + + "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + + "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADQQBHok1v6xymtpB7N9xy\n" + + "0OmDT27uhmzlP0eOzJvXVxj3Oi9TLQJgCUJ9122MzfRAs1E1uJTtvuu+UmI80NQx\n" + + "KQdp\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 1024 + static String endentiry_SHA1withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + + "NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" + + "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" + + "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" + + "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" + + "OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG\n" + + "9w0BAQUFAAOBgQAOfIeasDg91CR3jGfuAEVKwncM1OPFmniAUcdPm74cCAyJ90Me\n" + + "dhUElWPGoAuXGfiyZlOlGUYWqEroe/dnkmnotJjLWR+MA4ZyX3O1YI8T4W3deWcC\n" + + "J4WMCF7mp17SaYYKX9F0AxwNJFpUkbB41IkTxPr0MmzB1871/pbY8dLAvA==\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 512 + static String endentiry_SHA1withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + + "NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" + + "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" + + "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" + + "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" + + "OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG\n" + + "9w0BAQUFAANBADV6X+ea0ftEKXy7yKNAbdIp35893T6AVwbdclomPkeOs86OtoTG\n" + + "1BIzWSK9QE7W6Wbf63e2RdcqoLK+DxsuwUg=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 1024 + static String endentiry_SHA1withRSA_512_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + + "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + + "DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo\n" + + "uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE\n" + + "AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU\n" + + "31g/ZkU6aXFAJVKhrrv0ebfAgeYwDQYJKoZIhvcNAQEFBQADgYEAUyW8PrEdbzLu\n" + + "B+h6UemBOJ024rYq90hJE/5wUEKPvxZ9vPEUgl+io6cGhL3cLfxfh6z5xtEGp4Tb\n" + + "NB0Ye3Qi01FBiNDY8s3rQRrmel6VysU8u+0Oi2jmQY6vZXn/zXN5rrTLITCaSicG\n" + + "dOMv1xLM83Ee432WWlDwKOUxhzDGpWc=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 512 + static String endentiry_SHA1withRSA_512_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + + "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3\n" + + "DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo\n" + + "uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE\n" + + "AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU\n" + + "N0CHiTYPtjyvpP2a6y6mhsZ6U40wDQYJKoZIhvcNAQEFBQADQQBG4grtrVEHick0\n" + + "z/6Lcl/MGyHT0c8KTXE0AMVXG1NRjAicAmYno/yDaJ9OmfymObKZKV9fF7yCW/N/\n" + + "TMU6m7N0\n" + + "-----END CERTIFICATE-----"; + + // MD2withRSA 1024 signed with RSA 1024 + static String endentiry_MD2withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + + "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" + + "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" + + "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" + + "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" + + "OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG\n" + + "9w0BAQIFAAOBgQBxKsFf8NNQcXjDoKJJSG4Rk6ikcrhiGYuUI32+XHvs6hnav1Zc\n" + + "aJUpy7J4gMj/MnysMh/4AF9+m6zEEjuisXKUbYZhgtJxz+ukGSo163mJ8QJiAlRb\n" + + "Iwsy81r08mlSCR6jx2YhDAUxJIPC92R5Vb4CEutB7tWTwwz7vIHq330erA==\n" + + "-----END CERTIFICATE-----"; + + // MD2withRSA 1024 signed with RSA 512 + static String endentiry_MD2withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx\n" + + "NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt\n" + + "cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG\n" + + "9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt\n" + + "vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v\n" + + "z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6\n" + + "c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07\n" + + "OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG\n" + + "9w0BAQIFAANBAIX63Ypi9P71RnC/pcMbhD+wekRFsTzU593X3MC7tyBJtEXwvAZG\n" + + "iMxXF5A+ohlr7/CrkV7ZTL8PLxnJdY5Y8rQ=\n" + + "-----END CERTIFICATE-----"; + + private static CertPath generateCertificatePath(String castr, + String eestr) throws CertificateException { + // generate certificate from cert strings + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + ByteArrayInputStream is; + + is = new ByteArrayInputStream(castr.getBytes()); + Certificate cacert = cf.generateCertificate(is); + + is = new ByteArrayInputStream(eestr.getBytes()); + Certificate eecert = cf.generateCertificate(is); + + // generate certification path + List list = Arrays.asList(new Certificate[] { + eecert, cacert}); + + return cf.generateCertPath(list); + } + + private static Set generateTrustAnchors() + throws CertificateException { + // generate certificate from cert string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + HashSet anchors = new HashSet(); + + ByteArrayInputStream is = + new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes()); + Certificate cert = cf.generateCertificate(is); + TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null); + anchors.add(anchor); + + is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes()); + cert = cf.generateCertificate(is); + anchor = new TrustAnchor((X509Certificate)cert, null); + anchors.add(anchor); + + return anchors; + } + + public static void main(String args[]) throws Exception { + try { + validate(endentiry_SHA1withRSA_1024_1024, + intermediate_SHA1withRSA_1024_1024); + validate(endentiry_SHA1withRSA_1024_512, + intermediate_SHA1withRSA_512_1024); + validate(endentiry_SHA1withRSA_512_1024, + intermediate_SHA1withRSA_1024_1024); + validate(endentiry_SHA1withRSA_512_512, + intermediate_SHA1withRSA_512_1024); + } catch (CertPathValidatorException cpve) { + throw new Exception( + "unexpect exception, it is valid cert", cpve); + } + + try { + validate(endentiry_MD2withRSA_1024_1024, + intermediate_SHA1withRSA_1024_1024); + throw new Exception("expected algorithm disabled exception"); + } catch (CertPathValidatorException cpve) { + System.out.println("Get the expected exception " + cpve); + } + + try { + validate(endentiry_MD2withRSA_1024_512, + intermediate_SHA1withRSA_512_1024); + throw new Exception("expected algorithm disabled exception"); + } catch (CertPathValidatorException cpve) { + System.out.println("Get the expected exception " + cpve); + } + } + + private static void validate(String eecert, String cacert) + throws CertPathValidatorException, Exception { + + CertPath path = generateCertificatePath(cacert, eecert); + Set anchors = generateTrustAnchors(); + + PKIXParameters params = new PKIXParameters(anchors); + + // disable certificate revocation checking + params.setRevocationEnabled(false); + + // set the validation time + params.setDate(new Date(109, 9, 1)); // 2009-09-01 + + CertPathValidator validator = CertPathValidator.getInstance("PKIX"); + + validator.validate(path, params); + } + +} diff --git a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorIntermediate.java b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorIntermediate.java new file mode 100644 index 00000000000..ee450f9c8a0 --- /dev/null +++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorIntermediate.java @@ -0,0 +1,256 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/** + * @test + * + * @bug 6861062 + * @summary Disable MD2 support + * + * @author Xuelei Fan + */ + +import java.io.*; +import java.net.SocketException; +import java.util.*; +import java.security.Security; +import java.security.cert.*; + +public class CPValidatorIntermediate { + + // SHA1withRSA 1024 + static String trustAnchor_SHA1withRSA_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" + + "AQUAA4GNADCBiQKBgQC8UdC863pFk1Rvd7xUYd60+e9KsLhb6SqOfU42ZA715FcH\n" + + "E1TRvQPmYzAnHcO04TrWZQtO6E+E2RCmeBnetBvIMVka688QkO14wnrIrf2tRodd\n" + + "rZNZEBzkX+zyXCRo9tKEUDFf9Qze7Ilbb+Zzm9CUfu4M1Oz6iQcXRx7aM0jEAQID\n" + + "AQABo4GJMIGGMB0GA1UdDgQWBBTn0C+xmZY/BTab4W9gBp3dGa7WgjBHBgNVHSME\n" + + "QDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" + + "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" + + "DQYJKoZIhvcNAQEFBQADgYEAiCXL2Yp4ruyRXAIJ8zBEaPC9oV2agqgbSbly2z8z\n" + + "Ik5SeSRysP+GHBpb8uNyANJnQKv+T0GrJiTLMBjKCOiJl6xzk3EZ2wbQB6G/SQ9+\n" + + "UWcsXSC8oGSEPpkj5In/9/UbuUIfT9H8jmdyLNKQvlqgq6kyfnskME7ptGgT95Hc\n" + + "tas=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 + static String trustAnchor_SHA1withRSA_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" + + "BQADSwAwSAJBAM0Kn4ieCdCHsrm78ZMMN4jQEEEqACAMKB7O8j9g4gfz2oAfmHwv\n" + + "7JH/hZ0Xen1zUmBbwe+e2J5D/4Fisp9Bn98CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" + + "g4Kwd47hdNQBp8grZsRJ5XvhvxAwRwYDVR0jBEAwPoAUg4Kwd47hdNQBp8grZsRJ\n" + + "5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" + + "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAn77b\n" + + "FJx+HvyRvjZYCzMjnUct3Ql4iLOkURYDh93J5TXi/l9ajvAMEuwzYj0qZ+Ktm/ia\n" + + "U5r+8B9nzx+j2Zh3kw==\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 1024 + static String intermediate_SHA1withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDhaFw0yOTA0MjMwMTExNDha\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + + "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + + "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + + "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + + "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEAHze3wAcIe84zNOoN\n" + + "P8l9EmlVVoU30z3LB3hxq3m/dC/4gE5Z9Z8EG1wJw4qaxlTZ4dif12nbTTdofVhb\n" + + "Bd4syjo6fcUA4q7sfg9TFpoHQ+Ap7PgjK99moMKdMy50Xy8s6FPvaVkF89s66Z6y\n" + + "e4q7TSwe6QevGOZaL5N/iy2XGEs=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 1024 signed with RSA 512 + static String intermediate_SHA1withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDzCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + + "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + + "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + + "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + + "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQCYNmdkONfuk07XjRze\n" + + "WQyq2cfdae4uIdyUfa2rpgYMtSXuQW3/XrQGiz4G6WBXA2wo7folOOpAKYgvHPrm\n" + + "w6Dd\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 1024 + static String intermediate_SHA1withRSA_512_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDDCCAXWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" + + "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" + + "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" + + "PoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + + "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + + "CSqGSIb3DQEBBQUAA4GBAE2VOlw5ySLT3gUzKCYEga4QPaSrf6lHHPi2g48LscEY\n" + + "h9qQXh4nuIVugReBIEf6N49RdT+M2cgRJo4sZ3ukYLGQzxNuttL5nPSuuvrAR1oG\n" + + "LUyzOWcUpKHbVHi6zlTt79RvTKZvLcduLutmtPtLJcM9PdiAI1wEooSgxTwZtB/Z\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 signed with RSA 512 + static String intermediate_SHA1withRSA_512_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIByzCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV\n" + + "lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA\n" + + "AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw\n" + + "PoAUg4Kwd47hdNQBp8grZsRJ5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD\n" + + "VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G\n" + + "CSqGSIb3DQEBBQUAA0EAoCf0Zu559qcB4xPpzqkVsYiyW49S4Yc0mmQXb1yoQgLx\n" + + "O+DCkjG5d14+t1MsnkhB2izoQUMxQ3vDc1YnA/tEpw==\n" + + "-----END CERTIFICATE-----"; + + // MD2withRSA 1024 signed with RSA 1024 + static String intermediate_MD2withRSA_1024_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICUDCCAbmgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + + "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + + "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + + "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + + "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEAPtEjwbWuC5kc4DPc\n" + + "Ttf/wdbD8ZCdAWzcc3XF9q1TlvwVMNk6mbfM05y6ZVsztKTkwZ4EcvFu/yIqw1EB\n" + + "E1zlXQCaWXT3/ZMbqYZV4+mx+RUl8spUCb1tda25jnTg3mTOzB1iztm4gy903EMd\n" + + "m8omKDKeCgcw5dR4ITQYvyxe1as=\n" + + "-----END CERTIFICATE-----"; + + // MD2withRSA 1024 signed with RSA 512 + static String intermediate_MD2withRSA_1024_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICDzCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla\n" + + "MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz\n" + + "cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8\n" + + "BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg\n" + + "bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82\n" + + "AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl\n" + + "UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw\n" + + "HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw\n" + + "AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADQQBHok1v6xymtpB7N9xy\n" + + "0OmDT27uhmzlP0eOzJvXVxj3Oi9TLQJgCUJ9122MzfRAs1E1uJTtvuu+UmI80NQx\n" + + "KQdp\n" + + "-----END CERTIFICATE-----"; + + private static CertPath generateCertificatePath(String certStr) + throws CertificateException { + // generate certificate from cert strings + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + ByteArrayInputStream is; + + is = new ByteArrayInputStream(certStr.getBytes()); + Certificate cert = cf.generateCertificate(is); + + // generate certification path + List list = Arrays.asList(new Certificate[] {cert}); + + return cf.generateCertPath(list); + } + + private static Set generateTrustAnchors() + throws CertificateException { + // generate certificate from cert string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + HashSet anchors = new HashSet(); + + ByteArrayInputStream is = + new ByteArrayInputStream(trustAnchor_SHA1withRSA_1024.getBytes()); + Certificate cert = cf.generateCertificate(is); + TrustAnchor anchor = new TrustAnchor((X509Certificate)cert, null); + anchors.add(anchor); + + is = new ByteArrayInputStream(trustAnchor_SHA1withRSA_512.getBytes()); + cert = cf.generateCertificate(is); + anchor = new TrustAnchor((X509Certificate)cert, null); + anchors.add(anchor); + + return anchors; + } + + public static void main(String args[]) throws Exception { + try { + validate(intermediate_SHA1withRSA_1024_1024); + validate(intermediate_SHA1withRSA_1024_512); + validate(intermediate_SHA1withRSA_512_1024); + validate(intermediate_SHA1withRSA_512_512); + } catch (CertPathValidatorException cpve) { + throw new Exception( + "unexpect exception, it is valid cert", cpve); + } + + try { + validate(intermediate_MD2withRSA_1024_1024); + throw new Exception("expected algorithm disabled exception"); + } catch (CertPathValidatorException cpve) { + System.out.println("Get the expected exception " + cpve); + } + + try { + validate(intermediate_MD2withRSA_1024_512); + throw new Exception("expected algorithm disabled exception"); + } catch (CertPathValidatorException cpve) { + System.out.println("Get the expected exception " + cpve); + } + } + + private static void validate(String intermediate) + throws CertPathValidatorException, Exception { + + CertPath path = generateCertificatePath(intermediate); + Set anchors = generateTrustAnchors(); + + PKIXParameters params = new PKIXParameters(anchors); + + // disable certificate revocation checking + params.setRevocationEnabled(false); + + // set the validation time + params.setDate(new Date(109, 9, 1)); // 2009-09-01 + + CertPathValidator validator = CertPathValidator.getInstance("PKIX"); + + validator.validate(path, params); + } + +} diff --git a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorTrustAnchor.java b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorTrustAnchor.java new file mode 100644 index 00000000000..1aeac579e30 --- /dev/null +++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/CPValidatorTrustAnchor.java @@ -0,0 +1,169 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/** + * @test + * + * @bug 6861062 + * @summary Disable MD2 support + * + * @author Xuelei Fan + */ + +import java.io.*; +import java.net.SocketException; +import java.util.*; +import java.security.Security; +import java.security.cert.*; + +public class CPValidatorTrustAnchor { + + static String selfSignedCertStr = null; + + // SHA1withRSA 1024 + static String trustAnchor_SHA1withRSA_1024 = + "-----BEGIN CERTIFICATE-----\n" + + "MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB\n" + + "AQUAA4GNADCBiQKBgQC8UdC863pFk1Rvd7xUYd60+e9KsLhb6SqOfU42ZA715FcH\n" + + "E1TRvQPmYzAnHcO04TrWZQtO6E+E2RCmeBnetBvIMVka688QkO14wnrIrf2tRodd\n" + + "rZNZEBzkX+zyXCRo9tKEUDFf9Qze7Ilbb+Zzm9CUfu4M1Oz6iQcXRx7aM0jEAQID\n" + + "AQABo4GJMIGGMB0GA1UdDgQWBBTn0C+xmZY/BTab4W9gBp3dGa7WgjBHBgNVHSME\n" + + "QDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO\n" + + "BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw\n" + + "DQYJKoZIhvcNAQEFBQADgYEAiCXL2Yp4ruyRXAIJ8zBEaPC9oV2agqgbSbly2z8z\n" + + "Ik5SeSRysP+GHBpb8uNyANJnQKv+T0GrJiTLMBjKCOiJl6xzk3EZ2wbQB6G/SQ9+\n" + + "UWcsXSC8oGSEPpkj5In/9/UbuUIfT9H8jmdyLNKQvlqgq6kyfnskME7ptGgT95Hc\n" + + "tas=\n" + + "-----END CERTIFICATE-----"; + + // SHA1withRSA 512 + static String trustAnchor_SHA1withRSA_512 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB\n" + + "BQADSwAwSAJBAM0Kn4ieCdCHsrm78ZMMN4jQEEEqACAMKB7O8j9g4gfz2oAfmHwv\n" + + "7JH/hZ0Xen1zUmBbwe+e2J5D/4Fisp9Bn98CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU\n" + + "g4Kwd47hdNQBp8grZsRJ5XvhvxAwRwYDVR0jBEAwPoAUg4Kwd47hdNQBp8grZsRJ\n" + + "5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G\n" + + "A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAn77b\n" + + "FJx+HvyRvjZYCzMjnUct3Ql4iLOkURYDh93J5TXi/l9ajvAMEuwzYj0qZ+Ktm/ia\n" + + "U5r+8B9nzx+j2Zh3kw==\n" + + "-----END CERTIFICATE-----"; + + // MD2withRSA 2048 + static String trustAnchor_MD2withRSA_2048 = + "-----BEGIN CERTIFICATE-----\n" + + "MIIDQzCCAiugAwIBAgIBADANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ\n" + + "MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDdaFw0zMDA3MTcwMTExNDda\n" + + "MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIIBIjANBgkqhkiG9w0B\n" + + "AQEFAAOCAQ8AMIIBCgKCAQEArF5pINc5s+aUlmdYlxtAQ3V4TXFnP/XOYHxjfLuX\n" + + "eKO/kh78LMvbDisTPQ2yo9YEawwwbUU40xcuzgi0axXgKveHXYdUmTr0hEapq3rv\n" + + "g/q2EbOjyXvq4qK2RDoVCN8R3wXiytnY2OFALTx6zc2tW4imJ20svdNVtWhv2syj\n" + + "ZTmmRXAeFUbD4qKWAFij0I6pnSgVssvWzeyJUNemym+oiYyaSd7n5j1RNAqUKioo\n" + + "K/T0FOOiuPGMqottgx5YRHa6yapCP5QVWRQ+WBIYJY3Wyq7N+Es20LT6761Pk3to\n" + + "EFCzM7+zqT/c+pC079HOKXz+m2us+HKp5BKWNnbvgaYPOQIDAQABo4GJMIGGMB0G\n" + + "A1UdDgQWBBSrSukJf+mO5LTRasAGD9RRs7SASTBHBgNVHSMEQDA+gBSrSukJf+mO\n" + + "5LTRasAGD9RRs7SASaEjpCEwHzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1w\n" + + "bGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEC\n" + + "BQADggEBAHvsv+DqMJeIW/D+ltkhw37OdMzkMPp4E6Hbp03O3GZ5LfNGczHCb2uL\n" + + "sr5T7e/jaBFn6QfmqbOAYAHJSNq2bNNtTbatnHBLuVx13cfxmwk89Cg/tFeoUdcf\n" + + "m5hzurB6Ub6SsYMOxZHUYp/KxM9x9a7llC1bK3SKXwd4rVDlXh8DOBvdQNr5Q3yq\n" + + "JjY86bSXO14VzNxL/1rqHiszQdPyR/28SBsQVYSi0Zeyc4Yy1ui/cXu1+PWYw3YZ\n" + + "QUPHTnkVdPGwRiUqeZIcps+q+ePlQQmDu5qiLD6d8gsyGyY/RvCHWKO5Y9DuX9hs\n" + + "he/AhCWQx+TQYGLu0liQqLkGZydyRnA=\n" + + "-----END CERTIFICATE-----"; + + private static CertPath generateCertificatePath() + throws CertificateException { + // generate certificate from cert strings + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + ByteArrayInputStream is; + + is = new ByteArrayInputStream(selfSignedCertStr.getBytes()); + Certificate selfSignedCert = cf.generateCertificate(is); + + // generate certification path + List list = Arrays.asList(new Certificate[] { + selfSignedCert}); + + return cf.generateCertPath(list); + } + + private static Set generateTrustAnchors() + throws CertificateException { + // generate certificate from cert string + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + + ByteArrayInputStream is = + new ByteArrayInputStream(selfSignedCertStr.getBytes()); + Certificate selfSignedCert = cf.generateCertificate(is); + + // generate a trust anchor + TrustAnchor anchor = + new TrustAnchor((X509Certificate)selfSignedCert, null); + + return Collections.singleton(anchor); + } + + public static void main(String args[]) throws Exception { + try { + validate(trustAnchor_SHA1withRSA_1024); + validate(trustAnchor_SHA1withRSA_512); + } catch (CertPathValidatorException cpve) { + throw new Exception( + "unexpect exception, it is valid cert", cpve); + } + + try { + validate(trustAnchor_MD2withRSA_2048); + throw new Exception("expected algorithm disabled exception"); + } catch (CertPathValidatorException cpve) { + System.out.println("Get the expected exception " + cpve); + } + } + + private static void validate(String trustAnchor) + throws CertPathValidatorException, Exception { + selfSignedCertStr = trustAnchor; + + CertPath path = generateCertificatePath(); + Set anchors = generateTrustAnchors(); + + PKIXParameters params = new PKIXParameters(anchors); + + // disable certificate revocation checking + params.setRevocationEnabled(false); + + // set the validation time + params.setDate(new Date(109, 9, 1)); // 2009-09-01 + + CertPathValidator validator = CertPathValidator.getInstance("PKIX"); + + validator.validate(path, params); + } + +} diff --git a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/README b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/README new file mode 100644 index 00000000000..6577db95210 --- /dev/null +++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/README @@ -0,0 +1,640 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + + Certificates and CRLs + +Here lists the Certificates, which was generated by generate.sh, used in the +test cases. + +The generate.sh depends on openssl, and it should be run under ksh. The +script will create many directories and files, please run it in a +directory outside of JDK workspace. + +1. root certifiate and key (SHA1withRSA 1024, root_cert_sha1_1024.pem) +-----BEGIN CERTIFICATE----- +MIICPjCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa +MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQC8UdC863pFk1Rvd7xUYd60+e9KsLhb6SqOfU42ZA715FcH +E1TRvQPmYzAnHcO04TrWZQtO6E+E2RCmeBnetBvIMVka688QkO14wnrIrf2tRodd +rZNZEBzkX+zyXCRo9tKEUDFf9Qze7Ilbb+Zzm9CUfu4M1Oz6iQcXRx7aM0jEAQID +AQABo4GJMIGGMB0GA1UdDgQWBBTn0C+xmZY/BTab4W9gBp3dGa7WgjBHBgNVHSME +QDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEwHzELMAkGA1UEBhMCVVMxEDAO +BgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQw +DQYJKoZIhvcNAQEFBQADgYEAiCXL2Yp4ruyRXAIJ8zBEaPC9oV2agqgbSbly2z8z +Ik5SeSRysP+GHBpb8uNyANJnQKv+T0GrJiTLMBjKCOiJl6xzk3EZ2wbQB6G/SQ9+ +UWcsXSC8oGSEPpkj5In/9/UbuUIfT9H8jmdyLNKQvlqgq6kyfnskME7ptGgT95Hc +tas= +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,DF5249E009A0FD79 + +rc316yLipp/vH0i6rhEbEwZpZ+HfKIXnnp/bIIZv2+4lyGUDWrxN0Hk0TcSgWEKm +dRGI2fsyWjTgaiHwwmusofXPAjB3s0I2rUUAHXk8/sEuiLLTICx2UAL8k6R33CSQ +NKR8t+TluBW3Us71vibWauuMHa5860KiiLWdhkQVLin7m/JBGLtz0zQ0/lZ8CgEm +p7eDupPi8FBClCyVewdpmKjgI2KPI4fVIZLMzLeGcWLaOQPN1ERcFWQ1CS/qjfMb +F4rtpZ+AzCqP75XPhitT2CnZgaVDxHBtAZQVPuKONMdijKphjqiT/Sd86Gx6OEVE +EwwmQya2Q/5aCuH96S00mj00oeIZ7ZtUcVQcch+saJy4vpuxK8pFcEDKmgsvL9+8 +Hho9RUXVUKRH67uA1NjQSK5+syEIj5sJCDcxOda4QGXeIq9ygaZswxF3nfvffrsa +S6IVBXrx0G+Ascu29SHoI+zi3feQszQJIzijHoTTq6FacLHUWzfVuaYa47uaj5qa +VYsMVCzi1eX486o7YKPKWiclNczQN86v5n9+c9uggXY12wSOmnf6BB1Ds+oL8JlU +IZa67lAyg6G9joAb9rTXN2EE5OTArcFuImK8GHse/3wkIPMglBNnfwpvjC1U+vQm +F7iXp+OxnZ5d9sBcrTBEZ9BDlTVlpiZI7EeS1oC8x6DDTdbJR/40Y3wJIDMI9q9T +O5EnyXqbmQziO0Tgal43w6mMTUnhG34kqovwxy03mAOZb3yz/RgWlez9wQmPseiI +2p2fQIjCPbGFNJt3rdyXOW/BRCii0970HEZeov/TVV/A0vUVajNAjA== +-----END RSA PRIVATE KEY----- + +2. root certifiate and key (SHA1withRSA 512, root_cert_sha1_512.pem) +-----BEGIN CERTIFICATE----- +MIIBuTCCAWOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDRaFw0zMDA3MTcwMTExNDRa +MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMFwwDQYJKoZIhvcNAQEB +BQADSwAwSAJBAM0Kn4ieCdCHsrm78ZMMN4jQEEEqACAMKB7O8j9g4gfz2oAfmHwv +7JH/hZ0Xen1zUmBbwe+e2J5D/4Fisp9Bn98CAwEAAaOBiTCBhjAdBgNVHQ4EFgQU +g4Kwd47hdNQBp8grZsRJ5XvhvxAwRwYDVR0jBEAwPoAUg4Kwd47hdNQBp8grZsRJ +5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMA8G +A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0GCSqGSIb3DQEBBQUAA0EAn77b +FJx+HvyRvjZYCzMjnUct3Ql4iLOkURYDh93J5TXi/l9ajvAMEuwzYj0qZ+Ktm/ia +U5r+8B9nzx+j2Zh3kw== +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,B8BDE38F08C6BB76 + +eJzx2oZE0UXxWpzssSWtKBOCbm3ZXR6iBKX8iKoDUB5SzzmKr+XzxI7kyv92y0pe +rNTuuCWpBsLdlz7h8Ipn4pBDYswGU5F9MQOEgIYx60OvGhZODHGRzJ05FXTeCmmu +LLp6lGW4SWALcd8g/gJUn1/vp7f1VzQ7RwXWBn4/b34RRYtwr3E6nl4Hc2tEI1in +OL+lCdAAyxjGK7KYFHJQK+1E8tYNrer3cejQDcNysGx4o0H123vfp3NtJ6U7LXyi +D21y3zmPueJos8LluJiLRsONcrcI3mIfpPBsO+Yl2EJtzS9V6Aaq/YdPkwPHH6Y5 +lazGMPXq/nffb12fWLL7m5aFb3FNLwWi/qwEynWCEv7Vl/6kLk+aHhjTnYkLvLNH +9maQFn6j0S3wqogRfW9BDbfC3fRHP6+8YjEEmQ0RTfE= +-----END RSA PRIVATE KEY----- + +3. root certifiate and key (MD2withRSA 2048, root_cert_md2_2048.pem) +-----BEGIN CERTIFICATE----- +MIIDQzCCAiugAwIBAgIBADANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDdaFw0zMDA3MTcwMTExNDda +MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEArF5pINc5s+aUlmdYlxtAQ3V4TXFnP/XOYHxjfLuX +eKO/kh78LMvbDisTPQ2yo9YEawwwbUU40xcuzgi0axXgKveHXYdUmTr0hEapq3rv +g/q2EbOjyXvq4qK2RDoVCN8R3wXiytnY2OFALTx6zc2tW4imJ20svdNVtWhv2syj +ZTmmRXAeFUbD4qKWAFij0I6pnSgVssvWzeyJUNemym+oiYyaSd7n5j1RNAqUKioo +K/T0FOOiuPGMqottgx5YRHa6yapCP5QVWRQ+WBIYJY3Wyq7N+Es20LT6761Pk3to +EFCzM7+zqT/c+pC079HOKXz+m2us+HKp5BKWNnbvgaYPOQIDAQABo4GJMIGGMB0G +A1UdDgQWBBSrSukJf+mO5LTRasAGD9RRs7SASTBHBgNVHSMEQDA+gBSrSukJf+mO +5LTRasAGD9RRs7SASaEjpCEwHzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1w +bGWCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEC +BQADggEBAHvsv+DqMJeIW/D+ltkhw37OdMzkMPp4E6Hbp03O3GZ5LfNGczHCb2uL +sr5T7e/jaBFn6QfmqbOAYAHJSNq2bNNtTbatnHBLuVx13cfxmwk89Cg/tFeoUdcf +m5hzurB6Ub6SsYMOxZHUYp/KxM9x9a7llC1bK3SKXwd4rVDlXh8DOBvdQNr5Q3yq +JjY86bSXO14VzNxL/1rqHiszQdPyR/28SBsQVYSi0Zeyc4Yy1ui/cXu1+PWYw3YZ +QUPHTnkVdPGwRiUqeZIcps+q+ePlQQmDu5qiLD6d8gsyGyY/RvCHWKO5Y9DuX9hs +he/AhCWQx+TQYGLu0liQqLkGZydyRnA= +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,3910D329AD49ECFC + +6K0OU3Xrl2H6kz7x7EHXkM0/Wd6jXBBwWsaroUIGnbIMmljJXPfgcuDUu6f5Imk1 +ndoU0GWjxa1QNjteAQQtFoLDP8rienLs0b969OcAxB0EOffQFkEfsfXdyEIgdwkD +ETczwDIyd8Wj62ClydJES3jKB9Nc9kMIlsoZ+h24TyJeeRsHAtMrz+mlOHsUWDQ5 +FyYZelnx+fQ5maD3bura7xLiNl8CvgWz0wt2Wt4djdMGhQ3OWd0/GWweP+2xnL6n +5tDJ5On50+Z5T8Jhx62yg+wQiBKAYnYw6OX3skJwWknuAvYz3Z3e12DHFx6w5EAU +K7lg7fHMqHNirUkJOlYzgJ21ybV4uQmFRNQJwI9h6GVfdZWPEU+Ni42AlNgNYskF +K19dONNNt0Gwkcm2VOYzwYGDyaQW2YIGDk1fbZdVSu/h/lyOC/RmorGWroAbYsyB +/GUIilcLtQHPGI8XuojTS2/UWcKactpceN3UOnQkus3/smViEqqB/NQ/lcozgs0o +7ZG6H6to7w1yb5VR2d7B2bS7MNJt1AsOB5ydAMYIccdHDTI7CfRK6axQ70O/JPnJ +WLY2e41ig2uAWk/3fRb8L6d3keVcN7y4WnkXPbHhulqtxQo78iSQQAf7tDMBxWKx +C5LQW3CxLkHKp6g22SDxl2LjJyu5nDbtIh3Pq+BCoA25uqXC4rPoWwV7EWYv8Z+Y +E6dS98SEa+cDhpllvGzbTKgcP1VqtQbb9VT92UT1mFrklqRuQIxROeCe4wjp5TKo +D2losUDdzpqBHkBNo2I8qZkgybeCvWEq73my2+JG1AAIFFB1kzfBNaBDGiGSuUuS +5peV8156aaLg5pxdieoRJ3Y7eaWN1wH5CnRnafoB+lxSUsQO1a7y2LbpedrKjs+2 +AryPHQw7HLd8IQevmvd7BhJLdvlt+kXzWID/pUsSAYvI7aP4daQJuAt/kwmU27Gd +wqhV8Tjbb84vFGmqGHtb2YbKfUrsPUNOLBF+U4SDAgBhEyhINQZyRDcqqoywO5Dr +sV46nTEfwAgt88KFt2CEhiyvoJbtCj1iMJeAzuljwF4z4RzB1i3TK0MaJYID2rxB +E1vK9EZIssk/NeImN2YCbuqOhU58jtOwYh3ruS+mZQm1APvJF9N4tCCVQsjWC6zY +4eqs7T6VDFH4AaT7b3J3rTsEpWIDUfagetZs5kR9SiWJC7dU7r53gGg4avVyIIHD ++MYCS+auD9/nmVf4iYstVgJFMUJXC2EUOLi0r8KmDkCILl/K3X/W7QwFTnC07gLh +/9HjWFJ0R6cyODzvE8NGPMeuJGUT2F+mA1vaAC/PBGz+61AF0BjWTZ7x2sH+tSPP +/GVEaCgyzrKRX5XX+7DulTcmFj1JNfMmtbDaJa9WnwOI4qszBGrAcYeYTHXR6Yov +Ux/P6RStfa+UwSjo8i3nfdgLk+RXCpN0srMjSmiQx8d5R/kISqXKDtQfS5M6gsoh +ROz+6zZP8Gh8yakr1p4C6JUSiLDYP5qXzxr8bp+oxvpY7anEDAqx21HyExEAu+gy +IrNl75FWqV8BbKxoFfe9LqyDaryXXA8oy6F+4BT/zRrxp+dym9pbd+OZR423BIij +-----END RSA PRIVATE KEY----- + +4. subca certificate and key (SHA1withRSA 1024, root_cert_sha1_1024.pem signed) +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDhaFw0yOTA0MjMwMTExNDha +MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz +cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8 +BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg +bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82 +AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl +UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw +HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw +AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADgYEAHze3wAcIe84zNOoN +P8l9EmlVVoU30z3LB3hxq3m/dC/4gE5Z9Z8EG1wJw4qaxlTZ4dif12nbTTdofVhb +Bd4syjo6fcUA4q7sfg9TFpoHQ+Ap7PgjK99moMKdMy50Xy8s6FPvaVkF89s66Z6y +e4q7TSwe6QevGOZaL5N/iy2XGEs= +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,0480E76FD259323B + +npiifBm1mHq1Z9QgAV5T35Xbnea9VnwqYQWNfRRKmpfYSdkQJ0few18YtnfZwh9e +LKCWx+lq1V4yDG4SbxXDq71Dyvx1vZY+w4h+6M1+6KGFG1VDBfN3e5aLgK8EG9pZ +yHZH7iB7HiQXH5q53jL6NUZn55C3XEk1sErpK7R1c0Y8Qp2TGiu+lck3K+zR9GiO +5aJMKbShReB0Nfy3JJNKRFSd95QMTTjbq6iIvhN8O02bo4I4I3HTyD8qyR7ViiHl +FmOukjwn4fjJvK0WYKYUjod8oEiMdR2nr73eOGZBAnEorDGQ8VnnCAleSv74is1k +W7M07UP7EJJq9hSZfeMqk5QivtWrqvWG1SWxpTowKTEAyTn7u5U13k0DiRcsg0WT +4mSMiLOhUNgIWcHElbTQPSVDcVznhNk0dWPDwKoUjp+orCuH+NvHKBAu+hnuip3e +Ji7WGrHXI7QxAr5qr5ogl5x4yH4drIbq9fUea3NTuGPuPyu9fWjOSDmqPRKRMJFR +UxxVFcyrW8iSBV5cvB7M1ADS40y6l4ryYmKjXbsOI4Ci8LJWJ4ZB61WQP7TvPQGS +mNFmTTB2dwbpimr4KjV9j2bA9x0jAsjlcQZ5j1GOeyYCEDGKDJw0XD/zI+j0dpVc +eu8YtuJGTyO1h+HiI3D9LrMuyUxxckvFHKe00+4xMz1hpqVo/kxe6gqf/9ES4M/h +6/NeTzeqyJF2rgxK6KJJdmaKVYI+bvAQ3cKl+RZmgOjx4eig58N5uthqFgU7rQ+e +GM9/y8C9WpPqITcJlY7I/7AkqvYDBwBsH/9mf4g9OUbC1Ah+MX8UIQ== +-----END RSA PRIVATE KEY----- + + +5. subca certificate and key (SHA1withRSA 1024, root_cert_sha1_512.pem signed) +-----BEGIN CERTIFICATE----- +MIICDzCCAbmgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla +MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz +cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8 +BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg +bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82 +AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl +UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw +HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw +AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQEFBQADQQCYNmdkONfuk07XjRze +WQyq2cfdae4uIdyUfa2rpgYMtSXuQW3/XrQGiz4G6WBXA2wo7folOOpAKYgvHPrm +w6Dd +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,0480E76FD259323B + +npiifBm1mHq1Z9QgAV5T35Xbnea9VnwqYQWNfRRKmpfYSdkQJ0few18YtnfZwh9e +LKCWx+lq1V4yDG4SbxXDq71Dyvx1vZY+w4h+6M1+6KGFG1VDBfN3e5aLgK8EG9pZ +yHZH7iB7HiQXH5q53jL6NUZn55C3XEk1sErpK7R1c0Y8Qp2TGiu+lck3K+zR9GiO +5aJMKbShReB0Nfy3JJNKRFSd95QMTTjbq6iIvhN8O02bo4I4I3HTyD8qyR7ViiHl +FmOukjwn4fjJvK0WYKYUjod8oEiMdR2nr73eOGZBAnEorDGQ8VnnCAleSv74is1k +W7M07UP7EJJq9hSZfeMqk5QivtWrqvWG1SWxpTowKTEAyTn7u5U13k0DiRcsg0WT +4mSMiLOhUNgIWcHElbTQPSVDcVznhNk0dWPDwKoUjp+orCuH+NvHKBAu+hnuip3e +Ji7WGrHXI7QxAr5qr5ogl5x4yH4drIbq9fUea3NTuGPuPyu9fWjOSDmqPRKRMJFR +UxxVFcyrW8iSBV5cvB7M1ADS40y6l4ryYmKjXbsOI4Ci8LJWJ4ZB61WQP7TvPQGS +mNFmTTB2dwbpimr4KjV9j2bA9x0jAsjlcQZ5j1GOeyYCEDGKDJw0XD/zI+j0dpVc +eu8YtuJGTyO1h+HiI3D9LrMuyUxxckvFHKe00+4xMz1hpqVo/kxe6gqf/9ES4M/h +6/NeTzeqyJF2rgxK6KJJdmaKVYI+bvAQ3cKl+RZmgOjx4eig58N5uthqFgU7rQ+e +GM9/y8C9WpPqITcJlY7I/7AkqvYDBwBsH/9mf4g9OUbC1Ah+MX8UIQ== +-----END RSA PRIVATE KEY----- + + +6. subca certificate and key (SHA1withRSA 512, root_cert_sha1_1024.pem signed) +-----BEGIN CERTIFICATE----- +MIICDDCCAXWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla +MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz +cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV +lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA +AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw +PoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD +VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G +CSqGSIb3DQEBBQUAA4GBAE2VOlw5ySLT3gUzKCYEga4QPaSrf6lHHPi2g48LscEY +h9qQXh4nuIVugReBIEf6N49RdT+M2cgRJo4sZ3ukYLGQzxNuttL5nPSuuvrAR1oG +LUyzOWcUpKHbVHi6zlTt79RvTKZvLcduLutmtPtLJcM9PdiAI1wEooSgxTwZtB/Z +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,0A94F7EA4C89CA33 + +tfKdAZVSrpeS/hU4+mGYcGGx3nNqrE+CzDAfLadVuXz5ju5p9oFhLTZj99wK+uHn +prrWmDNOdYKRBJn7h40WV6zi4lR3JgnuYNxH8fxO3PI+HQ9IuvdoTyqUeXTP4Zj1 +BCnr1k1D2WGDXvnh+saq9qRpMKThjK/OF0YmDa07PI5NOBdMA3EmkNYfwib2GfBV +el4FVkfnPQkLGahTh3SC62TzPlnsAgirCeua7ZLPqN3fkZkYbXZd9op2D31n7cBP +zztg0ah8WF4gPOd/BBZeR9XDog5qm/wzyBj0F6ClHRPjpGYhAm2Vw66xOBlGFYI9 +lVmFQzrPcDNlFTybzhl5C6Qy4cPQh+QErDWxljVI52oYYmY/KRmUGGL7hEG8ZGOn +EUgFrEJyAY7w4wpBC5n9SotwyPXhwKQ1uCBq+1zElPw= +-----END RSA PRIVATE KEY----- + +7. subca certificate and key (SHA1withRSA 512, root_cert_sha1_512.pem signed) +-----BEGIN CERTIFICATE----- +MIIByzCCAXWgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla +MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz +cy0xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKubXYoEHZpZkhzA9XX+NrpqJ4SV +lOMBoL3aWExQpJIgrUaZfbGMBBozIHBJMMayokguHbJvq4QigEgLuhfJNqsCAwEA +AaOBiTCBhjAdBgNVHQ4EFgQUN0CHiTYPtjyvpP2a6y6mhsZ6U40wRwYDVR0jBEAw +PoAUg4Kwd47hdNQBp8grZsRJ5XvhvxChI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD +VQQKEwdFeGFtcGxlggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMA0G +CSqGSIb3DQEBBQUAA0EAoCf0Zu559qcB4xPpzqkVsYiyW49S4Yc0mmQXb1yoQgLx +O+DCkjG5d14+t1MsnkhB2izoQUMxQ3vDc1YnA/tEpw== +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,0A94F7EA4C89CA33 + +tfKdAZVSrpeS/hU4+mGYcGGx3nNqrE+CzDAfLadVuXz5ju5p9oFhLTZj99wK+uHn +prrWmDNOdYKRBJn7h40WV6zi4lR3JgnuYNxH8fxO3PI+HQ9IuvdoTyqUeXTP4Zj1 +BCnr1k1D2WGDXvnh+saq9qRpMKThjK/OF0YmDa07PI5NOBdMA3EmkNYfwib2GfBV +el4FVkfnPQkLGahTh3SC62TzPlnsAgirCeua7ZLPqN3fkZkYbXZd9op2D31n7cBP +zztg0ah8WF4gPOd/BBZeR9XDog5qm/wzyBj0F6ClHRPjpGYhAm2Vw66xOBlGFYI9 +lVmFQzrPcDNlFTybzhl5C6Qy4cPQh+QErDWxljVI52oYYmY/KRmUGGL7hEG8ZGOn +EUgFrEJyAY7w4wpBC5n9SotwyPXhwKQ1uCBq+1zElPw= +-----END RSA PRIVATE KEY----- + +8. subca certificate and key (MD2withRSA 1024, root_cert_sha1_1024.pem signed) +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla +MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz +cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8 +BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg +bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82 +AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl +UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBTn0C+xmZY/BTab4W9gBp3dGa7WgqEjpCEw +HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw +AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEAPtEjwbWuC5kc4DPc +Ttf/wdbD8ZCdAWzcc3XF9q1TlvwVMNk6mbfM05y6ZVsztKTkwZ4EcvFu/yIqw1EB +E1zlXQCaWXT3/ZMbqYZV4+mx+RUl8spUCb1tda25jnTg3mTOzB1iztm4gy903EMd +m8omKDKeCgcw5dR4ITQYvyxe1as= +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,0480E76FD259323B + +npiifBm1mHq1Z9QgAV5T35Xbnea9VnwqYQWNfRRKmpfYSdkQJ0few18YtnfZwh9e +LKCWx+lq1V4yDG4SbxXDq71Dyvx1vZY+w4h+6M1+6KGFG1VDBfN3e5aLgK8EG9pZ +yHZH7iB7HiQXH5q53jL6NUZn55C3XEk1sErpK7R1c0Y8Qp2TGiu+lck3K+zR9GiO +5aJMKbShReB0Nfy3JJNKRFSd95QMTTjbq6iIvhN8O02bo4I4I3HTyD8qyR7ViiHl +FmOukjwn4fjJvK0WYKYUjod8oEiMdR2nr73eOGZBAnEorDGQ8VnnCAleSv74is1k +W7M07UP7EJJq9hSZfeMqk5QivtWrqvWG1SWxpTowKTEAyTn7u5U13k0DiRcsg0WT +4mSMiLOhUNgIWcHElbTQPSVDcVznhNk0dWPDwKoUjp+orCuH+NvHKBAu+hnuip3e +Ji7WGrHXI7QxAr5qr5ogl5x4yH4drIbq9fUea3NTuGPuPyu9fWjOSDmqPRKRMJFR +UxxVFcyrW8iSBV5cvB7M1ADS40y6l4ryYmKjXbsOI4Ci8LJWJ4ZB61WQP7TvPQGS +mNFmTTB2dwbpimr4KjV9j2bA9x0jAsjlcQZ5j1GOeyYCEDGKDJw0XD/zI+j0dpVc +eu8YtuJGTyO1h+HiI3D9LrMuyUxxckvFHKe00+4xMz1hpqVo/kxe6gqf/9ES4M/h +6/NeTzeqyJF2rgxK6KJJdmaKVYI+bvAQ3cKl+RZmgOjx4eig58N5uthqFgU7rQ+e +GM9/y8C9WpPqITcJlY7I/7AkqvYDBwBsH/9mf4g9OUbC1Ah+MX8UIQ== +-----END RSA PRIVATE KEY----- + + +9. subca certificate and key (MD2withRSA 1024, root_cert_sha1_512.pem signed) +-----BEGIN CERTIFICATE----- +MIICDzCCAbmgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAfMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDYwMTExNDlaFw0yOTA0MjMwMTExNDla +MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz +cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVOqnlZspyAEr90ELFaUo8 +BF0O2Kn0yTdUeyiLOth4RA3qxWrjxJq45VmEBjZpEzPHfnp3PhnfmLcLfhoPONFg +bcHzlkj75ZaKCgHoyV456fMBmj348fcoUkH2WdSQ82pmxHOiHqquYNUSTimFIq82 +AayhbKqDmhfx5lJdYNqd5QIDAQABo4GJMIGGMB0GA1UdDgQWBBTfWD9mRTppcUAl +UqGuu/R5t8CB5jBHBgNVHSMEQDA+gBSDgrB3juF01AGnyCtmxEnle+G/EKEjpCEw +HzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGWCAQAwDwYDVR0TAQH/BAUw +AwEB/zALBgNVHQ8EBAMCAgQwDQYJKoZIhvcNAQECBQADQQBHok1v6xymtpB7N9xy +0OmDT27uhmzlP0eOzJvXVxj3Oi9TLQJgCUJ9122MzfRAs1E1uJTtvuu+UmI80NQx +KQdp +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,0480E76FD259323B + +npiifBm1mHq1Z9QgAV5T35Xbnea9VnwqYQWNfRRKmpfYSdkQJ0few18YtnfZwh9e +LKCWx+lq1V4yDG4SbxXDq71Dyvx1vZY+w4h+6M1+6KGFG1VDBfN3e5aLgK8EG9pZ +yHZH7iB7HiQXH5q53jL6NUZn55C3XEk1sErpK7R1c0Y8Qp2TGiu+lck3K+zR9GiO +5aJMKbShReB0Nfy3JJNKRFSd95QMTTjbq6iIvhN8O02bo4I4I3HTyD8qyR7ViiHl +FmOukjwn4fjJvK0WYKYUjod8oEiMdR2nr73eOGZBAnEorDGQ8VnnCAleSv74is1k +W7M07UP7EJJq9hSZfeMqk5QivtWrqvWG1SWxpTowKTEAyTn7u5U13k0DiRcsg0WT +4mSMiLOhUNgIWcHElbTQPSVDcVznhNk0dWPDwKoUjp+orCuH+NvHKBAu+hnuip3e +Ji7WGrHXI7QxAr5qr5ogl5x4yH4drIbq9fUea3NTuGPuPyu9fWjOSDmqPRKRMJFR +UxxVFcyrW8iSBV5cvB7M1ADS40y6l4ryYmKjXbsOI4Ci8LJWJ4ZB61WQP7TvPQGS +mNFmTTB2dwbpimr4KjV9j2bA9x0jAsjlcQZ5j1GOeyYCEDGKDJw0XD/zI+j0dpVc +eu8YtuJGTyO1h+HiI3D9LrMuyUxxckvFHKe00+4xMz1hpqVo/kxe6gqf/9ES4M/h +6/NeTzeqyJF2rgxK6KJJdmaKVYI+bvAQ3cKl+RZmgOjx4eig58N5uthqFgU7rQ+e +GM9/y8C9WpPqITcJlY7I/7AkqvYDBwBsH/9mf4g9OUbC1Ah+MX8UIQ== +-----END RSA PRIVATE KEY----- + + +a. end entity certificate and key + (SHA1withRSA 1024, subca_cert_sha1_1024_1024.pem signed) +-----BEGIN CERTIFICATE----- +MIICNzCCAaCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx +NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt +cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt +vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v +z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6 +c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07 +OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG +9w0BAQUFAAOBgQAOfIeasDg91CR3jGfuAEVKwncM1OPFmniAUcdPm74cCAyJ90Me +dhUElWPGoAuXGfiyZlOlGUYWqEroe/dnkmnotJjLWR+MA4ZyX3O1YI8T4W3deWcC +J4WMCF7mp17SaYYKX9F0AxwNJFpUkbB41IkTxPr0MmzB1871/pbY8dLAvA== +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,1FE5A37B770AF83D + +042bWtt4q0cB8pRuPUlMVncTP/WAz+mmPw3jXI3LFOBZeK6zFEDpI5M9c2JO+rqp +Za5UkYuIg69V7LngriqRynkRGGQp3xASMLr5NVbKHTE/Ol/iIuxKaCkumZmGXB/z +8bxQF5XN4tbKT4s3sWWmmKMicg6MHvySi3QVRG11PHRu/q7CEFPzJKRQ3fpaNcKD +NTBI5F6GP9ENa/eog4WGENjXS0v4Wa3IfaOhjKXrSxjLUqLH0C8g5WWg5IrXXtuI +pgyJ2kkE3Y/ChU7p7R42we6tBZqF5SiL5kFDn86DmHgCslTiZkIoE5i644sp03Sd +XkHyHu0VIeYp3nDwRA7S98837W4F6i1BnXA5f3EaE3rNGjsxK8zL2pvdCcDYbese +ETfba16HMzLXe1b4RSI3gwhlQ2MNKBwvskkQESf/Ew1DskBY0MCYFxo6hIp6LqMo +HAl5kvCwvuYL2jBdQhkKxU+Leu5Ei8Ie9XYNVy4yUeUAMnSUkVaEs/I8z+Mk8oYq +4QWqOc66XLcI13coDoxmv54kye3RjqdmZI8mg/3LCFotwceDuXyD43/vVhoTPEnp +CqXafV2pw4y95skMHmktI2qvSahaM4P6GGXl8HqmP3b+8V5mxMhNtVnuUha2kouw +DLNFUTg1cCLahM5SRolyA/XTGh7JOkJMYWPeJwN7l3K+lBtHHfj6DHtKEjUcyZFd ++Z55pDoAERumB6+BCnt6X2/0kEDV219RmsgxkGTWdFs+M7Y6EYYRtlinH4nqL6UD +eHWitYIatAHOvdHeNrbXN9L5P3tsUB4HzFa46WWtKqRtbCVTuPVZdw== +-----END RSA PRIVATE KEY----- + +b. end entity certificate and key + (SHA1withRSA 1024, subca_cert_sha1_512_1024.pem signed) +-----BEGIN CERTIFICATE----- +MIIB9jCCAaCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx +NTBaFw0yOTA0MjMwMTExNTBaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt +cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt +vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v +z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6 +c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07 +OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG +9w0BAQUFAANBADV6X+ea0ftEKXy7yKNAbdIp35893T6AVwbdclomPkeOs86OtoTG +1BIzWSK9QE7W6Wbf63e2RdcqoLK+DxsuwUg= +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,1FE5A37B770AF83D + +042bWtt4q0cB8pRuPUlMVncTP/WAz+mmPw3jXI3LFOBZeK6zFEDpI5M9c2JO+rqp +Za5UkYuIg69V7LngriqRynkRGGQp3xASMLr5NVbKHTE/Ol/iIuxKaCkumZmGXB/z +8bxQF5XN4tbKT4s3sWWmmKMicg6MHvySi3QVRG11PHRu/q7CEFPzJKRQ3fpaNcKD +NTBI5F6GP9ENa/eog4WGENjXS0v4Wa3IfaOhjKXrSxjLUqLH0C8g5WWg5IrXXtuI +pgyJ2kkE3Y/ChU7p7R42we6tBZqF5SiL5kFDn86DmHgCslTiZkIoE5i644sp03Sd +XkHyHu0VIeYp3nDwRA7S98837W4F6i1BnXA5f3EaE3rNGjsxK8zL2pvdCcDYbese +ETfba16HMzLXe1b4RSI3gwhlQ2MNKBwvskkQESf/Ew1DskBY0MCYFxo6hIp6LqMo +HAl5kvCwvuYL2jBdQhkKxU+Leu5Ei8Ie9XYNVy4yUeUAMnSUkVaEs/I8z+Mk8oYq +4QWqOc66XLcI13coDoxmv54kye3RjqdmZI8mg/3LCFotwceDuXyD43/vVhoTPEnp +CqXafV2pw4y95skMHmktI2qvSahaM4P6GGXl8HqmP3b+8V5mxMhNtVnuUha2kouw +DLNFUTg1cCLahM5SRolyA/XTGh7JOkJMYWPeJwN7l3K+lBtHHfj6DHtKEjUcyZFd ++Z55pDoAERumB6+BCnt6X2/0kEDV219RmsgxkGTWdFs+M7Y6EYYRtlinH4nqL6UD +eHWitYIatAHOvdHeNrbXN9L5P3tsUB4HzFa46WWtKqRtbCVTuPVZdw== +-----END RSA PRIVATE KEY----- + +c. end entity certificate and key + (SHA1withRSA 512, subca_cert_sha1_1024_1024.pem signed) +-----BEGIN CERTIFICATE----- +MIIB8zCCAVygAwIBAgIBBDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx +NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt +cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3 +DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo +uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE +AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU +31g/ZkU6aXFAJVKhrrv0ebfAgeYwDQYJKoZIhvcNAQEFBQADgYEAUyW8PrEdbzLu +B+h6UemBOJ024rYq90hJE/5wUEKPvxZ9vPEUgl+io6cGhL3cLfxfh6z5xtEGp4Tb +NB0Ye3Qi01FBiNDY8s3rQRrmel6VysU8u+0Oi2jmQY6vZXn/zXN5rrTLITCaSicG +dOMv1xLM83Ee432WWlDwKOUxhzDGpWc= +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,153918982D82A26E + +5w5MNd16M1draSfIFAuWNfP3869l9y8vMI1kOcxqsxjeG6YfgKUyu6PEYlj1R7d1 +/+UwVs9RGm3V7AwV4G1Qpnd+jaMLpgPVMP12sHPnslBE4SQe9bAZ+X5i2/5uesHv +bF7OBMqsYW8+Kgsy1Ac0pBx/8yoFYdD3KYFnIP20kV2Xxy4PtQQ6tHJ33dGslTNU +qrcJsyUyYj6wORlb7huuP5Ua8f28Xs/KvnNJG0094kC1WHi3Raf4AoD/rvraVtCQ +5jrK9se8D6su+S3SEW0YndxivbNx3xJu2O72e7lS6yb5ht3U7xNSSWTffIlW1okI +zjscK0iv9S+x452mLIFUgkmriVJLFfjTMRCbhS1J6q9FXLDdre/2O18FO2TvwRIE +6Bwt2utfOAGccRHLsdgcXkv+ngCTCkuCnmh2XZWqmvA= +-----END RSA PRIVATE KEY----- + +d. end entity certificate and key + (SHA1withRSA 512, subca_cert_sha1_512_1024.pem signed) +-----BEGIN CERTIFICATE----- +MIIBsjCCAVygAwIBAgIBBTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx +NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt +cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTBcMA0GCSqGSIb3 +DQEBAQUAA0sAMEgCQQCpfQzhld7w2JhW/aRaLkmrLrc/QAsQE+J4DXioXaajsWPo +uMmYmuiQolb6OIY/LcivSubKM3G5PkAWoovUPIWLAgMBAAGjTzBNMAsGA1UdDwQE +AwID6DAdBgNVHQ4EFgQUFWuXLkf4Ji57H9ISycgWi982TUIwHwYDVR0jBBgwFoAU +N0CHiTYPtjyvpP2a6y6mhsZ6U40wDQYJKoZIhvcNAQEFBQADQQBG4grtrVEHick0 +z/6Lcl/MGyHT0c8KTXE0AMVXG1NRjAicAmYno/yDaJ9OmfymObKZKV9fF7yCW/N/ +TMU6m7N0 +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,153918982D82A26E + +5w5MNd16M1draSfIFAuWNfP3869l9y8vMI1kOcxqsxjeG6YfgKUyu6PEYlj1R7d1 +/+UwVs9RGm3V7AwV4G1Qpnd+jaMLpgPVMP12sHPnslBE4SQe9bAZ+X5i2/5uesHv +bF7OBMqsYW8+Kgsy1Ac0pBx/8yoFYdD3KYFnIP20kV2Xxy4PtQQ6tHJ33dGslTNU +qrcJsyUyYj6wORlb7huuP5Ua8f28Xs/KvnNJG0094kC1WHi3Raf4AoD/rvraVtCQ +5jrK9se8D6su+S3SEW0YndxivbNx3xJu2O72e7lS6yb5ht3U7xNSSWTffIlW1okI +zjscK0iv9S+x452mLIFUgkmriVJLFfjTMRCbhS1J6q9FXLDdre/2O18FO2TvwRIE +6Bwt2utfOAGccRHLsdgcXkv+ngCTCkuCnmh2XZWqmvA= +-----END RSA PRIVATE KEY----- + +e. end entity certificate and key + (MD2withRSA 1024, subca_cert_sha1_1024_1024.pem signed) +-----BEGIN CERTIFICATE----- +MIICNzCCAaCgAwIBAgIBBjANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx +NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt +cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt +vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v +z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6 +c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07 +OorBleV92TAfBgNVHSMEGDAWgBTfWD9mRTppcUAlUqGuu/R5t8CB5jANBgkqhkiG +9w0BAQIFAAOBgQBxKsFf8NNQcXjDoKJJSG4Rk6ikcrhiGYuUI32+XHvs6hnav1Zc +aJUpy7J4gMj/MnysMh/4AF9+m6zEEjuisXKUbYZhgtJxz+ukGSo163mJ8QJiAlRb +Iwsy81r08mlSCR6jx2YhDAUxJIPC92R5Vb4CEutB7tWTwwz7vIHq330erA== +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,1FE5A37B770AF83D + +042bWtt4q0cB8pRuPUlMVncTP/WAz+mmPw3jXI3LFOBZeK6zFEDpI5M9c2JO+rqp +Za5UkYuIg69V7LngriqRynkRGGQp3xASMLr5NVbKHTE/Ol/iIuxKaCkumZmGXB/z +8bxQF5XN4tbKT4s3sWWmmKMicg6MHvySi3QVRG11PHRu/q7CEFPzJKRQ3fpaNcKD +NTBI5F6GP9ENa/eog4WGENjXS0v4Wa3IfaOhjKXrSxjLUqLH0C8g5WWg5IrXXtuI +pgyJ2kkE3Y/ChU7p7R42we6tBZqF5SiL5kFDn86DmHgCslTiZkIoE5i644sp03Sd +XkHyHu0VIeYp3nDwRA7S98837W4F6i1BnXA5f3EaE3rNGjsxK8zL2pvdCcDYbese +ETfba16HMzLXe1b4RSI3gwhlQ2MNKBwvskkQESf/Ew1DskBY0MCYFxo6hIp6LqMo +HAl5kvCwvuYL2jBdQhkKxU+Leu5Ei8Ie9XYNVy4yUeUAMnSUkVaEs/I8z+Mk8oYq +4QWqOc66XLcI13coDoxmv54kye3RjqdmZI8mg/3LCFotwceDuXyD43/vVhoTPEnp +CqXafV2pw4y95skMHmktI2qvSahaM4P6GGXl8HqmP3b+8V5mxMhNtVnuUha2kouw +DLNFUTg1cCLahM5SRolyA/XTGh7JOkJMYWPeJwN7l3K+lBtHHfj6DHtKEjUcyZFd ++Z55pDoAERumB6+BCnt6X2/0kEDV219RmsgxkGTWdFs+M7Y6EYYRtlinH4nqL6UD +eHWitYIatAHOvdHeNrbXN9L5P3tsUB4HzFa46WWtKqRtbCVTuPVZdw== +-----END RSA PRIVATE KEY----- + +f. end entity certificate and key + (MD2withRSA 1024, subca_cert_sha1_512_1024.pem signed) +-----BEGIN CERTIFICATE----- +MIIB9jCCAaCgAwIBAgIBBzANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMTAeFw0wOTA4MDYwMTEx +NTFaFw0yOTA0MjMwMTExNTFaMEExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFt +cGxlMRAwDgYDVQQLEwdDbGFzcy0xMQ4wDAYDVQQDEwVBbGljZTCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAy6/2g3rxQzJEvTyOnBcEnZthmAD0AnP6LG8b35jt +vh71LHbF1FhkOT42Rfg20aBfWTMRf+FeOJBXpD4gCNjQA40vy8FaQxgYNAf7ho5v +z6yAEE6SG7YviE+XGcvpQo47w8c6QSQjpBzdw7JxwbVlzUT7pF8x3RnXlGhWnWv6 +c1ECAwEAAaNPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSaXXERsow2Wm/6uT07 +OorBleV92TAfBgNVHSMEGDAWgBQ3QIeJNg+2PK+k/ZrrLqaGxnpTjTANBgkqhkiG +9w0BAQIFAANBAIX63Ypi9P71RnC/pcMbhD+wekRFsTzU593X3MC7tyBJtEXwvAZG +iMxXF5A+ohlr7/CrkV7ZTL8PLxnJdY5Y8rQ= +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,1FE5A37B770AF83D + +042bWtt4q0cB8pRuPUlMVncTP/WAz+mmPw3jXI3LFOBZeK6zFEDpI5M9c2JO+rqp +Za5UkYuIg69V7LngriqRynkRGGQp3xASMLr5NVbKHTE/Ol/iIuxKaCkumZmGXB/z +8bxQF5XN4tbKT4s3sWWmmKMicg6MHvySi3QVRG11PHRu/q7CEFPzJKRQ3fpaNcKD +NTBI5F6GP9ENa/eog4WGENjXS0v4Wa3IfaOhjKXrSxjLUqLH0C8g5WWg5IrXXtuI +pgyJ2kkE3Y/ChU7p7R42we6tBZqF5SiL5kFDn86DmHgCslTiZkIoE5i644sp03Sd +XkHyHu0VIeYp3nDwRA7S98837W4F6i1BnXA5f3EaE3rNGjsxK8zL2pvdCcDYbese +ETfba16HMzLXe1b4RSI3gwhlQ2MNKBwvskkQESf/Ew1DskBY0MCYFxo6hIp6LqMo +HAl5kvCwvuYL2jBdQhkKxU+Leu5Ei8Ie9XYNVy4yUeUAMnSUkVaEs/I8z+Mk8oYq +4QWqOc66XLcI13coDoxmv54kye3RjqdmZI8mg/3LCFotwceDuXyD43/vVhoTPEnp +CqXafV2pw4y95skMHmktI2qvSahaM4P6GGXl8HqmP3b+8V5mxMhNtVnuUha2kouw +DLNFUTg1cCLahM5SRolyA/XTGh7JOkJMYWPeJwN7l3K+lBtHHfj6DHtKEjUcyZFd ++Z55pDoAERumB6+BCnt6X2/0kEDV219RmsgxkGTWdFs+M7Y6EYYRtlinH4nqL6UD +eHWitYIatAHOvdHeNrbXN9L5P3tsUB4HzFa46WWtKqRtbCVTuPVZdw== +-----END RSA PRIVATE KEY----- + +h. root CRL issuer +-----BEGIN CERTIFICATE----- +MIICKzCCAZSgAwIBAgIBCjANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDgxNjMwNTdaFw0yOTA0MjUxNjMwNTda +MB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCy6RoQ6nMdeGJ6ijfjqDu3tDmeGLgnvfBcUKvcsvz9Ji3m +oGnTzECo1oLV+A4/TJxOlak+ZiQ5KVyvfMcXLJeT6dRpXQZ+uc6TT3SkBq94VFzX +qkk08z42JNdk1s5uyW8nRfg7+xntajQVrysoPYNDhu21cPnjDkRiBsIdS7+75QID +AQABo3cwdTAdBgNVHQ4EFgQUGcJU6xWo66kI1QBvlfTQKxxmx9IwRwYDVR0jBEAw +PoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8xCzAJBgNVBAYTAlVTMRAwDgYD +VQQKEwdFeGFtcGxlggEAMAsGA1UdDwQEAwIBAjANBgkqhkiG9w0BAQQFAAOBgQBx +uKL59VInPdCi+8JL4B+S5YjlPL4ZOBHTjS0JlNxtjbGZdfs+3E9PUAdqhMJO4vq7 +XD+hGtgZtwSqGaSUYAtpLdoCr7vvPkcrxYTG2Ak+UiTbZhmJeSswKgFaCmjjdMCy +y64UP2DQfn6Zi0wCfeao0m9s3zRLuJpgaQGiSHTQKA== +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,41E4237825CE0148 + +9nbfd7dsaS+fkFYrU1+wTcevjdRLF/j9DUVQh/2bsFlVEYgeL8A+XpvpbXHYBd7H +oBreofDNseibHe4EgISGPK8RymjYutQqPpbHwXd25jlUuUapvvuCj8V6qnhgpqEo +zXL1Nd2c6KZgdySosyWy8JfIBZJ3kwiSkXVwzs8R4bAGrg1VS80GuszvCv8Fzjoc +LuesX6fViE9yFzLsyOvn/W12DKhTXwiXTQYLUupM8zI9Kpozbea52ZIPMJ9HEiaY +JgwNj05w33VxTe/tq3R9vS2Ee6aM4odi6CQEheLsUAnyE0BTsITKzwwTI25WTv25 +W+gwSF3V49a34MojTdlORq5iH0b3rYl7OMdk+99elJSkyQIbVwwOCFrKuSXYXvV7 +s9iMPFUbi+bZ3oP6zM5kVUcH6KyVeYfkuLf2+k1vPlav8/W5v+WfnvUNOBx76Ira +BzVPYmm2V+YFiFL1hugm5Wv+yyx8QcfgXbvhNHoIEj7hh6Ac48FhtqEcBHjuT/gy +7atJJUdOH6hhmD34hkHGnhcDE15ZOczxTLRC9450h5HKsZ0FILRlCBZLmiedycs2 +zqhUpR4jzDG9jKrlDU4ErfMgPLjveZc3/VT3bc+TYfuC8szCaQ5XX1JVcabZ+HQw +pwmA1ONZDVsFzwbJy9+5bgXX+wLD5kaez8EHNDS5PgqgL0UdrWjdRi6e1RwlTDEw +g/d7TZm/iQeL1iUIfkPA1f0ByYIiyd3XQqiQ/Mf1C16lQkhTHDwofFJdL8otT2Ha +dk6fa7lBOnrpbRKUdpJpYfyqHg80BYNPu6BacVXlYqtJtkFK04qHbA== +-----END RSA PRIVATE KEY----- + +i. CRL issued by root CRL issuer +-----BEGIN X509 CRL----- +MIH2MGECAQEwDQYJKoZIhvcNAQEFBQAwHzELMAkGA1UEBhMCVVMxEDAOBgNVBAoT +B0V4YW1wbGUXDTA5MDgwODE2MzU1MFoXDTI4MTAwNzE2MzU1MFqgDjAMMAoGA1Ud +FAQDAgEAMA0GCSqGSIb3DQEBBQUAA4GBAJCd7e25MruuWJP/KmenGC6CR22pQuG+ +XhRaAtpHkNRls8+TfBxm2PtRrXCAcDb68kNLdwvlAlCUwmL6HOx4VB3r+8QRUlDa +T48wVp1ojGU2b2XbPtXiYZBXW6hBsFHGDJM/IAGJPE2PbVYGlBc23A9V9WyPyThi +9XXG1iOTIJ6u +-----END X509 CRL----- + +j. subca CRL issuer +-----BEGIN CERTIFICATE----- +MIICPTCCAaagAwIBAgIBCzANBgkqhkiG9w0BAQQFADAfMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXhhbXBsZTAeFw0wOTA4MDgxNjMwNThaFw0yOTA0MjUxNjMwNTha +MDExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlMRAwDgYDVQQLEwdDbGFz +cy0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8KICP0bdOZVlR9gZu7TgD +znXgSMER1IQtompgr1mWeZjX4LmRck3/ogHoxwC4RbNPKI3KIihcVdFHw2jgvE0M +mpf2lI50tmhnLitM8P0/q8xUU/KncipADo4hkM5TbpjPeGUBTGLKzGrq7yyT9Uli +Z74rrp1mS59TxcEI2YQMIQIDAQABo3cwdTAdBgNVHQ4EFgQUDGgpD4L8V3aBJPLx +C7diZ0M0wWMwRwYDVR0jBEAwPoAU59AvsZmWPwU2m+FvYAad3Rmu1oKhI6QhMB8x +CzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFeGFtcGxlggEAMAsGA1UdDwQEAwIBAjAN +BgkqhkiG9w0BAQQFAAOBgQCcXqRge5UuW0duf/XnUWP4hrm4Q9EHJaiHZDYxI+WW +Ca3OXdsrpgGi+RSgeMtQzlZ7YAwyYVV91U4BnX6s/97Vp5xbR3wr8Qbx67inM8Lp +Tuo+e0nyTxwlwi9cSyy5MfJ8jfzaD+n8akhV+sx0Mmiv77YlrShP24lod55gJHKC +vQ== +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,16EC4E2C0855BD5C + +dJHcUsnACMhfESAalWrWrfARnUgGhpp3vupjePUiBJ86YmKaNNr6GAwDukg3EJvs +tboO1QQziLSf9pP7gw82Vp5YctEkk7vJVvCcq3QkZAsjNUHf3m3ne2qg8HngufzY +IS/C3EtKuMr3oqa7P8wvMcsBs1G1ga/YqCWoKzowXhybaYPe20fwUNRtgqgdS5Gy +bAzQB9R+Ua2tCaXb3CBYnrczsYFPhjuULr4qbWgHVBWhnkS3OIz71WqcCoXmvD3s +bsjoZRCJUM6Zavyzs0kVGZogiPdr+KUyzjNNsnxle5cEET6nqkYR16UT/Fvemz9Q +szh/y0gCi1nZb6cw5e9BJyF1GlobzxWyMwwY9L4vZNaBNaVRun+6dRWy0svaPuEy +fV/9Y0/la9scyA5yNHz8xud3Njhj2ghyG5Nqbs3N/pPXRVdh7WNFBnc+L/SIBhhB +/Ha9+OZdqyuMf3G+I1+WVADQr8xQP8/yLEvybZYtssjnuCmQSLPDDQFnp2Z3spax ++AT+T4dRimMjf0mZK/NlRJU9PWqMHzsJGBY1A903oAiiHiRFD10z8vyPBigSDF2W +ct6a8WI1prKho6HbMqeIlSPk+HkdCGZedNNbvRlKl4Y56IsHGAhb3wvQ+94049P9 +wu5thK69jNb7ie3YEefAZTb5kD0h+oB8BILOJ5B29C04JdDe6P6hjGKD7x3nRhHM +nyCUMB/fhYpoXdDhz8CeJ77hFt2zFZRstlDctQsDqLkC0AdvlOFsEFqGM4AkBGcV +f6Y+ykNQB3vEWPZsWqVXHB2vQvk00R55tgu+R5JJ45NLG2TqyOp/4A== +-----END RSA PRIVATE KEY----- + +k. CRL issued by subca CRL issuer +-----BEGIN X509 CRL----- +MIIBLTCBlwIBATANBgkqhkiG9w0BAQIFADAxMQswCQYDVQQGEwJVUzEQMA4GA1UE +ChMHRXhhbXBsZTEQMA4GA1UECxMHQ2xhc3MtMRcNMDkwODA4MTYzNTUxWhcNMjgx +MDA3MTYzNTUxWjAiMCACAQIXDTA5MDgwODE2MzU1MFowDDAKBgNVHRUEAwoBBKAO +MAwwCgYDVR0UBAMCAQAwDQYJKoZIhvcNAQECBQADgYEAbIs7ws4/M24NYrIO0XY6 +UVxni0ZoQa+1R7NwU6unr4jFEVD+W/b+JEMfm0RUmpSa7HrUYsw+NycD3m5CD6VJ +U4iuGGeJvHdrYJiPIYkEiFQnhAGOj8oS/nWtPvDKbuBMZI9atKkypby9At8h9URq +1g/KSIM3rd1PYADdcPsok4I= +-----END X509 CRL----- + diff --git a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/generate.sh b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/generate.sh new file mode 100644 index 00000000000..ff936e5d1f0 --- /dev/null +++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/generate.sh @@ -0,0 +1,255 @@ +# +# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. Sun designates this +# particular file as subject to the "Classpath" exception as provided +# by Sun in the LICENSE file that accompanied this code. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, +# CA 95054 USA or visit www.sun.com if you need additional information or +# have any questions. +# + +#!