stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
Phil Race 2017-07-27 12:36:57 -07:00
commit b9a122f2e9
121 changed files with 2915 additions and 1136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.hgtags
View File

@ -437,3 +437,4 @@ e6d70017f5b9adbb2ec82d826973d0251800a3c3 jdk-10+12
9927a9f16738e240ab7014f0118f41e314ef8f99 jdk-10+13
9ef5029b247b4d940080417a287440bbdbab995b jdk-10+14
878e216039322cb3f0ecbd0944642a2b4e2593f3 jdk-10+15
4bbea012e5676e8025ade2bcfab4d6581e6e9f4b jdk-10+16

1
.hgtags-top-repo
View File

@ -436,3 +436,4 @@ d67a3f1f057f7e31e12f33ebe3667cb73d252268 jdk-10+13
84777531d994ef70163d35078ec9c4127f2eadb5 jdk-9+176
a4371edb589c60db01142e45c317adb9ccbcb083 jdk-9+177
a6c830ee8a6798b186730475e700027cdf4598aa jdk-10+15
2fe66ca1e2b3c361f949de9cb2894661dc0a3fa2 jdk-10+16

1
corba/.hgtags
View File

@ -436,3 +436,4 @@ dc78a3dd6b3a4f11cdae8a3e3d160e6a78bc7838 jdk-9+175
40fb9f229471ef357d493813d34b15afcce9f32b jdk-9+176
c72e9d3823f04cb3ef3166646dfea9e4c2769133 jdk-9+177
15f59cfc6fbe9387423fb173e962265c7b5d357e jdk-10+15
b82b62ed5debda2d98dda597506ef29cf947fbae jdk-10+16

1
hotspot/.hgtags
View File

@ -596,3 +596,4 @@ e920b4d008d914f3414bd4630b58837cf0b7f08d jdk-10+14
2ab74e5dbdc2b6a962c865500cafd23cf387dc60 jdk-9+176
1ca8f038fceb88c640badf9bd18905205bc63b43 jdk-9+177
c1f3649a3a42f124b418a5a916dbad13d059b757 jdk-10+15
2fe2a593e8ebf3a9e4dcd9ba3333a7b43126589d jdk-10+16

1
jaxp/.hgtags
View File

@ -436,3 +436,4 @@ ff293e39e83366c40a5687dacd1ccb2305ed2c1e jdk-10+12
38cf34e2328070cc691c4f136e6dde1a44c04171 jdk-9+176
332ad9f92632f56f337b8c40edef9a95a42b26bc jdk-9+177
02a876781a3a6193140591d92db7b95ca743eac2 jdk-10+15
d109d55cf642bf2b438624e81f94c18c168f9178 jdk-10+16

1
jaxws/.hgtags
View File

@ -439,3 +439,4 @@ bddeaa49ffd55567ad232548c38aa270e1a1420a jdk-10+14
ea819b6009d33a72e6672bab6c101d51db0cfb4c jdk-9+176
b44a721aee3d3b2537754e559fe9ecccadea548b jdk-9+177
6d17fd0a5133a0dd916c77a9a24ae7f0ca402876 jdk-10+15
bc8289ce1ed3ed5fff62152ed46da3be0b60b7c3 jdk-10+16

2
jaxws/src/java.activation/share/classes/javax/activation/CommandInfo.java
View File

@ -112,7 +112,7 @@ public class CommandInfo {
* this method will check if it implements the
* java.io.Externalizable interface. If it does, the bean's
* readExternal method will be called if an InputStream
* can be acquired from the DataHandler.<p>
* can be acquired from the DataHandler.
*
* @param dh The DataHandler that describes the data to be
* passed to the command.

2
jdk/.hgtags
View File

@ -437,3 +437,5 @@ e6c4f6ef717d104dba880e2dae538690c993b46f jdk-9+175
80acf577b7d0b886fb555c9916552844f6cc72af jdk-9+177
e069834e2c518a7bc2ffadc8c7e3cd7ec69fa8a0 jdk-10+15
3281b964ab104002623d744e8b77a12269b70acd jdk-10+16
443025bee731eb2225371b92c1c74b519b7baf33 jdk-9+178
06df1ce4b9b887d05ce6a13f4def3547e434dd1a jdk-9+179

3
jdk/make/Tools.gmk
View File

@ -116,6 +116,9 @@ TOOL_OSX_TOBIN = $(JAVA_SMALL) -Djava.awt.headless=true -cp $(BUILDTOOLS_OUTPUTD
TOOL_CLDRCONVERTER = $(JAVA_SMALL) -cp $(BUILDTOOLS_OUTPUTDIR)/jdk_tools_classes \
build.tools.cldrconverter.CLDRConverter
TOOL_GENERATELSREQUIVMAPS = $(JAVA_SMALL) -cp $(BUILDTOOLS_OUTPUTDIR)/jdk_tools_classes \
build.tools.generatelsrequivmaps.EquivMapsGenerator
TOOL_GENMODULESXML = $(JAVA_SMALL) $(INTERIM_LANGTOOLS_BOOTCLASSPATH) \
-cp $(call PathList, $(BUILDTOOLS_OUTPUTDIR)/jdk_tools_classes) \
build.tools.module.GenJdepsModulesXml

0
jdk/test/java/util/Locale/tools/language-subtag-registry.txt → jdk/make/data/lsrdata/language-subtag-registry.txt
View File

12
jdk/make/gensrc/Gensrc-java.base.gmk
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@ -63,6 +63,16 @@ GENSRC_JAVA_BASE += $(COPY_ZH_HK)
################################################################################
GENSRC_LSREQUIVMAPS := $(SUPPORT_OUTPUTDIR)/gensrc/java.base/sun/util/locale/LocaleEquivalentMaps.java
$(GENSRC_LSREQUIVMAPS): $(JDK_TOPDIR)/make/data/lsrdata/language-subtag-registry.txt $(BUILD_TOOLS_JDK)
$(call MakeDir, $(@D))
$(TOOL_GENERATELSREQUIVMAPS) $< $@
GENSRC_JAVA_BASE += $(GENSRC_LSREQUIVMAPS)
################################################################################
java.base: $(GENSRC_JAVA_BASE)
all: java.base

12
jdk/make/gensrc/GensrcCharacterData.gmk
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@ -42,17 +42,17 @@ define SetupCharacterData
-spec $(UNICODEDATA)/UnicodeData.txt \
-specialcasing $(UNICODEDATA)/SpecialCasing.txt \
-proplist $(UNICODEDATA)/PropList.txt \
-o $(SUPPORT_OUTPUTDIR)/gensrc/java.base/java/lang/$1.java -string \
-o $(SUPPORT_OUTPUTDIR)/gensrc/java.base/java/lang/$1.java \
-usecharforbyte $3
GENSRC_CHARACTERDATA += $(SUPPORT_OUTPUTDIR)/gensrc/java.base/java/lang/$1.java
endef
$(eval $(call SetupCharacterData,CharacterDataLatin1, , -latin1 8))
$(eval $(call SetupCharacterData,CharacterData00, -plane 0, 11 4 1))
$(eval $(call SetupCharacterData,CharacterData01, -plane 1, 11 4 1))
$(eval $(call SetupCharacterData,CharacterData02, -plane 2, 11 4 1))
$(eval $(call SetupCharacterData,CharacterData0E, -plane 14, 11 4 1))
$(eval $(call SetupCharacterData,CharacterData00, -string -plane 0, 11 4 1))
$(eval $(call SetupCharacterData,CharacterData01, -string -plane 1, 11 4 1))
$(eval $(call SetupCharacterData,CharacterData02, -string -plane 2, 11 4 1))
$(eval $(call SetupCharacterData,CharacterData0E, -string -plane 14, 11 4 1))
# Copy two Java files that need no preprocessing.
$(SUPPORT_OUTPUTDIR)/gensrc/java.base/java/lang/%.java: $(CHARACTERDATA)/%.java.template

1
jdk/make/mapfiles/libjava/reorder-x86
View File

@ -19,7 +19,6 @@ text: .text%Java_java_lang_System_initProperties;
text: .text%GetJavaProperties;
text: .text%uname: OUTPUTDIR/java_props_md.o;
text: .text%mapLookup: OUTPUTDIR/java_props_md.o;
text: .text%setPathEnvironment: OUTPUTDIR/java_props_md.o;
text: .text%JNU_NewStringPlatform;
text: .text%JNU_CallStaticMethodByName;
text: .text%NewStringPlatform;

9
jdk/make/rmic/Rmic-java.rmi.gmk
View File

@ -40,16 +40,9 @@ $(eval $(call SetupRMICompilation,RMI_12, \
RUN_V12 := true))
GENCLASSES += $(RMI_12)
$(eval $(call SetupRMICompilation,RMI_11, \
CLASSES := sun.rmi.registry.RegistryImpl \
sun.rmi.transport.DGCImpl, \
CLASSES_DIR := $(CLASSES_DIR)/java.rmi, \
STUB_CLASSES_DIR := $(STUB_CLASSES_DIR)/java.rmi, \
RUN_V11 := true))
GENCLASSES += $(RMI_11)
################################################################################
all: $(RMI_11) $(RMI_12)
all: $(RMI_12)
.PHONY: all

209
jdk/test/java/util/Locale/tools/EquivMapsGenerator.java → jdk/make/src/classes/build/tools/generatelsrequivmaps/EquivMapsGenerator.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,36 +21,41 @@
* questions.
*/
import java.nio.charset.*;
import java.nio.file.*;
import java.util.*;
package build.tools.generatelsrequivmaps;
import java.io.BufferedWriter;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TreeMap;
/**
* This tool reads the IANA Language Subtag Registry data file downloaded from
* http://www.iana.org/assignments/language-subtag-registry, which is specified
* in the command line and generates a .java source file as specified in
* command line. The generated .java source file contains equivalent language
* maps. These equivalent language maps are used by LocaleMatcher.java
* for the locale matching mechanism specified in RFC 4647 "Matching of Language
* Tags".
*/
public class EquivMapsGenerator {
/*
* IANA Language Subtag Registry file downloaded from
* http://www.iana.org/assignments/language-subtag-registry
*/
private static final String DEFAULT_LSR_FILE =
"language-subtag-registry.txt";
private static boolean verbose = false;
public static void main(String[] args) throws Exception {
String fileLSR = DEFAULT_LSR_FILE;
for (int i = 0; i < args.length; i++) {
String s = args[i];
if (s.equals("-lsr")) {
fileLSR = args[++i];
} else if (s.equals("-verbose")) {
verbose = true;
}
if (args.length != 2) {
System.err.println("Usage: java EquivMapsGenerator"
+ " language-subtag-registry.txt LocaleEquivalentMaps.java");
System.exit(1);
}
readLSRfile(fileLSR);
readLSRfile(args[0]);
generateEquivalentMap();
generateSourceCode();
generateSourceCode(args[1]);
}
private static String LSRrevisionDate;
@ -68,17 +73,13 @@ public class EquivMapsGenerator {
String type = null;
String tag = null;
String preferred = null;
int mappingNum = 0;
for (String line : Files.readAllLines(Paths.get(filename),
Charset.forName("UTF-8"))) {
line = line.toLowerCase();
line = line.toLowerCase(Locale.ROOT);
int index = line.indexOf(' ')+1;
if (line.startsWith("file-date:")) {
LSRrevisionDate = line.substring(index);
if (verbose) {
System.out.println("LSR revision date=" + LSRrevisionDate);
}
} else if (line.startsWith("type:")) {
type = line.substring(index);
} else if (line.startsWith("tag:") || line.startsWith("subtag:")) {
@ -86,32 +87,10 @@ public class EquivMapsGenerator {
} else if (line.startsWith("preferred-value:")
&& !type.equals("extlang")) {
preferred = line.substring(index);
mappingNum++;
processDeprecatedData(type, tag, preferred);
} else if (line.equals("%%")) {
type = null;
tag = null;
preferred = null;
}
}
if (verbose) {
System.out.println("readLSRfile(" + filename + ")");
System.out.println(" Total number of mapping=" + mappingNum);
System.out.println("\n Map for language. Size="
+ initialLanguageMap.size());
for (String key : initialLanguageMap.keySet()) {
System.out.println(" " + key + ": \""
+ initialLanguageMap.get(key) + "\"");
}
System.out.println("\n Map for region and variant. Size="
+ initialRegionVariantMap.size());
for (String key : initialRegionVariantMap.keySet()) {
System.out.println(" " + key + ": \""
+ initialRegionVariantMap.get(key) + "\"");
}
}
}
@ -174,32 +153,6 @@ public class EquivMapsGenerator {
sortedRegionVariantMap.put(subtags[1], subtags[0]);
}
if (verbose) {
System.out.println("generateEquivalentMap()");
System.out.println(" \nSorted map for language subtags which have only one equivalent. Size="
+ sortedLanguageMap1.size());
for (String key : sortedLanguageMap1.keySet()) {
System.out.println(" " + key + ": \""
+ sortedLanguageMap1.get(key) + "\"");
}
System.out.println("\n Sorted map for language subtags which have multiple equivalents. Size="
+ sortedLanguageMap2.size());
for (String key : sortedLanguageMap2.keySet()) {
String[] s = sortedLanguageMap2.get(key);
if (s.length >= 2) {
System.out.println(" " + key + ": " + generateValuesString(s) + "");
}
}
System.out.println("\n Sorted map for region and variant subtags. Size="
+ sortedRegionVariantMap.size());
for (String key : sortedRegionVariantMap.keySet()) {
System.out.println(" " + key + ": \""
+ sortedRegionVariantMap.get(key) + "\"");
}
}
System.out.println();
}
/* create the array of subtags excluding the subtag at index location */
@ -226,8 +179,36 @@ public class EquivMapsGenerator {
return outputStr;
}
private static final String COPYRIGHT = "/*\n"
+ " * Copyright (c) 2012, %d, Oracle and/or its affiliates. All rights reserved.\n"
+ " * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.\n"
+ " *\n"
+ " * This code is free software; you can redistribute it and/or modify it\n"
+ " * under the terms of the GNU General Public License version 2 only, as\n"
+ " * published by the Free Software Foundation. Oracle designates this\n"
+ " * particular file as subject to the \"Classpath\" exception as provided\n"
+ " * by Oracle in the LICENSE file that accompanied this code.\n"
+ " *\n"
+ " * This code is distributed in the hope that it will be useful, but WITHOUT\n"
+ " * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or\n"
+ " * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License\n"
+ " * version 2 for more details (a copy is included in the LICENSE file that\n"
+ " * accompanied this code).\n"
+ " *\n"
+ " * You should have received a copy of the GNU General Public License version\n"
+ " * 2 along with this work; if not, write to the Free Software Foundation,\n"
+ " * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n"
+ " *\n"
+ " * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA\n"
+ " * or visit www.oracle.com if you need additional information or have any\n"
+ " * questions.\n"
+ "*/\n\n";
private static final String headerText =
"final class LocaleEquivalentMaps {\n\n"
"package sun.util.locale;\n\n"
+ "import java.util.HashMap;\n"
+ "import java.util.Map;\n\n"
+ "final class LocaleEquivalentMaps {\n\n"
+ " static final Map<String, String> singleEquivMap;\n"
+ " static final Map<String, String[]> multiEquivsMap;\n"
+ " static final Map<String, String> regionVariantEquivMap;\n\n"
@ -241,32 +222,60 @@ public class EquivMapsGenerator {
" }\n\n"
+ "}";
private static void generateSourceCode() {
System.out.println(headerText
+ " // LSR Revision: " + LSRrevisionDate);
private static String getOpenJDKCopyright() {
int year = ZonedDateTime.now(ZoneId
.of("America/Los_Angeles")).getYear();
return String.format(Locale.US, COPYRIGHT, year);
}
for (String key : sortedLanguageMap1.keySet()) {
String value = sortedLanguageMap1.get(key);
System.out.println(" singleEquivMap.put(\""
+ key + "\", \"" + value + "\");");
}
System.out.println();
for (String key : sortedLanguageMap2.keySet()) {
String[] values = sortedLanguageMap2.get(key);
/**
* The input lsr data file is in UTF-8, so theoretically for the characters
* beyond US-ASCII, the generated Java String literals need to be Unicode
* escaped (\\uXXXX) while writing to a file. But as of now, there is not
* the case since we don't use "description", "comment" or alike.
*/
private static void generateSourceCode(String fileName) {
if (values.length >= 2) {
System.out.println(" multiEquivsMap.put(\""
+ key + "\", new String[] {" + generateValuesString(values) + "});");
try (BufferedWriter writer = Files.newBufferedWriter(
Paths.get(fileName))) {
writer.write(getOpenJDKCopyright());
writer.write(headerText
+ " // LSR Revision: " + LSRrevisionDate);
writer.newLine();
for (String key : sortedLanguageMap1.keySet()) {
String value = sortedLanguageMap1.get(key);
writer.write(" singleEquivMap.put(\""
+ key + "\", \"" + value + "\");");
writer.newLine();
}
}
System.out.println();
for (String key : sortedRegionVariantMap.keySet()) {
String value = sortedRegionVariantMap.get(key);
System.out.println(" regionVariantEquivMap.put(\""
+ key + "\", \"" + value + "\");");
writer.newLine();
for (String key : sortedLanguageMap2.keySet()) {
String[] values = sortedLanguageMap2.get(key);
if (values.length >= 2) {
writer.write(" multiEquivsMap.put(\""
+ key + "\", new String[] {"
+ generateValuesString(values) + "});");
writer.newLine();
}
}
writer.newLine();
for (String key : sortedRegionVariantMap.keySet()) {
String value = sortedRegionVariantMap.get(key);
writer.write(" regionVariantEquivMap.put(\""
+ key + "\", \"" + value + "\");");
writer.newLine();
}
writer.write(footerText);
} catch (IOException ex) {
ex.printStackTrace(System.err);
System.exit(1);
}
System.out.println(footerText);
}
}