/bin/ksh +# +# needs ksh to run the script. +set -e + +OPENSSL=openssl + +# generate a self-signed root certificate +if [ ! -f root/finished ]; then + if [ ! -d root ]; then + mkdir root + fi + + # SHA1withRSA 1024 + ${OPENSSL} req -x509 -newkey rsa:1024 -keyout root/root_key_1024.pem \ + -out root/root_cert_sha1_1024.pem -subj "/C=US/O=Example" \ + -config openssl.cnf -reqexts cert_issuer -days 7650 -sha1 \ + -passin pass:passphrase -passout pass:passphrase + + # SHA1withRSA 512 + ${OPENSSL} req -x509 -newkey rsa:512 -keyout root/root_key_512.pem \ + -out root/root_cert_sha1_512.pem -subj "/C=US/O=Example" \ + -config openssl.cnf -reqexts cert_issuer -days 7650 -sha1 \ + -passin pass:passphrase -passout pass:passphrase + + # MD2withRSA 2048 + ${OPENSSL} req -x509 -newkey rsa:2048 -keyout root/root_key_2048.pem \ + -out root/root_cert_md2_2048.pem -subj "/C=US/O=Example" \ + -config openssl.cnf -reqexts cert_issuer -days 7650 -md2 \ + -passin pass:passphrase -passout pass:passphrase + + openssl req -newkey rsa:1024 -keyout root/root_crlissuer_key.pem \ + -out root/root_crlissuer_req.pem -subj "/C=US/O=Example" -days 7650 \ + -passin pass:passphrase -passout pass:passphrase + + openssl x509 -req -in root/root_crlissuer_req.pem -extfile openssl.cnf \ + -extensions crl_issuer -CA root/root_cert_sha1_1024.pem \ + -CAkey root/root_key_1024.pem -out root/root_crlissuer_cert.pem \ + -CAcreateserial -CAserial root/root_cert.srl -days 7200 \ + -passin pass:passphrase + + touch root/finished +fi + + +# generate subca cert issuer +if [ ! -f subca/finished ]; then + if [ ! -d subca ]; then + mkdir subca + fi + + # RSA 1024 + ${OPENSSL} req -newkey rsa:1024 -keyout subca/subca_key_1024.pem \ + -out subca/subca_req_1024.pem -subj "/C=US/O=Example/OU=Class-1" \ + -days 7650 -passin pass:passphrase -passout pass:passphrase + + # RSA 512 + ${OPENSSL} req -newkey rsa:512 -keyout subca/subca_key_512.pem \ + -out subca/subca_req_512.pem -subj "/C=US/O=Example/OU=Class-1" \ + -days 7650 -passin pass:passphrase -passout pass:passphrase + + # SHA1withRSA 1024 signed with RSA 1024 + ${OPENSSL} x509 -req -in subca/subca_req_1024.pem -extfile openssl.cnf \ + -extensions cert_issuer -CA root/root_cert_sha1_1024.pem \ + -CAkey root/root_key_1024.pem -out subca/subca_cert_sha1_1024_1024.pem \ + -CAcreateserial -sha1 \ + -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase + + # SHA1withRSA 1024 signed with RSA 512 + ${OPENSSL} x509 -req -in subca/subca_req_1024.pem -extfile openssl.cnf \ + -extensions cert_issuer -CA root/root_cert_sha1_512.pem \ + -CAkey root/root_key_512.pem -out subca/subca_cert_sha1_1024_512.pem \ + -CAcreateserial -sha1 \ + -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase + + # SHA1withRSA 512 signed with RSA 1024 + ${OPENSSL} x509 -req -in subca/subca_req_512.pem -extfile openssl.cnf \ + -extensions cert_issuer -CA root/root_cert_sha1_1024.pem \ + -CAkey root/root_key_1024.pem -out subca/subca_cert_sha1_512_1024.pem \ + -CAcreateserial -sha1 \ + -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase + + # SHA1withRSA 512 signed with RSA 512 + ${OPENSSL} x509 -req -in subca/subca_req_512.pem -extfile openssl.cnf \ + -extensions cert_issuer -CA root/root_cert_sha1_512.pem \ + -CAkey root/root_key_512.pem -out subca/subca_cert_sha1_512_512.pem \ + -CAcreateserial -sha1 \ + -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase + + # MD2withRSA 1024 signed with RSA 1024 + ${OPENSSL} x509 -req -in subca/subca_req_1024.pem -extfile openssl.cnf \ + -extensions cert_issuer -CA root/root_cert_sha1_1024.pem \ + -CAkey root/root_key_1024.pem -out subca/subca_cert_md2_1024_1024.pem \ + -CAcreateserial -md2 \ + -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase + + # MD2withRSA 1024 signed with RSA 512 + ${OPENSSL} x509 -req -in subca/subca_req_1024.pem -extfile openssl.cnf \ + -extensions cert_issuer -CA root/root_cert_sha1_512.pem \ + -CAkey root/root_key_512.pem -out subca/subca_cert_md2_1024_512.pem \ + -CAcreateserial -md2 \ + -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase + + openssl req -newkey rsa:1024 -keyout subca/subca_crlissuer_key.pem \ + -out subca/subca_crlissuer_req.pem -subj "/C=US/O=Example/OU=Class-1" \ + -days 7650 -passin pass:passphrase -passout pass:passphrase + + openssl x509 -req -in subca/subca_crlissuer_req.pem -extfile openssl.cnf \ + -extensions crl_issuer -CA root/root_cert_sha1_1024.pem \ + -CAkey root/root_key_1024.pem -out subca/subca_crlissuer_cert.pem \ + -CAcreateserial -CAserial root/root_cert.srl -days 7200 \ + -passin pass:passphrase + + touch subca/finished +fi + + +# generate certifiacte for Alice +if [ ! -f subca/alice/finished ]; then + if [ ! -d subca/alice ]; then + mkdir -p subca/alice + fi + + # RSA 1024 + ${OPENSSL} req -newkey rsa:1024 -keyout subca/alice/alice_key_1024.pem \ + -out subca/alice/alice_req_1024.pem \ + -subj "/C=US/O=Example/OU=Class-1/CN=Alice" -days 7650 \ + -passin pass:passphrase -passout pass:passphrase + + # RSA 512 + ${OPENSSL} req -newkey rsa:512 -keyout subca/alice/alice_key_512.pem \ + -out subca/alice/alice_req_512.pem \ + -subj "/C=US/O=Example/OU=Class-1/CN=Alice" -days 7650 \ + -passin pass:passphrase -passout pass:passphrase + + # SHA1withRSA 1024 signed with RSA 1024 + ${OPENSSL} x509 -req -in subca/alice/alice_req_1024.pem \ + -extfile openssl.cnf -extensions ee_of_subca \ + -CA subca/subca_cert_sha1_1024_1024.pem \ + -CAkey subca/subca_key_1024.pem \ + -out subca/alice/alice_cert_sha1_1024_1024.pem -CAcreateserial -sha1 \ + -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase + + # SHA1withRSA 1024 signed with RSA 512 + ${OPENSSL} x509 -req -in subca/alice/alice_req_1024.pem \ + -extfile openssl.cnf -extensions ee_of_subca \ + -CA subca/subca_cert_sha1_512_1024.pem \ + -CAkey subca/subca_key_512.pem \ + -out subca/alice/alice_cert_sha1_1024_512.pem -CAcreateserial -sha1 \ + -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase + + # SHA1withRSA 512 signed with RSA 1024 + ${OPENSSL} x509 -req -in subca/alice/alice_req_512.pem \ + -extfile openssl.cnf -extensions ee_of_subca \ + -CA subca/subca_cert_sha1_1024_1024.pem \ + -CAkey subca/subca_key_1024.pem \ + -out subca/alice/alice_cert_sha1_512_1024.pem -CAcreateserial -sha1 \ + -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase + + # SHA1withRSA 512 signed with RSA 512 + ${OPENSSL} x509 -req -in subca/alice/alice_req_512.pem \ + -extfile openssl.cnf -extensions ee_of_subca \ + -CA subca/subca_cert_sha1_512_1024.pem \ + -CAkey subca/subca_key_512.pem \ + -out subca/alice/alice_cert_sha1_512_512.pem -CAcreateserial -sha1 \ + -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase + + # MD2withRSA 1024 signed with RSA 1024 + ${OPENSSL} x509 -req -in subca/alice/alice_req_1024.pem \ + -extfile openssl.cnf -extensions ee_of_subca \ + -CA subca/subca_cert_sha1_1024_1024.pem \ + -CAkey subca/subca_key_1024.pem \ + -out subca/alice/alice_cert_md2_1024_1024.pem -CAcreateserial -md2 \ + -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase + + # MD2withRSA 1024 signed with RSA 512 + ${OPENSSL} x509 -req -in subca/alice/alice_req_1024.pem \ + -extfile openssl.cnf -extensions ee_of_subca \ + -CA subca/subca_cert_sha1_512_1024.pem \ + -CAkey subca/subca_key_512.pem \ + -out subca/alice/alice_cert_md2_1024_512.pem -CAcreateserial -md2 \ + -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase + + touch subca/alice/finished +fi + +if [ ! -f root/revoked ]; then + if [ ! -d root ]; then + mkdir root + fi + + if [ ! -f root/index.txt ]; then + touch root/index.txt + echo 00 > root/crlnumber + fi + + openssl ca -gencrl -config openssl.cnf -name ca_top -crldays 7000 -md sha1 \ + -crl_reason superseded -keyfile root/root_crlissuer_key.pem \ + -cert root/root_crlissuer_cert.pem -out root/top_crl.pem \ + -passin pass:passphrase + + touch root/revoked +fi + +if [ ! -f subca/revoked ]; then + if [ ! -d subca ]; then + mkdir subca + fi + + if [ ! -f subca/index.txt ]; then + touch subca/index.txt + echo 00 > subca/crlnumber + fi + + # revoke alice's SHA1withRSA 1024 signed with RSA 1024 + openssl ca -revoke subca/alice/alice_cert_sha1_1024_1024.pem \ + -config openssl.cnf \ + -name ca_subca -crl_reason superseded \ + -keyfile subca/subca_crlissuer_key.pem \ + -cert subca/subca_crlissuer_cert.pem -passin pass:passphrase + + openssl ca -gencrl -config openssl.cnf \ + -name ca_subca -crldays 7000 -md md2 \ + -crl_reason superseded -keyfile subca/subca_crlissuer_key.pem \ + -cert subca/subca_crlissuer_cert.pem \ + -out subca/subca_crl.pem \ + -passin pass:passphrase + + touch subca/revoked +fi diff --git a/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/openssl.cnf b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/openssl.cnf new file mode 100644 index 00000000000..5a090f05f3a --- /dev/null +++ b/jdk/test/sun/security/provider/certpath/DisabledAlgorithms/openssl.cnf @@ -0,0 +1,206 @@ +# +# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. Sun designates this +# particular file as subject to the "Classpath" exception as provided +# by Sun in the LICENSE file that accompanied this code. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, +# CA 95054 USA or visit www.sun.com if you need additional information or +# have any questions. +# + +# +# OpenSSL configuration file. +# + +HOME = . +RANDFILE = $ENV::HOME/.rnd + +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = ./top +certs = $dir/certs +crl_dir = $dir/crl +database = $dir/index.txt +unique_subject = no +new_certs_dir = $dir/newcerts +certificate = $dir/cacert.pem +serial = $dir/serial +crlnumber = $dir/crlnumber +crl = $dir/crl.pem +private_key = $dir/private/cakey.pem +RANDFILE = $dir/private/.rand +x509_extensions = v3_ca + +name_opt = ca_default +cert_opt = ca_default + +default_days = 7650 +default_crl_days = 30 +default_md = sha1 +preserve = no + +policy = policy_anything + +[ ca_top ] +dir = ./root +certs = $dir/certs +crl_dir = $dir/crl +database = $dir/index.txt +unique_subject = no +new_certs_dir = $dir/newcerts +certificate = $dir/cacert.pem +serial = $dir/serial +crlnumber = $dir/crlnumber +crl = $dir/crl.pem +private_key = $dir/private/cakey.pem +RANDFILE = $dir/private/.rand + +x509_extensions = v3_ca + +name_opt = ca_default +cert_opt = ca_default + +default_days = 7650 +default_crl_days = 30 +default_md = sha1 +preserve = no + +policy = policy_anything + +[ ca_subca ] +dir = ./subca +certs = $dir/certs +crl_dir = $dir/crl +database = $dir/index.txt +unique_subject = no +new_certs_dir = $dir/newcerts + +certificate = $dir/cacert.pem +serial = $dir/serial +crlnumber = $dir/crlnumber +crl = $dir/crl.pem +private_key = $dir/private/cakey.pem +RANDFILE = $dir/private/.rand + +x509_extensions = usr_cert + +name_opt = ca_default +cert_opt = ca_default + +default_days = 7650 +default_crl_days = 30 +default_md = sha1 +preserve = no + +policy = policy_anything + +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca + +string_mask = nombstr + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = NO +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = A-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 +unstructuredName = An optional company name + + +[ usr_cert ] +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer + +[ v3_req ] +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectAltName = email:example@openjdk.net, RID:1.2.3.4:true + +[ v3_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = keyCertSign + +[ cert_issuer ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = keyCertSign + + +[ crl_issuer ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign + + +[ crl_ext ] +authorityKeyIdentifier = keyid:always,issuer:always + +[ ee_of_subca ] +keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer From 2513311062d2e3270eac4347ae3484730cdb86e0 Mon Sep 17 00:00:00 2001 From: Dmitry Cherepanov Date: Thu, 20 Aug 2009 12:46:43 +0400 Subject: [PATCH 03/16] 6664512: Component and [Default]KeyboardFocusManager pass security sensitive objects to loggers ToString is called on security sensitive objects Reviewed-by: art, hawtin --- jdk/src/share/classes/java/awt/Component.java | 2 +- .../java/awt/DefaultKeyboardFocusManager.java | 60 +++++++++++++------ .../java/awt/KeyboardFocusManager.java | 23 +++---- .../share/classes/sun/awt/DebugSettings.java | 2 +- .../classes/sun/awt/X11/XBaseWindow.java | 17 ++++-- .../sun/awt/X11/XCheckboxMenuItemPeer.java | 4 -- .../classes/sun/awt/X11/XComponentPeer.java | 22 +++++-- .../classes/sun/awt/X11/XContentWindow.java | 6 +- .../classes/sun/awt/X11/XDecoratedPeer.java | 53 +++++++++++----- .../sun/awt/X11/XDropTargetProtocol.java | 5 +- .../sun/awt/X11/XFocusProxyWindow.java | 1 - .../classes/sun/awt/X11/XFramePeer.java | 4 +- .../classes/sun/awt/X11/XIconWindow.java | 11 +++- .../classes/sun/awt/X11/XInputMethod.java | 5 +- .../classes/sun/awt/X11/XMenuItemPeer.java | 2 - .../classes/sun/awt/X11/XNETProtocol.java | 27 +++++++-- .../classes/sun/awt/X11/XProtocol.java | 6 +- .../classes/sun/awt/X11/XQueryTree.java | 1 - .../solaris/classes/sun/awt/X11/XToolkit.java | 19 ++++-- .../classes/sun/awt/X11/XTrayIconPeer.java | 43 ++++++++----- jdk/src/solaris/classes/sun/awt/X11/XWM.java | 48 +++++++++++---- .../solaris/classes/sun/awt/X11/XWindow.java | 30 +++++++--- .../classes/sun/awt/X11/XWindowPeer.java | 56 +++++++++++++---- .../sun/awt/windows/WMenuItemPeer.java | 2 +- .../classes/sun/awt/windows/WPanelPeer.java | 1 - 25 files changed, 317 insertions(+), 133 deletions(-) diff --git a/jdk/src/share/classes/java/awt/Component.java b/jdk/src/share/classes/java/awt/Component.java index 91347ad1b18..3ecf30c51d5 100644 --- a/jdk/src/share/classes/java/awt/Component.java +++ b/jdk/src/share/classes/java/awt/Component.java @@ -4477,7 +4477,7 @@ public abstract class Component implements ImageObserver, MenuContainer, } if (eventLog.isLoggable(Level.FINEST)) { - eventLog.log(Level.FINEST, "{0}", e); + eventLog.log(Level.FINEST, "{0}", String.valueOf(e)); } /* diff --git a/jdk/src/share/classes/java/awt/DefaultKeyboardFocusManager.java b/jdk/src/share/classes/java/awt/DefaultKeyboardFocusManager.java index 71342bdaeed..d7e5cba7ca4 100644 --- a/jdk/src/share/classes/java/awt/DefaultKeyboardFocusManager.java +++ b/jdk/src/share/classes/java/awt/DefaultKeyboardFocusManager.java @@ -380,7 +380,7 @@ public class DefaultKeyboardFocusManager extends KeyboardFocusManager { // should receive focus first if (focusLog.isLoggable(Level.FINER)) { focusLog.log(Level.FINER, "tempLost {0}, toFocus {1}", - new Object[]{tempLost, toFocus}); + new Object[]{String.valueOf(tempLost), String.valueOf(toFocus)}); } if (tempLost != null) { tempLost.requestFocusInWindow(CausedFocusEvent.Cause.ACTIVATION); @@ -448,7 +448,8 @@ public class DefaultKeyboardFocusManager extends KeyboardFocusManager { Component newFocusOwner = fe.getComponent(); if (oldFocusOwner == newFocusOwner) { if (focusLog.isLoggable(Level.FINE)) { - focusLog.log(Level.FINE, "Skipping {0} because focus owner is the same", new Object[] {e}); + focusLog.log(Level.FINE, "Skipping {0} because focus owner is the same", + new Object[] {String.valueOf(e)}); } // We can't just drop the event - there could be // type-ahead markers associated with it. @@ -565,16 +566,20 @@ public class DefaultKeyboardFocusManager extends KeyboardFocusManager { FocusEvent fe = (FocusEvent)e; Component currentFocusOwner = getGlobalFocusOwner(); if (currentFocusOwner == null) { - if (focusLog.isLoggable(Level.FINE)) focusLog.log(Level.FINE, "Skipping {0} because focus owner is null", - new Object[] {e}); + if (focusLog.isLoggable(Level.FINE)) { + focusLog.log(Level.FINE, "Skipping {0} because focus owner is null", + new Object[] {String.valueOf(e)}); + } break; } // Ignore cases where a Component loses focus to itself. // If we make a mistake because of retargeting, then the // FOCUS_GAINED handler will correct it. if (currentFocusOwner == fe.getOppositeComponent()) { - if (focusLog.isLoggable(Level.FINE)) focusLog.log(Level.FINE, "Skipping {0} because current focus owner is equal to opposite", - new Object[] {e}); + if (focusLog.isLoggable(Level.FINE)) { + focusLog.log(Level.FINE, "Skipping {0} because current focus owner is equal to opposite", + new Object[] {String.valueOf(e)}); + } break; } @@ -642,9 +647,11 @@ public class DefaultKeyboardFocusManager extends KeyboardFocusManager { Window losingFocusWindow = we.getWindow(); Window activeWindow = getGlobalActiveWindow(); Window oppositeWindow = we.getOppositeWindow(); - if (focusLog.isLoggable(Level.FINE)) focusLog.log(Level.FINE, "Active {0}, Current focused {1}, losing focus {2} opposite {3}", - new Object[] {activeWindow, currentFocusedWindow, - losingFocusWindow, oppositeWindow}); + if (focusLog.isLoggable(Level.FINE)) { + focusLog.log(Level.FINE, "Active {0}, Current focused {1}, losing focus {2} opposite {3}", + new Object[] {String.valueOf(activeWindow), String.valueOf(currentFocusedWindow), + String.valueOf(losingFocusWindow), String.valueOf(oppositeWindow)}); + } if (currentFocusedWindow == null) { break; } @@ -828,7 +835,10 @@ public class DefaultKeyboardFocusManager extends KeyboardFocusManager { } } if (ke != null) { - focusLog.log(Level.FINER, "Pumping approved event {0}", new Object[] {ke}); + if (focusLog.isLoggable(Level.FINER)) { + focusLog.log(Level.FINER, "Pumping approved event {0}", + new Object[] {String.valueOf(ke)}); + } enqueuedKeyEvents.removeFirst(); } } @@ -850,7 +860,7 @@ public class DefaultKeyboardFocusManager extends KeyboardFocusManager { Iterator iter = typeAheadMarkers.iterator(); while (iter.hasNext()) { TypeAheadMarker marker = (TypeAheadMarker)iter.next(); - focusLog.log(Level.FINEST, " {0}", marker); + focusLog.log(Level.FINEST, " {0}", String.valueOf(marker)); } } } @@ -878,7 +888,10 @@ public class DefaultKeyboardFocusManager extends KeyboardFocusManager { // The fix is rolled out. if (ke.getWhen() > marker.after) { - focusLog.log(Level.FINER, "Storing event {0} because of marker {1}", new Object[] {ke, marker}); + if (focusLog.isLoggable(Level.FINER)) { + focusLog.log(Level.FINER, "Storing event {0} because of marker {1}", + new Object[] {String.valueOf(ke), String.valueOf(marker)}); + } enqueuedKeyEvents.addLast(ke); return true; } @@ -890,7 +903,10 @@ public class DefaultKeyboardFocusManager extends KeyboardFocusManager { } case FocusEvent.FOCUS_GAINED: - focusLog.log(Level.FINEST, "Markers before FOCUS_GAINED on {0}", new Object[] {target}); + if (focusLog.isLoggable(Level.FINEST)) { + focusLog.log(Level.FINEST, "Markers before FOCUS_GAINED on {0}", + new Object[] {String.valueOf(target)}); + } dumpMarkers(); // Search the marker list for the first marker tied to // the Component which just gained focus. Then remove @@ -919,10 +935,14 @@ public class DefaultKeyboardFocusManager extends KeyboardFocusManager { } } else { // Exception condition - event without marker - focusLog.log(Level.FINER, "Event without marker {0}", e); + if (focusLog.isLoggable(Level.FINER)) { + focusLog.log(Level.FINER, "Event without marker {0}", String.valueOf(e)); + } } } + focusLog.log(Level.FINEST, "Markers after FOCUS_GAINED"); + dumpMarkers(); redispatchEvent(target, e); @@ -1159,8 +1179,10 @@ public class DefaultKeyboardFocusManager extends KeyboardFocusManager { return; } - focusLog.log(Level.FINER, "Enqueue at {0} for {1}", - new Object[] {after, untilFocused}); + if (focusLog.isLoggable(Level.FINER)) { + focusLog.log(Level.FINER, "Enqueue at {0} for {1}", + new Object[] {after, String.valueOf(untilFocused)}); + } int insertionIndex = 0, i = typeAheadMarkers.size(); @@ -1199,8 +1221,10 @@ public class DefaultKeyboardFocusManager extends KeyboardFocusManager { return; } - focusLog.log(Level.FINER, "Dequeue at {0} for {1}", - new Object[] {after, untilFocused}); + if (focusLog.isLoggable(Level.FINER)) { + focusLog.log(Level.FINER, "Dequeue at {0} for {1}", + new Object[] {after, String.valueOf(untilFocused)}); + } TypeAheadMarker marker; ListIterator iter = typeAheadMarkers.listIterator diff --git a/jdk/src/share/classes/java/awt/KeyboardFocusManager.java b/jdk/src/share/classes/java/awt/KeyboardFocusManager.java index 521c70403ae..fd412d8646e 100644 --- a/jdk/src/share/classes/java/awt/KeyboardFocusManager.java +++ b/jdk/src/share/classes/java/awt/KeyboardFocusManager.java @@ -611,7 +611,7 @@ public abstract class KeyboardFocusManager void setNativeFocusOwner(Component comp) { if (focusLog.isLoggable(Level.FINEST)) { focusLog.log(Level.FINEST, "Calling peer {0} setCurrentFocusOwner for {1}", - new Object[] {peer, comp}); + new Object[] {String.valueOf(peer), String.valueOf(comp)}); } peer.setCurrentFocusOwner(comp); } @@ -2363,20 +2363,20 @@ public abstract class KeyboardFocusManager Window nativeFocusedWindow = thisManager.getNativeFocusedWindow(); if (focusLog.isLoggable(Level.FINER)) { focusLog.log(Level.FINER, "SNFH for {0} in {1}", - new Object[] {descendant, heavyweight}); + new Object[] {String.valueOf(descendant), String.valueOf(heavyweight)}); } if (focusLog.isLoggable(Level.FINEST)) { focusLog.log(Level.FINEST, "0. Current focus owner {0}", - currentFocusOwner); + String.valueOf(currentFocusOwner)); focusLog.log(Level.FINEST, "0. Native focus owner {0}", - nativeFocusOwner); + String.valueOf(nativeFocusOwner)); focusLog.log(Level.FINEST, "0. Native focused window {0}", - nativeFocusedWindow); + String.valueOf(nativeFocusedWindow)); } synchronized (heavyweightRequests) { HeavyweightFocusRequest hwFocusRequest = getLastHWRequest(); if (focusLog.isLoggable(Level.FINEST)) { - focusLog.log(Level.FINEST, "Request {0}", hwFocusRequest); + focusLog.log(Level.FINEST, "Request {0}", String.valueOf(hwFocusRequest)); } if (hwFocusRequest == null && heavyweight == nativeFocusOwner) @@ -2385,7 +2385,7 @@ public abstract class KeyboardFocusManager // Redundant request. if (focusLog.isLoggable(Level.FINEST)) focusLog.log(Level.FINEST, "1. SNFH_FAILURE for {0}", - descendant); + String.valueOf(descendant)); return SNFH_FAILURE; } @@ -2418,7 +2418,7 @@ public abstract class KeyboardFocusManager SunToolkit.postEvent(descendant.appContext, newFocusOwnerEvent); if (focusLog.isLoggable(Level.FINEST)) - focusLog.log(Level.FINEST, "2. SNFH_HANDLED for {0}", descendant); + focusLog.log(Level.FINEST, "2. SNFH_HANDLED for {0}", String.valueOf(descendant)); return SNFH_SUCCESS_HANDLED; } else if (hwFocusRequest != null && hwFocusRequest.heavyweight == heavyweight) { @@ -2857,11 +2857,12 @@ public abstract class KeyboardFocusManager KeyboardFocusManager manager = getCurrentKeyboardFocusManager(); if (focusLog.isLoggable(Level.FINER)) { if (event instanceof FocusEvent || event instanceof WindowEvent) { - focusLog.log(Level.FINER, ">>> {0}", new Object[] {event}); + focusLog.log(Level.FINER, ">>> {0}", new Object[] {String.valueOf(event)}); } if (focusLog.isLoggable(Level.FINER) && event instanceof KeyEvent) { - focusLog.log(Level.FINER, " focus owner is {0}", new Object[] {manager.getGlobalFocusOwner()}); - focusLog.log(Level.FINER, ">>> {0}", new Object[] {event}); + focusLog.log(Level.FINER, " focus owner is {0}", + new Object[] {String.valueOf(manager.getGlobalFocusOwner())}); + focusLog.log(Level.FINER, ">>> {0}", new Object[] {String.valueOf(event)}); } } diff --git a/jdk/src/share/classes/sun/awt/DebugSettings.java b/jdk/src/share/classes/sun/awt/DebugSettings.java index 0d2aaaf6251..ac343ffac4a 100644 --- a/jdk/src/share/classes/sun/awt/DebugSettings.java +++ b/jdk/src/share/classes/sun/awt/DebugSettings.java @@ -129,7 +129,7 @@ final class DebugSettings { // echo the initial property settings to stdout if (log.isLoggable(Level.FINE)) { - log.log(Level.FINE, "DebugSettings:\n{0}", this); + log.log(Level.FINE, "DebugSettings:\n{0}", String.valueOf(this)); } } diff --git a/jdk/src/solaris/classes/sun/awt/X11/XBaseWindow.java b/jdk/src/solaris/classes/sun/awt/X11/XBaseWindow.java index 095f36c5efd..3577b5f4e9f 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XBaseWindow.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XBaseWindow.java @@ -824,7 +824,9 @@ public class XBaseWindow { * The active grab overrides activated automatic grab. */ public boolean grabInput() { - grabLog.log(Level.FINE, "Grab input on {0}", new Object[] {this}); + if (grabLog.isLoggable(Level.FINE)) { + grabLog.log(Level.FINE, "Grab input on {0}", new Object[] {String.valueOf(this)}); + } XToolkit.awtLock(); try { @@ -887,7 +889,10 @@ public class XBaseWindow { XToolkit.awtLock(); try { XBaseWindow grabWindow = XAwtState.getGrabWindow(); - grabLog.log(Level.FINE, "UnGrab input on {0}", new Object[] {grabWindow}); + if (grabLog.isLoggable(Level.FINE)) { + grabLog.log(Level.FINE, "UnGrab input on {0}", + new Object[] {String.valueOf(grabWindow)}); + } if (grabWindow != null) { grabWindow.ungrabInputImpl(); if (!XToolkit.getSunAwtDisableGrab()) { @@ -940,7 +945,7 @@ public class XBaseWindow { XPropertyCache.clearCache(window, XAtom.get(msg.get_atom())); } if (eventLog.isLoggable(Level.FINER)) { - eventLog.log(Level.FINER, "{0}", new Object[] {msg}); + eventLog.log(Level.FINER, "{0}", new Object[] {String.valueOf(msg)}); } } @@ -1021,8 +1026,10 @@ public class XBaseWindow { } public void handleConfigureNotifyEvent(XEvent xev) { XConfigureEvent xe = xev.get_xconfigure(); - insLog.log(Level.FINER, "Configure, {0}", - new Object[] {xe}); + if (insLog.isLoggable(Level.FINER)) { + insLog.log(Level.FINER, "Configure, {0}", + new Object[] {String.valueOf(xe)}); + } x = xe.get_x(); y = xe.get_y(); width = xe.get_width(); diff --git a/jdk/src/solaris/classes/sun/awt/X11/XCheckboxMenuItemPeer.java b/jdk/src/solaris/classes/sun/awt/X11/XCheckboxMenuItemPeer.java index f2e1ef6f04b..b54dfbd9ec5 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XCheckboxMenuItemPeer.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XCheckboxMenuItemPeer.java @@ -29,8 +29,6 @@ import java.awt.*; import java.awt.peer.*; import java.awt.event.*; -import java.util.logging.*; - import java.lang.reflect.Field; import sun.awt.SunToolkit; @@ -42,8 +40,6 @@ class XCheckboxMenuItemPeer extends XMenuItemPeer implements CheckboxMenuItemPee * ************************************************/ - private static Logger log = Logger.getLogger("sun.awt.X11.XCheckboxMenuItemPeer"); - /* * CheckboxMenuItem's fields */ diff --git a/jdk/src/solaris/classes/sun/awt/X11/XComponentPeer.java b/jdk/src/solaris/classes/sun/awt/X11/XComponentPeer.java index cb842d4d64a..606f6dee138 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XComponentPeer.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XComponentPeer.java @@ -253,7 +253,9 @@ public class XComponentPeer extends XWindow implements ComponentPeer, DropTarget * Called when component receives focus */ public void focusGained(FocusEvent e) { - focusLog.log(Level.FINE, "{0}", new Object[] {e}); + if (focusLog.isLoggable(Level.FINE)) { + focusLog.log(Level.FINE, "{0}", new Object[] {String.valueOf(e)}); + } bHasFocus = true; } @@ -261,7 +263,9 @@ public class XComponentPeer extends XWindow implements ComponentPeer, DropTarget * Called when component loses focus */ public void focusLost(FocusEvent e) { - focusLog.log(Level.FINE, "{0}", new Object[] {e}); + if (focusLog.isLoggable(Level.FINE)) { + focusLog.log(Level.FINE, "{0}", new Object[] {String.valueOf(e)}); + } bHasFocus = false; } @@ -414,7 +418,10 @@ public class XComponentPeer extends XWindow implements ComponentPeer, DropTarget * @see java.awt.peer.ComponentPeer */ public void setEnabled(boolean value) { - enableLog.log(Level.FINE, "{0}ing {1}", new Object[] {(value?"Enabl":"Disabl"), this}); + if (enableLog.isLoggable(Level.FINE)) { + enableLog.log(Level.FINE, "{0}ing {1}", + new Object[] {(value?"Enabl":"Disabl"), String.valueOf(this)}); + } boolean repaintNeeded = (enabled != value); enabled = value; if (target instanceof Container) { @@ -1262,7 +1269,10 @@ public class XComponentPeer extends XWindow implements ComponentPeer, DropTarget * ButtonPress, ButtonRelease, KeyPress, KeyRelease, EnterNotify, LeaveNotify, MotionNotify */ protected boolean isEventDisabled(XEvent e) { - enableLog.log(Level.FINEST, "Component is {1}, checking for disabled event {0}", new Object[] {e, (isEnabled()?"enabled":"disable")}); + if (enableLog.isLoggable(Level.FINEST)) { + enableLog.log(Level.FINEST, "Component is {1}, checking for disabled event {0}", + new Object[] {String.valueOf(e), (isEnabled()?"enabled":"disable")}); + } if (!isEnabled()) { switch (e.get_type()) { case XConstants.ButtonPress: @@ -1272,7 +1282,9 @@ public class XComponentPeer extends XWindow implements ComponentPeer, DropTarget case XConstants.EnterNotify: case XConstants.LeaveNotify: case XConstants.MotionNotify: - enableLog.log(Level.FINER, "Event {0} is disable", new Object[] {e}); + if (enableLog.isLoggable(Level.FINER)) { + enableLog.log(Level.FINER, "Event {0} is disable", new Object[] {String.valueOf(e)}); + } return true; } } diff --git a/jdk/src/solaris/classes/sun/awt/X11/XContentWindow.java b/jdk/src/solaris/classes/sun/awt/X11/XContentWindow.java index 6a32fe9bdc3..93ddcae2879 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XContentWindow.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XContentWindow.java @@ -116,8 +116,10 @@ public final class XContentWindow extends XWindow { if (in != null) { newBounds.setLocation(-in.left, -in.top); } - if (insLog.isLoggable(Level.FINE)) insLog.log(Level.FINE, "Setting content bounds {0}, old bounds {1}", - new Object[] {newBounds, getBounds()}); + if (insLog.isLoggable(Level.FINE)) { + insLog.log(Level.FINE, "Setting content bounds {0}, old bounds {1}", + new Object[] {String.valueOf(newBounds), String.valueOf(getBounds())}); + } // Fix for 5023533: // Change in the size of the content window means, well, change of the size // Change in the location of the content window means change in insets diff --git a/jdk/src/solaris/classes/sun/awt/X11/XDecoratedPeer.java b/jdk/src/solaris/classes/sun/awt/X11/XDecoratedPeer.java index 417cd3b0062..a067d7a71bd 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XDecoratedPeer.