4
jdk/src/java.base/share/classes/java/lang/invoke/LambdaFormEditor.java
View File

@ -881,9 +881,9 @@ class LambdaFormEditor {
System.arraycopy(lambdaForm.names, skip + outArgs, names2, skip + inTypes, bodyLength);
int arity2 = names2.length - bodyLength;
int result2 = lambdaForm.result;
if (result2 >= 0) {
if (result2 >= skip) {
if (result2 < skip + outArgs) {
result2 = reorder[result2 - skip];
result2 = reorder[result2 - skip] + skip;
} else {
result2 = result2 - outArgs + inTypes;
}

11
jdk/src/java.base/share/classes/java/security/CodeSource.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -560,6 +560,7 @@ public class CodeSource implements java.io.Serializable {
{
CertificateFactory cf;
Hashtable<String, CertificateFactory> cfs = null;
List<java.security.cert.Certificate> certList = null;
ois.defaultReadObject(); // location
@ -569,7 +570,7 @@ public class CodeSource implements java.io.Serializable {
// we know of 3 different cert types: X.509, PGP, SDSI, which
// could all be present in the stream at the same time
cfs = new Hashtable<>(3);
this.certs = new java.security.cert.Certificate[size];
certList = new ArrayList<>(size > 20 ? 20 : size);
}
for (int i = 0; i < size; i++) {
@ -600,13 +601,17 @@ public class CodeSource implements java.io.Serializable {
ois.readFully(encoded);
ByteArrayInputStream bais = new ByteArrayInputStream(encoded);
try {
this.certs[i] = cf.generateCertificate(bais);
certList.add(cf.generateCertificate(bais));
} catch (CertificateException ce) {
throw new IOException(ce.getMessage());
}
bais.close();
}
if (certList != null) {
this.certs = certList.toArray(
new java.security.cert.Certificate[size]);
}
// Deserialize array of code signers (if any)
try {
this.signers = ((CodeSigner[])ois.readObject()).clone();

20
jdk/src/java.base/share/classes/java/util/concurrent/ThreadPoolExecutor.java
View File

@ -35,6 +35,9 @@
package java.util.concurrent;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.ConcurrentModificationException;
import java.util.HashSet;
@ -573,6 +576,9 @@ public class ThreadPoolExecutor extends AbstractExecutorService {
private static final RuntimePermission shutdownPerm =
new RuntimePermission("modifyThread");
/* The context to be used when executing the finalizer, or null. */
private final AccessControlContext acc;
/**
* Class Worker mainly maintains interrupt control state for
* threads running tasks, along with other minor bookkeeping.
@ -1308,6 +1314,9 @@ public class ThreadPoolExecutor extends AbstractExecutorService {
throw new IllegalArgumentException();
if (workQueue == null || threadFactory == null || handler == null)
throw new NullPointerException();
this.acc = System.getSecurityManager() == null ?
null :
AccessController.getContext();
this.corePoolSize = corePoolSize;
this.maximumPoolSize = maximumPoolSize;
this.workQueue = workQueue;
@ -1478,6 +1487,9 @@ public class ThreadPoolExecutor extends AbstractExecutorService {
* Invokes {@code shutdown} when this executor is no longer
* referenced and it has no threads.
*
* <p>This method is invoked with privileges that are restricted by
* the security context of the caller that invokes the constructor.
*
* @deprecated The {@code finalize} method has been deprecated.
* Subclasses that override {@code finalize} in order to perform cleanup
* should be modified to use alternative cleanup mechanisms and
@ -1489,7 +1501,13 @@ public class ThreadPoolExecutor extends AbstractExecutorService {
*/
@Deprecated(since="9")
protected void finalize() {
shutdown();
SecurityManager sm = System.getSecurityManager();
if (sm == null || acc == null) {
shutdown();
} else {
PrivilegedAction<Void> pa = () -> { shutdown(); return null; };
AccessController.doPrivileged(pa, acc);
}
}
/**

12
jdk/src/java.base/share/classes/java/util/jar/JarVerifier.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -180,10 +180,12 @@ class JarVerifier {
// only set the jev object for entries that have a signature
// (either verified or not)
if (sigFileSigners.get(name) != null ||
verifiedSigners.get(name) != null) {
mev.setEntry(name, je);
return;
if (!name.equals(JarFile.MANIFEST_NAME)) {
if (sigFileSigners.get(name) != null ||
verifiedSigners.get(name) != null) {
mev.setEntry(name, je);
return;
}
}
// don't compute the digest for this entry

8
jdk/src/java.base/share/classes/javax/net/ssl/SSLServerSocket.java
View File

@ -31,17 +31,17 @@ import java.net.*;
/**
* This class extends <code>ServerSocket</code>s and
* This class extends <code>ServerSocket</code> and
* provides secure server sockets using protocols such as the Secure
* Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.
* <P>
* Instances of this class are generally created using a
* Instances of this class are generally created using an
* <code>SSLServerSocketFactory</code>. The primary function
* of <code>SSLServerSocket</code>s
* of an <code>SSLServerSocket</code>
* is to create <code>SSLSocket</code>s by <code>accept</code>ing
* connections.
* <P>
* <code>SSLServerSocket</code>s contain several pieces of state data
* An <code>SSLServerSocket</code> contains several pieces of state data
* which are inherited by the <code>SSLSocket</code> at
* socket creation. These include the enabled cipher
* suites and protocols, whether client

8
jdk/src/java.base/share/classes/javax/net/ssl/SSLSocket.java
View File

@ -32,8 +32,8 @@ import java.util.List;
import java.util.function.BiFunction;
/**
* This class extends <code>Socket</code>s and provides secure
* socket using protocols such as the "Secure
* This class extends <code>Socket</code> and provides secure
* sockets using protocols such as the "Secure
* Sockets Layer" (SSL) or IETF "Transport Layer Security" (TLS) protocols.
* <P>
* Such sockets are normal stream sockets, but they
@ -105,7 +105,7 @@ import java.util.function.BiFunction;
* non-private (unencrypted) communications will such a ciphersuite be
* selected.
*
* <P>When <code>SSLSocket</code>s are first created, no handshaking
* <P>When an <code>SSLSocket</code> is first created, no handshaking
* is done so that applications may first set their communication
* preferences: what cipher suites to use, whether the socket should be
* in client or server mode, etc.
@ -118,7 +118,7 @@ import java.util.function.BiFunction;
* objects are passed to <em>HandshakeCompletedListener</em> instances,
* which are registered by users of this API.
*
* <code>SSLSocket</code>s are created by <code>SSLSocketFactory</code>s,
* An <code>SSLSocket</code> is created by <code>SSLSocketFactory</code>,
* or by <code>accept</code>ing a connection from a
* <code>SSLServerSocket</code>.
*

19
jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -246,13 +246,16 @@ abstract class AsynchronousChannelGroupImpl
abstract void shutdownHandlerTasks();
private void shutdownExecutors() {
AccessController.doPrivileged(new PrivilegedAction<>() {
public Void run() {
pool.executor().shutdown();
timeoutExecutor.shutdown();
return null;
}
});
AccessController.doPrivileged(
new PrivilegedAction<>() {
public Void run() {
pool.executor().shutdown();
timeoutExecutor.shutdown();
return null;
}
},
null,
new RuntimePermission("modifyThread"));
}
@Override

16
jdk/src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,6 +32,7 @@ import java.security.Key;
import java.security.KeyRep;
import java.security.PrivateKey;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.Security;
import java.security.Provider;
import java.security.InvalidKeyException;
@ -419,18 +420,9 @@ public class PKCS8Key implements PrivateKey {
// that encoding
byte[] b2 = ((Key)object).getEncoded();
// do the comparison
int i;
if (b1.length != b2.length)
return false;
for (i = 0; i < b1.length; i++) {
if (b1[i] != b2[i]) {
return false;
}
}
return true;
// time-constant comparison
return MessageDigest.isEqual(b1, b2);
}
return false;
}

6
jdk/src/java.base/share/classes/sun/security/pkcs/SignerInfo.java
View File

@ -323,6 +323,12 @@ public class SignerInfo implements DerEncoder {
data = content.getContentBytes();
}
Timestamp timestamp = null;
try {
timestamp = getTimestamp();
} catch (Exception ignore) {
}
ConstraintsParameters cparams =
new ConstraintsParameters(timestamp);
String digestAlgname = getDigestAlgorithmId().getName();

57
jdk/src/java.base/share/classes/sun/security/provider/DSA.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -64,6 +64,13 @@ abstract class DSA extends SignatureSpi {
/* Are we debugging? */
private static final boolean debug = false;
/* The number of bits used in exponent blinding */
private static final int BLINDING_BITS = 7;
/* The constant component of the exponent blinding value */
private static final BigInteger BLINDING_CONSTANT =
BigInteger.valueOf(1 << BLINDING_BITS);
/* The parameter object */
private DSAParams params;
@ -368,8 +375,19 @@ abstract class DSA extends SignatureSpi {
return null;
}
private BigInteger generateR(BigInteger p, BigInteger q, BigInteger g,
BigInteger k) {
// exponent blinding to hide information from timing channel
SecureRandom random = getSigningRandom();
// start with a random blinding component
BigInteger blindingValue = new BigInteger(BLINDING_BITS, random);
// add the fixed blinding component
blindingValue = blindingValue.add(BLINDING_CONSTANT);
// replace k with a blinded value that is congruent (mod q)
k = k.add(q.multiply(blindingValue));
BigInteger temp = g.modPow(k, p);
return temp.mod(q);
}
@ -434,43 +452,8 @@ abstract class DSA extends SignatureSpi {
byte[] kValue = new byte[(q.bitLength() + 7)/8 + 8];
random.nextBytes(kValue);
BigInteger k = new BigInteger(1, kValue).mod(
return new BigInteger(1, kValue).mod(
q.subtract(BigInteger.ONE)).add(BigInteger.ONE);
// Using an equivalent exponent of fixed length (same as q or 1 bit
// less than q) to keep the kG timing relatively constant.
//
// Note that this is an extra step on top of the approach defined in
// FIPS 186-4 AppendixB.2.1 so as to make a fixed length K.
k = k.add(q).divide(BigInteger.TWO);
// An alternative implementation based on FIPS 186-4 AppendixB2.2
// with fixed-length K.
//
// Please keep it here as we may need to switch to it in the future.
//
// SecureRandom random = getSigningRandom();
// byte[] kValue = new byte[(q.bitLength() + 7)/8];
// BigInteger d = q.subtract(BigInteger.TWO);
// BigInteger k;
// do {
// random.nextBytes(kValue);
// BigInteger c = new BigInteger(1, kValue);
// if (c.compareTo(d) <= 0) {
// k = c.add(BigInteger.ONE);
// // Using an equivalent exponent of fixed length to keep
// // the g^k timing relatively constant.
// //
// // Note that this is an extra step on top of the approach
// // defined in FIPS 186-4 AppendixB.2.2 so as to make a
// // fixed length K.
// if (k.bitLength() >= q.bitLength()) {
// break;
// }
// }
// } while (true);
return k;
}
// Use the application-specified SecureRandom Object if provided.

2
jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java
View File

@ -344,7 +344,7 @@ public final class SunCertPathBuilder extends CertPathBuilderSpi {
// add the algorithm checker
checkers.add(new AlgorithmChecker(builder.trustAnchor,
buildParams.date(), null));
buildParams.date(), buildParams.variant()));
BasicChecker basicChecker = null;
if (nextState.keyParamsNeeded()) {

8
jdk/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
View File

@ -752,7 +752,6 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
private int minSize; // the minimal available key size
private int maxSize; // the maximal available key size
private int prohibitedSize = -1; // unavailable key sizes
private int size;
public KeySizeConstraint(String algo, Operator operator, int length) {
algorithm = algo;
@ -811,8 +810,9 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
return;
}
throw new CertPathValidatorException(
"Algorithm constraints check failed on keysize limits. "
+ algorithm + " " + size + "bit key" + extendedMsg(cp),
"Algorithm constraints check failed on keysize limits. " +
algorithm + " " + KeyUtil.getKeySize(key) + "bit key" +
extendedMsg(cp),
null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
}
}
@ -864,7 +864,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
return true;
}
size = KeyUtil.getKeySize(key);
int size = KeyUtil.getKeySize(key);
if (size == 0) {
return false; // we don't allow any key of size 0.
} else if (size > 0) {

25
jdk/src/java.base/share/classes/sun/security/util/HostnameChecker.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,6 +32,7 @@ import java.security.Principal;
import java.security.cert.*;
import java.util.*;
import javax.security.auth.x500.X500Principal;
import javax.net.ssl.SNIHostName;
import sun.net.util.IPAddressUtil;
import sun.security.ssl.ClientKeyExchangeService;
@ -201,6 +202,15 @@ public class HostnameChecker {
private void matchDNS(String expectedName, X509Certificate cert,
boolean chainsToPublicCA)
throws CertificateException {
// Check that the expected name is a valid domain name.
try {
// Using the checking implemented in SNIHostName
SNIHostName sni = new SNIHostName(expectedName);
} catch (IllegalArgumentException iae) {
throw new CertificateException(
"Illegal given domain name: " + expectedName, iae);
}
Collection<List<?>> subjAltNames = cert.getSubjectAlternativeNames();
if (subjAltNames != null) {
boolean foundDNS = false;
@ -277,6 +287,19 @@ public class HostnameChecker {
if (hasIllegalWildcard(name, template, chainsToPublicCA)) {
return false;
}
// check the validity of the domain name template.
try {
// Replacing wildcard character '*' with 'x' so as to check
// the domain name template validity.
//
// Using the checking implemented in SNIHostName
SNIHostName sni = new SNIHostName(template.replace('*', 'x'));
} catch (IllegalArgumentException iae) {
// It would be nice to add debug log if not matching.
return false;
}
if (checkType == TYPE_TLS) {
return matchAllWildcards(name, template);
} else if (checkType == TYPE_LDAP) {

9
jdk/src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -107,6 +107,8 @@ public class ManifestEntryVerifier {
/* get the headers from the manifest for this entry */
/* if there aren't any, we can't verify any digests for this entry */
skip = false;
Attributes attr = man.getAttributes(name);
if (attr == null) {
// ugh. we should be able to remove this at some point.
@ -141,7 +143,6 @@ public class ManifestEntryVerifier {
}
if (digest != null) {
skip = false;
digest.reset();
digests.add(digest);
manifestHashes.add(
@ -197,6 +198,10 @@ public class ManifestEntryVerifier {
return null;
}
if (digests.isEmpty()) {
throw new SecurityException("digest missing for " + name);
}
if (signers != null)
return signers;

256
jdk/src/java.base/share/classes/sun/util/locale/LocaleEquivalentMaps.java
View File

@ -1,256 +0,0 @@
/*
* Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.util.locale;
import java.util.HashMap;
import java.util.Map;
/**
* Locale equivalent map for BCP47 Locale matching
*/
final class LocaleEquivalentMaps {
static final Map<String, String> singleEquivMap;
static final Map<String, String[]> multiEquivsMap;
static final Map<String, String> regionVariantEquivMap;
static {
singleEquivMap = new HashMap<>();
multiEquivsMap = new HashMap<>();
regionVariantEquivMap = new HashMap<>();
// This is an auto-generated file and should not be manually edited.
// LSR Revision: 2016-02-10
singleEquivMap.put("aam", "aas");
singleEquivMap.put("aas", "aam");
singleEquivMap.put("acn", "xia");
singleEquivMap.put("adp", "dz");
singleEquivMap.put("adx", "pcr");
singleEquivMap.put("ami", "i-ami");
singleEquivMap.put("art-lojban", "jbo");
singleEquivMap.put("ase", "sgn-us");
singleEquivMap.put("aue", "ktz");
singleEquivMap.put("ayx", "nun");
singleEquivMap.put("bfi", "sgn-gb");
singleEquivMap.put("bjd", "drl");
singleEquivMap.put("bnn", "i-bnn");
singleEquivMap.put("bzs", "sgn-br");
singleEquivMap.put("cir", "meg");
singleEquivMap.put("cjr", "mom");
singleEquivMap.put("cka", "cmr");
singleEquivMap.put("cmk", "xch");
singleEquivMap.put("cmn-hans", "zh-cmn-hans");
singleEquivMap.put("cmn-hant", "zh-cmn-hant");
singleEquivMap.put("cmr", "cka");
singleEquivMap.put("csn", "sgn-co");
singleEquivMap.put("dev", "gav");
singleEquivMap.put("drh", "khk");
singleEquivMap.put("drl", "bjd");
singleEquivMap.put("dse", "sgn-nl");
singleEquivMap.put("dsl", "sgn-dk");
singleEquivMap.put("dz", "adp");
singleEquivMap.put("ema", "uok");
singleEquivMap.put("en-gb-oed", "en-gb-oxendict");
singleEquivMap.put("en-gb-oxendict", "en-gb-oed");
singleEquivMap.put("fsl", "sgn-fr");
singleEquivMap.put("gal", "ilw");
singleEquivMap.put("gan", "zh-gan");
singleEquivMap.put("gav", "dev");
singleEquivMap.put("gsg", "sgn-de");
singleEquivMap.put("gss", "sgn-gr");
singleEquivMap.put("gti", "nyc");
singleEquivMap.put("he", "iw");
singleEquivMap.put("hle", "sca");
singleEquivMap.put("hrr", "jal");
singleEquivMap.put("hsn", "zh-xiang");
singleEquivMap.put("i-ami", "ami");
singleEquivMap.put("i-bnn", "bnn");
singleEquivMap.put("i-klingon", "tlh");
singleEquivMap.put("i-lux", "lb");
singleEquivMap.put("i-navajo", "nv");
singleEquivMap.put("i-pwn", "pwn");
singleEquivMap.put("i-tao", "tao");
singleEquivMap.put("i-tay", "tay");
singleEquivMap.put("i-tsu", "tsu");
singleEquivMap.put("ibi", "opa");
singleEquivMap.put("id", "in");
singleEquivMap.put("ilw", "gal");
singleEquivMap.put("in", "id");
singleEquivMap.put("ise", "sgn-it");
singleEquivMap.put("isg", "sgn-ie");
singleEquivMap.put("iw", "he");
singleEquivMap.put("jal", "hrr");
singleEquivMap.put("jbo", "art-lojban");
singleEquivMap.put("ji", "yi");
singleEquivMap.put("jsl", "sgn-jp");
singleEquivMap.put("jv", "jw");
singleEquivMap.put("jw", "jv");
singleEquivMap.put("kgh", "kml");
singleEquivMap.put("khk", "drh");
singleEquivMap.put("kml", "kgh");
singleEquivMap.put("koj", "kwv");
singleEquivMap.put("ktz", "aue");
singleEquivMap.put("kwq", "yam");
singleEquivMap.put("kwv", "koj");
singleEquivMap.put("kxe", "tvd");
singleEquivMap.put("lb", "i-lux");
singleEquivMap.put("lcq", "ppr");
singleEquivMap.put("lii", "raq");
singleEquivMap.put("lmm", "rmx");
singleEquivMap.put("lrr", "yma");
singleEquivMap.put("meg", "cir");
singleEquivMap.put("mfs", "sgn-mx");
singleEquivMap.put("mo", "ro");
singleEquivMap.put("mom", "cjr");
singleEquivMap.put("mtm", "ymt");
singleEquivMap.put("nan", "zh-min-nan");
singleEquivMap.put("nb", "no-bok");
singleEquivMap.put("ncs", "sgn-ni");
singleEquivMap.put("ngv", "nnx");
singleEquivMap.put("nn", "no-nyn");
singleEquivMap.put("nnx", "ngv");
singleEquivMap.put("no-bok", "nb");
singleEquivMap.put("no-nyn", "nn");
singleEquivMap.put("nsl", "sgn-no");
singleEquivMap.put("nun", "ayx");
singleEquivMap.put("nv", "i-navajo");
singleEquivMap.put("nyc", "gti");
singleEquivMap.put("opa", "ibi");
singleEquivMap.put("oyb", "thx");
singleEquivMap.put("pcr", "adx");
singleEquivMap.put("phr", "pmu");
singleEquivMap.put("pmu", "phr");
singleEquivMap.put("ppr", "lcq");
singleEquivMap.put("psr", "sgn-pt");
singleEquivMap.put("pub", "puz");
singleEquivMap.put("puz", "pub");
singleEquivMap.put("pwn", "i-pwn");
singleEquivMap.put("raq", "lii");
singleEquivMap.put("ras", "tie");
singleEquivMap.put("rmx", "lmm");
singleEquivMap.put("ro", "mo");
singleEquivMap.put("sca", "hle");
singleEquivMap.put("sfb", "sgn-be-fr");
singleEquivMap.put("sfs", "sgn-za");
singleEquivMap.put("sgg", "sgn-ch-de");
singleEquivMap.put("sgn-be-fr", "sfb");
singleEquivMap.put("sgn-be-nl", "vgt");
singleEquivMap.put("sgn-br", "bzs");
singleEquivMap.put("sgn-ch-de", "sgg");
singleEquivMap.put("sgn-co", "csn");
singleEquivMap.put("sgn-de", "gsg");
singleEquivMap.put("sgn-dk", "dsl");
singleEquivMap.put("sgn-es", "ssp");
singleEquivMap.put("sgn-fr", "fsl");
singleEquivMap.put("sgn-gb", "bfi");
singleEquivMap.put("sgn-gr", "gss");
singleEquivMap.put("sgn-ie", "isg");
singleEquivMap.put("sgn-it", "ise");
singleEquivMap.put("sgn-jp", "jsl");
singleEquivMap.put("sgn-mx", "mfs");
singleEquivMap.put("sgn-ni", "ncs");
singleEquivMap.put("sgn-nl", "dse");
singleEquivMap.put("sgn-no", "nsl");
singleEquivMap.put("sgn-pt", "psr");
singleEquivMap.put("sgn-se", "swl");
singleEquivMap.put("sgn-us", "ase");
singleEquivMap.put("sgn-za", "sfs");
singleEquivMap.put("ssp", "sgn-es");
singleEquivMap.put("suj", "xsj");
singleEquivMap.put("swl", "sgn-se");
singleEquivMap.put("taj", "tsf");
singleEquivMap.put("tao", "i-tao");
singleEquivMap.put("tay", "i-tay");
singleEquivMap.put("thx", "oyb");
singleEquivMap.put("tie", "ras");
singleEquivMap.put("tkk", "twm");
singleEquivMap.put("tlh", "i-klingon");
singleEquivMap.put("tlw", "weo");
singleEquivMap.put("tsf", "taj");
singleEquivMap.put("tsu", "i-tsu");
singleEquivMap.put("tvd", "kxe");
singleEquivMap.put("twm", "tkk");
singleEquivMap.put("uok", "ema");
singleEquivMap.put("vgt", "sgn-be-nl");
singleEquivMap.put("weo", "tlw");
singleEquivMap.put("wuu", "zh-wuu");
singleEquivMap.put("xch", "cmk");
singleEquivMap.put("xia", "acn");
singleEquivMap.put("xsj", "suj");
singleEquivMap.put("yam", "kwq");
singleEquivMap.put("yi", "ji");
singleEquivMap.put("yma", "lrr");
singleEquivMap.put("ymt", "mtm");
singleEquivMap.put("yos", "zom");
singleEquivMap.put("yue", "zh-yue");
singleEquivMap.put("yug", "yuu");
singleEquivMap.put("yuu", "yug");
singleEquivMap.put("zh-cmn-hans", "cmn-hans");
singleEquivMap.put("zh-cmn-hant", "cmn-hant");
singleEquivMap.put("zh-gan", "gan");
singleEquivMap.put("zh-min-nan", "nan");
singleEquivMap.put("zh-wuu", "wuu");
singleEquivMap.put("zh-xiang", "hsn");
singleEquivMap.put("zh-yue", "yue");
singleEquivMap.put("zom", "yos");
multiEquivsMap.put("ccq", new String[] {"rki", "ybd"});
multiEquivsMap.put("cmn", new String[] {"zh-guoyu", "zh-cmn"});
multiEquivsMap.put("drw", new String[] {"prs", "tnf"});
multiEquivsMap.put("gfx", new String[] {"vaj", "mwj", "oun"});
multiEquivsMap.put("hak", new String[] {"i-hak", "zh-hakka"});
multiEquivsMap.put("i-hak", new String[] {"hak", "zh-hakka"});
multiEquivsMap.put("mry", new String[] {"mst", "myt"});
multiEquivsMap.put("mst", new String[] {"mry", "myt"});
multiEquivsMap.put("mwj", new String[] {"vaj", "gfx", "oun"});
multiEquivsMap.put("myt", new String[] {"mry", "mst"});
multiEquivsMap.put("oun", new String[] {"vaj", "gfx", "mwj"});
multiEquivsMap.put("prs", new String[] {"drw", "tnf"});
multiEquivsMap.put("rki", new String[] {"ccq", "ybd"});
multiEquivsMap.put("tnf", new String[] {"prs", "drw"});
multiEquivsMap.put("vaj", new String[] {"gfx", "mwj", "oun"});
multiEquivsMap.put("ybd", new String[] {"rki", "ccq"});
multiEquivsMap.put("zh-cmn", new String[] {"cmn", "zh-guoyu"});
multiEquivsMap.put("zh-guoyu", new String[] {"cmn", "zh-cmn"});
multiEquivsMap.put("zh-hakka", new String[] {"hak", "i-hak"});
regionVariantEquivMap.put("-alalc97", "-heploc");
regionVariantEquivMap.put("-bu", "-mm");
regionVariantEquivMap.put("-cd", "-zr");
regionVariantEquivMap.put("-dd", "-de");
regionVariantEquivMap.put("-de", "-dd");
regionVariantEquivMap.put("-fr", "-fx");
regionVariantEquivMap.put("-fx", "-fr");
regionVariantEquivMap.put("-heploc", "-alalc97");
regionVariantEquivMap.put("-mm", "-bu");
regionVariantEquivMap.put("-tl", "-tp");
regionVariantEquivMap.put("-tp", "-tl");
regionVariantEquivMap.put("-yd", "-ye");
regionVariantEquivMap.put("-ye", "-yd");
regionVariantEquivMap.put("-zr", "-cd");
}
}

14
jdk/src/java.base/share/conf/security/java.security
View File

@ -545,21 +545,21 @@ krb5.kdc.bad.policy = tryLast
# jdkCA
# This constraint prohibits the specified algorithm only if the
# algorithm is used in a certificate chain that terminates at a marked
# trust anchor in the lib/security/cacerts keystore. If the jdkCA
# constraint is not set, then all chains using the specified algorithm
# trust anchor in the lib/security/cacerts keystore. If the jdkCA
# constraint is not set, then all chains using the specified algorithm
# are restricted. jdkCA may only be used once in a DisabledAlgorithm
# expression.
# Example:  To apply this constraint to SHA-1 certificates, include
# the following:  "SHA1 jdkCA"
# Example: To apply this constraint to SHA-1 certificates, include
# the following: "SHA1 jdkCA"
#
# DenyAfterConstraint:
# denyAfter YYYY-MM-DD
# This constraint prohibits a certificate with the specified algorithm
# from being used after the date regardless of the certificate's
# validity.  JAR files that are signed and timestamped before the
# validity. JAR files that are signed and timestamped before the
# constraint date with certificates containing the disabled algorithm
# will not be restricted.  The date is processed in the UTC timezone.
# This constraint can only be used once in a DisabledAlgorithm
# will not be restricted. The date is processed in the UTC timezone.
# This constraint can only be used once in a DisabledAlgorithm
# expression.
# Example: To deny usage of RSA 2048 bit certificates after Feb 3 2020,
# use the following: "RSA keySize == 2048 & denyAfter 2020-02-03"