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XDecoratedPeer.java @@ -79,7 +79,9 @@ abstract class XDecoratedPeer extends XWindowPeer { Rectangle bounds = (Rectangle)params.get(BOUNDS); dimensions = new WindowDimensions(bounds, getRealInsets(), false); params.put(BOUNDS, dimensions.getClientRect()); - insLog.log(Level.FINE, "Initial dimensions {0}", new Object[] { dimensions }); + if (insLog.isLoggable(Level.FINE)) { + insLog.log(Level.FINE, "Initial dimensions {0}",new Object[] { String.valueOf(dimensions) }); + } // Deny default processing of these events on the shell - proxy will take care of // them instead @@ -265,7 +267,10 @@ abstract class XDecoratedPeer extends XWindowPeer { wm_set_insets = XWM.getInsetsFromProp(getWindow(), changedAtom); } - insLog.log(Level.FINER, "FRAME_EXTENTS: {0}", new Object[]{wm_set_insets}); + if (insLog.isLoggable(Level.FINER)) { + insLog.log(Level.FINER, "FRAME_EXTENTS: {0}", + new Object[]{String.valueOf(wm_set_insets)}); + } if (wm_set_insets != null) { wm_set_insets = copy(wm_set_insets); @@ -331,7 +336,10 @@ abstract class XDecoratedPeer extends XWindowPeer { // Check if we have insets provided by the WM Insets correctWM = getWMSetInsets(null); if (correctWM != null) { - insLog.log(Level.FINER, "wm-provided insets {0}", new Object[]{correctWM}); + if (insLog.isLoggable(Level.FINER)) { + insLog.log(Level.FINER, "wm-provided insets {0}", + new Object[]{String.valueOf(correctWM)}); + } // If these insets are equal to our current insets - no actions are necessary Insets dimInsets = dimensions.getInsets(); if (correctWM.equals(dimInsets)) { @@ -345,7 +353,9 @@ abstract class XDecoratedPeer extends XWindowPeer { correctWM = XWM.getWM().getInsets(this, xe.get_window(), xe.get_parent()); if (correctWM != null) { - insLog.log(Level.FINER, "correctWM {0}", new Object[] {correctWM}); + if (insLog.isLoggable(Level.FINE)) { + insLog.log(Level.FINER, "correctWM {0}", new Object[] {String.valueOf(correctWM)}); + } } else { insLog.log(Level.FINER, "correctWM insets are not available, waiting for configureNotify"); } @@ -368,7 +378,10 @@ abstract class XDecoratedPeer extends XWindowPeer { * initial insets were wrong (most likely they were). */ Insets correction = difference(correctWM, currentInsets); - insLog.log(Level.FINEST, "Corrention {0}", new Object[] {correction}); + if (insLog.isLoggable(Level.FINEST)) { + insLog.log(Level.FINEST, "Corrention {0}", + new Object[] {String.valueOf(correction)}); + } if (!isNull(correction)) { currentInsets = copy(correctWM); applyGuessedInsets(); @@ -453,7 +466,7 @@ abstract class XDecoratedPeer extends XWindowPeer { Insets in = copy(getRealInsets()); in.top += getMenuBarHeight(); if (insLog.isLoggable(Level.FINEST)) { - insLog.log(Level.FINEST, "Get insets returns {0}", new Object[] {in}); + insLog.log(Level.FINEST, "Get insets returns {0}", new Object[] {String.valueOf(in)}); } return in; } @@ -610,7 +623,7 @@ abstract class XDecoratedPeer extends XWindowPeer { break; } if (insLog.isLoggable(Level.FINE)) insLog.log(Level.FINE, "For the operation {0} new dimensions are {1}", - new Object[] {operationToString(operation), dims}); + new Object[] {operationToString(operation), String.valueOf(dims)}); reshape(dims, operation, userReshape); } @@ -640,7 +653,9 @@ abstract class XDecoratedPeer extends XWindowPeer { public void handleConfigureNotifyEvent(XEvent xev) { assert (SunToolkit.isAWTLockHeldByCurrentThread()); XConfigureEvent xe = xev.get_xconfigure(); - insLog.log(Level.FINE, "Configure notify {0}", new Object[] {xe}); + if (insLog.isLoggable(Level.FINE)) { + insLog.log(Level.FINE, "Configure notify {0}", new Object[] {String.valueOf(xe)}); + } // XXX: should really only consider synthetic events, but if (isReparented()) { @@ -732,7 +747,10 @@ abstract class XDecoratedPeer extends XWindowPeer { case XWM.SAWFISH_WM: { Point xlocation = queryXLocation(); - if (log.isLoggable(Level.FINE)) log.log(Level.FINE, "New X location: {0}", new Object[]{xlocation}); + if (log.isLoggable(Level.FINE)) { + log.log(Level.FINE, "New X location: {0}", + new Object[]{String.valueOf(xlocation)}); + } if (xlocation != null) { newLocation = xlocation; } @@ -749,8 +767,10 @@ abstract class XDecoratedPeer extends XWindowPeer { copy(currentInsets), true); - insLog.log(Level.FINER, "Insets are {0}, new dimensions {1}", - new Object[] {currentInsets, newDimensions}); + if (insLog.isLoggable(Level.FINER)) { + insLog.log(Level.FINER, "Insets are {0}, new dimensions {1}", + new Object[] {String.valueOf(currentInsets), String.valueOf(newDimensions)}); + } checkIfOnNewScreen(newDimensions.getBounds()); @@ -917,7 +937,7 @@ abstract class XDecoratedPeer extends XWindowPeer { Point location = target.getLocation(); if (insLog.isLoggable(Level.FINE)) insLog.log(Level.FINE, "getLocationOnScreen {0} not reparented: {1} ", - new Object[] {this, location}); + new Object[] {String.valueOf(this), String.valueOf(location)}); return location; } } finally { @@ -954,7 +974,10 @@ abstract class XDecoratedPeer extends XWindowPeer { } public void setVisible(boolean vis) { - log.log(Level.FINER, "Setting {0} to visible {1}", new Object[] {this, Boolean.valueOf(vis)}); + if (log.isLoggable(Level.FINE)) { + log.log(Level.FINER, "Setting {0} to visible {1}", + new Object[] {String.valueOf(this), Boolean.valueOf(vis)}); + } if (vis && !isVisible()) { XWM.setShellDecor(this); super.setVisible(vis); @@ -1005,7 +1028,9 @@ abstract class XDecoratedPeer extends XWindowPeer { } private void handleWmTakeFocus(XClientMessageEvent cl) { - focusLog.log(Level.FINE, "WM_TAKE_FOCUS on {0}", new Object[]{this}); + if (focusLog.isLoggable(Level.FINE)) { + focusLog.log(Level.FINE, "WM_TAKE_FOCUS on {0}", new Object[]{String.valueOf(this)}); + } requestWindowFocus(cl.get_data(1), true); } diff --git a/jdk/src/solaris/classes/sun/awt/X11/XDropTargetProtocol.java b/jdk/src/solaris/classes/sun/awt/X11/XDropTargetProtocol.java index 7a7c7c10ee2..13ff5bf4af9 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XDropTargetProtocol.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XDropTargetProtocol.java @@ -117,7 +117,7 @@ abstract class XDropTargetProtocol { EmbedderRegistryEntry entry = getEmbedderRegistryEntry(toplevel); if (logger.isLoggable(Level.FINEST)) { - logger.log(Level.FINEST, " entry={0}", new Object[] {entry}); + logger.log(Level.FINEST, " entry={0}", new Object[] {String.valueOf(entry)}); } // Window not registered as an embedder for this protocol. if (entry == null) { @@ -138,7 +138,8 @@ abstract class XDropTargetProtocol { long proxy = entry.getProxy(); if (logger.isLoggable(Level.FINEST)) { - logger.log(Level.FINEST, " proxy={0} toplevel={1}", new Object[] {proxy, toplevel}); + logger.log(Level.FINEST, " proxy={0} toplevel={1}", + new Object[] {String.valueOf(proxy), String.valueOf(toplevel)}); } if (proxy == 0) { proxy = toplevel; diff --git a/jdk/src/solaris/classes/sun/awt/X11/XFocusProxyWindow.java b/jdk/src/solaris/classes/sun/awt/X11/XFocusProxyWindow.java index 361ef87eeb6..bd30f6922a5 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XFocusProxyWindow.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XFocusProxyWindow.java @@ -34,7 +34,6 @@ import java.util.logging.*; * and therefore X doesn't control focus after we have set it to proxy. */ public class XFocusProxyWindow extends XBaseWindow { - private static final Logger focusLog = Logger.getLogger("sun.awt.X11.focus.XFocusProxyWindow"); XWindowPeer owner; public XFocusProxyWindow(XWindowPeer owner) { diff --git a/jdk/src/solaris/classes/sun/awt/X11/XFramePeer.java b/jdk/src/solaris/classes/sun/awt/X11/XFramePeer.java index 22cb163ebbb..b1e422326af 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XFramePeer.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XFramePeer.java @@ -283,7 +283,9 @@ class XFramePeer extends XDecoratedPeer implements FramePeer { super.handlePropertyNotify(xev); XPropertyEvent ev = xev.get_xproperty(); - log.log(Level.FINER, "Property change {0}", new Object[] {ev}); + if (log.isLoggable(Level.FINER)) { + log.log(Level.FINER, "Property change {0}", new Object[] {String.valueOf(ev)}); + } /* * Let's see if this is a window state protocol message, and * if it is - decode a new state in terms of java constants. diff --git a/jdk/src/solaris/classes/sun/awt/X11/XIconWindow.java b/jdk/src/solaris/classes/sun/awt/X11/XIconWindow.java index a6211a0e0b6..e9643c9153c 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XIconWindow.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XIconWindow.java @@ -75,7 +75,7 @@ public class XIconWindow extends XBaseWindow { XIconSize[] res = new XIconSize[count]; for (int i = 0; i < count; i++, sizes_ptr += XIconSize.getSize()) { res[i] = new XIconSize(sizes_ptr); - log.log(Level.FINEST, "sizes_ptr[{1}] = {0}", new Object[] {res[i], Integer.valueOf(i)}); + log.log(Level.FINEST, "sizes_ptr[{1}] = {0}", new Object[] {String.valueOf(res[i]), Integer.valueOf(i)}); } return res; } finally { @@ -92,7 +92,10 @@ public class XIconWindow extends XBaseWindow { } XIconSize[] sizeList = getIconSizes(); - log.log(Level.FINEST, "Icon sizes: {0}", new Object[] {sizeList}); + + if (log.isLoggable(Level.FINEST)) { + log.log(Level.FINEST, "Icon sizes: {0}", new Object[] {String.valueOf(sizeList)}); + } if (sizeList == null) { // No icon sizes so we simply fall back to 16x16 return new Dimension(16, 16); @@ -444,7 +447,9 @@ public class XIconWindow extends XBaseWindow { } Dimension iconSize = getIconSize(width, height); if (iconSize != null) { - log.log(Level.FINEST, "Icon size: {0}", iconSize); + if (log.isLoggable(Level.FINEST)) { + log.log(Level.FINEST, "Icon size: {0}", String.valueOf(iconSize)); + } iconWidth = iconSize.width; iconHeight = iconSize.height; } else { diff --git a/jdk/src/solaris/classes/sun/awt/X11/XInputMethod.java b/jdk/src/solaris/classes/sun/awt/X11/XInputMethod.java index 86df2073d6d..756c0ae1262 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XInputMethod.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XInputMethod.java @@ -108,7 +108,10 @@ public class XInputMethod extends X11InputMethod { client = getParent(client); peer = (XComponentPeer)XToolkit.targetToPeer(client); } - log.log(Level.FINE, "Peer is {0}, client is {1}", new Object[] {peer, client}); + if (log.isLoggable(Level.FINE)) { + log.log(Level.FINE, "Peer is {0}, client is {1}", + new Object[] {String.valueOf(peer), String.valueOf(client)}); + } if (peer != null) return peer; diff --git a/jdk/src/solaris/classes/sun/awt/X11/XMenuItemPeer.java b/jdk/src/solaris/classes/sun/awt/X11/XMenuItemPeer.java index ec80cebcec1..99e8d3fcac1 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XMenuItemPeer.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XMenuItemPeer.java @@ -43,8 +43,6 @@ public class XMenuItemPeer implements MenuItemPeer { * ************************************************/ - private static Logger log = Logger.getLogger("sun.awt.X11.XMenuItemPeer"); - /* * Primary members */ diff --git a/jdk/src/solaris/classes/sun/awt/X11/XNETProtocol.java b/jdk/src/solaris/classes/sun/awt/X11/XNETProtocol.java index 1bc8829d9bc..02a570837b0 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XNETProtocol.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XNETProtocol.java @@ -54,7 +54,11 @@ final class XNETProtocol extends XProtocol implements XStateProtocol, XLayerProt private void setInitialState(XWindowPeer window, int state) { XAtomList old_state = window.getNETWMState(); - log.log(Level.FINE, "Current state of the window {0} is {1}", new Object[] {window, old_state}); + if (log.isLoggable(Level.FINE)) { + log.log(Level.FINE, "Current state of the window {0} is {1}", + new Object[] {String.valueOf(window), + String.valueOf(old_state)}); + } if ((state & Frame.MAXIMIZED_VERT) != 0) { old_state.add(XA_NET_WM_STATE_MAXIMIZED_VERT); } else { @@ -65,7 +69,10 @@ final class XNETProtocol extends XProtocol implements XStateProtocol, XLayerProt } else { old_state.remove(XA_NET_WM_STATE_MAXIMIZED_HORZ); } - log.log(Level.FINE, "Setting initial state of the window {0} to {1}", new Object[] {window, old_state}); + if (log.isLoggable(Level.FINE)) { + log.log(Level.FINE, "Setting initial state of the window {0} to {1}", + new Object[] {String.valueOf(window), String.valueOf(old_state)}); + } window.setNETWMState(old_state); } @@ -180,7 +187,11 @@ final class XNETProtocol extends XProtocol implements XStateProtocol, XLayerProt req.set_data(1, state.getAtom()); // Fix for 6735584: req.data[2] must be set to 0 when only one property is changed req.set_data(2, 0); - log.log(Level.FINE, "Setting _NET_STATE atom {0} on {1} for {2}", new Object[] {state, window, Boolean.valueOf(isAdd)}); + if (log.isLoggable(Level.FINE)) { + log.log(Level.FINE, "Setting _NET_STATE atom {0} on {1} for {2}", + new Object[] {String.valueOf(state), String.valueOf(window), + Boolean.valueOf(isAdd)}); + } XToolkit.awtLock(); try { XlibWrapper.XSendEvent(XToolkit.getDisplay(), @@ -212,13 +223,19 @@ final class XNETProtocol extends XProtocol implements XStateProtocol, XLayerProt requestState(window, state, set); } else { XAtomList net_wm_state = window.getNETWMState(); - log.log(Level.FINE, "Current state on {0} is {1}", new Object[] {window, net_wm_state}); + if (log.isLoggable(Level.FINE)) { + log.log(Level.FINE, "Current state on {0} is {1}", + new Object[] {String.valueOf(window), net_wm_state}); + } if (!set) { net_wm_state.remove(state); } else { net_wm_state.add(state); } - log.log(Level.FINE, "Setting states on {0} to {1}", new Object[] {window, net_wm_state}); + if (log.isLoggable(Level.FINE)) { + log.log(Level.FINE, "Setting states on {0} to {1}", + new Object[] {String.valueOf(window), net_wm_state}); + } window.setNETWMState(net_wm_state); } XToolkit.XSync(); diff --git a/jdk/src/solaris/classes/sun/awt/X11/XProtocol.java b/jdk/src/solaris/classes/sun/awt/X11/XProtocol.java index 328f1a88775..9fe1d02956b 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XProtocol.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XProtocol.java @@ -54,7 +54,11 @@ class XProtocol { } finally { if (firstCheck) { firstCheck = false; - log.log(Level.FINE, "{0}:{1} supports {2}", new Object[] {this, listName, protocols}); + if (log.isLoggable(Level.FINE)) { + log.log(Level.FINE, "{0}:{1} supports {2}", + new Object[] {String.valueOf(this), String.valueOf(listName), + String.valueOf(protocols)}); + } } } } diff --git a/jdk/src/solaris/classes/sun/awt/X11/XQueryTree.java b/jdk/src/solaris/classes/sun/awt/X11/XQueryTree.java index eaace18e9ff..e3e4901a4d9 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XQueryTree.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XQueryTree.java @@ -32,7 +32,6 @@ import java.util.logging.*; public class XQueryTree { private static Unsafe unsafe = XlibWrapper.unsafe; - private static final Logger log = Logger.getLogger("sun.awt.X11.XQueryTree"); private boolean __executed = false; long _w; long root_ptr = unsafe.allocateMemory(Native.getLongSize()); diff --git a/jdk/src/solaris/classes/sun/awt/X11/XToolkit.java b/jdk/src/solaris/classes/sun/awt/X11/XToolkit.java index 14839c7b671..cba955ad116 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XToolkit.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XToolkit.java @@ -624,7 +624,7 @@ public final class XToolkit extends UNIXToolkit implements Runnable { } if (eventLog.isLoggable(Level.FINER)) { - eventLog.log(Level.FINER, "{0}", ev); + eventLog.log(Level.FINER, "{0}", String.valueOf(ev)); } // Check if input method consumes the event @@ -1837,8 +1837,10 @@ public final class XToolkit extends UNIXToolkit implements Runnable { if (timeoutTaskLog.isLoggable(Level.FINER)) { timeoutTaskLog.log(Level.FINER, "XToolkit.schedule(): current time={0}" + "; interval={1}" + - "; task being added={2}" + "; tasks before addition={3}", new Object[] { - Long.valueOf(System.currentTimeMillis()), Long.valueOf(interval), task, timeoutTasks}); + "; task being added={2}" + "; tasks before addition={3}", + new Object[] {Long.valueOf(System.currentTimeMillis()), + Long.valueOf(interval), String.valueOf(task), + String.valueOf(timeoutTasks)}); } if (timeoutTasks == null) { @@ -1883,7 +1885,8 @@ public final class XToolkit extends UNIXToolkit implements Runnable { private static void callTimeoutTasks() { if (timeoutTaskLog.isLoggable(Level.FINER)) { timeoutTaskLog.log(Level.FINER, "XToolkit.callTimeoutTasks(): current time={0}" + - "; tasks={1}", new Object[] {Long.valueOf(System.currentTimeMillis()), timeoutTasks}); + "; tasks={1}", + new Object[] {Long.valueOf(System.currentTimeMillis()), String.valueOf(timeoutTasks)}); } if (timeoutTasks == null || timeoutTasks.isEmpty()) { @@ -1901,7 +1904,8 @@ public final class XToolkit extends UNIXToolkit implements Runnable { if (timeoutTaskLog.isLoggable(Level.FINER)) { timeoutTaskLog.log(Level.FINER, "XToolkit.callTimeoutTasks(): current time={0}" + - "; about to run task={1}", new Object[] {Long.valueOf(currentTime), task}); + "; about to run task={1}", + new Object[] {Long.valueOf(currentTime), String.valueOf(task)}); } try { @@ -2358,7 +2362,10 @@ public final class XToolkit extends UNIXToolkit implements Runnable { // Wait for selection notify for oops on win long event_number = getEventNumber(); XAtom atom = XAtom.get("WM_S0"); - eventLog.log(Level.FINER, "WM_S0 selection owner {0}", new Object[] {XlibWrapper.XGetSelectionOwner(getDisplay(), atom.getAtom())}); + if (eventLog.isLoggable(Level.FINER)) { + eventLog.log(Level.FINER, "WM_S0 selection owner {0}", + new Object[] {String.valueOf(XlibWrapper.XGetSelectionOwner(getDisplay(), atom.getAtom()))}); + } XlibWrapper.XConvertSelection(getDisplay(), atom.getAtom(), XAtom.get("VERSION").getAtom(), oops.getAtom(), win.getWindow(), XConstants.CurrentTime); diff --git a/jdk/src/solaris/classes/sun/awt/X11/XTrayIconPeer.java b/jdk/src/solaris/classes/sun/awt/X11/XTrayIconPeer.java index b1243abacf7..f3b6310c003 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XTrayIconPeer.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XTrayIconPeer.java @@ -129,14 +129,17 @@ public class XTrayIconPeer implements TrayIconPeer, // If both the height and the width differ from the fixed size then WM // must level at least one side to the fixed size. For some reason it may take // a few hops (even after reparenting) and we have to skip the intermediate ones. - ctrLog.log(Level.FINE, "ConfigureNotify on parent of {0}. Skipping as intermediate resizing.", - XTrayIconPeer.this); + if (ctrLog.isLoggable(Level.FINE)) { + ctrLog.log(Level.FINE, "ConfigureNotify on parent of {0}. Skipping as intermediate resizing.", + String.valueOf(XTrayIconPeer.this)); + } return; } else if (ce.get_height() > TRAY_ICON_HEIGHT) { - - ctrLog.log(Level.FINE, "ConfigureNotify on parent of {0}. Centering by \"Y\".", - XTrayIconPeer.this); + if (ctrLog.isLoggable(Level.FINE)) { + ctrLog.log(Level.FINE, "ConfigureNotify on parent of {0}. Centering by \"Y\".", + String.valueOf(XTrayIconPeer.this)); + } XlibWrapper.XMoveResizeWindow(XToolkit.getDisplay(), eframeParentID, ce.get_x(), @@ -147,9 +150,10 @@ public class XTrayIconPeer implements TrayIconPeer, ex_width = 0; } else if (ce.get_width() > TRAY_ICON_WIDTH) { - - ctrLog.log(Level.FINE, "ConfigureNotify on parent of {0}. Centering by \"X\".", - XTrayIconPeer.this); + if (ctrLog.isLoggable(Level.FINE)) { + ctrLog.log(Level.FINE, "ConfigureNotify on parent of {0}. Centering by \"X\".", + String.valueOf(XTrayIconPeer.this)); + } XlibWrapper.XMoveResizeWindow(XToolkit.getDisplay(), eframeParentID, ce.get_x()+ce.get_width()/2 - TRAY_ICON_WIDTH/2, @@ -165,25 +169,32 @@ public class XTrayIconPeer implements TrayIconPeer, // In this case the parent window also lose centering. We have to restore it. if (ex_height != 0) { - - ctrLog.log(Level.FINE, "ConfigureNotify on parent of {0}. Move detected. Centering by \"Y\".", - XTrayIconPeer.this); + if (ctrLog.isLoggable(Level.FINE)) { + ctrLog.log(Level.FINE, "ConfigureNotify on parent of {0}." + + " Move detected. Centering by \"Y\".", + String.valueOf(XTrayIconPeer.this)); + } XlibWrapper.XMoveWindow(XToolkit.getDisplay(), eframeParentID, ce.get_x(), ce.get_y() + ex_height/2 - TRAY_ICON_HEIGHT/2); } else if (ex_width != 0) { - - ctrLog.log(Level.FINE, "ConfigureNotify on parent of {0}. Move detected. Centering by \"X\".", - XTrayIconPeer.this); + if (ctrLog.isLoggable(Level.FINE)) { + ctrLog.log(Level.FINE, "ConfigureNotify on parent of {0}." + + "Move detected. Centering by \"X\".", + String.valueOf(XTrayIconPeer.this)); + } XlibWrapper.XMoveWindow(XToolkit.getDisplay(), eframeParentID, ce.get_x() + ex_width/2 - TRAY_ICON_WIDTH/2, ce.get_y()); } else { - ctrLog.log(Level.FINE, "ConfigureNotify on parent of {0}. Move detected. Skipping.", - XTrayIconPeer.this); + if (ctrLog.isLoggable(Level.FINE)) { + ctrLog.log(Level.FINE, "ConfigureNotify on parent of {0}." + + "Move detected. Skipping.", + String.valueOf(XTrayIconPeer.this)); + } } } old_x = ce.get_x(); diff --git a/jdk/src/solaris/classes/sun/awt/X11/XWM.java b/jdk/src/solaris/classes/sun/awt/X11/XWM.java index 4d49dee60e0..74aa3119b62 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XWM.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XWM.java @@ -401,7 +401,10 @@ final class XWM static boolean isCDE() { if (!XA_DT_SM_WINDOW_INFO.isInterned()) { - log.log(Level.FINER, "{0} is not interned", new Object[] {XA_DT_SM_WINDOW_INFO}); + if (log.isLoggable(Level.FINER)) { + log.log(Level.FINER, "{0} is not interned", + new Object[] {String.valueOf(XA_DT_SM_WINDOW_INFO)}); + } return false; } @@ -432,7 +435,10 @@ final class XWM /* Now check that this window has _DT_SM_STATE_INFO (ignore contents) */ if (!XA_DT_SM_STATE_INFO.isInterned()) { - log.log(Level.FINER, "{0} is not interned", new Object[] {XA_DT_SM_STATE_INFO}); + if (log.isLoggable(Level.FINER)) { + log.log(Level.FINER, "{0} is not interned", + new Object[] {String.valueOf(XA_DT_SM_STATE_INFO)}); + } return false; } WindowPropertyGetter getter2 = @@ -596,7 +602,10 @@ final class XWM */ if (!XA_ICEWM_WINOPTHINT.isInterned()) { - log.log(Level.FINER, "{0} is not interned", new Object[] {XA_ICEWM_WINOPTHINT}); + if (log.isLoggable(Level.FINER)) { + log.log(Level.FINER, "{0} is not interned", + String.valueOf(XA_ICEWM_WINOPTHINT)); + } return false; } @@ -629,7 +638,10 @@ final class XWM */ static boolean isIceWM() { if (!XA_ICEWM_WINOPTHINT.isInterned()) { - log.log(Level.FINER, "{0} is not interned", new Object[] {XA_ICEWM_WINOPTHINT}); + if (log.isLoggable(Level.FINER)) { + log.log(Level.FINER, "{0} is not interned", + new Object[] {String.valueOf(XA_ICEWM_WINOPTHINT)}); + } return false; } @@ -1354,7 +1366,9 @@ final class XWM XNETProtocol net_protocol = getWM().getNETProtocol(); if (net_protocol != null && net_protocol.active()) { Insets insets = getInsetsFromProp(window, XA_NET_FRAME_EXTENTS); - insLog.log(Level.FINE, "_NET_FRAME_EXTENTS: {0}", insets); + if (insLog.isLoggable(Level.FINE)) { + insLog.log(Level.FINE, "_NET_FRAME_EXTENTS: {0}", String.valueOf(insets)); + } if (insets != null) { return insets; @@ -1495,7 +1509,10 @@ final class XWM * [mwm, e!, kwin, fvwm2 ... ] */ Insets correctWM = XWM.getInsetsFromExtents(window); - insLog.log(Level.FINER, "Got insets from property: {0}", correctWM); + if (insLog.isLoggable(Level.FINER)) { + insLog.log(Level.FINER, "Got insets from property: {0}", + String.valueOf(correctWM)); + } if (correctWM == null) { correctWM = new Insets(0,0,0,0); @@ -1556,7 +1573,10 @@ final class XWM } case XWM.OTHER_WM: default: { /* this is very similar to the E! case above */ - insLog.log(Level.FINEST, "Getting correct insets for OTHER_WM/default, parent: {0}", parent); + if (insLog.isLoggable(Level.FINEST)) { + insLog.log(Level.FINEST, "Getting correct insets for OTHER_WM/default, parent: {0}", + String.valueOf(parent)); + } syncTopLevelPos(parent, lwinAttr); int status = XlibWrapper.XGetWindowAttributes(XToolkit.getDisplay(), window, lwinAttr.pData); @@ -1583,8 +1603,11 @@ final class XWM && lwinAttr.get_width()+2*lwinAttr.get_border_width() == pattr.get_width() && lwinAttr.get_height()+2*lwinAttr.get_border_width() == pattr.get_height()) { - insLog.log(Level.FINEST, "Double reparenting detected, pattr({2})={0}, lwinAttr({3})={1}", - new Object[] {lwinAttr, pattr, parent, window}); + if (insLog.isLoggable(Level.FINEST)) { + insLog.log(Level.FINEST, "Double reparenting detected, pattr({2})={0}, lwinAttr({3})={1}", + new Object[] {String.valueOf(lwinAttr), String.valueOf(pattr), + String.valueOf(parent), String.valueOf(window)}); + } lwinAttr.set_x(pattr.get_x()); lwinAttr.set_y(pattr.get_y()); lwinAttr.set_border_width(lwinAttr.get_border_width()+pattr.get_border_width()); @@ -1611,8 +1634,11 @@ final class XWM * widths and inner/outer distinction, so for the time * being, just ignore it. */ - insLog.log(Level.FINEST, "Attrs before calculation: pattr({2})={0}, lwinAttr({3})={1}", - new Object[] {lwinAttr, pattr, parent, window}); + if (insLog.isLoggable(Level.FINEST)) { + insLog.log(Level.FINEST, "Attrs before calculation: pattr({2})={0}, lwinAttr({3})={1}", + new Object[] {String.valueOf(lwinAttr), String.valueOf(pattr), + String.valueOf(parent), String.valueOf(window)}); + } correctWM = new Insets(lwinAttr.get_y() + lwinAttr.get_border_width(), lwinAttr.get_x() + lwinAttr.get_border_width(), pattr.get_height() - (lwinAttr.get_y() + lwinAttr.get_height() + 2*lwinAttr.get_border_width()), diff --git a/jdk/src/solaris/classes/sun/awt/X11/XWindow.java b/jdk/src/solaris/classes/sun/awt/X11/XWindow.java index f1c3c675b6c..4f7d5689604 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XWindow.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XWindow.java @@ -997,8 +997,10 @@ public class XWindow extends XBaseWindow implements X11ComponentPeer { Rectangle oldBounds = getBounds(); super.handleConfigureNotifyEvent(xev); - insLog.log(Level.FINER, "Configure, {0}, event disabled: {1}", - new Object[] {xev.get_xconfigure(), isEventDisabled(xev)}); + if (insLog.isLoggable(Level.FINER)) { + insLog.log(Level.FINER, "Configure, {0}, event disabled: {1}", + new Object[] {String.valueOf(xev.get_xconfigure()), isEventDisabled(xev)}); + } if (isEventDisabled(xev)) { return; } @@ -1017,7 +1019,9 @@ public class XWindow extends XBaseWindow implements X11ComponentPeer { public void handleMapNotifyEvent(XEvent xev) { super.handleMapNotifyEvent(xev); - log.log(Level.FINE, "Mapped {0}", new Object[] {this}); + if (log.isLoggable(Level.FINE)) { + log.log(Level.FINE, "Mapped {0}", new Object[] {String.valueOf(this)}); + } if (isEventDisabled(xev)) { return; } @@ -1333,10 +1337,16 @@ public class XWindow extends XBaseWindow implements X11ComponentPeer { void updateSizeHints(int x, int y, int width, int height) { long flags = XUtilConstants.PSize | (isLocationByPlatform() ? 0 : (XUtilConstants.PPosition | XUtilConstants.USPosition)); if (!isResizable()) { - log.log(Level.FINER, "Window {0} is not resizable", new Object[] {this}); + if (log.isLoggable(Level.FINER)) { + log.log(Level.FINER, "Window {0} is not resizable", + new Object[] {String.valueOf(this)}); + } flags |= XUtilConstants.PMinSize | XUtilConstants.PMaxSize; } else { - log.log(Level.FINER, "Window {0} is resizable", new Object[] {this}); + if (keyEventLog.isLoggable(Level.FINER)) { + log.log(Level.FINER, "Window {0} is resizable", + new Object[] {String.valueOf(this)}); + } } setSizeHints(flags, x, y, width, height); } @@ -1344,10 +1354,16 @@ public class XWindow extends XBaseWindow implements X11ComponentPeer { void updateSizeHints(int x, int y) { long flags = isLocationByPlatform() ? 