40
jdk/src/java.base/share/native/libverify/check_code.c
View File

@ -459,6 +459,8 @@ static void *CCalloc(context_type *context, int size, jboolean zero);
static fullinfo_type cp_index_to_class_fullinfo(context_type *, int, int);
static const char* get_result_signature(const char* signature);
static char signature_to_fieldtype(context_type *context,
const char **signature_p, fullinfo_type *info);
@ -2789,7 +2791,7 @@ push_stack(context_type *context, unsigned int inumber, stack_info_type *new_sta
operand);
const char *result_signature;
check_and_push(context, signature, VM_STRING_UTF);
result_signature = strchr(signature, JVM_SIGNATURE_ENDFUNC);
result_signature = get_result_signature(signature);
if (result_signature++ == NULL) {
CCerror(context, "Illegal signature %s", signature);
}
@ -3712,6 +3714,42 @@ CFerror(context_type *context, char *format, ...)
longjmp(context->jump_buffer, 1);
}
/*
* Need to scan the entire signature to find the result type because
* types in the arg list and the result type could contain embedded ')'s.
*/
static const char* get_result_signature(const char* signature) {
const char *p;
for (p = signature; *p != JVM_SIGNATURE_ENDFUNC; p++) {
switch (*p) {
case JVM_SIGNATURE_BOOLEAN:
case JVM_SIGNATURE_BYTE:
case JVM_SIGNATURE_CHAR:
case JVM_SIGNATURE_SHORT:
case JVM_SIGNATURE_INT:
case JVM_SIGNATURE_FLOAT:
case JVM_SIGNATURE_DOUBLE:
case JVM_SIGNATURE_LONG:
case JVM_SIGNATURE_FUNC: /* ignore initial (, if given */
break;
case JVM_SIGNATURE_CLASS:
while (*p != JVM_SIGNATURE_ENDCLASS) p++;
break;
case JVM_SIGNATURE_ARRAY:
while (*p == JVM_SIGNATURE_ARRAY) p++;
/* If an array of classes, skip over class name, too. */
if (*p == JVM_SIGNATURE_CLASS) {
while (*p != JVM_SIGNATURE_ENDCLASS) p++;
}
break;
default:
/* Indicate an error. */
return NULL;
}
}
return p++; /* skip over ')'. */
}
static char
signature_to_fieldtype(context_type *context,
const char **signature_p, fullinfo_type *full_info_p)

2
jdk/src/java.base/share/native/libzip/zlib/deflate.c
View File

@ -505,6 +505,8 @@ int ZEXPORT deflateResetKeep (strm)
s->pending = 0;
s->pending_out = s->pending_buf;
s->high_water = 0; /* reset to its inital value 0 */
if (s->wrap < 0) {
s->wrap = -s->wrap; /* was made negative by deflate(..., Z_FINISH); */
}

15
jdk/src/java.base/share/native/libzip/zlib/patches/ChangeLog_java
View File

@ -76,6 +76,21 @@
> n = len;
--------------------------
(6) deflate.c #8184306
*** 503,512 ****
--- 503,514 ----
s = (deflate_state *)strm->state;
s->pending = 0;
s->pending_out = s->pending_buf;
+ s->high_water = 0; /* reset to its inital value 0 */
+
if (s->wrap < 0) {
s->wrap = -s->wrap; /* was made negative by deflate(..., Z_FINISH); */
}
s->status =
#ifdef GZIP

17
jdk/src/java.desktop/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReader.java
View File

@ -392,6 +392,17 @@ public class JPEGImageReader extends ImageReader {
}
}
private void skipPastImage(int imageIndex) {
cbLock.lock();
try {
gotoImage(imageIndex);
skipImage();
} catch (IOException | IndexOutOfBoundsException e) {
} finally {
cbLock.unlock();
}
}
@SuppressWarnings("fallthrough")
private int getNumImagesOnThread(boolean allowSearch)
throws IOException {
@ -1340,7 +1351,8 @@ public class JPEGImageReader extends ImageReader {
* just a 1-line intermediate data transfer buffer that will not
* affect the acceleration of the resulting image.
*/
boolean aborted = readImage(structPointer,
boolean aborted = readImage(imageIndex,
structPointer,
buffer.getData(),
numRasterBands,
srcBands,
@ -1502,7 +1514,8 @@ public class JPEGImageReader extends ImageReader {
/**
* Returns {@code true} if the read was aborted.
*/
private native boolean readImage(long structPointer,
private native boolean readImage(int imageIndex,
long structPointer,
byte [] buffer,
int numRasterBands,
int [] srcBands,

21
jdk/src/java.desktop/share/classes/javax/imageio/spi/ServiceRegistry.java
View File

@ -26,6 +26,9 @@
package javax.imageio.spi;
import java.io.File;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
@ -755,13 +758,14 @@ class SubRegistry {
Class<?> category;
// Provider Objects organized by partial oridering
PartiallyOrderedSet<Object> poset = new PartiallyOrderedSet<>();
// Provider Objects organized by partial ordering
final PartiallyOrderedSet<Object> poset = new PartiallyOrderedSet<>();
// Class -> Provider Object of that class
// No way to express heterogeneous map, we want
// Map<Class<T>, T>, where T is ?
Map<Class<?>, Object> map = new HashMap<>();
final Map<Class<?>, Object> map = new HashMap<>();
final Map<Class<?>, AccessControlContext> accMap = new HashMap<>();
public SubRegistry(ServiceRegistry registry, Class<?> category) {
this.registry = registry;
@ -776,6 +780,7 @@ class SubRegistry {
deregisterServiceProvider(oprovider);
}
map.put(provider.getClass(), provider);
accMap.put(provider.getClass(), AccessController.getContext());
poset.add(provider);
if (provider instanceof RegisterableService) {
RegisterableService rs = (RegisterableService)provider;
@ -800,6 +805,7 @@ class SubRegistry {
if (provider == oprovider) {
map.remove(provider.getClass());
accMap.remove(provider.getClass());
poset.remove(provider);
if (provider instanceof RegisterableService) {
RegisterableService rs = (RegisterableService)provider;
@ -849,10 +855,17 @@ class SubRegistry {
if (provider instanceof RegisterableService) {
RegisterableService rs = (RegisterableService)provider;
rs.onDeregistration(registry, category);
AccessControlContext acc = accMap.get(provider.getClass());
if (acc != null || System.getSecurityManager() == null) {
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
rs.onDeregistration(registry, category);
return null;
}, acc);
}
}
}
poset.clear();
accMap.clear();
}
@SuppressWarnings("deprecation")

33
jdk/src/java.desktop/share/classes/sun/awt/image/ImageWatched.java
View File

@ -29,6 +29,10 @@ import java.lang.ref.WeakReference;
import java.awt.Image;
import java.awt.image.ImageObserver;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
public abstract class ImageWatched {
public static Link endlink = new Link();
@ -85,16 +89,26 @@ public abstract class ImageWatched {
}
}
static class AccWeakReference<T> extends WeakReference<T> {
private final AccessControlContext acc;
AccWeakReference(T ref) {
super(ref);
acc = AccessController.getContext();
}
}
/*
* Standard Link implementation to manage a Weak Reference
* to an ImageObserver.
*/
public static class WeakLink extends Link {
private WeakReference<ImageObserver> myref;
private final AccWeakReference<ImageObserver> myref;
private Link next;
public WeakLink(ImageObserver obs, Link next) {
myref = new WeakReference<ImageObserver>(obs);
myref = new AccWeakReference<ImageObserver>(obs);
this.next = next;
}
@ -120,6 +134,19 @@ public abstract class ImageWatched {
return this;
}
private static boolean update(ImageObserver iw, AccessControlContext acc,
Image img, int info,
int x, int y, int w, int h) {
if (acc != null || System.getSecurityManager() != null) {
return AccessController.doPrivileged(
(PrivilegedAction<Boolean>) () -> {
return iw.imageUpdate(img, info, x, y, w, h);
}, acc);
}
return false;
}
public boolean newInfo(Image img, int info,
int x, int y, int w, int h)
{
@ -129,7 +156,7 @@ public abstract class ImageWatched {
if (myiw == null) {
// My referent is null so we must prune in a second pass.
ret = true;
} else if (myiw.imageUpdate(img, info, x, y, w, h) == false) {
} else if (update(myiw, myref.acc, img, info, x, y, w, h) == false) {
// My referent has lost interest so clear it and ask
// for a pruning pass to remove it later.
myref.clear();

27
jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
View File

@ -72,6 +72,7 @@ static jmethodID JPEGImageReader_acceptPixelsID;
static jmethodID JPEGImageReader_pushBackID;
static jmethodID JPEGImageReader_passStartedID;
static jmethodID JPEGImageReader_passCompleteID;
static jmethodID JPEGImageReader_skipPastImageID;
static jmethodID JPEGImageWriter_writeOutputDataID;
static jmethodID JPEGImageWriter_warningOccurredID;
static jmethodID JPEGImageWriter_warningWithMessageID;
@ -1472,6 +1473,10 @@ Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_initReaderIDs
cls,
"pushBack",
"(I)V"));
CHECK_NULL(JPEGImageReader_skipPastImageID = (*env)->GetMethodID(env,
cls,
"skipPastImage",
"(I)V"));
CHECK_NULL(JPEGQTable_tableID = (*env)->GetFieldID(env,
qTableClass,
"qTable",
@ -1853,6 +1858,7 @@ JNIEXPORT jboolean JNICALL
Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_readImage
(JNIEnv *env,
jobject this,
jint imageIndex,
jlong ptr,
jbyteArray buffer,
jint numBands,
@ -2181,12 +2187,23 @@ Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_readImage
* We are done, but we might not have read all the lines, or all
* the passes, so use jpeg_abort instead of jpeg_finish_decompress.
*/
if (cinfo->output_scanline == cinfo->output_height) {
// if ((cinfo->output_scanline == cinfo->output_height) &&
//(jpeg_input_complete(cinfo))) { // We read the whole file
jpeg_finish_decompress(cinfo);
} else {
if ((cinfo->output_scanline != cinfo->output_height) ||
data->abortFlag == JNI_TRUE)
{
jpeg_abort_decompress(cinfo);
} else if ((!jpeg_input_complete(cinfo)) &&
(progressive &&
(cinfo->input_scan_number > maxProgressivePass))) {
/* We haven't reached EOI, but we need to skip to there */
(*cinfo->src->term_source) (cinfo);
/* We can use jpeg_abort to release memory and reset global_state */
jpeg_abort((j_common_ptr) cinfo);
(*env)->CallVoidMethod(env,
this,
JPEGImageReader_skipPastImageID,
imageIndex);
} else {
jpeg_finish_decompress(cinfo);
}
free(scanLinePtr);

1
jdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapClient.java
View File

@ -1234,6 +1234,7 @@ public final class LdapClient implements PooledConnection {
static final int LDAP_REF_FOLLOW = 0x01; // follow referrals
static final int LDAP_REF_THROW = 0x02; // throw referral ex.
static final int LDAP_REF_IGNORE = 0x03; // ignore referrals
static final int LDAP_REF_FOLLOW_SCHEME = 0x04; // follow referrals of the same scheme
static final String LDAP_URL = "ldap://"; // LDAPv3
static final String LDAPS_URL = "ldaps://"; // LDAPv3

22
jdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtx.java
View File

@ -2414,6 +2414,9 @@ final public class LdapCtx extends ComponentDirContext
// First determine the referral mode
if (ref != null) {
switch (ref) {
case "follow-scheme":
handleReferrals = LdapClient.LDAP_REF_FOLLOW_SCHEME;
break;
case "follow":
handleReferrals = LdapClient.LDAP_REF_FOLLOW;
break;
@ -2979,8 +2982,23 @@ final public class LdapCtx extends ComponentDirContext
r = new LdapReferralException(resolvedName, resolvedObj, remainName,
msg, envprops, fullDN, handleReferrals, reqCtls);
// only one set of URLs is present
r.setReferralInfo(res.referrals == null ? null :
res.referrals.elementAt(0), false);
Vector<String> refs;
if (res.referrals == null) {
refs = null;
} else if (handleReferrals == LdapClient.LDAP_REF_FOLLOW_SCHEME) {
refs = new Vector<>();
for (String s : res.referrals.elementAt(0)) {
if (s.startsWith("ldap:")) {
refs.add(s);
}
}
if (refs.isEmpty()) {
refs = null;
}
} else {
refs = res.referrals.elementAt(0);
}
r.setReferralInfo(refs, false);
if (hopCount > 1) {
r.setHopCount(hopCount);

5
jdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapReferralException.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -117,7 +117,8 @@ final public class LdapReferralException extends
// If following referral, request controls are passed to referral ctx
this.reqCtls =
(handleReferrals == LdapClient.LDAP_REF_FOLLOW ? reqCtls : null);
(handleReferrals == LdapClient.LDAP_REF_FOLLOW ||
handleReferrals == LdapClient.LDAP_REF_FOLLOW_SCHEME ? reqCtls : null);
}
/**

4
jdk/src/java.naming/share/classes/javax/naming/directory/BasicAttribute.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -515,7 +515,7 @@ public class BasicAttribute implements Attribute {
throws java.io.IOException, ClassNotFoundException {
s.defaultReadObject(); // read in the attrID
int n = s.readInt(); // number of values
values = new Vector<>(n);
values = new Vector<>(Math.min(1024, n));
while (--n >= 0) {
values.addElement(s.readObject());
}

4
jdk/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -186,7 +186,7 @@ final class LDAPCertStoreImpl {
*/
Hashtable<?,?> currentEnv = ctx.getEnvironment();
if (currentEnv.get(Context.REFERRAL) == null) {
ctx.addToEnvironment(Context.REFERRAL, "follow");
ctx.addToEnvironment(Context.REFERRAL, "follow-scheme");
}
} catch (NamingException e) {
if (debug != null) {

36
jdk/src/java.rmi/share/classes/java/rmi/activation/ActivationID.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -40,6 +40,12 @@ import java.rmi.server.RemoteObject;
import java.rmi.server.RemoteObjectInvocationHandler;
import java.rmi.server.RemoteRef;
import java.rmi.server.UID;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
/**
* Activation makes use of special identifiers to denote remote
@ -81,6 +87,14 @@ public class ActivationID implements Serializable {
/** indicate compatibility with the Java 2 SDK v1.2 version of class */
private static final long serialVersionUID = -4608673054848209235L;
/** an AccessControlContext with no permissions */
private static final AccessControlContext NOPERMS_ACC;
static {
Permissions perms = new Permissions();
ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
NOPERMS_ACC = new AccessControlContext(pd);
}
/**
* The constructor for <code>ActivationID</code> takes a single
* argument, activator, that specifies a remote reference to the
@ -116,13 +130,19 @@ public class ActivationID implements Serializable {
try {
MarshalledObject<? extends Remote> mobj =
activator.activate(this, force);
return mobj.get();
} catch (RemoteException e) {
throw e;
} catch (IOException e) {
throw new UnmarshalException("activation failed", e);
} catch (ClassNotFoundException e) {
throw new UnmarshalException("activation failed", e);
return AccessController.doPrivileged(
new PrivilegedExceptionAction<Remote>() {
public Remote run() throws IOException, ClassNotFoundException {
return mobj.get();
}
}, NOPERMS_ACC);
} catch (PrivilegedActionException pae) {
Exception ex = pae.getException();
if (ex instanceof RemoteException) {
throw (RemoteException) ex;
} else {
throw new UnmarshalException("activation failed", ex);
}
}
}