0 : (XUtilConstants.PPosition | XUtilConstants.USPosition); if (!isResizable()) { - log.log(Level.FINER, "Window {0} is not resizable", new Object[] {this}); + if (log.isLoggable(Level.FINER)) { + log.log(Level.FINER, "Window {0} is not resizable", + new Object[] {String.valueOf(this)}); + } flags |= XUtilConstants.PMinSize | XUtilConstants.PMaxSize | XUtilConstants.PSize; } else { - log.log(Level.FINER, "Window {0} is resizable", new Object[] {this}); + if (log.isLoggable(Level.FINER)) { + log.log(Level.FINER, "Window {0} is resizable", + new Object[] {String.valueOf(this)}); + } } setSizeHints(flags, x, y, width, height); } diff --git a/jdk/src/solaris/classes/sun/awt/X11/XWindowPeer.java b/jdk/src/solaris/classes/sun/awt/X11/XWindowPeer.java index b1646413b79..0c3a12a8fed 100644 --- a/jdk/src/solaris/classes/sun/awt/X11/XWindowPeer.java +++ b/jdk/src/solaris/classes/sun/awt/X11/XWindowPeer.java @@ -354,7 +354,7 @@ class XWindowPeer extends XPanelPeer implements WindowPeer, if (iconLog.isLoggable(Level.FINEST)) { iconLog.log(Level.FINEST, ">>> Sizes of icon images:"); for (Iterator i = icons.iterator(); i.hasNext(); ) { - iconLog.log(Level.FINEST, " {0}", i.next()); + iconLog.log(Level.FINEST, " {0}", String.valueOf(i.next())); } } } @@ -769,7 +769,9 @@ class XWindowPeer extends XPanelPeer implements WindowPeer, public void handleFocusEvent(XEvent xev) { XFocusChangeEvent xfe = xev.get_xfocus(); FocusEvent fe; - focusLog.log(Level.FINE, "{0}", new Object[] {xfe}); + if (focusLog.isLoggable(Level.FINE)) { + focusLog.log(Level.FINE, "{0}", new Object[] {String.valueOf(xfe)}); + } if (isEventDisabled(xev)) { return; } @@ -1388,7 +1390,10 @@ class XWindowPeer extends XPanelPeer implements WindowPeer, synchronized(getStateLock()) { XDialogPeer blockerPeer = (XDialogPeer) ComponentAccessor.getPeer(d); if (blocked) { - log.log(Level.FINE, "{0} is blocked by {1}", new Object[] { this, blockerPeer}); + if (log.isLoggable(Level.FINE)) { + log.log(Level.FINE, "{0} is blocked by {1}", + new Object[] { String.valueOf(this), String.valueOf(blockerPeer)}); + } modalBlocker = d; if (isReparented() || XWM.isNonReparentingWM()) { @@ -1866,7 +1871,8 @@ class XWindowPeer extends XPanelPeer implements WindowPeer, XCrossingEvent xce = xev.get_xcrossing(); if (grabLog.isLoggable(Level.FINE)) { grabLog.log(Level.FINE, "{0}, when grabbed {1}, contains {2}", - new Object[] {xce, isGrabbed(), containsGlobal(xce.get_x_root(), xce.get_y_root())}); + new Object[] {String.valueOf(xce), isGrabbed(), + containsGlobal(xce.get_x_root(), xce.get_y_root())}); } if (isGrabbed()) { // When window is grabbed, all events are dispatched to @@ -1877,7 +1883,10 @@ class XWindowPeer extends XPanelPeer implements WindowPeer, // since it generates MOUSE_ENTERED/MOUSE_EXITED for frame and dialog. // (fix for 6390326) XBaseWindow target = XToolkit.windowToXWindow(xce.get_window()); - grabLog.log(Level.FINER, " - Grab event target {0}", new Object[] {target}); + if (grabLog.isLoggable(Level.FINER)) { + grabLog.log(Level.FINER, " - Grab event target {0}", + new Object[] {String.valueOf(target)}); + } if (target != null && target != this) { target.dispatchEvent(xev); return; @@ -1890,7 +1899,8 @@ class XWindowPeer extends XPanelPeer implements WindowPeer, XMotionEvent xme = xev.get_xmotion(); if (grabLog.isLoggable(Level.FINE)) { grabLog.log(Level.FINER, "{0}, when grabbed {1}, contains {2}", - new Object[] {xme, isGrabbed(), containsGlobal(xme.get_x_root(), xme.get_y_root())}); + new Object[] {String.valueOf(xme), isGrabbed(), + containsGlobal(xme.get_x_root(), xme.get_y_root())}); } if (isGrabbed()) { boolean dragging = false; @@ -1919,7 +1929,10 @@ class XWindowPeer extends XPanelPeer implements WindowPeer, xme.set_x(localCoord.x); xme.set_y(localCoord.y); } - grabLog.log(Level.FINER, " - Grab event target {0}", new Object[] {target}); + if (grabLog.isLoggable(Level.FINER)) { + grabLog.log(Level.FINER, " - Grab event target {0}", + new Object[] {String.valueOf(target)}); + } if (target != null) { if (target != getContentXWindow() && target != this) { target.dispatchEvent(xev); @@ -1953,7 +1966,9 @@ class XWindowPeer extends XPanelPeer implements WindowPeer, } if (grabLog.isLoggable(Level.FINE)) { grabLog.log(Level.FINE, "{0}, when grabbed {1}, contains {2} ({3}, {4}, {5}x{6})", - new Object[] {xbe, isGrabbed(), containsGlobal(xbe.get_x_root(), xbe.get_y_root()), getAbsoluteX(), getAbsoluteY(), getWidth(), getHeight()}); + new Object[] {String.valueOf(xbe), isGrabbed(), + containsGlobal(xbe.get_x_root(), xbe.get_y_root()), + getAbsoluteX(), getAbsoluteY(), getWidth(), getHeight()}); } if (isGrabbed()) { // When window is grabbed, all events are dispatched to @@ -1962,7 +1977,10 @@ class XWindowPeer extends XPanelPeer implements WindowPeer, // translation) XBaseWindow target = XToolkit.windowToXWindow(xbe.get_window()); try { - grabLog.log(Level.FINER, " - Grab event target {0} (press target {1})", new Object[] {target, pressTarget}); + if (grabLog.isLoggable(Level.FINER)) { + grabLog.log(Level.FINER, " - Grab event target {0} (press target {1})", + new Object[] {String.valueOf(target), String.valueOf(pressTarget)}); + } if (xbe.get_type() == XConstants.ButtonPress && xbe.get_button() == XConstants.buttons[0]) { @@ -1995,7 +2013,10 @@ class XWindowPeer extends XPanelPeer implements WindowPeer, // Outside this toplevel hierarchy // According to the specification of UngrabEvent, post it // when press occurs outside of the window and not on its owned windows - grabLog.log(Level.FINE, "Generating UngrabEvent on {0} because not inside of shell", this); + if (grabLog.isLoggable(Level.FINE)) { + grabLog.log(Level.FINE, "Generating UngrabEvent on {0} because not inside of shell", + String.valueOf(this)); + } postEventToEventQueue(new sun.awt.UngrabEvent(getEventSource())); return; } @@ -2013,18 +2034,27 @@ class XWindowPeer extends XPanelPeer implements WindowPeer, // toplevel == null - outside of // hierarchy, toplevel is Dialog - should // send ungrab (but shouldn't for Window) - grabLog.log(Level.FINE, "Generating UngrabEvent on {0} because hierarchy ended", this); + if (grabLog.isLoggable(Level.FINE)) { + grabLog.log(Level.FINE, "Generating UngrabEvent on {0} because hierarchy ended", + String.valueOf(this)); + } postEventToEventQueue(new sun.awt.UngrabEvent(getEventSource())); } } else { // toplevel is null - outside of hierarchy - grabLog.log(Level.FINE, "Generating UngrabEvent on {0} because toplevel is null", this); + if (grabLog.isLoggable(Level.FINE)) { + grabLog.log(Level.FINE, "Generating UngrabEvent on {0} because toplevel is null", + String.valueOf(this)); + } postEventToEventQueue(new sun.awt.UngrabEvent(getEventSource())); return; } } else { // target doesn't map to XAWT window - outside of hierarchy - grabLog.log(Level.FINE, "Generating UngrabEvent on because target is null {0}", this); + if (grabLog.isLoggable(Level.FINE)) { + grabLog.log(Level.FINE, "Generating UngrabEvent on because target is null {0}", + String.valueOf(this)); + } postEventToEventQueue(new sun.awt.UngrabEvent(getEventSource())); return; } diff --git a/jdk/src/windows/classes/sun/awt/windows/WMenuItemPeer.java b/jdk/src/windows/classes/sun/awt/windows/WMenuItemPeer.java index e1523268861..7080de47ad6 100644 --- a/jdk/src/windows/classes/sun/awt/windows/WMenuItemPeer.java +++ b/jdk/src/windows/classes/sun/awt/windows/WMenuItemPeer.java @@ -35,7 +35,7 @@ import java.util.logging.Logger; import java.util.logging.Level; class WMenuItemPeer extends WObjectPeer implements MenuItemPeer { - private static final Logger log = Logger.getLogger("sun.awt.WMenuItemPeer"); + private static final Logger log = Logger.getLogger("sun.awt.windows.WMenuItemPeer"); static { initIDs(); diff --git a/jdk/src/windows/classes/sun/awt/windows/WPanelPeer.java b/jdk/src/windows/classes/sun/awt/windows/WPanelPeer.java index 3b4af6dd1f6..4f38013f328 100644 --- a/jdk/src/windows/classes/sun/awt/windows/WPanelPeer.java +++ b/jdk/src/windows/classes/sun/awt/windows/WPanelPeer.java @@ -34,7 +34,6 @@ import java.util.logging.*; class WPanelPeer extends WCanvasPeer implements PanelPeer { - private static final Logger log = Logger.getLogger("sun.awt.windows.WPanelPeer"); // ComponentPeer overrides public void paint(Graphics g) { From 3b237a13dfc04adc3cf336daa3eaea4703e371c6 Mon Sep 17 00:00:00 2001 From: Valerie Peng Date: Thu, 20 Aug 2009 14:49:31 -0700 Subject: [PATCH 04/16] 6636650: (cl) Resurrected ClassLoaders can still have children Prevent classloader from resurrection Reviewed-by: hawtin --- .../share/classes/java/lang/ClassLoader.java | 85 ++++++------------- 1 file changed, 27 insertions(+), 58 deletions(-) diff --git a/jdk/src/share/classes/java/lang/ClassLoader.java b/jdk/src/share/classes/java/lang/ClassLoader.java index d25100958a0..33236c00ff6 100644 --- a/jdk/src/share/classes/java/lang/ClassLoader.java +++ b/jdk/src/share/classes/java/lang/ClassLoader.java @@ -186,11 +186,6 @@ public abstract class ClassLoader { parallelLoaders.add(ClassLoader.class); } - // If initialization succeed this is set to true and security checks will - // succeed. Otherwise the object is not initialized and the object is - // useless. - private final boolean initialized; - // The parent class loader for delegation // Note: VM hardcoded the offset of this field, thus all new fields // must be added *after* it. @@ -232,6 +227,31 @@ public abstract class ClassLoader { private final HashMap packages = new HashMap(); + private static Void checkCreateClassLoader() { + SecurityManager security = System.getSecurityManager(); + if (security != null) { + security.checkCreateClassLoader(); + } + return null; + } + + private ClassLoader(Void unused, ClassLoader parent) { + this.parent = parent; + if (parallelLoaders.contains(this.getClass())) { + parallelLockMap = new ConcurrentHashMap(); + package2certs = new ConcurrentHashMap(); + domains = + Collections.synchronizedSet(new HashSet()); + assertionLock = new Object(); + } else { + // no finer-grained lock; lock on the classloader instance + parallelLockMap = null; + package2certs = new Hashtable(); + domains = new HashSet(); + assertionLock = this; + } + } + /** * Creates a new class loader using the specified parent class loader for * delegation. @@ -252,25 +272,7 @@ public abstract class ClassLoader { * @since 1.2 */ protected ClassLoader(ClassLoader parent) { - SecurityManager security = System.getSecurityManager(); - if (security != null) { - security.checkCreateClassLoader(); - } - this.parent = parent; - if (parallelLoaders.contains(this.getClass())) { - parallelLockMap = new ConcurrentHashMap(); - package2certs = new ConcurrentHashMap(); - domains = - Collections.synchronizedSet(new HashSet()); - assertionLock = new Object(); - } else { - // no finer-grained lock; lock on the classloader instance - parallelLockMap = null; - package2certs = new Hashtable(); - domains = new HashSet(); - assertionLock = this; - } - initialized = true; + this(checkCreateClassLoader(), parent); } /** @@ -289,25 +291,7 @@ public abstract class ClassLoader { * of a new class loader. */ protected ClassLoader() { - SecurityManager security = System.getSecurityManager(); - if (security != null) { - security.checkCreateClassLoader(); - } - this.parent = getSystemClassLoader(); - if (parallelLoaders.contains(this.getClass())) { - parallelLockMap = new ConcurrentHashMap(); - package2certs = new ConcurrentHashMap(); - domains = - Collections.synchronizedSet(new HashSet()); - assertionLock = new Object(); - } else { - // no finer-grained lock; lock on the classloader instance - parallelLockMap = null; - package2certs = new Hashtable(); - domains = new HashSet(); - assertionLock = this; - } - initialized = true; + this(checkCreateClassLoader(), getSystemClassLoader()); } // -- Class -- @@ -742,7 +726,6 @@ public abstract class ClassLoader { ProtectionDomain protectionDomain) throws ClassFormatError { - check(); protectionDomain = preDefineClass(name, protectionDomain); Class c = null; @@ -826,8 +809,6 @@ public abstract class ClassLoader { ProtectionDomain protectionDomain) throws ClassFormatError { - check(); - int len = b.remaining(); // Use byte[] if not a direct ByteBufer: @@ -972,7 +953,6 @@ public abstract class ClassLoader { * @see #defineClass(String, byte[], int, int) */ protected final void resolveClass(Class c) { - check(); resolveClass0(c); } @@ -1003,7 +983,6 @@ public abstract class ClassLoader { protected final Class findSystemClass(String name) throws ClassNotFoundException { - check(); ClassLoader system = getSystemClassLoader(); if (system == null) { if (!checkName(name)) @@ -1016,7 +995,6 @@ public abstract class ClassLoader { private Class findBootstrapClass0(String name) throws ClassNotFoundException { - check(); if (!checkName(name)) throw new ClassNotFoundException(name); return findBootstrapClass(name); @@ -1025,13 +1003,6 @@ public abstract class ClassLoader { private native Class findBootstrapClass(String name) throws ClassNotFoundException; - // Check to make sure the class loader has been initialized. - private void check() { - if (!initialized) { - throw new SecurityException("ClassLoader object not initialized"); - } - } - /** * Returns the class with the given binary name if this * loader has been recorded by the Java virtual machine as an initiating @@ -1047,7 +1018,6 @@ public abstract class ClassLoader { * @since 1.1 */ protected final Class findLoadedClass(String name) { - check(); if (!checkName(name)) return null; return findLoadedClass0(name); @@ -1068,7 +1038,6 @@ public abstract class ClassLoader { * @since 1.1 */ protected final void setSigners(Class c, Object[] signers) { - check(); c.setSigners(signers); } From fb19c4e1f91a437f84ec4f65e888651abcbf70a7 Mon Sep 17 00:00:00 2001 From: Valerie Peng Date: Thu, 20 Aug 2009 17:16:13 -0700 Subject: [PATCH 05/16] 6874407: Missing regression test for 6636650 Prevent classloader from resurrection Reviewed-by: hawtin --- .../lang/ClassLoader/UninitializedParent.java | 68 +++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 jdk/test/java/lang/ClassLoader/UninitializedParent.java diff --git a/jdk/test/java/lang/ClassLoader/UninitializedParent.java b/jdk/test/java/lang/ClassLoader/UninitializedParent.java new file mode 100644 index 00000000000..155ae179bed --- /dev/null +++ b/jdk/test/java/lang/ClassLoader/UninitializedParent.java @@ -0,0 +1,68 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6636650 + * @summary Uninitialized class loaders should not be a parent of other + * class loaders. + */ + + +import java.net.*; + +public class UninitializedParent { + private static ClassLoader loader; + public static void main(String[] args) throws Exception { + System.setSecurityManager(new SecurityManager()); + + // Create an uninitialized class loader + try { + new ClassLoader(null) { + @Override + protected void finalize() { + loader = this; + } + }; + } catch (SecurityException exc) { + // Expected + } + System.gc(); + System.runFinalization(); + + // if 'loader' isn't null, need to ensure that it can't be used as + // parent + if (loader != null) { + try { + // Create a class loader with 'loader' being the parent + URLClassLoader child = URLClassLoader.newInstance + (new URL[0], loader); + throw new RuntimeException("Test Failed!"); + } catch (SecurityException se) { + System.out.println("Test Passed: Exception thrown"); + } + } else { + System.out.println("Test Passed: Loader is null"); + } + } +} From 193bae2884893e506c38e18e35b3f91ece2e22b9 Mon Sep 17 00:00:00 2001 From: Masayoshi Okutsu Date: Wed, 26 Aug 2009 17:05:15 +0900 Subject: [PATCH 06/16] 6824265: (tz) TimeZone.getTimeZone allows probing local filesystem Reviewed-by: peytoia --- .../sun/util/calendar/ZoneInfoFile.java | 76 +++++++++++-------- 1 file changed, 45 insertions(+), 31 deletions(-) diff --git a/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java b/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java index 6ada1afbbb6..52ec7099c51 100644 --- a/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java +++ b/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java @@ -1,5 +1,5 @@ /* - * Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -472,6 +472,18 @@ public class ZoneInfoFile { private static Map zoneInfoObjects = null; + private static final String ziDir; + static { + String zi = (String) AccessController.doPrivileged( + new sun.security.action.GetPropertyAction("java.home")) + + File.separator + "lib" + File.separator + "zi"; + try { + zi = new File(zi).getCanonicalPath(); + } catch (Exception e) { + } + ziDir = zi; + } + /** * Converts the given time zone ID to a platform dependent path * name. For example, "America/Los_Angeles" is converted to @@ -576,20 +588,7 @@ public class ZoneInfoFile { return null; } - int index; - for (index = 0; index < JAVAZI_LABEL.length; index++) { - if (buf[index] != JAVAZI_LABEL[index]) { - System.err.println("ZoneInfo: wrong magic number: " + id); - return null; - } - } - - if (buf[index++] > JAVAZI_VERSION) { - System.err.println("ZoneInfo: incompatible version (" - + buf[index - 1] + "): " + id); - return null; - } - + int index = 0; int filesize = buf.length; int rawOffset = 0; int dstSavings = 0; @@ -600,6 +599,18 @@ public class ZoneInfoFile { int[] simpleTimeZoneParams = null; try { + for (index = 0; index < JAVAZI_LABEL.length; index++) { + if (buf[index] != JAVAZI_LABEL[index]) { + System.err.println("ZoneInfo: wrong magic number: " + id); + return null; + } + } + if (buf[index++] > JAVAZI_VERSION) { + System.err.println("ZoneInfo: incompatible version (" + + buf[index - 1] + "): " + id); + return null; + } + while (index < filesize) { byte tag = buf[index++]; int len = ((buf[index++] & 0xFF) << 8) + (buf[index++] & 0xFF); @@ -1017,30 +1028,33 @@ public class ZoneInfoFile { * Reads the specified file under <java.home>/lib/zi into a buffer. * @return the buffer, or null if any I/O error occurred. */ - private static byte[] readZoneInfoFile(String fileName) { + private static byte[] readZoneInfoFile(final String fileName) { byte[] buffer = null; try { - String homeDir = AccessController.doPrivileged( - new sun.security.action.GetPropertyAction("java.home")); - final String fname = homeDir + File.separator + "lib" + File.separator - + "zi" + File.separator + fileName; buffer = (byte[]) AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws IOException { - File file = new File(fname); - if (!file.canRead()) { + File file = new File(ziDir, fileName); + if (!file.exists() || !file.isFile()) { return null; } - int filesize = (int)file.length(); - byte[] buf = new byte[filesize]; - - FileInputStream fis = new FileInputStream(file); - - if (fis.read(buf) != filesize) { - fis.close(); - throw new IOException("read error on " + fname); + file = file.getCanonicalFile(); + String path = file.getCanonicalPath(); + byte[] buf = null; + if (path != null && path.startsWith(ziDir)) { + int filesize = (int)file.length(); + if (filesize > 0) { + FileInputStream fis = new FileInputStream(file); + buf = new byte[filesize]; + try { + if (fis.read(buf) != filesize) { + throw new IOException("read error on " + fileName); + } + } finally { + fis.close(); + } + } } - fis.close(); return buf; } }); From 63810a5c4292cd5f18ca5eea9600d20becd009f5 Mon Sep 17 00:00:00 2001 From: Sergey Malenkov Date: Thu, 3 Sep 2009 19:42:27 +0400 Subject: [PATCH 07/16] 6657026: Numerous static security flaws in Swing (findbugs) Reviewed-by: hawtin, peterz --- .../classes/javax/swing/ToolTipManager.java | 15 +- .../share/classes/javax/swing/UIManager.java | 38 +-- .../swing/plaf/basic/BasicSplitPaneUI.java | 10 +- .../javax/swing/plaf/metal/MetalBumps.java | 62 ++--- .../plaf/metal/MetalInternalFrameUI.java | 10 +- .../javax/swing/plaf/metal/MetalSliderUI.java | 23 +- .../swing/ToolTipManager/Test6657026.java | 74 ++++++ .../javax/swing/UIManager/Test6657026.java | 59 +++++ .../basic/BasicSplitPaneUI/Test6657026.java | 82 ++++++ .../plaf/metal/MetalBorders/Test6657026.java | 91 +++++++ .../plaf/metal/MetalBumps/Test6657026.java | 238 ++++++++++++++++++ .../MetalInternalFrameUI/Test6657026.java | 60 +++++ .../plaf/metal/MetalSliderUI/Test6657026.java | 67 +++++ 13 files changed, 734 insertions(+), 95 deletions(-) create mode 100644 jdk/test/javax/swing/ToolTipManager/Test6657026.java create mode 100644 jdk/test/javax/swing/UIManager/Test6657026.java create mode 100644 jdk/test/javax/swing/plaf/basic/BasicSplitPaneUI/Test6657026.java create mode 100644 jdk/test/javax/swing/plaf/metal/MetalBorders/Test6657026.java create mode 100644 jdk/test/javax/swing/plaf/metal/MetalBumps/Test6657026.java create mode 100644 jdk/test/javax/swing/plaf/metal/MetalInternalFrameUI/Test6657026.java create mode 100644 jdk/test/javax/swing/plaf/metal/MetalSliderUI/Test6657026.java diff --git a/jdk/src/share/classes/javax/swing/ToolTipManager.java b/jdk/src/share/classes/javax/swing/ToolTipManager.java index 6ee279bff36..63258349a47 100644 --- a/jdk/src/share/classes/javax/swing/ToolTipManager.java +++ b/jdk/src/share/classes/javax/swing/ToolTipManager.java @@ -1,5 +1,5 @@ /* - * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,10 +27,7 @@ package javax.swing; import java.awt.event.*; -import java.applet.*; import java.awt.*; -import java.io.Serializable; -import sun.swing.UIAction; /** * Manages all the ToolTips in the system. @@ -60,7 +57,7 @@ public class ToolTipManager extends MouseAdapter implements MouseMotionListener JComponent insideComponent; MouseEvent mouseEvent; boolean showImmediately; - final static ToolTipManager sharedInstance = new ToolTipManager(); + private static final Object TOOL_TIP_MANAGER_KEY = new Object(); transient Popup tipWindow; /** The Window tip is being displayed in. This will be non-null if * the Window tip is in differs from that of insideComponent's Window. @@ -345,7 +342,13 @@ public class ToolTipManager extends MouseAdapter implements MouseMotionListener * @return a shared ToolTipManager object */ public static ToolTipManager sharedInstance() { - return sharedInstance; + Object value = SwingUtilities.appContextGet(TOOL_TIP_MANAGER_KEY); + if (value instanceof ToolTipManager) { + return (ToolTipManager) value; + } + ToolTipManager manager = new ToolTipManager(); + SwingUtilities.appContextPut(TOOL_TIP_MANAGER_KEY, manager); + return manager; } // add keylistener here to trigger tip for access diff --git a/jdk/src/share/classes/javax/swing/UIManager.java b/jdk/src/share/classes/javax/swing/UIManager.java index e4c7c7c687d..4dee6f3198a 100644 --- a/jdk/src/share/classes/javax/swing/UIManager.java +++ b/jdk/src/share/classes/javax/swing/UIManager.java @@ -1,5 +1,5 @@ /* - * Copyright 1997-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -197,6 +197,8 @@ public class UIManager implements Serializable Vector auxLookAndFeels = null; SwingPropertyChangeSupport changeSupport; + LookAndFeelInfo[] installedLAFs; + UIDefaults getLookAndFeelDefaults() { return tables[0]; } void setLookAndFeelDefaults(UIDefaults x) { tables[0] = x; } @@ -227,18 +229,6 @@ public class UIManager implements Serializable */ private static final Object classLock = new Object(); - - /* Cache the last referenced LAFState to improve performance - * when accessing it. The cache is based on last thread rather - * than last AppContext because of the cost of looking up the - * AppContext each time. Since most Swing UI work is on the - * EventDispatchThread, this hits often enough to justify the - * overhead. (4193032) - */ - private static Thread currentLAFStateThread = null; - private static LAFState currentLAFState = null; - - /** * Return the LAFState object, lazily create one if necessary. * All access to the LAFState fields is done via this method, @@ -248,13 +238,6 @@ public class UIManager implements Serializable * */ private static LAFState getLAFState() { - // First check whether we're running on the same thread as - // the last request. - Thread thisThread = Thread.currentThread(); - if (thisThread == currentLAFStateThread) { - return currentLAFState; - } - LAFState rv = (LAFState)SwingUtilities.appContextGet( SwingUtilities2.LAF_STATE_KEY); if (rv == null) { @@ -268,10 +251,6 @@ public class UIManager implements Serializable } } } - - currentLAFStateThread = thisThread; - currentLAFState = rv; - return rv; } @@ -431,7 +410,10 @@ public class UIManager implements Serializable */ public static LookAndFeelInfo[] getInstalledLookAndFeels() { maybeInitialize(); - LookAndFeelInfo[] ilafs = installedLAFs; + LookAndFeelInfo[] ilafs = getLAFState().installedLAFs; + if (ilafs == null) { + ilafs = installedLAFs; + } LookAndFeelInfo[] rv = new LookAndFeelInfo[ilafs.length]; System.arraycopy(ilafs, 0, rv, 0, ilafs.length); return rv; @@ -453,9 +435,10 @@ public class UIManager implements Serializable public static void setInstalledLookAndFeels(LookAndFeelInfo[] infos) throws SecurityException { + maybeInitialize(); LookAndFeelInfo[] newInfos = new LookAndFeelInfo[infos.length]; System.arraycopy(infos, 0, newInfos, 0, infos.length); - installedLAFs = newInfos; + getLAFState().installedLAFs = newInfos; } @@ -1307,10 +1290,11 @@ public class UIManager implements Serializable } } - installedLAFs = new LookAndFeelInfo[ilafs.size()]; + LookAndFeelInfo[] installedLAFs = new LookAndFeelInfo[ilafs.size()]; for(int i = 0; i < ilafs.size(); i++) { installedLAFs[i] = ilafs.elementAt(i); } + getLAFState().installedLAFs = installedLAFs; } diff --git a/jdk/src/share/classes/javax/swing/plaf/basic/BasicSplitPaneUI.java b/jdk/src/share/classes/javax/swing/plaf/basic/BasicSplitPaneUI.java index b35a75ed700..0be46948712 100644 --- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicSplitPaneUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicSplitPaneUI.java @@ -1,5 +1,5 @@ /* - * Copyright 1997-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,14 +31,12 @@ import sun.swing.DefaultLookup; import sun.swing.UIAction; import javax.swing.*; import javax.swing.border.Border; -import javax.swing.event.*; import java.awt.*; import java.awt.event.*; import java.awt.peer.ComponentPeer; import java.awt.peer.LightweightPeer; import java.beans.*; import java.util.*; -import javax.swing.plaf.ActionMapUIResource; import javax.swing.plaf.SplitPaneUI; import javax.swing.plaf.ComponentUI; import javax.swing.plaf.UIResource; @@ -106,13 +104,13 @@ public class BasicSplitPaneUI extends SplitPaneUI * Keys to use for forward focus traversal when the JComponent is * managing focus. */ - private static Set managingFocusForwardTraversalKeys; + private Set managingFocusForwardTraversalKeys; /** * Keys to use for backward focus traversal when the JComponent is * managing focus. */ - private static Set managingFocusBackwardTraversalKeys; + private Set managingFocusBackwardTraversalKeys; /** @@ -675,7 +673,7 @@ public class BasicSplitPaneUI extends SplitPaneUI * @return increment via keyboard methods. */ int getKeyboardMoveIncrement() { - return KEYBOARD_DIVIDER_MOVE_OFFSET; + return 3; } /** diff --git a/jdk/src/share/classes/javax/swing/plaf/metal/MetalBumps.java b/jdk/src/share/classes/javax/swing/plaf/metal/MetalBumps.java index 655393b43fd..ae3ad679121 100644 --- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalBumps.java +++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalBumps.java @@ -1,5 +1,5 @@ /* - * Copyright 1998-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1998-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,8 +28,9 @@ package javax.swing.plaf.metal; import java.awt.*; import java.awt.image.*; import javax.swing.*; -import java.io.*; -import java.util.*; +import java.util.ArrayList; +import java.util.List; +import sun.awt.AppContext; /** * Implements the bumps used throughout the Metal Look and Feel. @@ -49,19 +50,9 @@ class MetalBumps implements Icon { protected Color shadowColor; protected Color backColor; - protected static Vector buffers = new Vector(); + private static final Object METAL_BUMPS = new Object(); protected BumpBuffer buffer; - public MetalBumps( Dimension bumpArea ) { - this( bumpArea.width, bumpArea.height ); - } - - public MetalBumps( int width, int height ) { - this(width, height, MetalLookAndFeel.getPrimaryControlHighlight(), - MetalLookAndFeel.getPrimaryControlDarkShadow(), - MetalLookAndFeel.getPrimaryControlShadow()); - } - /** * Creates MetalBumps of the specified size with the specified colors. * If newBackColor is null, the background will be @@ -73,26 +64,22 @@ class MetalBumps implements Icon { setBumpColors( newTopColor, newShadowColor, newBackColor ); } - private BumpBuffer getBuffer(GraphicsConfiguration gc, Color aTopColor, - Color aShadowColor, Color aBackColor) { - if (buffer != null && buffer.hasSameConfiguration( - gc, aTopColor, aShadowColor, aBackColor)) { - return buffer; + private static BumpBuffer createBuffer(GraphicsConfiguration gc, + Color topColor, Color shadowColor, Color backColor) { + AppContext context = AppContext.getAppContext(); + List buffers = (List) context.get(METAL_BUMPS); + if (buffers == null) { + buffers = new ArrayList(); + context.put(METAL_BUMPS, buffers); } - BumpBuffer result = null; - - for (BumpBuffer aBuffer : buffers) { - if ( aBuffer.hasSameConfiguration(gc, aTopColor, aShadowColor, - aBackColor)) { - result = aBuffer; - break; + for (BumpBuffer buffer : buffers) { + if (buffer.hasSameConfiguration(gc, topColor, shadowColor, backColor)) { + return buffer; } } - if (result == null) { - result = new BumpBuffer(gc, topColor, shadowColor, backColor); - buffers.addElement(result); - } - return result; + BumpBuffer buffer = new BumpBuffer(gc, topColor, shadowColor, backColor); + buffers.add(buffer); + return buffer; } public void setBumpArea( Dimension bumpArea ) { @@ -119,10 +106,12 @@ class MetalBumps implements Icon { GraphicsConfiguration gc = (g instanceof Graphics2D) ? ((Graphics2D) g).getDeviceConfiguration() : null; - buffer = getBuffer(gc, topColor, shadowColor, backColor); + if ((buffer == null) || !buffer.hasSameConfiguration(gc, topColor, shadowColor, backColor)) { + buffer = createBuffer(gc, topColor, shadowColor, backColor); + } - int bufferWidth = buffer.getImageSize().width; - int bufferHeight = buffer.getImageSize().height; + int bufferWidth = BumpBuffer.IMAGE_SIZE; + int bufferHeight = BumpBuffer.IMAGE_SIZE; int iconWidth = getIconWidth(); int iconHeight = getIconHeight(); int x2 = x + iconWidth; @@ -155,7 +144,6 @@ class MetalBumps implements Icon { class BumpBuffer { static final int IMAGE_SIZE = 64; - static Dimension imageSize = new Dimension( IMAGE_SIZE, IMAGE_SIZE ); transient Image image; Color topColor; @@ -197,10 +185,6 @@ class BumpBuffer { return image; } - public Dimension getImageSize() { - return imageSize; - } - /** * Paints the bumps into the current image. */ diff --git a/jdk/src/share/classes/javax/swing/plaf/metal/MetalInternalFrameUI.java b/jdk/src/share/classes/javax/swing/plaf/metal/MetalInternalFrameUI.java index d960ca19b75..adac940c4a4 100644 --- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalInternalFrameUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalInternalFrameUI.java @@ -1,5 +1,5 @@ /* - * Copyright 1998-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1998-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,10 +31,8 @@ import javax.swing.*; import javax.swing.event.*; import javax.swing.border.*; import javax.swing.plaf.basic.*; -import java.util.EventListener; import java.beans.PropertyChangeListener; import java.beans.PropertyChangeEvent; -import java.beans.PropertyVetoException; import javax.swing.plaf.*; /** @@ -51,7 +49,7 @@ public class MetalInternalFrameUI extends BasicInternalFrameUI { private static final Border handyEmptyBorder = new EmptyBorder(0,0,0,0); protected static String IS_PALETTE = "JInternalFrame.isPalette"; - + private static String IS_PALETTE_KEY = "JInternalFrame.isPalette"; private static String FRAME_TYPE = "JInternalFrame.frameType"; private static String NORMAL_FRAME = "normal"; private static String PALETTE_FRAME = "palette"; @@ -68,7 +66,7 @@ public class MetalInternalFrameUI extends BasicInternalFrameUI { public void installUI(JComponent c) { super.installUI(c); - Object paletteProp = c.getClientProperty( IS_PALETTE ); + Object paletteProp = c.getClientProperty(IS_PALETTE_KEY); if ( paletteProp != null ) { setPalette( ((Boolean)paletteProp).booleanValue() ); } @@ -187,7 +185,7 @@ public class MetalInternalFrameUI extends BasicInternalFrameUI { ui.setFrameType( (String) e.getNewValue() ); } } - else if ( name.equals( IS_PALETTE ) ) + else if ( name.equals(IS_PALETTE_KEY) ) { if ( e.getNewValue() != null ) { diff --git a/jdk/src/share/classes/javax/swing/plaf/metal/MetalSliderUI.java b/jdk/src/share/classes/javax/swing/plaf/metal/MetalSliderUI.java index 28d22705b16..da3d424e409 100644 --- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalSliderUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalSliderUI.java @@ -1,5 +1,5 @@ /* - * Copyright 1998-2008 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1998-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -54,12 +54,13 @@ public class MetalSliderUI extends BasicSliderUI { protected final int TICK_BUFFER = 4; protected boolean filledSlider = false; - // NOTE: these next three variables are currently unused. + // NOTE: these next five variables are currently unused. protected static Color thumbColor; protected static Color highlightColor; protected static Color darkShadowColor; protected static int trackWidth; protected static int tickLength; + private int safeLength; /** * A default horizontal thumb Icon. This field might not be @@ -107,7 +108,7 @@ public class MetalSliderUI extends BasicSliderUI { public void installUI( JComponent c ) { trackWidth = ((Integer)UIManager.get( "Slider.trackWidth" )).intValue(); - tickLength = ((Integer)UIManager.get( "Slider.majorTickLength" )).intValue(); + tickLength = safeLength = ((Integer)UIManager.get( "Slider.majorTickLength" )).intValue(); horizThumbIcon = SAFE_HORIZ_THUMB_ICON = UIManager.getIcon( "Slider.horizontalThumbIcon" ); vertThumbIcon = SAFE_VERT_THUMB_ICON = @@ -477,8 +478,8 @@ public class MetalSliderUI extends BasicSliderUI { * determine the tick area rectangle. */ public int getTickLength() { - return slider.getOrientation() == JSlider.HORIZONTAL ? tickLength + TICK_BUFFER + 1 : - tickLength + TICK_BUFFER + 3; + return slider.getOrientation() == JSlider.HORIZONTAL ? safeLength + TICK_BUFFER + 1 : + safeLength + TICK_BUFFER + 3; } /** @@ -523,22 +524,22 @@ public class MetalSliderUI extends BasicSliderUI { protected void paintMinorTickForHorizSlider( Graphics g, Rectangle tickBounds, int x ) { g.setColor( slider.isEnabled() ? slider.getForeground() : MetalLookAndFeel.getControlShadow() ); - g.drawLine( x, TICK_BUFFER, x, TICK_BUFFER + (tickLength / 2) ); + g.drawLine( x, TICK_BUFFER, x, TICK_BUFFER + (safeLength / 2) ); } protected void paintMajorTickForHorizSlider( Graphics g, Rectangle tickBounds, int x ) { g.setColor( slider.isEnabled() ? slider.getForeground() : MetalLookAndFeel.getControlShadow() ); - g.drawLine( x, TICK_BUFFER , x, TICK_BUFFER + (tickLength - 1) ); + g.drawLine( x, TICK_BUFFER , x, TICK_BUFFER + (safeLength - 1) ); } protected void paintMinorTickForVertSlider( Graphics g, Rectangle tickBounds, int y ) { g.setColor( slider.isEnabled() ? slider.getForeground() : MetalLookAndFeel.getControlShadow() ); if (MetalUtils.isLeftToRight(slider)) { - g.drawLine( TICK_BUFFER, y, TICK_BUFFER + (tickLength / 2), y ); + g.drawLine( TICK_BUFFER, y, TICK_BUFFER + (safeLength / 2), y ); } else { - g.drawLine( 0, y, tickLength/2, y ); + g.drawLine( 0, y, safeLength/2, y ); } } @@ -546,10 +547,10 @@ public class MetalSliderUI extends BasicSliderUI { g.setColor( slider.isEnabled() ? slider.getForeground() : MetalLookAndFeel.getControlShadow() ); if (MetalUtils.isLeftToRight(slider)) { - g.drawLine( TICK_BUFFER, y, TICK_BUFFER + tickLength, y ); + g.drawLine( TICK_BUFFER, y, TICK_BUFFER + safeLength, y ); } else { - g.drawLine( 0, y, tickLength, y ); + g.drawLine( 0, y, safeLength, y ); } } } diff --git a/jdk/test/javax/swing/ToolTipManager/Test6657026.java b/jdk/test/javax/swing/ToolTipManager/Test6657026.java new file mode 100644 index 00000000000..f9e23b988bb --- /dev/null +++ b/jdk/test/javax/swing/ToolTipManager/Test6657026.java @@ -0,0 +1,74 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6657026 + * @summary Tests shared ToolTipManager in different application contexts + * @author Sergey Malenkov + */ + +import sun.awt.SunToolkit; +import javax.swing.ToolTipManager; + +public class Test6657026 implements Runnable { + + private static final int DISMISS = 4000; + private static final int INITIAL = 750; + private static final int RESHOW = 500; + + public static void main(String[] args) throws InterruptedException { + ToolTipManager manager = ToolTipManager.sharedInstance(); + if (DISMISS != manager.getDismissDelay()) { + throw new Error("unexpected dismiss delay"); + } + if (INITIAL != manager.getInitialDelay()) { + throw new Error("unexpected initial delay"); + } + if (RESHOW != manager.getReshowDelay()) { + throw new Error("unexpected reshow delay"); + } + manager.setDismissDelay(DISMISS + 1); + manager.setInitialDelay(INITIAL + 1); + manager.setReshowDelay(RESHOW + 1); + + ThreadGroup group = new ThreadGroup("$$$"); + Thread thread = new Thread(group, new Test6657026()); + thread.start(); + thread.join(); + } + + public void run() { + SunToolkit.createNewAppContext(); + ToolTipManager manager = ToolTipManager.sharedInstance(); + if (DISMISS != manager.getDismissDelay()) { + throw new Error("shared dismiss delay"); + } + if (INITIAL != manager.getInitialDelay()) { + throw new Error("shared initial delay"); + } + if (RESHOW != manager.getReshowDelay()) { + throw new Error("shared reshow delay"); + } + } +} diff --git a/jdk/test/javax/swing/UIManager/Test6657026.java b/jdk/test/javax/swing/UIManager/Test6657026.java new file mode 100644 index 00000000000..7b93a22196c --- /dev/null +++ b/jdk/test/javax/swing/UIManager/Test6657026.java @@ -0,0 +1,59 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6657026 + * @summary Tests shared UIManager in different application contexts + * @author Sergey Malenkov + */ + +import sun.awt.SunToolkit; + +import javax.swing.UIManager; +import javax.swing.UIManager.LookAndFeelInfo; + +public class Test6657026 implements Runnable { + + public static void main(String[] args) throws Exception { + if (UIManager.getInstalledLookAndFeels().length == 0) { + throw new Error("unexpected amount of look&feels"); + } + UIManager.setInstalledLookAndFeels(new LookAndFeelInfo[0]); + if (UIManager.getInstalledLookAndFeels().length != 0) { + throw new Error("unexpected amount of look&feels"); + } + + ThreadGroup group = new ThreadGroup("$$$"); + Thread thread = new Thread(group, new Test6657026()); + thread.start(); + thread.join(); + } + + public void run() { + SunToolkit.createNewAppContext(); + if (UIManager.getInstalledLookAndFeels().length == 0) { + throw new Error("shared look&feels"); + } + } +} diff --git a/jdk/test/javax/swing/plaf/basic/BasicSplitPaneUI/Test6657026.java b/jdk/test/javax/swing/plaf/basic/BasicSplitPaneUI/Test6657026.java new file mode 100644 index 00000000000..16080416f73 --- /dev/null +++ b/jdk/test/javax/swing/plaf/basic/BasicSplitPaneUI/Test6657026.java @@ -0,0 +1,82 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6657026 + * @summary Tests shared BasicSplitPaneUI in different application contexts + * @author Sergey Malenkov + */ + +import sun.awt.SunToolkit; + +import java.awt.event.ActionEvent; +import java.util.Set; +import javax.swing.JSplitPane; +import javax.swing.plaf.basic.BasicSplitPaneUI; + +public class Test6657026 extends BasicSplitPaneUI implements Runnable { + + public static void main(String[] args) throws InterruptedException { + if (new JSplitPane().getFocusTraversalKeys(0).isEmpty()){ + throw new Error("unexpected traversal keys"); + } + new JSplitPane() { + public void setFocusTraversalKeys(int id, Set keystrokes) { + keystrokes.clear(); + super.setFocusTraversalKeys(id, keystrokes); + } + }; + if (new JSplitPane().getFocusTraversalKeys(0).isEmpty()) { + throw new Error("shared traversal keys"); + } + KEYBOARD_DIVIDER_MOVE_OFFSET = -KEYBOARD_DIVIDER_MOVE_OFFSET; + + ThreadGroup group = new ThreadGroup("$$$"); + Thread thread = new Thread(group, new Test6657026()); + thread.start(); + thread.join(); + } + + public void run() { + SunToolkit.createNewAppContext(); + if (new JSplitPane().getFocusTraversalKeys(0).isEmpty()) { + throw new Error("shared traversal keys"); + } + JSplitPane pane = new JSplitPane(); + pane.setUI(this); + + createFocusListener().focusGained(null); // allows actions + test(pane, "positiveIncrement", 3); + test(pane, "negativeIncrement", 0); + } + + private static void test(JSplitPane pane, String action, int expected) { + ActionEvent event = new ActionEvent(pane, expected, action); + pane.getActionMap().get(action).actionPerformed(event); + int actual = pane.getDividerLocation(); + if (actual != expected) { + throw new Error(actual + ", but expected " + expected); + } + } +} diff --git a/jdk/test/javax/swing/plaf/metal/MetalBorders/Test6657026.java b/jdk/test/javax/swing/plaf/metal/MetalBorders/Test6657026.java new file mode 100644 index 00000000000..194b310f450 --- /dev/null +++ b/jdk/test/javax/swing/plaf/metal/MetalBorders/Test6657026.java @@ -0,0 +1,91 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6657026 + * @summary Tests constancy of borders + * @author Sergey Malenkov + */ + +import java.awt.Insets; +import javax.swing.border.Border; +import javax.swing.plaf.metal.MetalBorders.ButtonBorder; +import javax.swing.plaf.metal.MetalBorders.MenuBarBorder; +import javax.swing.plaf.metal.MetalBorders.MenuItemBorder; +import javax.swing.plaf.metal.MetalBorders.PopupMenuBorder; + +public class Test6657026 { + + private static final Insets NEGATIVE = new Insets(Integer.MIN_VALUE, + Integer.MIN_VALUE, + Integer.MIN_VALUE, + Integer.MIN_VALUE); + + public static void main(String[] args) { + new ButtonBorder() {{borderInsets = NEGATIVE;}}; + new MenuBarBorder() {{borderInsets = NEGATIVE;}}; + new MenuItemBorder() {{borderInsets = NEGATIVE;}}; + new PopupMenuBorder() {{borderInsets = NEGATIVE;}}; + + test(create("ButtonBorder")); + test(create("MenuBarBorder")); + test(create("MenuItemBorder")); + test(create("PopupMenuBorder")); + + test(create("Flush3DBorder")); + test(create("InternalFrameBorder")); + // NOT USED: test(create("FrameBorder")); + // NOT USED: test(create("DialogBorder")); + test(create("PaletteBorder")); + test(create("OptionDialogBorder")); + test(create("ScrollPaneBorder")); + } + + private static Border create(String name) { + try { + name = "javax.swing.plaf.metal.MetalBorders$" + name; + return (Border) Class.forName(name).newInstance(); + } + catch (Exception exception) { + throw new Error("unexpected exception", exception); + } + } + + private static void test(Border border) { + Insets actual = border.getBorderInsets(null); + if (NEGATIVE.equals(actual)) { + throw new Error("unexpected insets in " + border.getClass()); + } + Insets expected = (Insets) actual.clone(); + // modify + actual.top++; + actual.left++; + actual.right++; + actual.bottom++; + // validate + if (!expected.equals(border.getBorderInsets(null))) { + throw new Error("shared insets in " + border.getClass()); + } + } +} diff --git a/jdk/test/javax/swing/plaf/metal/MetalBumps/Test6657026.java b/jdk/test/javax/swing/plaf/metal/MetalBumps/Test6657026.java new file mode 100644 index 00000000000..f8041629346 --- /dev/null +++ b/jdk/test/javax/swing/plaf/metal/MetalBumps/Test6657026.java @@ -0,0 +1,238 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6657026 + * @summary Tests shared MetalBumps in different application contexts + * @author Sergey Malenkov + */ + +import sun.awt.SunToolkit; + +import java.awt.Color; +import java.awt.Component; +import java.awt.Font; +import java.awt.FontMetrics; +import java.awt.Graphics; +import java.awt.Image; +import java.awt.Rectangle; +import java.awt.Shape; +import java.awt.image.BufferedImage; +import java.awt.image.ImageObserver; +import java.text.AttributedCharacterIterator; +import javax.swing.Icon; +import javax.swing.plaf.metal.MetalBorders.ToolBarBorder; + +public class Test6657026 extends ToolBarBorder implements Runnable { + + public static void main(String[] args) throws Exception { + new Test6657026().test(); + + ThreadGroup group = new ThreadGroup("$$$"); + Thread thread = new Thread(group, new Test6657026()); + thread.start(); + thread.join(); + } + + public void run() { + SunToolkit.createNewAppContext(); + test(); + } + + private void test() { + MyGraphics mg = new MyGraphics(); + Icon icon = bumps; + icon.paintIcon(mg.component, mg, 0, 0); + if (mg.image != null) { + boolean failed = true; + int value = mg.image.getRGB(0, 0); + for (int x = 0; x < mg.image.getWidth(); x++) { + for (int y = 0; y < mg.image.getHeight(); y++) { + int current = mg.image.getRGB(x, y); + if (current != value) { + mg.image.setRGB(x, y, value); + failed = false; + } + + } + } + if (failed) { + throw new Error("shared metal bumps"); + } + } + } + + private static class MyGraphics extends Graphics { + + private final Component component = new Component() {}; + private BufferedImage image; + + public Graphics create() { + return null; // TODO: check + } + + public void translate(int x, int y) { + // TODO: check + } + + public Color getColor() { + return null; // TODO: check + } + + public void setColor(Color color) { + // TODO: check + } + + public void setPaintMode() { + // TODO: check + } + + public void setXORMode(Color c1) { + // TODO: check + } + + public Font getFont() { + return null; // TODO: check + } + + public void setFont(Font font) { + // TODO: check + } + + public FontMetrics getFontMetrics(Font font) { + return null; // TODO: check + } + + public Rectangle getClipBounds() { + return null; // TODO: check + } + + public void clipRect(int x, int y, int width, int height) { + // TODO: check + } + + public void setClip(int x, int y, int width, int height) { + // TODO: check + } + + public Shape getClip() { + return null; // TODO: check + } + + public void setClip(Shape clip) { + // TODO: check + } + + public void copyArea(int x, int y, int width, int height, int dx, int dy) { + // TODO: check + } + + public void drawLine(int x1, int y1, int x2, int y2) { + // TODO: check + } + + public void fillRect(int x, int y, int width, int height) { + // TODO: check + } + + public void clearRect(int x, int y, int width, int height) { + // TODO: check + } + + public void drawRoundRect(int x, int y, int width, int height, int arcWidth, int arcHeight) { + // TODO: check + } + + public void fillRoundRect(int x, int y, int width, int height, int arcWidth, int arcHeight) { + // TODO: check + } + + public void drawOval(int x, int y, int width, int height) { + // TODO: check + } + + public void fillOval(int x, int y, int width, int height) { + // TODO: check + } + + public void drawArc(int x, int y, int width, int height, int startAngle, int arcAngle) { + // TODO: check + } + + public void fillArc(int x, int y, int width, int height, int startAngle, int arcAngle) { + // TODO: check + } + + public void drawPolyline(int[] xPoints, int[] yPoints, int nPoints) { + // TODO: check + } + + public void drawPolygon(int[] xPoints, int[] yPoints, int nPoints) { + // TODO: check + } + + public void fillPolygon(int[] xPoints, int[] yPoints, int nPoints) { + // TODO: check + } + + public void drawString(String str, int x, int y) { + // TODO: check + } + + public void drawString(AttributedCharacterIterator iterator, int x, int y) { + // TODO: check + } + + public boolean drawImage(Image img, int x, int y, ImageObserver observer) { + return false; // TODO: check + } + + public boolean drawImage(Image img, int x, int y, int width, int height, ImageObserver observer) { + return false; // TODO: check + } + + public boolean drawImage(Image img, int x, int y, Color bgcolor, ImageObserver observer) { + return false; // TODO: check + } + + public boolean drawImage(Image img, int x, int y, int width, int height, Color bgcolor, ImageObserver observer) { + return false; // TODO: check + } + + public boolean drawImage(Image img, int dx1, int dy1, int dx2, int dy2, int sx1, int sy1, int sx2, int sy2, ImageObserver observer) { + if (img instanceof BufferedImage) { + this.image = (BufferedImage) img; + } + return false; // TODO: check + } + + public boolean drawImage(Image img, int dx1, int dy1, int dx2, int dy2, int sx1, int sy1, int sx2, int sy2, Color bgcolor, ImageObserver observer) { + return false; // TODO: check + } + + public void dispose() { + // TODO: check + } + } +} diff --git a/jdk/test/javax/swing/plaf/metal/MetalInternalFrameUI/Test6657026.java b/jdk/test/javax/swing/plaf/metal/MetalInternalFrameUI/Test6657026.java new file mode 100644 index 00000000000..bbfec61c5ba --- /dev/null +++ b/jdk/test/javax/swing/plaf/metal/MetalInternalFrameUI/Test6657026.java @@ -0,0 +1,60 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6657026 + * @summary Tests shared MetalInternalFrameUI in different application contexts + * @author Sergey Malenkov + */ + +import sun.awt.SunToolkit; + +import javax.swing.JInternalFrame; +import javax.swing.JPanel; +import javax.swing.UIManager; +import javax.swing.plaf.metal.MetalInternalFrameUI; +import javax.swing.plaf.metal.MetalLookAndFeel; + +public class Test6657026 extends MetalInternalFrameUI implements Runnable { + + public static void main(String[] args) throws Exception { + UIManager.setLookAndFeel(new MetalLookAndFeel()); + + ThreadGroup group = new ThreadGroup("$$$"); + Thread thread = new Thread(group, new Test6657026()); + thread.start(); + thread.join(); + + new JInternalFrame().setContentPane(new JPanel()); + } + + public Test6657026() { + super(null); + } + + public void run() { + SunToolkit.createNewAppContext(); + IS_PALETTE = JInternalFrame.CONTENT_PANE_PROPERTY; + } +} diff --git a/jdk/test/javax/swing/plaf/metal/MetalSliderUI/Test6657026.java b/jdk/test/javax/swing/plaf/metal/MetalSliderUI/Test6657026.java new file mode 100644 index 00000000000..250889acd89 --- /dev/null +++ b/jdk/test/javax/swing/plaf/metal/MetalSliderUI/Test6657026.java @@ -0,0 +1,67 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6657026 + * @summary Tests shared MetalSliderUI in different application contexts + * @author Sergey Malenkov + */ + +import sun.awt.SunToolkit; + +import javax.swing.JSlider; +import javax.swing.UIManager; +import javax.swing.plaf.metal.MetalLookAndFeel; +import javax.swing.plaf.metal.MetalSliderUI; + +public class Test6657026 extends MetalSliderUI implements Runnable { + + public static void main(String[] args) throws Exception { + UIManager.setLookAndFeel(new MetalLookAndFeel()); + JSlider slider = new JSlider(); + test(slider); + + ThreadGroup group = new ThreadGroup("$$$"); + Thread thread = new Thread(group, new Test6657026()); + thread.start(); + thread.join(); + + test(slider); + } + + public void run() { + SunToolkit.createNewAppContext(); + JSlider slider = new JSlider(); + test(slider); + tickLength = -10000; + } + + private static void test(JSlider slider) { + MetalSliderUI ui = (MetalSliderUI) slider.getUI(); + int actual = ui.getTickLength(); + if (actual != 11) { + throw new Error(actual + ", but expected 11"); + } + } +} From 67e3ba76c16c6888439ae4bd4874c83957b92ae9 Mon Sep 17 00:00:00 2001 From: Andrew Brygin Date: Thu, 10 Sep 2009 12:26:34 +0400 Subject: [PATCH 08/16] 6874643: ImageI/O JPEG is vulnerable to Heap Overflow Reviewed-by: prr, hawtin --- jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c b/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c index 7d39c61e02f..448232143ae 100644 --- a/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c +++ b/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c @@ -1833,6 +1833,13 @@ Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_readImage return JNI_FALSE; } + if (stepX > cinfo->image_width) { + stepX = cinfo->image_width; + } + if (stepY > cinfo->image_height) { + stepY = cinfo->image_height; + } + /* * First get the source bands array and copy it to our local array * so we don't have to worry about pinning and unpinning it again. From a3de8d40ebe6a8403a0b26189e8df2fe2931acbf Mon Sep 17 00:00:00 2001 From: Andrew Brygin Date: Thu, 10 Sep 2009 12:50:09 +0400 Subject: [PATCH 09/16] 6872357: JRE AWT setDifflCM vulnerable to Stack Overflow Reviewed-by: prr, hawtin --- jdk/src/share/native/sun/awt/image/awt_ImageRep.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/jdk/src/share/native/sun/awt/image/awt_ImageRep.c b/jdk/src/share/native/sun/awt/image/awt_ImageRep.c index 9017ee9520f..79975ff7a35 100644 --- a/jdk/src/share/native/sun/awt/image/awt_ImageRep.c +++ b/jdk/src/share/native/sun/awt/image/awt_ImageRep.c @@ -266,6 +266,13 @@ Java_sun_awt_image_ImageRepresentation_setDiffICM(JNIEnv *env, jclass cls, jnewlut = (*env)->GetObjectField(env, jicm, g_ICMrgbID); mapSize = (*env)->GetIntField(env, jicm, g_ICMmapSizeID); + if (numLut < 0 || numLut > 256 || mapSize < 0 || mapSize > 256) { + /* Ether old or new ICM has a palette that exceeds capacity + of byte data type, so we have to convert the image data + to default representation. + */ + return 0; + } srcLUT = (unsigned int *) (*env)->GetPrimitiveArrayCritical(env, jlut, NULL); if (srcLUT == NULL) { From e07c626a488297ee24b91812ce71867c4d42de8e Mon Sep 17 00:00:00 2001 From: Andrew Brygin Date: Thu, 10 Sep 2009 13:35:28 +0400 Subject: [PATCH 10/16] 6862968: JPEG Image Writer quantization problem Reviewed-by: prr, hawtin --- .../native/sun/awt/image/jpeg/imageioJPEG.c | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c b/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c index 448232143ae..3897ddc86c6 100644 --- a/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c +++ b/jdk/src/share/native/sun/awt/image/jpeg/imageioJPEG.c @@ -676,6 +676,10 @@ static int setQTables(JNIEnv *env, #ifdef DEBUG_IIO_JPEG printf("in setQTables, qlen = %d, write is %d\n", qlen, write); #endif + if (qlen > NUM_QUANT_TBLS) { + /* Ignore extra qunterization tables. */ + qlen = NUM_QUANT_TBLS; + } for (i = 0; i < qlen; i++) { table = (*env)->GetObjectArrayElement(env, qtables, i); qdata = (*env)->GetObjectField(env, table, JPEGQTable_tableID); @@ -727,6 +731,11 @@ static void setHuffTable(JNIEnv *env, hlensBody = (*env)->GetShortArrayElements(env, huffLens, NULL); + if (hlensLen > 16) { + /* Ignore extra elements of bits array. Only 16 elements can be + stored. 