36
jdk/src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java
View File

@ -75,6 +75,10 @@ import sun.rmi.transport.LiveRef;
* registry.
*
* The LocateRegistry class is used to obtain registry for different hosts.
* <p>
* The default RegistryImpl exported restricts access to clients on the local host
* for the methods {@link #bind}, {@link #rebind}, {@link #unbind} by checking
* the client host in the skeleton.
*
* @see java.rmi.registry.LocateRegistry
*/
@ -143,6 +147,20 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
RMIClientSocketFactory csf,
RMIServerSocketFactory ssf)
throws RemoteException
{
this(port, csf, ssf, RegistryImpl::registryFilter);
}
/**
* Construct a new RegistryImpl on the specified port with the
* given custom socket factory pair and ObjectInputFilter.
*/
public RegistryImpl(int port,
RMIClientSocketFactory csf,
RMIServerSocketFactory ssf,
ObjectInputFilter serialFilter)
throws RemoteException
{
if (port == Registry.REGISTRY_PORT && System.getSecurityManager() != null) {
// grant permission for default port only.
@ -150,7 +168,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
public Void run() throws RemoteException {
LiveRef lref = new LiveRef(id, port, csf, ssf);
setup(new UnicastServerRef2(lref, RegistryImpl::registryFilter));
setup(new UnicastServerRef2(lref, serialFilter));
return null;
}
}, null, new SocketPermission("localhost:"+port, "listen,accept"));
@ -226,7 +244,8 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
public void bind(String name, Remote obj)
throws RemoteException, AlreadyBoundException, AccessException
{
checkAccess("Registry.bind");
// The access check preventing remote access is done in the skeleton
// and is not applicable to local access.
synchronized (bindings) {
Remote curr = bindings.get(name);
if (curr != null)
@ -243,7 +262,8 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
public void unbind(String name)
throws RemoteException, NotBoundException, AccessException
{
checkAccess("Registry.unbind");
// The access check preventing remote access is done in the skeleton
// and is not applicable to local access.
synchronized (bindings) {
Remote obj = bindings.get(name);
if (obj == null)
@ -259,7 +279,8 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
public void rebind(String name, Remote obj)
throws RemoteException, AccessException
{
checkAccess("Registry.rebind");
// The access check preventing remote access is done in the skeleton
// and is not applicable to local access.
bindings.put(name, obj);
}
@ -312,7 +333,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
if (clientHost.isAnyLocalAddress()) {
throw new AccessException(
"Registry." + op + " disallowed; origin unknown");
op + " disallowed; origin unknown");
}
try {
@ -335,7 +356,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
// must have been an IOException
throw new AccessException(
"Registry." + op + " disallowed; origin " +
op + " disallowed; origin " +
clientHost + " is non-local host");
}
}
@ -344,8 +365,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
* Local call from this VM: allow access.
*/
} catch (java.net.UnknownHostException ex) {
throw new AccessException("Registry." + op +
" disallowed; origin is unknown host");
throw new AccessException(op + " disallowed; origin is unknown host");
}
}

177
jdk/src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl_Skel.java Normal file
View File

@ -0,0 +1,177 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.rmi.registry;
import java.io.IOException;
import java.io.InputStream;
import java.rmi.AccessException;
import java.rmi.server.RemoteCall;
import sun.rmi.transport.Connection;
import sun.rmi.transport.StreamRemoteCall;
import sun.rmi.transport.tcp.TCPConnection;
/**
* Skeleton to dispatch RegistryImpl methods.
* Originally generated by RMIC but frozen to match the stubs.
*/
@SuppressWarnings({"deprecation", "serial"})
public final class RegistryImpl_Skel
implements java.rmi.server.Skeleton {
private static final java.rmi.server.Operation[] operations = {
new java.rmi.server.Operation("void bind(java.lang.String, java.rmi.Remote)"),
new java.rmi.server.Operation("java.lang.String list()[]"),
new java.rmi.server.Operation("java.rmi.Remote lookup(java.lang.String)"),
new java.rmi.server.Operation("void rebind(java.lang.String, java.rmi.Remote)"),
new java.rmi.server.Operation("void unbind(java.lang.String)")
};
private static final long interfaceHash = 4905912898345647071L;
public java.rmi.server.Operation[] getOperations() {
return operations.clone();
}
public void dispatch(java.rmi.Remote obj, java.rmi.server.RemoteCall call, int opnum, long hash)
throws java.lang.Exception {
if (hash != interfaceHash)
throw new java.rmi.server.SkeletonMismatchException("interface hash mismatch");
sun.rmi.registry.RegistryImpl server = (sun.rmi.registry.RegistryImpl) obj;
switch (opnum) {
case 0: // bind(String, Remote)
{
// Check access before reading the arguments
RegistryImpl.checkAccess("Registry.bind");
java.lang.String $param_String_1;
java.rmi.Remote $param_Remote_2;
try {
java.io.ObjectInput in = call.getInputStream();
$param_String_1 = (java.lang.String) in.readObject();
$param_Remote_2 = (java.rmi.Remote) in.readObject();
} catch (java.io.IOException | java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
server.bind($param_String_1, $param_Remote_2);
try {
call.getResultStream(true);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
case 1: // list()
{
call.releaseInputStream();
java.lang.String[] $result = server.list();
try {
java.io.ObjectOutput out = call.getResultStream(true);
out.writeObject($result);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
case 2: // lookup(String)
{
java.lang.String $param_String_1;
try {
java.io.ObjectInput in = call.getInputStream();
$param_String_1 = (java.lang.String) in.readObject();
} catch (java.io.IOException | java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
java.rmi.Remote $result = server.lookup($param_String_1);
try {
java.io.ObjectOutput out = call.getResultStream(true);
out.writeObject($result);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
case 3: // rebind(String, Remote)
{
// Check access before reading the arguments
RegistryImpl.checkAccess("Registry.rebind");
java.lang.String $param_String_1;
java.rmi.Remote $param_Remote_2;
try {
java.io.ObjectInput in = call.getInputStream();
$param_String_1 = (java.lang.String) in.readObject();
$param_Remote_2 = (java.rmi.Remote) in.readObject();
} catch (java.io.IOException | java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
server.rebind($param_String_1, $param_Remote_2);
try {
call.getResultStream(true);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
case 4: // unbind(String)
{
// Check access before reading the arguments
RegistryImpl.checkAccess("Registry.unbind");
java.lang.String $param_String_1;
try {
java.io.ObjectInput in = call.getInputStream();
$param_String_1 = (java.lang.String) in.readObject();
} catch (java.io.IOException | java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
server.unbind($param_String_1);
try {
call.getResultStream(true);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
default:
throw new java.rmi.UnmarshalException("invalid method number");
}
}
}

189
jdk/src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl_Stub.java Normal file
View File

@ -0,0 +1,189 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.rmi.registry;
/**
* Stubs to invoke RegistryImpl remote methods.
* Originally generated from RMIC but frozen to match RegistryImpl_Skel.
*/
@SuppressWarnings({"deprecation", "serial"})
public final class RegistryImpl_Stub
extends java.rmi.server.RemoteStub
implements java.rmi.registry.Registry, java.rmi.Remote {
private static final java.rmi.server.Operation[] operations = {
new java.rmi.server.Operation("void bind(java.lang.String, java.rmi.Remote)"),
new java.rmi.server.Operation("java.lang.String list()[]"),
new java.rmi.server.Operation("java.rmi.Remote lookup(java.lang.String)"),
new java.rmi.server.Operation("void rebind(java.lang.String, java.rmi.Remote)"),
new java.rmi.server.Operation("void unbind(java.lang.String)")
};
private static final long interfaceHash = 4905912898345647071L;
// constructors
public RegistryImpl_Stub() {
super();
}
public RegistryImpl_Stub(java.rmi.server.RemoteRef ref) {
super(ref);
}
// methods from remote interfaces
// implementation of bind(String, Remote)
public void bind(java.lang.String $param_String_1, java.rmi.Remote $param_Remote_2)
throws java.rmi.AccessException, java.rmi.AlreadyBoundException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 0, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_String_1);
out.writeObject($param_Remote_2);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
ref.done(call);
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.rmi.AlreadyBoundException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
// implementation of list()
public java.lang.String[] list()
throws java.rmi.AccessException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 1, interfaceHash);
ref.invoke(call);
java.lang.String[] $result;
try {
java.io.ObjectInput in = call.getInputStream();
$result = (java.lang.String[]) in.readObject();
} catch (java.io.IOException e) {
throw new java.rmi.UnmarshalException("error unmarshalling return", e);
} catch (java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling return", e);
} finally {
ref.done(call);
}
return $result;
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
// implementation of lookup(String)
public java.rmi.Remote lookup(java.lang.String $param_String_1)
throws java.rmi.AccessException, java.rmi.NotBoundException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 2, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_String_1);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
java.rmi.Remote $result;
try {
java.io.ObjectInput in = call.getInputStream();
$result = (java.rmi.Remote) in.readObject();
} catch (java.io.IOException e) {
throw new java.rmi.UnmarshalException("error unmarshalling return", e);
} catch (java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling return", e);
} finally {
ref.done(call);
}
return $result;
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.rmi.NotBoundException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
// implementation of rebind(String, Remote)
public void rebind(java.lang.String $param_String_1, java.rmi.Remote $param_Remote_2)
throws java.rmi.AccessException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 3, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_String_1);
out.writeObject($param_Remote_2);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
ref.done(call);
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
// implementation of unbind(String)
public void unbind(java.lang.String $param_String_1)
throws java.rmi.AccessException, java.rmi.NotBoundException, java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 4, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_String_1);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
ref.done(call);
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.rmi.NotBoundException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
}

68
jdk/src/java.rmi/share/classes/sun/rmi/server/Activation.java
View File

@ -30,6 +30,7 @@ import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInput;
import java.io.ObjectInputStream;
import java.io.OutputStream;
import java.io.PrintStream;
@ -105,7 +106,6 @@ import sun.rmi.log.LogHandler;
import sun.rmi.log.ReliableLog;
import sun.rmi.registry.RegistryImpl;
import sun.rmi.runtime.NewThreadAction;
import sun.rmi.server.UnicastServerRef;
import sun.rmi.transport.LiveRef;
import sun.security.provider.PolicyFile;
import com.sun.rmi.rmid.ExecPermission;
@ -375,6 +375,7 @@ public class Activation implements Serializable {
throw new AccessException(
"binding ActivationSystem is disallowed");
} else {
RegistryImpl.checkAccess("ActivationSystem.bind");
super.bind(name, obj);
}
}
@ -386,6 +387,7 @@ public class Activation implements Serializable {
throw new AccessException(
"unbinding ActivationSystem is disallowed");
} else {
RegistryImpl.checkAccess("ActivationSystem.unbind");
super.unbind(name);
}
}
@ -398,6 +400,7 @@ public class Activation implements Serializable {
throw new AccessException(
"binding ActivationSystem is disallowed");
} else {
RegistryImpl.checkAccess("ActivationSystem.rebind");
super.rebind(name, obj);
}
}
@ -488,6 +491,33 @@ public class Activation implements Serializable {
}
/**
* SameHostOnlyServerRef checks that access is from a local client
* before the parameters are deserialized. The unmarshalCustomCallData
* hook is used to check the network address of the caller
* with RegistryImpl.checkAccess().
* The kind of access is retained for an exception if one is thrown.
*/
static class SameHostOnlyServerRef extends UnicastServerRef {
private static final long serialVersionUID = 1234L;
private String accessKind; // an exception message
/**
* Construct a new SameHostOnlyServerRef from a LiveRef.
* @param lref a LiveRef
*/
SameHostOnlyServerRef(LiveRef lref, String accessKind) {
super(lref);
this.accessKind = accessKind;
}
@Override
protected void unmarshalCustomCallData(ObjectInput in) throws IOException, ClassNotFoundException {
RegistryImpl.checkAccess(accessKind);
super.unmarshalCustomCallData(in);
}
}
class ActivationSystemImpl
extends RemoteServer
implements ActivationSystem
@ -505,7 +535,8 @@ public class Activation implements Serializable {
* 'this' can be exported.
*/
LiveRef lref = new LiveRef(new ObjID(4), port, null, ssf);
UnicastServerRef uref = new UnicastServerRef(lref);
UnicastServerRef uref = new SameHostOnlyServerRef(lref,
"ActivationSystem.nonLocalAccess");
ref = uref;
uref.exportObject(this, null);
}
@ -514,8 +545,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.registerObject");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
ActivationGroupID groupID = desc.getGroupID();
ActivationID id = new ActivationID(activatorStub);
getGroupEntry(groupID).registerObject(id, desc, true);
@ -526,7 +557,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownObjectException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.unregisterObject");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
getGroupEntry(id).unregisterObject(id, true);
}
@ -534,7 +566,8 @@ public class Activation implements Serializable {
throws ActivationException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.registerGroup");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
checkArgs(desc, null);
ActivationGroupID id = new ActivationGroupID(systemStub);
@ -551,7 +584,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.activeGroup");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
getGroupEntry(id).activeGroup(group, incarnation);
return monitor;
@ -561,7 +595,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.unregisterGroup");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
// remove entry before unregister so state is updated before
// logged
@ -573,7 +608,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownObjectException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.setActivationDesc");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
if (!getGroupID(id).equals(desc.getGroupID())) {
throw new ActivationException(
@ -587,8 +623,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess(
"ActivationSystem.setActivationGroupDesc");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
checkArgs(desc, null);
return getGroupEntry(id).setActivationGroupDesc(id, desc, true);
@ -598,7 +634,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownObjectException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess("ActivationSystem.getActivationDesc");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
return getGroupEntry(id).getActivationDesc(id);
}
@ -607,8 +644,8 @@ public class Activation implements Serializable {
throws ActivationException, UnknownGroupException, RemoteException
{
checkShutdown();
RegistryImpl.checkAccess
("ActivationSystem.getActivationGroupDesc");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
return getGroupEntry(id).desc;
}
@ -618,7 +655,8 @@ public class Activation implements Serializable {
* the activation daemon and exits the activation daemon.
*/
public void shutdown() throws AccessException {
RegistryImpl.checkAccess("ActivationSystem.shutdown");
// RegistryImpl.checkAccess() is done in the SameHostOnlyServerRef
// during unmarshallCustomData and is not applicable to local access.
Object lock = startupLock;
if (lock != null) {

14
jdk/src/java.rmi/share/classes/sun/rmi/server/UnicastRef.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,7 +32,6 @@ import java.lang.reflect.Method;
import java.rmi.MarshalException;
import java.rmi.Remote;
import java.rmi.RemoteException;
import java.rmi.ServerException;
import java.rmi.UnmarshalException;
import java.rmi.server.Operation;
import java.rmi.server.RemoteCall;
@ -187,14 +186,11 @@ public class UnicastRef implements RemoteRef {
return returnValue;
} catch (IOException e) {
} catch (IOException | ClassNotFoundException e) {
// disable saving any refs in the inputStream for GC
((StreamRemoteCall)call).discardPendingRefs();
clientRefLog.log(Log.BRIEF,
"IOException unmarshalling return: ", e);
throw new UnmarshalException("error unmarshalling return", e);
} catch (ClassNotFoundException e) {
clientRefLog.log(Log.BRIEF,
"ClassNotFoundException unmarshalling return: ", e);
e.getClass().getName() + " unmarshalling return: ", e);
throw new UnmarshalException("error unmarshalling return", e);
} finally {
try {

113
jdk/src/java.rmi/share/classes/sun/rmi/server/UnicastServerRef.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -33,6 +33,7 @@ import java.io.ObjectOutput;
import java.io.ObjectStreamClass;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.rmi.AccessException;
import java.rmi.MarshalException;
import java.rmi.Remote;
import java.rmi.RemoteException;
@ -57,6 +58,7 @@ import java.util.WeakHashMap;
import java.util.concurrent.atomic.AtomicInteger;
import sun.rmi.runtime.Log;
import sun.rmi.transport.LiveRef;
import sun.rmi.transport.StreamRemoteCall;
import sun.rmi.transport.Target;
import sun.rmi.transport.tcp.TCPTransport;
@ -287,21 +289,26 @@ public class UnicastServerRef extends UnicastRef
try {
in = call.getInputStream();
num = in.readInt();
if (num >= 0) {
if (skel != null) {
oldDispatch(obj, call, num);
return;
} else {
throw new UnmarshalException(
"skeleton class not found but required " +
"for client version");
}
}
op = in.readLong();
} catch (Exception readEx) {
throw new UnmarshalException("error unmarshalling call header",
readEx);
}
if (num >= 0) {
if (skel != null) {
oldDispatch(obj, call, num);
return;
} else {
throw new UnmarshalException(
"skeleton class not found but required " +
"for client version");
}
}
try {
op = in.readLong();
} catch (Exception readEx) {
throw new UnmarshalException("error unmarshalling call header",
readEx);
}
/*
* Since only system classes (with null class loaders) will be on
@ -328,10 +335,14 @@ public class UnicastServerRef extends UnicastRef
try {
unmarshalCustomCallData(in);
params = unmarshalParameters(obj, method, marshalStream);
} catch (java.io.IOException e) {
throw new UnmarshalException(
"error unmarshalling arguments", e);
} catch (ClassNotFoundException e) {
} catch (AccessException aex) {
// For compatibility, AccessException is not wrapped in UnmarshalException
// disable saving any refs in the inputStream for GC
((StreamRemoteCall) call).discardPendingRefs();
throw aex;
} catch (java.io.IOException | ClassNotFoundException e) {
// disable saving any refs in the inputStream for GC
((StreamRemoteCall) call).discardPendingRefs();
throw new UnmarshalException(
"error unmarshalling arguments", e);
} finally {
@ -365,6 +376,7 @@ public class UnicastServerRef extends UnicastRef
*/
}
} catch (Throwable e) {
Throwable origEx = e;
logCallException(e);
ObjectOutput out = call.getResultStream(false);
@ -380,6 +392,12 @@ public class UnicastServerRef extends UnicastRef
clearStackTraces(e);
}
out.writeObject(e);
// AccessExceptions should cause Transport.serviceCall
// to flag the connection as unusable.
if (origEx instanceof AccessException) {
throw new IOException("Connection is not reusable", origEx);
}
} finally {
call.releaseInputStream(); // in case skeleton doesn't
call.releaseOutputStream();
@ -408,62 +426,41 @@ public class UnicastServerRef extends UnicastRef
* Handle server-side dispatch using the RMI 1.1 stub/skeleton
* protocol, given a non-negative operation number that has
* already been read from the call stream.
* Exceptions are handled by the caller to be sent to the remote client.
*
* @param obj the target remote object for the call
* @param call the "remote call" from which operation and
* method arguments can be obtained.
* @param op the operation number
* @exception IOException if unable to marshal return result or
* @throws Exception if unable to marshal return result or
* release input or output streams
*/
public void oldDispatch(Remote obj, RemoteCall call, int op)
throws IOException
private void oldDispatch(Remote obj, RemoteCall call, int op)
throws Exception
{
long hash; // hash for matching stub with skeleton
// read remote call header
ObjectInput in;
in = call.getInputStream();
try {
// read remote call header
ObjectInput in;
try {
in = call.getInputStream();
try {
Class<?> clazz = Class.forName("sun.rmi.transport.DGCImpl_Skel");
if (clazz.isAssignableFrom(skel.getClass())) {
((MarshalInputStream)in).useCodebaseOnly();
}
} catch (ClassNotFoundException ignore) { }
hash = in.readLong();
} catch (Exception readEx) {
throw new UnmarshalException("error unmarshalling call header",
readEx);
Class<?> clazz = Class.forName("sun.rmi.transport.DGCImpl_Skel");
if (clazz.isAssignableFrom(skel.getClass())) {
((MarshalInputStream)in).useCodebaseOnly();
}
} catch (ClassNotFoundException ignore) { }
// if calls are being logged, write out object id and operation
logCall(obj, skel.getOperations()[op]);
unmarshalCustomCallData(in);
// dispatch to skeleton for remote object
skel.dispatch(obj, call, op, hash);
} catch (Throwable e) {
logCallException(e);
ObjectOutput out = call.getResultStream(false);
if (e instanceof Error) {
e = new ServerError(
"Error occurred in server thread", (Error) e);
} else if (e instanceof RemoteException) {
e = new ServerException(
"RemoteException occurred in server thread",
(Exception) e);
}
if (suppressStackTraces) {
clearStackTraces(e);
}
out.writeObject(e);
} finally {
call.releaseInputStream(); // in case skeleton doesn't
call.releaseOutputStream();
try {
hash = in.readLong();
} catch (Exception ioe) {
throw new UnmarshalException("error unmarshalling call header", ioe);
}
// if calls are being logged, write out object id and operation
logCall(obj, skel.getOperations()[op]);
unmarshalCustomCallData(in);
// dispatch to skeleton for remote object
skel.dispatch(obj, call, op, hash);
}
/**

10
jdk/src/java.rmi/share/classes/sun/rmi/transport/ConnectionInputStream.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -81,6 +81,14 @@ class ConnectionInputStream extends MarshalInputStream {
refList.add(ref);
}
/**
* Discard the saved incoming refs so there is nothing to register
* when {@code registerRefs} is called.
*/
void discardRefs() {
incomingRefTable.clear();
}
/**
* Add references to DGC table (and possibly send dirty call).
* RegisterRefs now calls DGCClient.referenced on all

10
jdk/src/java.rmi/share/classes/sun/rmi/transport/DGCClient.java
View File

@ -24,9 +24,11 @@
*/
package sun.rmi.transport;
import java.io.InvalidClassException;
import java.lang.ref.PhantomReference;
import java.lang.ref.ReferenceQueue;
import java.net.SocketPermission;
import java.rmi.UnmarshalException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
@ -41,6 +43,8 @@ import java.rmi.dgc.DGC;
import java.rmi.dgc.Lease;
import java.rmi.dgc.VMID;
import java.rmi.server.ObjID;
import sun.rmi.runtime.Log;
import sun.rmi.runtime.NewThreadAction;
import sun.rmi.server.UnicastRef;
import sun.rmi.server.Util;
@ -388,6 +392,12 @@ final class DGCClient {
synchronized (this) {
dirtyFailures++;
if (e instanceof UnmarshalException
&& e.getCause() instanceof InvalidClassException) {
DGCImpl.dgcLog.log(Log.BRIEF, "InvalidClassException exception in DGC dirty call", e);
return; // protocol error, do not register these refs
}
if (dirtyFailures == 1) {
/*
* If this was the first recent failed dirty call,

112
jdk/src/java.rmi/share/classes/sun/rmi/transport/DGCImpl_Skel.java Normal file
View File

@ -0,0 +1,112 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.rmi.transport;
/**
* Skeleton to dispatch DGC methods.
* Originally generated by RMIC but frozen to match the stubs.
*/
@SuppressWarnings({"deprecation", "serial"})
public final class DGCImpl_Skel
implements java.rmi.server.Skeleton {
private static final java.rmi.server.Operation[] operations = {
new java.rmi.server.Operation("void clean(java.rmi.server.ObjID[], long, java.rmi.dgc.VMID, boolean)"),
new java.rmi.server.Operation("java.rmi.dgc.Lease dirty(java.rmi.server.ObjID[], long, java.rmi.dgc.Lease)")
};
private static final long interfaceHash = -669196253586618813L;
public java.rmi.server.Operation[] getOperations() {
return operations.clone();
}
public void dispatch(java.rmi.Remote obj, java.rmi.server.RemoteCall call, int opnum, long hash)
throws java.lang.Exception {
if (hash != interfaceHash)
throw new java.rmi.server.SkeletonMismatchException("interface hash mismatch");
sun.rmi.transport.DGCImpl server = (sun.rmi.transport.DGCImpl) obj;
switch (opnum) {
case 0: // clean(ObjID[], long, VMID, boolean)
{
java.rmi.server.ObjID[] $param_arrayOf_ObjID_1;
long $param_long_2;
java.rmi.dgc.VMID $param_VMID_3;
boolean $param_boolean_4;
try {
java.io.ObjectInput in = call.getInputStream();
$param_arrayOf_ObjID_1 = (java.rmi.server.ObjID[]) in.readObject();
$param_long_2 = in.readLong();
$param_VMID_3 = (java.rmi.dgc.VMID) in.readObject();
$param_boolean_4 = in.readBoolean();
} catch (java.io.IOException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} catch (java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
server.clean($param_arrayOf_ObjID_1, $param_long_2, $param_VMID_3, $param_boolean_4);
try {
call.getResultStream(true);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
case 1: // dirty(ObjID[], long, Lease)
{
java.rmi.server.ObjID[] $param_arrayOf_ObjID_1;
long $param_long_2;
java.rmi.dgc.Lease $param_Lease_3;
try {
java.io.ObjectInput in = call.getInputStream();
$param_arrayOf_ObjID_1 = (java.rmi.server.ObjID[]) in.readObject();
$param_long_2 = in.readLong();
$param_Lease_3 = (java.rmi.dgc.Lease) in.readObject();
} catch (java.io.IOException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} catch (java.lang.ClassNotFoundException e) {
throw new java.rmi.UnmarshalException("error unmarshalling arguments", e);
} finally {
call.releaseInputStream();
}
java.rmi.dgc.Lease $result = server.dirty($param_arrayOf_ObjID_1, $param_long_2, $param_Lease_3);
try {
java.io.ObjectOutput out = call.getResultStream(true);
out.writeObject($result);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling return", e);
}
break;
}
default:
throw new java.rmi.UnmarshalException("invalid method number");
}
}
}

183
jdk/src/java.rmi/share/classes/sun/rmi/transport/DGCImpl_Stub.java Normal file
View File

@ -0,0 +1,183 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.rmi.transport;
import java.io.ObjectInputFilter;
import java.io.ObjectInputStream;
import java.rmi.dgc.Lease;
import java.rmi.dgc.VMID;
import java.rmi.server.UID;
import java.security.AccessController;
import java.security.PrivilegedAction;
import sun.rmi.server.UnicastRef;
import sun.rmi.transport.tcp.TCPConnection;
/**
* Stubs to invoke DGC remote methods.
* Originally generated from RMIC but frozen to insert serialFilter.
*/
@SuppressWarnings({"deprecation", "serial"})
public final class DGCImpl_Stub
extends java.rmi.server.RemoteStub
implements java.rmi.dgc.DGC {
private static final java.rmi.server.Operation[] operations = {
new java.rmi.server.Operation("void clean(java.rmi.server.ObjID[], long, java.rmi.dgc.VMID, boolean)"),
new java.rmi.server.Operation("java.rmi.dgc.Lease dirty(java.rmi.server.ObjID[], long, java.rmi.dgc.Lease)")
};
private static final long interfaceHash = -669196253586618813L;
/** Registry max depth of remote invocations. **/
private static int DGCCLIENT_MAX_DEPTH = 6;
/** Registry maximum array size in remote invocations. **/
private static int DGCCLIENT_MAX_ARRAY_SIZE = 10000;
// constructors
public DGCImpl_Stub() {
super();
}
public DGCImpl_Stub(java.rmi.server.RemoteRef ref) {
super(ref);
}
// methods from remote interfaces
// implementation of clean(ObjID[], long, VMID, boolean)
public void clean(java.rmi.server.ObjID[] $param_arrayOf_ObjID_1, long $param_long_2, java.rmi.dgc.VMID $param_VMID_3, boolean $param_boolean_4)
throws java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 0, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_arrayOf_ObjID_1);
out.writeLong($param_long_2);
out.writeObject($param_VMID_3);
out.writeBoolean($param_boolean_4);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
ref.done(call);
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
// implementation of dirty(ObjID[], long, Lease)
public java.rmi.dgc.Lease dirty(java.rmi.server.ObjID[] $param_arrayOf_ObjID_1, long $param_long_2, java.rmi.dgc.Lease $param_Lease_3)
throws java.rmi.RemoteException {
try {
java.rmi.server.RemoteCall call = ref.newCall((java.rmi.server.RemoteObject) this, operations, 1, interfaceHash);
try {
java.io.ObjectOutput out = call.getOutputStream();
out.writeObject($param_arrayOf_ObjID_1);
out.writeLong($param_long_2);
out.writeObject($param_Lease_3);
} catch (java.io.IOException e) {
throw new java.rmi.MarshalException("error marshalling arguments", e);
}
ref.invoke(call);
java.rmi.dgc.Lease $result;
Connection connection = ((StreamRemoteCall) call).getConnection();
try {
java.io.ObjectInput in = call.getInputStream();
if (in instanceof ObjectInputStream) {
/**
* Set a filter on the stream for the return value.
*/
ObjectInputStream ois = (ObjectInputStream) in;
AccessController.doPrivileged((PrivilegedAction<Void>)() -> {
ois.setObjectInputFilter(DGCImpl_Stub::leaseFilter);
return null;
});
}
$result = (java.rmi.dgc.Lease) in.readObject();
} catch (java.io.IOException | java.lang.ClassNotFoundException e) {
if (connection instanceof TCPConnection) {
// Modified to prevent re-use of the connection after an exception
((TCPConnection) connection).getChannel().free(connection, false);
}
throw new java.rmi.UnmarshalException("error unmarshalling return", e);
} finally {
ref.done(call);
}
return $result;
} catch (java.lang.RuntimeException e) {
throw e;
} catch (java.rmi.RemoteException e) {
throw e;
} catch (java.lang.Exception e) {
throw new java.rmi.UnexpectedException("undeclared checked exception", e);
}
}
/**
* ObjectInputFilter to filter DGCClient return value (a Lease).
* The list of acceptable classes is very short and explicit.
* The depth and array sizes are limited.
*
* @param filterInfo access to class, arrayLength, etc.
* @return {@link ObjectInputFilter.Status#ALLOWED} if allowed,
* {@link ObjectInputFilter.Status#REJECTED} if rejected,
* otherwise {@link ObjectInputFilter.Status#UNDECIDED}
*/
private static ObjectInputFilter.Status leaseFilter(ObjectInputFilter.FilterInfo filterInfo) {
if (filterInfo.depth() > DGCCLIENT_MAX_DEPTH) {
return ObjectInputFilter.Status.REJECTED;
}
Class<?> clazz = filterInfo.serialClass();
if (clazz != null) {
while (clazz.isArray()) {
if (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > DGCCLIENT_MAX_ARRAY_SIZE) {
return ObjectInputFilter.Status.REJECTED;
}
// Arrays are allowed depending on the component type
clazz = clazz.getComponentType();
}
if (clazz.isPrimitive()) {
// Arrays of primitives are allowed
return ObjectInputFilter.Status.ALLOWED;
}
return (clazz == UID.class ||
clazz == VMID.class ||
clazz == Lease.class)
? ObjectInputFilter.Status.ALLOWED
: ObjectInputFilter.Status.REJECTED;
}
// Not a class, not size limited
return ObjectInputFilter.Status.UNDECIDED;
}
}

9
jdk/src/java.rmi/share/classes/sun/rmi/transport/StreamRemoteCall.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -167,6 +167,13 @@ public class StreamRemoteCall implements RemoteCall {
}
}
/**
* Discard any post-processing of refs the InputStream.
*/
public void discardPendingRefs() {
in.discardRefs();
}
/**
* Returns an output stream (may put out header information
* relating to the success of the call).