0-th element is not used. (see jpeglib.h, line 107) */ + hlensLen = 16; + } for (i = 1; i <= hlensLen; i++) { huff_ptr->bits[i] = (UINT8)hlensBody[i-1]; } @@ -743,6 +752,11 @@ static void setHuffTable(JNIEnv *env, huffValues, NULL); + if (hvalsLen > 256) { + /* Ignore extra elements of hufval array. Only 256 elements + can be stored. (see jpeglib.h, line 109) */ + hlensLen = 256; + } for (i = 0; i < hvalsLen; i++) { huff_ptr->huffval[i] = (UINT8)hvalsBody[i]; } @@ -763,6 +777,11 @@ static int setHTables(JNIEnv *env, j_compress_ptr comp; j_decompress_ptr decomp; jsize hlen = (*env)->GetArrayLength(env, DCHuffmanTables); + + if (hlen > NUM_HUFF_TBLS) { + /* Ignore extra DC huffman tables. */ + hlen = NUM_HUFF_TBLS; + } for (i = 0; i < hlen; i++) { if (cinfo->is_decompressor) { decomp = (j_decompress_ptr) cinfo; @@ -784,6 +803,10 @@ static int setHTables(JNIEnv *env, huff_ptr->sent_table = !write; } hlen = (*env)->GetArrayLength(env, ACHuffmanTables); + if (hlen > NUM_HUFF_TBLS) { + /* Ignore extra AC huffman tables. */ + hlen = NUM_HUFF_TBLS; + } for (i = 0; i < hlen; i++) { if (cinfo->is_decompressor) { decomp = (j_decompress_ptr) cinfo; From c26aec2e526846e29966f380af93dbae9a5d1c3d Mon Sep 17 00:00:00 2001 From: Andrew Brygin Date: Thu, 10 Sep 2009 13:52:27 +0400 Subject: [PATCH 11/16] 6822057: X11 and Win32GraphicsDevice don't clone arrays returned from getConfigurations() Reviewed-by: prr, hawtin --- .../classes/sun/awt/X11GraphicsDevice.java | 2 +- .../classes/sun/awt/Win32GraphicsDevice.java | 4 +- .../sun/java2d/d3d/D3DGraphicsDevice.java | 2 +- .../awt/GraphicsDevice/CloneConfigsTest.java | 118 ++++++++++++++++++ 4 files changed, 122 insertions(+), 4 deletions(-) create mode 100644 jdk/test/java/awt/GraphicsDevice/CloneConfigsTest.java diff --git a/jdk/src/solaris/classes/sun/awt/X11GraphicsDevice.java b/jdk/src/solaris/classes/sun/awt/X11GraphicsDevice.java index ed495b177ec..81491abeea3 100644 --- a/jdk/src/solaris/classes/sun/awt/X11GraphicsDevice.java +++ b/jdk/src/solaris/classes/sun/awt/X11GraphicsDevice.java @@ -134,7 +134,7 @@ public class X11GraphicsDevice makeConfigurations(); } } - return configs; + return configs.clone(); } private void makeConfigurations() { diff --git a/jdk/src/windows/classes/sun/awt/Win32GraphicsDevice.java b/jdk/src/windows/classes/sun/awt/Win32GraphicsDevice.java index 1da339ce9f1..8a0960bc6d8 100644 --- a/jdk/src/windows/classes/sun/awt/Win32GraphicsDevice.java +++ b/jdk/src/windows/classes/sun/awt/Win32GraphicsDevice.java @@ -165,7 +165,7 @@ public class Win32GraphicsDevice extends GraphicsDevice implements if (defaultConfig != null) { configs = new GraphicsConfiguration[1]; configs[0] = defaultConfig; - return configs; + return configs.clone(); } } @@ -196,7 +196,7 @@ public class Win32GraphicsDevice extends GraphicsDevice implements configs = new GraphicsConfiguration[v.size()]; v.copyInto(configs); } - return configs; + return configs.clone(); } /** diff --git a/jdk/src/windows/classes/sun/java2d/d3d/D3DGraphicsDevice.java b/jdk/src/windows/classes/sun/java2d/d3d/D3DGraphicsDevice.java index a4334b42f12..30f076a4f91 100644 --- a/jdk/src/windows/classes/sun/java2d/d3d/D3DGraphicsDevice.java +++ b/jdk/src/windows/classes/sun/java2d/d3d/D3DGraphicsDevice.java @@ -426,7 +426,7 @@ public class D3DGraphicsDevice extends Win32GraphicsDevice { if (defaultConfig != null) { configs = new GraphicsConfiguration[1]; configs[0] = defaultConfig; - return configs; + return configs.clone(); } } } diff --git a/jdk/test/java/awt/GraphicsDevice/CloneConfigsTest.java b/jdk/test/java/awt/GraphicsDevice/CloneConfigsTest.java new file mode 100644 index 00000000000..44eec545dda --- /dev/null +++ b/jdk/test/java/awt/GraphicsDevice/CloneConfigsTest.java @@ -0,0 +1,118 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6822057 + * + * @summary Test verifies that list of supported graphics configurations + * can not be changed via modification of elements of an array + * returned by getConfiguration() method. + * + * @run main CloneConfigsTest + * @run main/othervm -Dsun.java2d.opengl=True CloneConfigsTest + * @run main/othervm -Dsun.java2d.d3d=true CloneConfigsTest + * @run main/othervm -Dsun.java2d.noddraw=true CloneConfigsTest + */ + +import java.awt.GraphicsConfiguration; +import java.awt.GraphicsDevice; +import java.awt.GraphicsEnvironment; +import java.awt.Rectangle; +import java.awt.geom.AffineTransform; +import java.awt.image.BufferedImage; +import java.awt.image.ColorModel; + +public class CloneConfigsTest { + + public static void main(String[] args) { + GraphicsEnvironment env = + GraphicsEnvironment.getLocalGraphicsEnvironment(); + + GraphicsDevice[] devices = env.getScreenDevices(); + + GraphicsConfiguration c = new TestConfig(); + + for (GraphicsDevice gd : devices) { + System.out.println("Device: " + gd); + + GraphicsConfiguration[] configs = gd.getConfigurations(); + + for (int i = 0; i < configs.length; i++) { + GraphicsConfiguration gc = configs[i]; + System.out.println("\tConfig: " + gc); + + configs[i] = c; + } + + // verify whether array of configs was modified + configs = gd.getConfigurations(); + for (GraphicsConfiguration gc : configs) { + if (gc == c) { + throw new RuntimeException("Test failed."); + } + } + System.out.println("Test passed."); + } + } + + private static class TestConfig extends GraphicsConfiguration { + + @Override + public GraphicsDevice getDevice() { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public BufferedImage createCompatibleImage(int width, int height) { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public ColorModel getColorModel() { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public ColorModel getColorModel(int transparency) { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public AffineTransform getDefaultTransform() { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public AffineTransform getNormalizingTransform() { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public Rectangle getBounds() { + throw new UnsupportedOperationException("Not supported yet."); + } + + } + +} From 3915dad0c75b379604411c5aeb20df42fbf19cb9 Mon Sep 17 00:00:00 2001 From: Andrew Brygin Date: Thu, 10 Sep 2009 14:04:38 +0400 Subject: [PATCH 12/16] 6632445: DoS from parsing BMPs with UNC ICC links Reviewed-by: prr, hawtin --- .../imageio/plugins/bmp/BMPImageReader.java | 79 ++++++++++++++++++- 1 file changed, 76 insertions(+), 3 deletions(-) diff --git a/jdk/src/share/classes/com/sun/imageio/plugins/bmp/BMPImageReader.java b/jdk/src/share/classes/com/sun/imageio/plugins/bmp/BMPImageReader.java index f8e028d197b..388d7a1b6fb 100644 --- a/jdk/src/share/classes/com/sun/imageio/plugins/bmp/BMPImageReader.java +++ b/jdk/src/share/classes/com/sun/imageio/plugins/bmp/BMPImageReader.java @@ -62,6 +62,8 @@ import javax.imageio.event.IIOReadWarningListener; import java.io.*; import java.nio.*; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Iterator; import java.util.StringTokenizer; @@ -502,12 +504,18 @@ public class BMPImageReader extends ImageReader implements BMPConstants { iis.reset(); try { - if (metadata.colorSpace == PROFILE_LINKED) + if (metadata.colorSpace == PROFILE_LINKED && + isLinkedProfileAllowed() && + !isUncOrDevicePath(profile)) + { + String path = new String(profile, "windows-1252"); + colorSpace = - new ICC_ColorSpace(ICC_Profile.getInstance(new String(profile))); - else + new ICC_ColorSpace(ICC_Profile.getInstance(path)); + } else { colorSpace = new ICC_ColorSpace(ICC_Profile.getInstance(profile)); + } } catch (Exception e) { colorSpace = ColorSpace.getInstance(ColorSpace.CS_sRGB); } @@ -1745,4 +1753,69 @@ public class BMPImageReader extends ImageReader implements BMPConstants { public void sequenceStarted(ImageReader src, int minIndex) {} public void readAborted(ImageReader src) {} } + + private static Boolean isLinkedProfileDisabled = null; + + private static boolean isLinkedProfileAllowed() { + if (isLinkedProfileDisabled == null) { + PrivilegedAction a = new PrivilegedAction() { + public Boolean run() { + return Boolean.getBoolean("sun.imageio.plugins.bmp.disableLinkedProfiles"); + } + }; + isLinkedProfileDisabled = AccessController.doPrivileged(a); + } + return !isLinkedProfileDisabled; + } + + private static Boolean isWindowsPlatform = null; + + /** + * Verifies whether the byte array contans a unc path. + * Non-UNC path examples: + * c:\path\to\file - simple notation + * \\?\c:\path\to\file - long notation + * + * UNC path examples: + * \\server\share - a UNC path in simple notation + * \\?\UNC\server\share - a UNC path in long notation + * \\.\some\device - a path to device. + */ + private static boolean isUncOrDevicePath(byte[] p) { + if (isWindowsPlatform == null) { + PrivilegedAction a = new PrivilegedAction() { + public Boolean run() { + String osname = System.getProperty("os.name"); + return (osname != null && + osname.toLowerCase().startsWith("win")); + } + }; + isWindowsPlatform = AccessController.doPrivileged(a); + } + + if (!isWindowsPlatform) { + /* no need for the check on platforms except windows */ + return false; + } + + /* normalize prefix of the path */ + if (p[0] == '/') p[0] = '\\'; + if (p[1] == '/') p[1] = '\\'; + if (p[3] == '/') p[3] = '\\'; + + + if ((p[0] == '\\') && (p[1] == '\\')) { + if ((p[2] == '?') && (p[3] == '\\')) { + // long path: whether unc or local + return ((p[4] == 'U' || p[4] == 'u') && + (p[5] == 'N' || p[5] == 'n') && + (p[6] == 'C' || p[6] == 'c')); + } else { + // device path or short unc notation + return true; + } + } else { + return false; + } + } } From c87d132dccc80e55d0e53379381f4210da3e17bd Mon Sep 17 00:00:00 2001 From: Andrew Brygin Date: Thu, 10 Sep 2009 14:15:47 +0400 Subject: [PATCH 13/16] 6631533: ICC_Profile allows detecting if some files exist Reviewed-by: prr, hawtin --- .../classes/java/awt/color/ICC_Profile.java | 158 +++++++++++------- 1 file changed, 96 insertions(+), 62 deletions(-) diff --git a/jdk/src/share/classes/java/awt/color/ICC_Profile.java b/jdk/src/share/classes/java/awt/color/ICC_Profile.java index 44f28508788..84b8a8c63d3 100644 --- a/jdk/src/share/classes/java/awt/color/ICC_Profile.java +++ b/jdk/src/share/classes/java/awt/color/ICC_Profile.java @@ -863,7 +863,9 @@ public class ICC_Profile implements Serializable { case ColorSpace.CS_PYCC: synchronized(ICC_Profile.class) { if (PYCCprofile == null) { - if (getProfileFile("PYCC.pf") != null) { + if (!sun.jkernel.DownloadManager.isJREComplete() || + standardProfileExists("PYCC.pf")) + { ProfileDeferralInfo pInfo = new ProfileDeferralInfo("PYCC.pf", ColorSpace.TYPE_3CLR, 3, @@ -961,15 +963,15 @@ public class ICC_Profile implements Serializable { * and it does not permit read access to the given file. */ public static ICC_Profile getInstance(String fileName) throws IOException { - ICC_Profile thisProfile; - FileInputStream fis; + ICC_Profile thisProfile; + FileInputStream fis = null; - SecurityManager security = System.getSecurityManager(); - if (security != null) { - security.checkRead(fileName); + + File f = getProfileFile(fileName); + if (f != null) { + fis = new FileInputStream(f); } - - if ((fis = openProfile(fileName)) == null) { + if (fis == null) { throw new IOException("Cannot open file " + fileName); } @@ -1081,11 +1083,22 @@ public class ICC_Profile implements Serializable { void activateDeferredProfile() throws ProfileDataException { byte profileData[]; FileInputStream fis; - String fileName = deferralInfo.filename; + final String fileName = deferralInfo.filename; profileActivator = null; deferralInfo = null; - if ((fis = openProfile(fileName)) == null) { + PrivilegedAction pa = new PrivilegedAction() { + public FileInputStream run() { + File f = getStandardProfileFile(fileName); + if (f != null) { + try { + return new FileInputStream(f); + } catch (FileNotFoundException e) {} + } + return null; + } + }; + if ((fis = AccessController.doPrivileged(pa)) == null) { throw new ProfileDataException("Cannot open file " + fileName); } try { @@ -1784,86 +1797,107 @@ public class ICC_Profile implements Serializable { * available, such as a profile for sRGB. Built-in profiles use .pf as * the file name extension for profiles, e.g. sRGB.pf. */ - private static FileInputStream openProfile(final String fileName) { - return (FileInputStream)java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { - public Object run() { - File f = privilegedGetProfileFile(fileName); - if (f != null) { - try { - return new FileInputStream(f); - } catch (FileNotFoundException e) { - } - } - return null; - } - }); - } - - private static File getProfileFile(final String fileName) { - return (File)java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { - public Object run() { - return privilegedGetProfileFile(fileName); - } - }); - } - - /* - * this version is called from doPrivileged in openProfile - * or getProfileFile, so the whole method is privileged! - */ - - private static File privilegedGetProfileFile(String fileName) { + private static File getProfileFile(String fileName) { String path, dir, fullPath; File f = new File(fileName); /* try absolute file name */ - + if (f.isAbsolute()) { + /* Rest of code has little sense for an absolute pathname, + so return here. */ + return f.isFile() ? f : null; + } if ((!f.isFile()) && ((path = System.getProperty("java.iccprofile.path")) != null)){ /* try relative to java.iccprofile.path */ StringTokenizer st = new StringTokenizer(path, File.pathSeparator); - while (st.hasMoreTokens() && (!f.isFile())) { + while (st.hasMoreTokens() && ((f == null) || (!f.isFile()))) { dir = st.nextToken(); fullPath = dir + File.separatorChar + fileName; f = new File(fullPath); + if (!isChildOf(f, dir)) { + f = null; + } } } - if ((!f.isFile()) && + if (((f == null) || (!f.isFile())) && ((path = System.getProperty("java.class.path")) != null)) { /* try relative to java.class.path */ StringTokenizer st = new StringTokenizer(path, File.pathSeparator); - while (st.hasMoreTokens() && (!f.isFile())) { + while (st.hasMoreTokens() && ((f == null) || (!f.isFile()))) { dir = st.nextToken(); fullPath = dir + File.separatorChar + fileName; f = new File(fullPath); + if (!isChildOf(f, dir)) { + f = null; + } } } - - if (!f.isFile()) { /* try the directory of built-in profiles */ - dir = System.getProperty("java.home") + - File.separatorChar + "lib" + File.separatorChar + "cmm"; - fullPath = dir + File.separatorChar + fileName; - f = new File(fullPath); - if (!f.isFile()) { - //make sure file was installed in the kernel mode - try { - //kernel uses platform independent paths => - // should not use platform separator char - sun.jkernel.DownloadManager.downloadFile("lib/cmm/"+fileName); - } catch (IOException ioe) {} - } - } - - if (f.isFile()) { + if ((f == null) || (!f.isFile())) { + /* try the directory of built-in profiles */ + f = getStandardProfileFile(fileName); + } + if (f != null && f.isFile()) { return f; } return null; } + /** + * Returns a file object corresponding to a built-in profile + * specified by fileName. + * If there is no built-in profile with such name, then the method + * returns null. + */ + private static File getStandardProfileFile(String fileName) { + String dir = System.getProperty("java.home") + + File.separatorChar + "lib" + File.separatorChar + "cmm"; + String fullPath = dir + File.separatorChar + fileName; + File f = new File(fullPath); + if (!f.isFile()) { + //make sure file was installed in the kernel mode + try { + //kernel uses platform independent paths => + // should not use platform separator char + sun.jkernel.DownloadManager.downloadFile("lib/cmm/"+fileName); + } catch (IOException ioe) {} + } + return (f.isFile() && isChildOf(f, dir)) ? f : null; + } + + /** + * Checks whether given file resides inside give directory. + */ + private static boolean isChildOf(File f, String dirName) { + try { + File dir = new File(dirName); + String canonicalDirName = dir.getCanonicalPath(); + if (!canonicalDirName.endsWith(File.separator)) { + canonicalDirName += File.separator; + } + String canonicalFileName = f.getCanonicalPath(); + return canonicalFileName.startsWith(canonicalDirName); + } catch (IOException e) { + /* we do not expect the IOException here, because invocation + * of this function is always preceeded by isFile() call. + */ + return false; + } + } + + /** + * Checks whether built-in profile specified by fileName exists. + */ + private static boolean standardProfileExists(final String fileName) { + return AccessController.doPrivileged(new PrivilegedAction() { + public Boolean run() { + return getStandardProfileFile(fileName) != null; + } + }); + } + /* * Serialization support. From 1e716786f00d9db14dca333d1e6d47c12422cd2d Mon Sep 17 00:00:00 2001 From: Andrew Brygin Date: Mon, 14 Sep 2009 11:46:16 +0400 Subject: [PATCH 14/16] 6872358: JRE AWT setBytePixels vulnerable to Heap Overflow Reviewed-by: prr, hawtin --- jdk/make/sun/awt/mapfile-vers | 1 - jdk/make/sun/awt/mapfile-vers-linux | 1 - .../sun/awt/image/ImageRepresentation.java | 32 +++----- .../share/native/sun/awt/image/awt_ImageRep.c | 78 ------------------- 4 files changed, 9 insertions(+), 103 deletions(-) diff --git a/jdk/make/sun/awt/mapfile-vers b/jdk/make/sun/awt/mapfile-vers index 06a1d5b974d..3840aa7759b 100644 --- a/jdk/make/sun/awt/mapfile-vers +++ b/jdk/make/sun/awt/mapfile-vers @@ -53,7 +53,6 @@ SUNWprivate_1.1 { Java_sun_awt_image_GifImageDecoder_initIDs; Java_sun_awt_image_GifImageDecoder_parseImage; Java_sun_awt_image_ImageRepresentation_initIDs; - Java_sun_awt_image_ImageRepresentation_setBytePixels; Java_sun_awt_image_ImageRepresentation_setDiffICM; Java_sun_awt_image_ImageRepresentation_setICMpixels; Java_sun_awt_image_ImagingLib_convolveBI; diff --git a/jdk/make/sun/awt/mapfile-vers-linux b/jdk/make/sun/awt/mapfile-vers-linux index c1f9d133adf..05a7d2b7c09 100644 --- a/jdk/make/sun/awt/mapfile-vers-linux +++ b/jdk/make/sun/awt/mapfile-vers-linux @@ -55,7 +55,6 @@ SUNWprivate_1.1 { Java_sun_awt_image_GifImageDecoder_parseImage; Java_sun_awt_image_Image_initIDs; Java_sun_awt_image_ImageRepresentation_initIDs; - Java_sun_awt_image_ImageRepresentation_setBytePixels; Java_sun_awt_image_ImageRepresentation_setDiffICM; Java_sun_awt_image_ImageRepresentation_setICMpixels; Java_sun_awt_image_ImagingLib_convolveBI; diff --git a/jdk/src/share/classes/sun/awt/image/ImageRepresentation.java b/jdk/src/share/classes/sun/awt/image/ImageRepresentation.java index ca9260b5a8c..1f034ea6e17 100644 --- a/jdk/src/share/classes/sun/awt/image/ImageRepresentation.java +++ b/jdk/src/share/classes/sun/awt/image/ImageRepresentation.java @@ -336,10 +336,6 @@ public class ImageRepresentation extends ImageWatched implements ImageConsumer public native void setICMpixels(int x, int y, int w, int h, int[] lut, byte[] pix, int off, int scansize, IntegerComponentRaster ict); - - public native void setBytePixels(int x, int y, int w, int h, byte[] pix, - int off, int scansize, - ByteComponentRaster bct, int chanOff); public native int setDiffICM(int x, int y, int w, int h, int[] lut, int transPix, int numLut, IndexColorModel icm, byte[] pix, int off, int scansize, @@ -450,27 +446,17 @@ public class ImageRepresentation extends ImageWatched implements ImageConsumer (biRaster instanceof ByteComponentRaster) && (biRaster.getNumDataElements() == 1)){ ByteComponentRaster bt = (ByteComponentRaster) biRaster; - if (w*h > 200) { - if (off == 0 && scansize == w) { - bt.putByteData(x, y, w, h, pix); - } - else { - byte[] bpix = new byte[w]; - poff = off; - for (int yoff=y; yoff < y+h; yoff++) { - System.arraycopy(pix, poff, bpix, 0, w); - bt.putByteData(x, yoff, w, 1, bpix); - poff += scansize; - } - } + if (off == 0 && scansize == w) { + bt.putByteData(x, y, w, h, pix); } else { - // Only is faster if #pixels - // Note that setBytePixels modifies the raster directly - // so we must mark it as changed afterwards - setBytePixels(x, y, w, h, pix, off, scansize, bt, - bt.getDataOffset(0)); - bt.markDirty(); + byte[] bpix = new byte[w]; + poff = off; + for (int yoff=y; yoff < y+h; yoff++) { + System.arraycopy(pix, poff, bpix, 0, w); + bt.putByteData(x, yoff, w, 1, bpix); + poff += scansize; + } } } else { diff --git a/jdk/src/share/native/sun/awt/image/awt_ImageRep.c b/jdk/src/share/native/sun/awt/image/awt_ImageRep.c index 79975ff7a35..b40eec8944c 100644 --- a/jdk/src/share/native/sun/awt/image/awt_ImageRep.c +++ b/jdk/src/share/native/sun/awt/image/awt_ImageRep.c @@ -142,84 +142,6 @@ Java_sun_awt_image_ImageRepresentation_setICMpixels(JNIEnv *env, jclass cls, } -JNIEXPORT void JNICALL -Java_sun_awt_image_ImageRepresentation_setBytePixels(JNIEnv *env, jclass cls, - jint x, jint y, jint w, - jint h, jbyteArray jpix, - jint off, jint scansize, - jobject jbct, - jint chanOffs) -{ - int sStride; - int pixelStride; - jobject jdata; - unsigned char *srcData; - unsigned char *dstData; - unsigned char *dataP; - unsigned char *pixP; - int i; - int j; - - - if (JNU_IsNull(env, jpix)) { - JNU_ThrowNullPointerException(env, "NullPointerException"); - return; - } - - sStride = (*env)->GetIntField(env, jbct, g_BCRscanstrID); - pixelStride = (*env)->GetIntField(env, jbct, g_BCRpixstrID); - jdata = (*env)->GetObjectField(env, jbct, g_BCRdataID); - - srcData = (unsigned char *) (*env)->GetPrimitiveArrayCritical(env, jpix, - NULL); - if (srcData == NULL) { - /* out of memory error already thrown */ - return; - } - - dstData = (unsigned char *) (*env)->GetPrimitiveArrayCritical(env, jdata, - NULL); - if (dstData == NULL) { - /* out of memory error already thrown */ - (*env)->ReleasePrimitiveArrayCritical(env, jpix, srcData, JNI_ABORT); - return; - } - - dataP = dstData + chanOffs + y*sStride + x*pixelStride; - pixP = srcData + off; - if (pixelStride == 1) { - if (sStride == scansize && scansize == w) { - memcpy(dataP, pixP, w*h); - } - else { - for (i=0; i < h; i++) { - memcpy(dataP, pixP, w); - dataP += sStride; - pixP += scansize; - } - } - } - else { - unsigned char *ydataP = dataP; - unsigned char *ypixP = pixP; - - for (i=0; i < h; i++) { - dataP = ydataP; - pixP = ypixP; - for (j=0; j < w; j++) { - *dataP = *pixP++; - dataP += pixelStride; - } - ydataP += sStride; - ypixP += scansize; - } - } - - (*env)->ReleasePrimitiveArrayCritical(env, jpix, srcData, JNI_ABORT); - (*env)->ReleasePrimitiveArrayCritical(env, jdata, dstData, JNI_ABORT); - -} - JNIEXPORT jint JNICALL Java_sun_awt_image_ImageRepresentation_setDiffICM(JNIEnv *env, jclass cls, jint x, jint y, jint w, From b56db814255256e9cc73c8f91c77936062ed2e5e Mon Sep 17 00:00:00 2001 From: Vinnie Ryan Date: Thu, 24 Sep 2009 22:50:41 +0100 Subject: [PATCH 15/16] 6863503: SECURITY: MessageDigest.isEqual introduces timing attack vulnerabilities Reviewed-by: mullan, wetmore --- .../classes/java/security/MessageDigest.java | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/jdk/src/share/classes/java/security/MessageDigest.java b/jdk/src/share/classes/java/security/MessageDigest.java index 9ff8390d92d..f08b6fd9502 100644 --- a/jdk/src/share/classes/java/security/MessageDigest.java +++ b/jdk/src/share/classes/java/security/MessageDigest.java @@ -1,5 +1,5 @@ /* - * Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 1996-2009 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -414,16 +414,17 @@ public abstract class MessageDigest extends MessageDigestSpi { * * @return true if the digests are equal, false otherwise. */ - public static boolean isEqual(byte digesta[], byte digestb[]) { - if (digesta.length != digestb.length) + public static boolean isEqual(byte[] digesta, byte[] digestb) { + if (digesta.length != digestb.length) { return false; - - for (int i = 0; i < digesta.length; i++) { - if (digesta[i] != digestb[i]) { - return false; - } } - return true; + + int result = 0; + // time-constant comparison + for (int i = 0; i < digesta.length; i++) { + result |= digesta[i] ^ digestb[i]; + } + return result == 0; } /** From bbe245dca3144a1490eb5571be796613a32fc8d8 Mon Sep 17 00:00:00 2001 From: Alexander Potochkin Date: Fri, 6 Nov 2009 19:48:09 +0300 Subject: [PATCH 16/16] 6657138: Mutable statics in Windows PL&F (findbugs) Reviewed-by: peterz, hawtin --- .../java/swing/plaf/motif/MotifButtonUI.java | 15 ++- .../swing/plaf/motif/MotifCheckBoxUI.java | 13 ++- .../java/swing/plaf/motif/MotifLabelUI.java | 13 ++- .../swing/plaf/motif/MotifRadioButtonUI.java | 11 +- .../swing/plaf/motif/MotifToggleButtonUI.java | 11 +- .../swing/plaf/windows/WindowsButtonUI.java | 15 ++- .../swing/plaf/windows/WindowsCheckBoxUI.java | 11 +- .../swing/plaf/windows/WindowsLabelUI.java | 13 ++- .../plaf/windows/WindowsRadioButtonUI.java | 11 +- .../plaf/windows/WindowsToggleButtonUI.java | 19 +++- .../javax/swing/plaf/basic/BasicButtonUI.java | 14 ++- .../swing/plaf/basic/BasicCheckBoxUI.java | 11 +- .../javax/swing/plaf/basic/BasicLabelUI.java | 16 ++- .../swing/plaf/basic/BasicRadioButtonUI.java | 10 +- .../swing/plaf/basic/BasicToggleButtonUI.java | 11 +- .../javax/swing/plaf/metal/MetalButtonUI.java | 14 ++- .../swing/plaf/metal/MetalCheckBoxUI.java | 11 +- .../javax/swing/plaf/metal/MetalLabelUI.java | 16 ++- .../swing/plaf/metal/MetalRadioButtonUI.java | 11 +- .../swing/plaf/metal/MetalToggleButtonUI.java | 11 +- .../swing/Security/6657138/ComponentTest.java | 76 +++++++++++++ .../swing/Security/6657138/bug6657138.java | 103 ++++++++++++++++++ 22 files changed, 394 insertions(+), 42 deletions(-) create mode 100644 jdk/test/javax/swing/Security/6657138/ComponentTest.java create mode 100644 jdk/test/javax/swing/Security/6657138/bug6657138.java diff --git a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifButtonUI.java b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifButtonUI.java index 5323b0ac786..bc3a224c091 100644 --- a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifButtonUI.java +++ b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifButtonUI.java @@ -25,6 +25,8 @@ package com.sun.java.swing.plaf.motif; +import sun.awt.AppContext; + import javax.swing.*; import javax.swing.border.*; import javax.swing.plaf.basic.*; @@ -46,16 +48,23 @@ import javax.swing.plaf.*; */ public class MotifButtonUI extends BasicButtonUI { - private final static MotifButtonUI motifButtonUI = new MotifButtonUI(); - protected Color selectColor; private boolean defaults_initialized = false; + private static final Object MOTIF_BUTTON_UI_KEY = new Object(); + // ******************************** // Create PLAF // ******************************** - public static ComponentUI createUI(JComponent c){ + public static ComponentUI createUI(JComponent c) { + AppContext appContext = AppContext.getAppContext(); + MotifButtonUI motifButtonUI = + (MotifButtonUI) appContext.get(MOTIF_BUTTON_UI_KEY); + if (motifButtonUI == null) { + motifButtonUI = new MotifButtonUI(); + appContext.put(MOTIF_BUTTON_UI_KEY, motifButtonUI); + } return motifButtonUI; } diff --git a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifCheckBoxUI.java b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifCheckBoxUI.java index a356b57caaf..a4354d26981 100644 --- a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifCheckBoxUI.java +++ b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifCheckBoxUI.java @@ -25,6 +25,8 @@ package com.sun.java.swing.plaf.motif; +import sun.awt.AppContext; + import javax.swing.*; import javax.swing.plaf.*; @@ -45,7 +47,7 @@ import java.awt.*; */ public class MotifCheckBoxUI extends MotifRadioButtonUI { - private static final MotifCheckBoxUI motifCheckBoxUI = new MotifCheckBoxUI(); + private static final Object MOTIF_CHECK_BOX_UI_KEY = new Object(); private final static String propertyPrefix = "CheckBox" + "."; @@ -55,7 +57,14 @@ public class MotifCheckBoxUI extends MotifRadioButtonUI { // ******************************** // Create PLAF // ******************************** - public static ComponentUI createUI(JComponent c){ + public static ComponentUI createUI(JComponent c) { + AppContext appContext = AppContext.getAppContext(); + MotifCheckBoxUI motifCheckBoxUI = + (MotifCheckBoxUI) appContext.get(MOTIF_CHECK_BOX_UI_KEY); + if (motifCheckBoxUI == null) { + motifCheckBoxUI = new MotifCheckBoxUI(); + appContext.put(MOTIF_CHECK_BOX_UI_KEY, motifCheckBoxUI); + } return motifCheckBoxUI; } diff --git a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifLabelUI.java b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifLabelUI.java index 7b040ea1c7f..bfa958857c8 100644 --- a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifLabelUI.java +++ b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifLabelUI.java @@ -25,6 +25,8 @@ package com.sun.java.swing.plaf.motif; +import sun.awt.AppContext; + import javax.swing.*; import javax.swing.plaf.basic.BasicLabelUI; import javax.swing.plaf.ComponentUI; @@ -44,9 +46,16 @@ import javax.swing.plaf.ComponentUI; */ public class MotifLabelUI extends BasicLabelUI { - static MotifLabelUI sharedInstance = new MotifLabelUI(); + private static final Object MOTIF_LABEL_UI_KEY = new Object(); public static ComponentUI createUI(JComponent c) { - return sharedInstance; + AppContext appContext = AppContext.getAppContext(); + MotifLabelUI motifLabelUI = + (MotifLabelUI) appContext.get(MOTIF_LABEL_UI_KEY); + if (motifLabelUI == null) { + motifLabelUI = new MotifLabelUI(); + appContext.put(MOTIF_LABEL_UI_KEY, motifLabelUI); + } + return motifLabelUI; } } diff --git a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifRadioButtonUI.java b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifRadioButtonUI.java index ea3769c2bc6..5029779bc9d 100644 --- a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifRadioButtonUI.java +++ b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifRadioButtonUI.java @@ -25,6 +25,8 @@ package com.sun.java.swing.plaf.motif; +import sun.awt.AppContext; + import javax.swing.