3
jdk/src/java.scripting/share/classes/module-info.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,7 +31,6 @@
* that supports executing JavaScript and other languages if its corresponding
* script engine is installed.
*
* <p>
* <dl style="font-family:'DejaVu Sans', Arial, Helvetica, sans serif">
* <dt class="simpleTagLabel">Tool Guides:
* <dd> {@extLink jrunscript_tool_reference jrunscript}</dd>

20
jdk/src/jdk.crypto.ec/share/classes/sun/security/ec/ECDSASignature.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -370,9 +370,15 @@ abstract class ECDSASignature extends SignatureSpi {
}
random.nextBytes(seed);
// random bits needed for timing countermeasures
int timingArgument = random.nextInt();
// values must be non-zero to enable countermeasures
timingArgument |= 1;
byte[] sig;
try {
sig = signDigest(getDigestValue(), s, encodedParams, seed);
sig = signDigest(getDigestValue(), s, encodedParams, seed,
timingArgument);
} catch (GeneralSecurityException e) {
throw new SignatureException("Could not sign data", e);
}
@ -509,11 +515,19 @@ abstract class ECDSASignature extends SignatureSpi {
* @param s the private key's S value.
* @param encodedParams the curve's DER encoded object identifier.
* @param seed the random seed.
* @param timing When non-zero, the implmentation will use timing
* countermeasures to hide secrets from timing channels. The EC
* implementation will disable the countermeasures when this value is
* zero, because the underlying EC functions are shared by several
* crypto operations, some of which do not use the countermeasures.
* The high-order 31 bits must be uniformly random. The entropy from
* these bits is used by the countermeasures.
*
* @return byte[] the signature.
*/
private static native byte[] signDigest(byte[] digest, byte[] s,
byte[] encodedParams, byte[] seed) throws GeneralSecurityException;
byte[] encodedParams, byte[] seed, int timing)
throws GeneralSecurityException;
/**
* Verifies the signed digest using the public key.

4
jdk/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp
View File

@ -240,7 +240,7 @@ cleanup:
*/
JNIEXPORT jbyteArray
JNICALL Java_sun_security_ec_ECDSASignature_signDigest
(JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed)
(JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing)
{
jbyte* pDigestBuffer = NULL;
jint jDigestLength = env->GetArrayLength(digest);
@ -300,7 +300,7 @@ JNICALL Java_sun_security_ec_ECDSASignature_signDigest
// Sign the digest (using the supplied seed)
if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item,
(unsigned char *) pSeedBuffer, jSeedLength, 0) != SECSuccess) {
(unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) {
ThrowException(env, KEY_EXCEPTION);
goto cleanup;
}

38
jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ec.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@ -34,7 +34,7 @@
* Dr Vipul Gupta <vipul.gupta@sun.com> and
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: November 2016
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "mplogic.h"
@ -87,7 +87,7 @@ ec_point_at_infinity(SECItem *pointP)
*/
SECStatus
ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2,
const SECItem *pointP, SECItem *pointQ, int kmflag)
const SECItem *pointP, SECItem *pointQ, int kmflag, int timing)
{
mp_int Px, Py, Qx, Qy;
mp_int Gx, Gy, order, irreducible, a, b;
@ -199,9 +199,9 @@ ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2,
goto cleanup;
if ((k2 != NULL) && (pointP != NULL)) {
CHECK_MPI_OK( ECPoints_mul(group, k1, k2, &Px, &Py, &Qx, &Qy) );
CHECK_MPI_OK( ECPoints_mul(group, k1, k2, &Px, &Py, &Qx, &Qy, timing) );
} else {
CHECK_MPI_OK( ECPoints_mul(group, k1, NULL, NULL, NULL, &Qx, &Qy) );
CHECK_MPI_OK( ECPoints_mul(group, k1, NULL, NULL, NULL, &Qx, &Qy, timing) );
}
/* Construct the SECItem representation of point Q */
@ -333,7 +333,8 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
CHECK_MPI_OK( mp_read_unsigned_octets(&k, key->privateValue.data,
(mp_size) len) );
rv = ec_points_mul(ecParams, &k, NULL, NULL, &(key->publicValue), kmflag);
/* key generation does not support timing mitigation */
rv = ec_points_mul(ecParams, &k, NULL, NULL, &(key->publicValue), kmflag, /*timing*/ 0);
if (rv != SECSuccess) goto cleanup;
*privKey = key;
@ -610,7 +611,8 @@ ECDH_Derive(SECItem *publicValue,
}
/* Multiply our private key and peer's public point */
if ((ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ, kmflag) != SECSuccess) ||
/* ECDH doesn't support timing mitigation */
if ((ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ, kmflag, /*timing*/ 0) != SECSuccess) ||
ec_point_at_infinity(&pointQ))
goto cleanup;
@ -645,7 +647,8 @@ cleanup:
*/
SECStatus
ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
const SECItem *digest, const unsigned char *kb, const int kblen, int kmflag)
const SECItem *digest, const unsigned char *kb, const int kblen, int kmflag,
int timing)
{
SECStatus rv = SECFailure;
mp_int x1;
@ -714,16 +717,6 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
goto cleanup;
}
/*
* Using an equivalent exponent of fixed length (same as n or 1 bit less
* than n) to keep the kG timing relatively constant.
*
* Note that this is an extra step on top of the approach defined in
* ANSI X9.62 so as to make a fixed length K.
*/
CHECK_MPI_OK( mp_add(&k, &n, &k) );
CHECK_MPI_OK( mp_div_2(&k, &k) );
/*
** ANSI X9.62, Section 5.3.2, Step 2
**
@ -732,7 +725,7 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
kGpoint.len = 2*flen + 1;
kGpoint.data = PORT_Alloc(2*flen + 1, kmflag);
if ((kGpoint.data == NULL) ||
(ec_points_mul(ecParams, &k, NULL, NULL, &kGpoint, kmflag)
(ec_points_mul(ecParams, &k, NULL, NULL, &kGpoint, kmflag, timing)
!= SECSuccess))
goto cleanup;
@ -854,7 +847,7 @@ cleanup:
*/
SECStatus
ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest,
const unsigned char* random, int randomLen, int kmflag)
const unsigned char* random, int randomLen, int kmflag, int timing)
{
SECStatus rv = SECFailure;
int len;
@ -872,7 +865,7 @@ ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest,
if (kBytes == NULL) goto cleanup;
/* Generate ECDSA signature with the specified k value */
rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len, kmflag);
rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len, kmflag, timing);
cleanup:
if (kBytes) {
@ -1018,7 +1011,8 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
** Here, A = u1.G B = u2.Q and C = A + B
** If the result, C, is the point at infinity, reject the signature
*/
if (ec_points_mul(ecParams, &u1, &u2, &key->publicValue, &pointC, kmflag)
/* verification does not support timing mitigation */
if (ec_points_mul(ecParams, &u1, &u2, &key->publicValue, &pointC, kmflag, /*timing*/ 0)
!= SECSuccess) {
rv = SECFailure;
goto cleanup;

5
jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ec2.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@ -33,6 +33,7 @@
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _EC2_H
@ -79,7 +80,7 @@ mp_err ec_GF2m_pt_mul_aff(const mp_int *n, const mp_int *px,
* determines the field GF2m. Uses Montgomery projective coordinates. */
mp_err ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group);
const ECGroup *group, int timing);
#ifdef ECL_ENABLE_GF2M_PROJ
/* Converts a point P(px, py) from affine coordinates to projective

6
jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ec2_aff.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@ -33,6 +33,7 @@
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ec2.h"
@ -329,7 +330,8 @@ ec_GF2m_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group)
/* 4: Verify that the order of the curve times the publicValue
* is the point at infinity.
*/
MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt) );
/* timing mitigation is not supported */
MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt, /*timing*/ 0) );
if (ec_GF2m_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
res = MP_NO;
goto CLEANUP;

9
jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ec2_mont.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@ -35,6 +35,7 @@
* Stephen Fung <fungstep@hotmail.com>, and
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories.
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ec2.h"
@ -181,10 +182,12 @@ gf2m_Mxy(const mp_int *x, const mp_int *y, mp_int *x1, mp_int *z1,
/* Computes R = nP based on algorithm 2P of Lopex, J. and Dahab, R. "Fast
* multiplication on elliptic curves over GF(2^m) without
* precomputation". Elliptic curve points P and R can be identical. Uses
* Montgomery projective coordinates. */
* Montgomery projective coordinates. The timing parameter is ignored
* because this algorithm resists timing attacks by default. */
mp_err
ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px, const mp_int *py,
mp_int *rx, mp_int *ry, const ECGroup *group)
mp_int *rx, mp_int *ry, const ECGroup *group,
int timing)
{
mp_err res = MP_OKAY;
mp_int x1, x2, z1, z2;

6
jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ecc_impl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@ -34,7 +34,7 @@
* Dr Vipul Gupta <vipul.gupta@sun.com> and
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: November 2013
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _ECC_IMPL_H
@ -258,7 +258,7 @@ extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
const unsigned char* random, int randomlen, int);
/* This function has been modified to accept an array of random bytes */
extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *,
const unsigned char* random, int randomlen, int);
const unsigned char* random, int randomlen, int, int timing);
extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *,
const SECItem *, int);
extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t,

14
jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ecl-priv.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@ -34,6 +34,7 @@
* Stephen Fung <fungstep@hotmail.com> and
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _ECL_PRIV_H
@ -193,12 +194,13 @@ struct ECGroupStr {
mp_int *ry, const ECGroup *group);
mp_err (*point_mul) (const mp_int *n, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group);
const ECGroup *group, int timing);
mp_err (*base_point_mul) (const mp_int *n, mp_int *rx, mp_int *ry,
const ECGroup *group);
mp_err (*points_mul) (const mp_int *k1, const mp_int *k2,
const mp_int *px, const mp_int *py, mp_int *rx,
mp_int *ry, const ECGroup *group);
mp_int *ry, const ECGroup *group,
int timing);
mp_err (*validate_point) (const mp_int *px, const mp_int *py, const ECGroup *group);
/* Extra storage for implementation-specific data. Any memory
* allocated to these extra fields will be cleared by extra_free. */
@ -262,10 +264,12 @@ void ec_GFp_extra_free_mont(GFMethod *meth);
/* point multiplication */
mp_err ec_pts_mul_basic(const mp_int *k1, const mp_int *k2,
const mp_int *px, const mp_int *py, mp_int *rx,
mp_int *ry, const ECGroup *group);
mp_int *ry, const ECGroup *group,
int timing);
mp_err ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2,
const mp_int *px, const mp_int *py, mp_int *rx,
mp_int *ry, const ECGroup *group);
mp_int *ry, const ECGroup *group,
int timing);
/* Computes the windowed non-adjacent-form (NAF) of a scalar. Out should
* be an array of signed char's to output to, bitsize should be the number

8
jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ecl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@ -33,6 +33,7 @@
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _ECL_H
@ -70,7 +71,8 @@ void EC_FreeCurveParams(ECCurveParams * params);
* of the group of points on the elliptic curve. Input and output values
* are assumed to be NOT field-encoded. */
mp_err ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
const mp_int *py, mp_int *qx, mp_int *qy);
const mp_int *py, mp_int *qx, mp_int *qy,
int timing);
/* Elliptic curve scalar-point multiplication. Computes Q(x, y) = k1 * G +
* k2 * P(x, y), where G is the generator (base point) of the group of
@ -78,7 +80,7 @@ mp_err ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
* be NOT field-encoded. */
mp_err ECPoints_mul(const ECGroup *group, const mp_int *k1,
const mp_int *k2, const mp_int *px, const mp_int *py,
mp_int *qx, mp_int *qy);
mp_int *qx, mp_int *qy, int timing);
/* Validates an EC public key as described in Section 5.2.2 of X9.62.
* Returns MP_YES if the public key is valid, MP_NO if the public key