*; import javax.swing.border.*; import javax.swing.plaf.basic.BasicRadioButtonUI; @@ -47,7 +49,7 @@ import java.awt.*; */ public class MotifRadioButtonUI extends BasicRadioButtonUI { - private static final MotifRadioButtonUI motifRadioButtonUI = new MotifRadioButtonUI(); + private static final Object MOTIF_RADIO_BUTTON_UI_KEY = new Object(); protected Color focusColor; @@ -57,6 +59,13 @@ public class MotifRadioButtonUI extends BasicRadioButtonUI { // Create PLAF // ******************************** public static ComponentUI createUI(JComponent c) { + AppContext appContext = AppContext.getAppContext(); + MotifRadioButtonUI motifRadioButtonUI = + (MotifRadioButtonUI) appContext.get(MOTIF_RADIO_BUTTON_UI_KEY); + if (motifRadioButtonUI == null) { + motifRadioButtonUI = new MotifRadioButtonUI(); + appContext.put(MOTIF_RADIO_BUTTON_UI_KEY, motifRadioButtonUI); + } return motifRadioButtonUI; } diff --git a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifToggleButtonUI.java b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifToggleButtonUI.java index 43af4139dcc..984667e547e 100644 --- a/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifToggleButtonUI.java +++ b/jdk/src/share/classes/com/sun/java/swing/plaf/motif/MotifToggleButtonUI.java @@ -25,6 +25,8 @@ package com.sun.java.swing.plaf.motif; +import sun.awt.AppContext; + import java.awt.*; import java.awt.event.*; @@ -48,7 +50,7 @@ import javax.swing.plaf.basic.*; */ public class MotifToggleButtonUI extends BasicToggleButtonUI { - private final static MotifToggleButtonUI motifToggleButtonUI = new MotifToggleButtonUI(); + private static final Object MOTIF_TOGGLE_BUTTON_UI_KEY = new Object(); protected Color selectColor; @@ -58,6 +60,13 @@ public class MotifToggleButtonUI extends BasicToggleButtonUI // Create PLAF // ******************************** public static ComponentUI createUI(JComponent b) { + AppContext appContext = AppContext.getAppContext(); + MotifToggleButtonUI motifToggleButtonUI = + (MotifToggleButtonUI) appContext.get(MOTIF_TOGGLE_BUTTON_UI_KEY); + if (motifToggleButtonUI == null) { + motifToggleButtonUI = new MotifToggleButtonUI(); + appContext.put(MOTIF_TOGGLE_BUTTON_UI_KEY, motifToggleButtonUI); + } return motifToggleButtonUI; } diff --git a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsButtonUI.java b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsButtonUI.java index 4ebc563e0cd..2de1f4ec351 100644 --- a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsButtonUI.java +++ b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsButtonUI.java @@ -35,6 +35,7 @@ import java.awt.*; import static com.sun.java.swing.plaf.windows.TMSchema.*; import static com.sun.java.swing.plaf.windows.TMSchema.Part.*; import static com.sun.java.swing.plaf.windows.XPStyle.Skin; +import sun.awt.AppContext; /** @@ -52,8 +53,6 @@ import static com.sun.java.swing.plaf.windows.XPStyle.Skin; */ public class WindowsButtonUI extends BasicButtonUI { - private final static WindowsButtonUI windowsButtonUI = new WindowsButtonUI(); - protected int dashedRectGapX; protected int dashedRectGapY; protected int dashedRectGapWidth; @@ -63,11 +62,19 @@ public class WindowsButtonUI extends BasicButtonUI private boolean defaults_initialized = false; + private static final Object WINDOWS_BUTTON_UI_KEY = new Object(); // ******************************** // Create PLAF // ******************************** - public static ComponentUI createUI(JComponent c){ + public static ComponentUI createUI(JComponent c) { + AppContext appContext = AppContext.getAppContext(); + WindowsButtonUI windowsButtonUI = + (WindowsButtonUI) appContext.get(WINDOWS_BUTTON_UI_KEY); + if (windowsButtonUI == null) { + windowsButtonUI = new WindowsButtonUI(); + appContext.put(WINDOWS_BUTTON_UI_KEY, windowsButtonUI); + } return windowsButtonUI; } @@ -151,7 +158,7 @@ public class WindowsButtonUI extends BasicButtonUI * allocating them in each paint call substantially reduced the time * it took paint to run. Obviously, this method can't be re-entered. */ - private static Rectangle viewRect = new Rectangle(); + private Rectangle viewRect = new Rectangle(); public void paint(Graphics g, JComponent c) { if (XPStyle.getXP() != null) { diff --git a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsCheckBoxUI.java b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsCheckBoxUI.java index fa388195a4d..29c8221a66b 100644 --- a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsCheckBoxUI.java +++ b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsCheckBoxUI.java @@ -25,6 +25,8 @@ package com.sun.java.swing.plaf.windows; +import sun.awt.AppContext; + import javax.swing.plaf.basic.*; import javax.swing.*; import javax.swing.plaf.*; @@ -49,7 +51,7 @@ public class WindowsCheckBoxUI extends WindowsRadioButtonUI // of BasicCheckBoxUI because we want to pick up all the // painting changes made in MetalRadioButtonUI. - private static final WindowsCheckBoxUI windowsCheckBoxUI = new WindowsCheckBoxUI(); + private static final Object WINDOWS_CHECK_BOX_UI_KEY = new Object(); private final static String propertyPrefix = "CheckBox" + "."; @@ -59,6 +61,13 @@ public class WindowsCheckBoxUI extends WindowsRadioButtonUI // Create PLAF // ******************************** public static ComponentUI createUI(JComponent c) { + AppContext appContext = AppContext.getAppContext(); + WindowsCheckBoxUI windowsCheckBoxUI = + (WindowsCheckBoxUI) appContext.get(WINDOWS_CHECK_BOX_UI_KEY); + if (windowsCheckBoxUI == null) { + windowsCheckBoxUI = new WindowsCheckBoxUI(); + appContext.put(WINDOWS_CHECK_BOX_UI_KEY, windowsCheckBoxUI); + } return windowsCheckBoxUI; } diff --git a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsLabelUI.java b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsLabelUI.java index 5abbf512de2..b0c74100999 100644 --- a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsLabelUI.java +++ b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsLabelUI.java @@ -26,6 +26,8 @@ package com.sun.java.swing.plaf.windows; import sun.swing.SwingUtilities2; +import sun.awt.AppContext; + import java.awt.Color; import java.awt.Graphics; @@ -51,12 +53,19 @@ import javax.swing.plaf.basic.BasicLabelUI; */ public class WindowsLabelUI extends BasicLabelUI { - private final static WindowsLabelUI windowsLabelUI = new WindowsLabelUI(); + private static final Object WINDOWS_LABEL_UI_KEY = new Object(); // ******************************** // Create PLAF // ******************************** - public static ComponentUI createUI(JComponent c){ + public static ComponentUI createUI(JComponent c) { + AppContext appContext = AppContext.getAppContext(); + WindowsLabelUI windowsLabelUI = + (WindowsLabelUI) appContext.get(WINDOWS_LABEL_UI_KEY); + if (windowsLabelUI == null) { + windowsLabelUI = new WindowsLabelUI(); + appContext.put(WINDOWS_LABEL_UI_KEY, windowsLabelUI); + } return windowsLabelUI; } diff --git a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsRadioButtonUI.java b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsRadioButtonUI.java index 43665829347..9d784278780 100644 --- a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsRadioButtonUI.java +++ b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsRadioButtonUI.java @@ -25,6 +25,8 @@ package com.sun.java.swing.plaf.windows; +import sun.awt.AppContext; + import javax.swing.plaf.basic.*; import javax.swing.*; import javax.swing.plaf.*; @@ -44,7 +46,7 @@ import java.awt.*; */ public class WindowsRadioButtonUI extends BasicRadioButtonUI { - private static final WindowsRadioButtonUI windowsRadioButtonUI = new WindowsRadioButtonUI(); + private static final Object WINDOWS_RADIO_BUTTON_UI_KEY = new Object(); protected int dashedRectGapX; protected int dashedRectGapY; @@ -59,6 +61,13 @@ public class WindowsRadioButtonUI extends BasicRadioButtonUI // Create PLAF // ******************************** public static ComponentUI createUI(JComponent c) { + AppContext appContext = AppContext.getAppContext(); + WindowsRadioButtonUI windowsRadioButtonUI = + (WindowsRadioButtonUI) appContext.get(WINDOWS_RADIO_BUTTON_UI_KEY); + if (windowsRadioButtonUI == null) { + windowsRadioButtonUI = new WindowsRadioButtonUI(); + appContext.put(WINDOWS_RADIO_BUTTON_UI_KEY, windowsRadioButtonUI); + } return windowsRadioButtonUI; } diff --git a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsToggleButtonUI.java b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsToggleButtonUI.java index 3b49ad5ee4e..f7a8707aabe 100644 --- a/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsToggleButtonUI.java +++ b/jdk/src/share/classes/com/sun/java/swing/plaf/windows/WindowsToggleButtonUI.java @@ -25,6 +25,8 @@ package com.sun.java.swing.plaf.windows; +import sun.awt.AppContext; + import javax.swing.plaf.basic.*; import javax.swing.border.*; import javax.swing.plaf.*; @@ -49,18 +51,25 @@ import java.beans.PropertyChangeEvent; */ public class WindowsToggleButtonUI extends BasicToggleButtonUI { - protected static int dashedRectGapX; - protected static int dashedRectGapY; - protected static int dashedRectGapWidth; - protected static int dashedRectGapHeight; + protected int dashedRectGapX; + protected int dashedRectGapY; + protected int dashedRectGapWidth; + protected int dashedRectGapHeight; protected Color focusColor; - private final static WindowsToggleButtonUI windowsToggleButtonUI = new WindowsToggleButtonUI(); + private static final Object WINDOWS_TOGGLE_BUTTON_UI_KEY = new Object(); private boolean defaults_initialized = false; public static ComponentUI createUI(JComponent b) { + AppContext appContext = AppContext.getAppContext(); + WindowsToggleButtonUI windowsToggleButtonUI = + (WindowsToggleButtonUI) appContext.get(WINDOWS_TOGGLE_BUTTON_UI_KEY); + if (windowsToggleButtonUI == null) { + windowsToggleButtonUI = new WindowsToggleButtonUI(); + appContext.put(WINDOWS_TOGGLE_BUTTON_UI_KEY, windowsToggleButtonUI); + } return windowsToggleButtonUI; } diff --git a/jdk/src/share/classes/javax/swing/plaf/basic/BasicButtonUI.java b/jdk/src/share/classes/javax/swing/plaf/basic/BasicButtonUI.java index 5dc98f2c17e..7daf35c7071 100644 --- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicButtonUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicButtonUI.java @@ -26,6 +26,8 @@ package javax.swing.plaf.basic; import sun.swing.SwingUtilities2; +import sun.awt.AppContext; + import java.awt.*; import java.awt.event.*; import java.io.Serializable; @@ -44,9 +46,6 @@ import javax.swing.text.View; * @author Jeff Dinkins */ public class BasicButtonUI extends ButtonUI{ - // Shared UI object - private final static BasicButtonUI buttonUI = new BasicButtonUI(); - // Visual constants // NOTE: This is not used or set any where. Were we allowed to remove // fields, this would be removed. @@ -61,10 +60,19 @@ public class BasicButtonUI extends ButtonUI{ private final static String propertyPrefix = "Button" + "."; + private static final Object BASIC_BUTTON_UI_KEY = new Object(); + // ******************************** // Create PLAF // ******************************** public static ComponentUI createUI(JComponent c) { + AppContext appContext = AppContext.getAppContext(); + BasicButtonUI buttonUI = + (BasicButtonUI) appContext.get(BASIC_BUTTON_UI_KEY); + if (buttonUI == null) { + buttonUI = new BasicButtonUI(); + appContext.put(BASIC_BUTTON_UI_KEY, buttonUI); + } return buttonUI; } diff --git a/jdk/src/share/classes/javax/swing/plaf/basic/BasicCheckBoxUI.java b/jdk/src/share/classes/javax/swing/plaf/basic/BasicCheckBoxUI.java index 443d05999ce..3d048d8b588 100644 --- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicCheckBoxUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicCheckBoxUI.java @@ -25,6 +25,8 @@ package javax.swing.plaf.basic; +import sun.awt.AppContext; + import javax.swing.*; import java.awt.*; @@ -49,7 +51,7 @@ import java.io.Serializable; */ public class BasicCheckBoxUI extends BasicRadioButtonUI { - private final static BasicCheckBoxUI checkboxUI = new BasicCheckBoxUI(); + private static final Object BASIC_CHECK_BOX_UI_KEY = new Object(); private final static String propertyPrefix = "CheckBox" + "."; @@ -57,6 +59,13 @@ public class BasicCheckBoxUI extends BasicRadioButtonUI { // Create PLAF // ******************************** public static ComponentUI createUI(JComponent b) { + AppContext appContext = AppContext.getAppContext(); + BasicCheckBoxUI checkboxUI = + (BasicCheckBoxUI) appContext.get(BASIC_CHECK_BOX_UI_KEY); + if (checkboxUI == null) { + checkboxUI = new BasicCheckBoxUI(); + appContext.put(BASIC_CHECK_BOX_UI_KEY, checkboxUI); + } return checkboxUI; } diff --git a/jdk/src/share/classes/javax/swing/plaf/basic/BasicLabelUI.java b/jdk/src/share/classes/javax/swing/plaf/basic/BasicLabelUI.java index 9ca6dcd4e2c..2e663fb8449 100644 --- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicLabelUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicLabelUI.java @@ -28,6 +28,8 @@ package javax.swing.plaf.basic; import sun.swing.SwingUtilities2; import sun.swing.DefaultLookup; import sun.swing.UIAction; +import sun.awt.AppContext; + import javax.swing.*; import javax.swing.plaf.*; import javax.swing.text.View; @@ -63,7 +65,7 @@ public class BasicLabelUI extends LabelUI implements PropertyChangeListener * name in defaults table under the key "LabelUI". */ protected static BasicLabelUI labelUI = new BasicLabelUI(); - private final static BasicLabelUI SAFE_BASIC_LABEL_UI = new BasicLabelUI(); + private static final Object BASIC_LABEL_UI_KEY = new Object(); private Rectangle paintIconR = new Rectangle(); private Rectangle paintTextR = new Rectangle(); @@ -394,10 +396,16 @@ public class BasicLabelUI extends LabelUI implements PropertyChangeListener public static ComponentUI createUI(JComponent c) { if (System.getSecurityManager() != null) { - return SAFE_BASIC_LABEL_UI; - } else { - return labelUI; + AppContext appContext = AppContext.getAppContext(); + BasicLabelUI safeBasicLabelUI = + (BasicLabelUI) appContext.get(BASIC_LABEL_UI_KEY); + if (safeBasicLabelUI == null) { + safeBasicLabelUI = new BasicLabelUI(); + appContext.put(BASIC_LABEL_UI_KEY, safeBasicLabelUI); + } + return safeBasicLabelUI; } + return labelUI; } public void propertyChange(PropertyChangeEvent e) { diff --git a/jdk/src/share/classes/javax/swing/plaf/basic/BasicRadioButtonUI.java b/jdk/src/share/classes/javax/swing/plaf/basic/BasicRadioButtonUI.java index be9d13204c7..1dc781645a6 100644 --- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicRadioButtonUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicRadioButtonUI.java @@ -32,6 +32,7 @@ import javax.swing.border.*; import javax.swing.plaf.*; import javax.swing.text.View; import sun.swing.SwingUtilities2; +import sun.awt.AppContext; /** @@ -41,7 +42,7 @@ import sun.swing.SwingUtilities2; */ public class BasicRadioButtonUI extends BasicToggleButtonUI { - private final static BasicRadioButtonUI radioButtonUI = new BasicRadioButtonUI(); + private static final Object BASIC_RADIO_BUTTON_UI_KEY = new Object(); protected Icon icon; @@ -53,6 +54,13 @@ public class BasicRadioButtonUI extends BasicToggleButtonUI // Create PLAF // ******************************** public static ComponentUI createUI(JComponent b) { + AppContext appContext = AppContext.getAppContext(); + BasicRadioButtonUI radioButtonUI = + (BasicRadioButtonUI) appContext.get(BASIC_RADIO_BUTTON_UI_KEY); + if (radioButtonUI == null) { + radioButtonUI = new BasicRadioButtonUI(); + appContext.put(BASIC_RADIO_BUTTON_UI_KEY, radioButtonUI); + } return radioButtonUI; } diff --git a/jdk/src/share/classes/javax/swing/plaf/basic/BasicToggleButtonUI.java b/jdk/src/share/classes/javax/swing/plaf/basic/BasicToggleButtonUI.java index e519d3202d9..07c2e47feec 100644 --- a/jdk/src/share/classes/javax/swing/plaf/basic/BasicToggleButtonUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/basic/BasicToggleButtonUI.java @@ -25,6 +25,8 @@ package javax.swing.plaf.basic; +import sun.awt.AppContext; + import java.awt.*; import java.awt.event.*; @@ -43,7 +45,7 @@ import javax.swing.text.View; */ public class BasicToggleButtonUI extends BasicButtonUI { - private final static BasicToggleButtonUI toggleButtonUI = new BasicToggleButtonUI(); + private static final Object BASIC_TOGGLE_BUTTON_UI_KEY = new Object(); private final static String propertyPrefix = "ToggleButton" + "."; @@ -51,6 +53,13 @@ public class BasicToggleButtonUI extends BasicButtonUI { // Create PLAF // ******************************** public static ComponentUI createUI(JComponent b) { + AppContext appContext = AppContext.getAppContext(); + BasicToggleButtonUI toggleButtonUI = + (BasicToggleButtonUI) appContext.get(BASIC_TOGGLE_BUTTON_UI_KEY); + if (toggleButtonUI == null) { + toggleButtonUI = new BasicToggleButtonUI(); + appContext.put(BASIC_TOGGLE_BUTTON_UI_KEY, toggleButtonUI); + } return toggleButtonUI; } diff --git a/jdk/src/share/classes/javax/swing/plaf/metal/MetalButtonUI.java b/jdk/src/share/classes/javax/swing/plaf/metal/MetalButtonUI.java index 9917640cace..659315423fe 100644 --- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalButtonUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalButtonUI.java @@ -26,6 +26,8 @@ package javax.swing.plaf.metal; import sun.swing.SwingUtilities2; +import sun.awt.AppContext; + import javax.swing.*; import javax.swing.border.*; import javax.swing.plaf.basic.*; @@ -49,19 +51,25 @@ import javax.swing.plaf.*; * @author Tom Santos */ public class MetalButtonUI extends BasicButtonUI { - - private final static MetalButtonUI metalButtonUI = new MetalButtonUI(); - // NOTE: These are not really needed, but at this point we can't pull // them. Their values are updated purely for historical reasons. protected Color focusColor; protected Color selectColor; protected Color disabledTextColor; + private static final Object METAL_BUTTON_UI_KEY = new Object(); + // ******************************** // Create PLAF // ******************************** public static ComponentUI createUI(JComponent c) { + AppContext appContext = AppContext.getAppContext(); + MetalButtonUI metalButtonUI = + (MetalButtonUI) appContext.get(METAL_BUTTON_UI_KEY); + if (metalButtonUI == null) { + metalButtonUI = new MetalButtonUI(); + appContext.put(METAL_BUTTON_UI_KEY, metalButtonUI); + } return metalButtonUI; } diff --git a/jdk/src/share/classes/javax/swing/plaf/metal/MetalCheckBoxUI.java b/jdk/src/share/classes/javax/swing/plaf/metal/MetalCheckBoxUI.java index a061ac078a6..650eda000e0 100644 --- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalCheckBoxUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalCheckBoxUI.java @@ -25,6 +25,8 @@ package javax.swing.plaf.metal; +import sun.awt.AppContext; + import javax.swing.*; import javax.swing.plaf.basic.BasicCheckBoxUI; @@ -55,7 +57,7 @@ public class MetalCheckBoxUI extends MetalRadioButtonUI { // of BasicCheckBoxUI because we want to pick up all the // painting changes made in MetalRadioButtonUI. - private final static MetalCheckBoxUI checkboxUI = new MetalCheckBoxUI(); + private static final Object METAL_CHECK_BOX_UI_KEY = new Object(); private final static String propertyPrefix = "CheckBox" + "."; @@ -65,6 +67,13 @@ public class MetalCheckBoxUI extends MetalRadioButtonUI { // Create PlAF // ******************************** public static ComponentUI createUI(JComponent b) { + AppContext appContext = AppContext.getAppContext(); + MetalCheckBoxUI checkboxUI = + (MetalCheckBoxUI) appContext.get(METAL_CHECK_BOX_UI_KEY); + if (checkboxUI == null) { + checkboxUI = new MetalCheckBoxUI(); + appContext.put(METAL_CHECK_BOX_UI_KEY, checkboxUI); + } return checkboxUI; } diff --git a/jdk/src/share/classes/javax/swing/plaf/metal/MetalLabelUI.java b/jdk/src/share/classes/javax/swing/plaf/metal/MetalLabelUI.java index f19fc9962ac..d4a341bea5d 100644 --- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalLabelUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalLabelUI.java @@ -26,6 +26,8 @@ package javax.swing.plaf.metal; import sun.swing.SwingUtilities2; +import sun.awt.AppContext; + import javax.swing.*; import javax.swing.plaf.*; import javax.swing.plaf.basic.*; @@ -51,15 +53,21 @@ public class MetalLabelUI extends BasicLabelUI * name in defaults table under the key "LabelUI". */ protected static MetalLabelUI metalLabelUI = new MetalLabelUI(); - private final static MetalLabelUI SAFE_METAL_LABEL_UI = new MetalLabelUI(); + private static final Object METAL_LABEL_UI_KEY = new Object(); public static ComponentUI createUI(JComponent c) { if (System.getSecurityManager() != null) { - return SAFE_METAL_LABEL_UI; - } else { - return metalLabelUI; + AppContext appContext = AppContext.getAppContext(); + MetalLabelUI safeMetalLabelUI = + (MetalLabelUI) appContext.get(METAL_LABEL_UI_KEY); + if (safeMetalLabelUI == null) { + safeMetalLabelUI = new MetalLabelUI(); + appContext.put(METAL_LABEL_UI_KEY, safeMetalLabelUI); + } + return safeMetalLabelUI; } + return metalLabelUI; } /** diff --git a/jdk/src/share/classes/javax/swing/plaf/metal/MetalRadioButtonUI.java b/jdk/src/share/classes/javax/swing/plaf/metal/MetalRadioButtonUI.java index 088daed9dd3..42a3703a670 100644 --- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalRadioButtonUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalRadioButtonUI.java @@ -26,6 +26,8 @@ package javax.swing.plaf.metal; import sun.swing.SwingUtilities2; +import sun.awt.AppContext; + import java.awt.*; import java.awt.event.*; import javax.swing.*; @@ -53,7 +55,7 @@ import javax.swing.text.View; */ public class MetalRadioButtonUI extends BasicRadioButtonUI { - private static final MetalRadioButtonUI metalRadioButtonUI = new MetalRadioButtonUI(); + private static final Object METAL_RADIO_BUTTON_UI_KEY = new Object(); protected Color focusColor; protected Color selectColor; @@ -65,6 +67,13 @@ public class MetalRadioButtonUI extends BasicRadioButtonUI { // Create PlAF // ******************************** public static ComponentUI createUI(JComponent c) { + AppContext appContext = AppContext.getAppContext(); + MetalRadioButtonUI metalRadioButtonUI = + (MetalRadioButtonUI) appContext.get(METAL_RADIO_BUTTON_UI_KEY); + if (metalRadioButtonUI == null) { + metalRadioButtonUI = new MetalRadioButtonUI(); + appContext.put(METAL_RADIO_BUTTON_UI_KEY, metalRadioButtonUI); + } return metalRadioButtonUI; } diff --git a/jdk/src/share/classes/javax/swing/plaf/metal/MetalToggleButtonUI.java b/jdk/src/share/classes/javax/swing/plaf/metal/MetalToggleButtonUI.java index c6a8ce8ffcc..03b2454b819 100644 --- a/jdk/src/share/classes/javax/swing/plaf/metal/MetalToggleButtonUI.java +++ b/jdk/src/share/classes/javax/swing/plaf/metal/MetalToggleButtonUI.java @@ -26,6 +26,8 @@ package javax.swing.plaf.metal; import sun.swing.SwingUtilities2; +import sun.awt.AppContext; + import java.awt.*; import java.awt.event.*; import java.lang.ref.*; @@ -55,7 +57,7 @@ import java.io.Serializable; */ public class MetalToggleButtonUI extends BasicToggleButtonUI { - private static final MetalToggleButtonUI metalToggleButtonUI = new MetalToggleButtonUI(); + private static final Object METAL_TOGGLE_BUTTON_UI_KEY = new Object(); protected Color focusColor; protected Color selectColor; @@ -67,6 +69,13 @@ public class MetalToggleButtonUI extends BasicToggleButtonUI { // Create PLAF // ******************************** public static ComponentUI createUI(JComponent b) { + AppContext appContext = AppContext.getAppContext(); + MetalToggleButtonUI metalToggleButtonUI = + (MetalToggleButtonUI) appContext.get(METAL_TOGGLE_BUTTON_UI_KEY); + if (metalToggleButtonUI == null) { + metalToggleButtonUI = new MetalToggleButtonUI(); + appContext.put(METAL_TOGGLE_BUTTON_UI_KEY, metalToggleButtonUI); + } return metalToggleButtonUI; } diff --git a/jdk/test/javax/swing/Security/6657138/ComponentTest.java b/jdk/test/javax/swing/Security/6657138/ComponentTest.java new file mode 100644 index 00000000000..a1a3a7b3c6f --- /dev/null +++ b/jdk/test/javax/swing/Security/6657138/ComponentTest.java @@ -0,0 +1,76 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6657138 + * @summary Verifies that buttons and labels work well after the fix for 6657138 + * @author Alexander Potochkin + */ + +import sun.awt.SunToolkit; + +import javax.swing.*; +import java.awt.*; + +public class ComponentTest extends JFrame { + private static JFrame frame; + + public ComponentTest() { + setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); + setLayout(new FlowLayout()); + add(new JButton("JButton")); + add(new JToggleButton("JToggleButton")); + add(new JCheckBox("JCheckBox")); + add(new JRadioButton("JRadioButton")); + add(new JLabel("JLabel")); + pack(); + setLocationRelativeTo(null); + } + + + public static void main(String[] args) throws Exception { + SunToolkit toolkit = (SunToolkit) Toolkit.getDefaultToolkit(); + SwingUtilities.invokeAndWait(new Runnable() { + public void run() { + frame = new ComponentTest(); + frame.setVisible(true); + } + }); + toolkit.realSync(); + UIManager.LookAndFeelInfo[] lafs = UIManager.getInstalledLookAndFeels(); + for (final UIManager.LookAndFeelInfo laf : lafs) { + SwingUtilities.invokeAndWait(new Runnable() { + public void run() { + try { + UIManager.setLookAndFeel(laf.getClassName()); + } catch (Exception e) { + new RuntimeException(e); + } + SwingUtilities.updateComponentTreeUI(frame); + } + }); + toolkit.realSync(); + } + } +} diff --git a/jdk/test/javax/swing/Security/6657138/bug6657138.java b/jdk/test/javax/swing/Security/6657138/bug6657138.java new file mode 100644 index 00000000000..5a3562d256e --- /dev/null +++ b/jdk/test/javax/swing/Security/6657138/bug6657138.java @@ -0,0 +1,103 @@ +/* + * Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +/* + * @test + * @bug 6657138 + * @summary Verifies that buttons and labels don't share their ui's across appContexts + * @author Alexander Potochkin + */ + +import sun.awt.SunToolkit; + +import javax.swing.*; +import javax.swing.plaf.ButtonUI; +import javax.swing.plaf.ComponentUI; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +public class bug6657138 implements Runnable { + + private static Map> componentMap = + Collections.synchronizedMap( + new HashMap>()); + + public void run() { + SunToolkit.createNewAppContext(); + try { + testUIMap(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + private static void testUIMap() throws Exception { + UIManager.LookAndFeelInfo[] lafs = UIManager.getInstalledLookAndFeels(); + Set components = componentMap.keySet(); + for (JComponent c : components) { + Map uiMap = componentMap.get(c); + + for (UIManager.LookAndFeelInfo laf : lafs) { + if ("Nimbus".equals(laf.getName())) { + // for some unclear reasons + // Nimbus ui delegate for a button is null + // when this method is called from the new AppContext + continue; + } + String className = laf.getClassName(); + UIManager.setLookAndFeel(className); + ComponentUI ui = UIManager.getUI(c); + if (ui == null) { + throw new RuntimeException("UI is null for " + c); + } + if (ui == uiMap.get(laf.getName())) { + throw new RuntimeException( + "Two AppContexts share the same UI delegate! \n" + + c + "\n" + ui); + } + uiMap.put(laf.getName(), ui); + } + } + } + + public static void main(String[] args) throws Exception { + componentMap.put(new JButton("JButton"), + new HashMap()); + componentMap.put(new JToggleButton("JToggleButton"), + new HashMap()); + componentMap.put(new JRadioButton("JRadioButton"), + new HashMap()); + componentMap.put(new JCheckBox("JCheckBox"), + new HashMap()); + componentMap.put(new JCheckBox("JLabel"), + new HashMap()); + testUIMap(); + ThreadGroup group = new ThreadGroup("6657138"); + Thread thread = new Thread(group, new bug6657138()); + thread.start(); + thread.join(); + } +} +