36
jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ecl_mult.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@ -33,7 +33,7 @@
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: Nov 2016
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "mpi.h"
@ -50,7 +50,8 @@
* are assumed to be NOT field-encoded. */
mp_err
ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry)
const mp_int *py, mp_int *rx, mp_int *ry,
int timing)
{
mp_err res = MP_OKAY;
mp_int kt;
@ -76,16 +77,16 @@ ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
kt.flag = (mp_sign)0;
MP_CHECKOK(group->
point_mul(&kt, &group->genx, &group->geny, rx, ry,
group));
group, timing));
}
} else {
if (group->meth->field_enc) {
MP_CHECKOK(group->meth->field_enc(px, rx, group->meth));
MP_CHECKOK(group->meth->field_enc(py, ry, group->meth));
MP_CHECKOK(group->point_mul(&kt, rx, ry, rx, ry, group));
MP_CHECKOK(group->point_mul(&kt, rx, ry, rx, ry, group, timing));
} else {
kt.flag = (mp_sign)0;
MP_CHECKOK(group->point_mul(&kt, px, py, rx, ry, group));
MP_CHECKOK(group->point_mul(&kt, px, py, rx, ry, group, timing));
}
}
if (group->meth->field_dec) {
@ -107,7 +108,7 @@ ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
mp_err
ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group)
const ECGroup *group, int timing)
{
mp_err res = MP_OKAY;
mp_int sx, sy;
@ -119,9 +120,9 @@ ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
/* if some arguments are not defined used ECPoint_mul */
if (k1 == NULL) {
return ECPoint_mul(group, k2, px, py, rx, ry);
return ECPoint_mul(group, k2, px, py, rx, ry, timing);
} else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
return ECPoint_mul(group, k1, NULL, NULL, rx, ry, timing);
}
MP_DIGITS(&sx) = 0;
@ -129,8 +130,8 @@ ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
MP_CHECKOK(mp_init(&sx, FLAG(k1)));
MP_CHECKOK(mp_init(&sy, FLAG(k1)));
MP_CHECKOK(ECPoint_mul(group, k1, NULL, NULL, &sx, &sy));
MP_CHECKOK(ECPoint_mul(group, k2, px, py, rx, ry));
MP_CHECKOK(ECPoint_mul(group, k1, NULL, NULL, &sx, &sy, timing));
MP_CHECKOK(ECPoint_mul(group, k2, px, py, rx, ry, timing));
if (group->meth->field_enc) {
MP_CHECKOK(group->meth->field_enc(&sx, &sx, group->meth));
@ -162,7 +163,7 @@ ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
mp_err
ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group)
const ECGroup *group, int timing)
{
mp_err res = MP_OKAY;
mp_int precomp[4][4][2];
@ -177,9 +178,9 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
/* if some arguments are not defined used ECPoint_mul */
if (k1 == NULL) {
return ECPoint_mul(group, k2, px, py, rx, ry);
return ECPoint_mul(group, k2, px, py, rx, ry, timing);
} else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
return ECPoint_mul(group, k1, NULL, NULL, rx, ry, timing);
}
/* initialize precomputation table */
@ -311,7 +312,8 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
* Input and output values are assumed to be NOT field-encoded. */
mp_err
ECPoints_mul(const ECGroup *group, const mp_int *k1, const mp_int *k2,
const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry)
const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry,
int timing)
{
mp_err res = MP_OKAY;
mp_int k1t, k2t;
@ -348,9 +350,9 @@ ECPoints_mul(const ECGroup *group, const mp_int *k1, const mp_int *k2,
/* if points_mul is defined, then use it */
if (group->points_mul) {
res = group->points_mul(k1p, k2p, px, py, rx, ry, group);
res = group->points_mul(k1p, k2p, px, py, rx, ry, group, timing);
} else {
res = ec_pts_mul_simul_w2(k1p, k2p, px, py, rx, ry, group);
res = ec_pts_mul_simul_w2(k1p, k2p, px, py, rx, ry, group, timing);
}
CLEANUP:

13
jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ecp.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@ -33,6 +33,7 @@
* Contributor(s):
* Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#ifndef _ECP_H
@ -122,7 +123,7 @@ mp_err ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px,
mp_err
ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group);
const ECGroup *group, int timing);
/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic
* curve points P and R can be identical. Uses mixed Modified-Jacobian
@ -131,9 +132,13 @@ mp_err
* returns output that is still field-encoded. Uses 5-bit window NAF
* method (algorithm 11) for scalar-point multiplication from Brown,
* Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic
* Curves Over Prime Fields. */
* Curves Over Prime Fields. The implementation includes a countermeasure
* that attempts to hide the size of n from timing channels. This counter-
* measure is enabled using the timing argument. The high-rder bits of timing
* must be uniformly random in order for this countermeasure to work. */
mp_err
ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
mp_int *rx, mp_int *ry, const ECGroup *group);
mp_int *rx, mp_int *ry, const ECGroup *group,
int timing);
#endif /* _ECP_H */

6
jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ecp_aff.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@ -38,6 +38,7 @@
* Nils Larsch <nla@trustcenter.de>, and
* Lenka Fibikova <fibikova@exp-math.uni-essen.de>, the OpenSSL Project
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ecp.h"
@ -340,7 +341,8 @@ ec_GFp_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group)
/* 4: Verify that the order of the curve times the publicValue
* is the point at infinity.
*/
MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt) );
/* timing mitigation is not supported */
MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt, /*timing*/ 0) );
if (ec_GFp_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
res = MP_NO;
goto CLEANUP;

18
jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ecp_jac.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@ -38,6 +38,7 @@
* Nils Larsch <nla@trustcenter.de>, and
* Lenka Fibikova <fibikova@exp-math.uni-essen.de>, the OpenSSL Project
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ecp.h"
@ -180,6 +181,15 @@ ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
MP_CHECKOK(group->meth->field_mul(&A, qx, &A, group->meth));
MP_CHECKOK(group->meth->field_mul(&B, qy, &B, group->meth));
/*
* Additional checks for point equality and point at infinity
*/
if (mp_cmp(px, &A) == 0 && mp_cmp(py, &B) == 0) {
/* POINT_DOUBLE(P) */
MP_CHECKOK(ec_GFp_pt_dbl_jac(px, py, pz, rx, ry, rz, group));
goto CLEANUP;
}
/* C = A - px, D = B - py */
MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth));
MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth));
@ -406,7 +416,7 @@ ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px, const mp_int *py,
mp_err
ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group)
const ECGroup *group, int timing)
{
mp_err res = MP_OKAY;
mp_int precomp[4][4][2];
@ -430,9 +440,9 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
/* if some arguments are not defined used ECPoint_mul */
if (k1 == NULL) {
return ECPoint_mul(group, k2, px, py, rx, ry);
return ECPoint_mul(group, k2, px, py, rx, ry, timing);
} else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
return ECPoint_mul(group, k1, NULL, NULL, rx, ry, timing);
}
/* initialize precomputation table */

74
jdk/src/jdk.crypto.ec/share/native/libsunec/impl/ecp_jm.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@ -33,6 +33,7 @@
* Contributor(s):
* Stephen Fung <fungstep@hotmail.com>, Sun Microsystems Laboratories
*
* Last Modified Date from the Original Code: May 2017
*********************************************************************** */
#include "ecp.h"
@ -165,6 +166,16 @@ ec_GFp_pt_add_jm_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
MP_CHECKOK(group->meth->field_mul(A, qx, A, group->meth));
MP_CHECKOK(group->meth->field_mul(B, qy, B, group->meth));
/*
* Additional checks for point equality and point at infinity
*/
if (mp_cmp(px, A) == 0 && mp_cmp(py, B) == 0) {
/* POINT_DOUBLE(P) */
MP_CHECKOK(ec_GFp_pt_dbl_jm(px, py, pz, paz4, rx, ry, rz, raz4,
scratch, group));
goto CLEANUP;
}
/* C = A - px, D = B - py */
MP_CHECKOK(group->meth->field_sub(A, px, C, group->meth));
MP_CHECKOK(group->meth->field_sub(B, py, D, group->meth));
@ -213,19 +224,23 @@ CLEANUP:
* Curves Over Prime Fields. */
mp_err
ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
mp_int *rx, mp_int *ry, const ECGroup *group)
mp_int *rx, mp_int *ry, const ECGroup *group,
int timing)
{
mp_err res = MP_OKAY;
mp_int precomp[16][2], rz, tpx, tpy;
mp_int raz4;
mp_int precomp[16][2], rz, tpx, tpy, tpz;
mp_int raz4, tpaz4;
mp_int scratch[MAX_SCRATCH];
signed char *naf = NULL;
int i, orderBitSize;
int numDoubles, numAdds, extraDoubles, extraAdds;
MP_DIGITS(&rz) = 0;
MP_DIGITS(&raz4) = 0;
MP_DIGITS(&tpx) = 0;
MP_DIGITS(&tpy) = 0;
MP_DIGITS(&tpz) = 0;
MP_DIGITS(&tpaz4) = 0;
for (i = 0; i < 16; i++) {
MP_DIGITS(&precomp[i][0]) = 0;
MP_DIGITS(&precomp[i][1]) = 0;
@ -239,7 +254,9 @@ ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
/* initialize precomputation table */
MP_CHECKOK(mp_init(&tpx, FLAG(n)));
MP_CHECKOK(mp_init(&tpy, FLAG(n)));;
MP_CHECKOK(mp_init(&tpy, FLAG(n)));
MP_CHECKOK(mp_init(&tpz, FLAG(n)));
MP_CHECKOK(mp_init(&tpaz4, FLAG(n)));
MP_CHECKOK(mp_init(&rz, FLAG(n)));
MP_CHECKOK(mp_init(&raz4, FLAG(n)));
@ -295,19 +312,64 @@ ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
/* Compute 5NAF */
ec_compute_wNAF(naf, orderBitSize, n, 5);
numAdds = 0;
numDoubles = orderBitSize;
/* wNAF method */
for (i = orderBitSize; i >= 0; i--) {
if (ec_GFp_pt_is_inf_jac(rx, ry, &rz) == MP_YES) {
numDoubles--;
}
/* R = 2R */
ec_GFp_pt_dbl_jm(rx, ry, &rz, &raz4, rx, ry, &rz,
&raz4, scratch, group);
if (naf[i] != 0) {
ec_GFp_pt_add_jm_aff(rx, ry, &rz, &raz4,
&precomp[(naf[i] + 15) / 2][0],
&precomp[(naf[i] + 15) / 2][1], rx, ry,
&rz, &raz4, scratch, group);
numAdds++;
}
}
/* extra operations to make timing less dependent on secrets */
if (timing) {
/* low-order bit of timing argument contains no entropy */
timing >>= 1;
MP_CHECKOK(ec_GFp_pt_set_inf_jac(&tpx, &tpy, &tpz));
mp_zero(&tpaz4);
/* Set the temp value to a non-infinite point */
ec_GFp_pt_add_jm_aff(&tpx, &tpy, &tpz, &tpaz4,
&precomp[8][0],
&precomp[8][1], &tpx, &tpy,
&tpz, &tpaz4, scratch, group);
/* two bits of extra adds */
extraAdds = timing & 0x3;
timing >>= 2;
/* Window size is 5, so the maximum number of additions is ceil(orderBitSize/5) */
/* This is the same as (orderBitSize + 4) / 5 */
for(i = numAdds; i <= (orderBitSize + 4) / 5 + extraAdds; i++) {
ec_GFp_pt_add_jm_aff(&tpx, &tpy, &tpz, &tpaz4,
&precomp[9 + (i % 3)][0],
&precomp[9 + (i % 3)][1], &tpx, &tpy,
&tpz, &tpaz4, scratch, group);
}
/* two bits of extra doubles */
extraDoubles = timing & 0x3;
timing >>= 2;
for(i = numDoubles; i <= orderBitSize + extraDoubles; i++) {
ec_GFp_pt_dbl_jm(&tpx, &tpy, &tpz, &tpaz4, &tpx, &tpy, &tpz,
&tpaz4, scratch, group);
}
}
/* convert result S to affine coordinates */
MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
@ -321,6 +383,8 @@ ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
}
mp_clear(&tpx);
mp_clear(&tpy);
mp_clear(&tpz);
mp_clear(&tpaz4);
mp_clear(&rz);
mp_clear(&raz4);
#ifdef _KERNEL

20
jdk/src/jdk.management.agent/share/classes/sun/management/jmxremote/SingleEntryRegistry.java
View File

@ -32,6 +32,7 @@
package sun.management.jmxremote;
import java.io.ObjectInputFilter;
import java.rmi.AccessException;
import java.rmi.NotBoundException;
import java.rmi.Remote;
@ -56,7 +57,7 @@ public class SingleEntryRegistry extends RegistryImpl {
String name,
Remote object)
throws RemoteException {
super(port, csf, ssf);
super(port, csf, ssf, SingleEntryRegistry::singleRegistryFilter);
this.name = name;
this.object = object;
}
@ -84,6 +85,23 @@ public class SingleEntryRegistry extends RegistryImpl {
throw new AccessException("Cannot modify this registry");
}
/**
* ObjectInputFilter to check parameters to SingleEntryRegistry.
* Since it is a read-only Registry, no classes are accepted.
* String arguments are accepted without passing them to the serialFilter.
*
* @param info a reference to the serialization filter information
* @return Status.REJECTED if parameters are out of range
*/
private static ObjectInputFilter.Status singleRegistryFilter(ObjectInputFilter.FilterInfo info) {
return (info.serialClass() != null ||
info.depth() > 2 ||
info.references() > 4 ||
info.arrayLength() >= 0)
? ObjectInputFilter.Status.REJECTED
: ObjectInputFilter.Status.ALLOWED;
}
private final String name;
private final Remote object;

5
jdk/src/jdk.management/share/classes/com/sun/management/HotSpotDiagnosticMXBean.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -61,9 +61,10 @@ public interface HotSpotDiagnosticMXBean extends PlatformManagedObject {
* @param outputFile the system-dependent filename
* @param live if {@code true} dump only <i>live</i> objects
* i.e. objects that are reachable from others
* @throws IOException if the {@code outputFile}
* @throws IOException if the {@code outputFile} already exists,
* cannot be created, opened, or written to.
* @throws UnsupportedOperationException if this operation is not supported.
* @throws IllegalArgumentException if {@code outputFile} does not end with ".hprof" suffix.
* @throws NullPointerException if {@code outputFile} is {@code null}.
* @throws SecurityException
* If a security manager exists and its {@link

13
jdk/src/jdk.management/share/classes/com/sun/management/internal/HotSpotDiagnostic.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -22,7 +22,6 @@
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.management.internal;
import java.io.IOException;
@ -32,6 +31,8 @@ import javax.management.ObjectName;
import com.sun.management.HotSpotDiagnosticMXBean;
import com.sun.management.VMOption;
import java.security.AccessController;
import java.security.PrivilegedAction;
import sun.management.Util;
/**
@ -43,6 +44,14 @@ public class HotSpotDiagnostic implements HotSpotDiagnosticMXBean {
@Override
public void dumpHeap(String outputFile, boolean live) throws IOException {
String propertyName = "jdk.management.heapdump.allowAnyFileSuffix";
PrivilegedAction<Boolean> pa = () -> Boolean.parseBoolean(System.getProperty(propertyName, "false"));
boolean allowAnyFileSuffix = AccessController.doPrivileged(pa);
if (!allowAnyFileSuffix && !outputFile.endsWith(".hprof")) {
throw new IllegalArgumentException("heapdump file must have .hprof extention");
}
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkWrite(outputFile);

59
jdk/test/java/lang/ClassLoader/deadlock/Starter.java → jdk/test/java/lang/ClassLoader/deadlock/DelegateTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,10 +21,30 @@
* questions.
*/
/*
* @test
* @bug 4735126
* @summary (cl) ClassLoader.loadClass locks all instances in chain when delegating
* @modules java.base/java.lang:open
* jdk.compiler
* @library /test/lib
* @build jdk.test.lib.compiler.CompilerUtils
* @run main/othervm -Xlog:class+load DelegateTest one-way
* @run main/othervm -Xlog:class+load DelegateTest cross
*/
import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.file.Path;
import java.nio.file.Paths;
public class Starter implements Runnable {
import jdk.test.lib.compiler.CompilerUtils;
public class DelegateTest implements Runnable {
private static final Path TEST_DIR = Paths.get(System.getProperty("user.dir", "."));
private static final Path SRC_DIR = Paths.get(System.getProperty("test.src"), "src");
private String id;
private DelegatingLoader dl;
@ -36,20 +56,21 @@ public class Starter implements Runnable {
System.out.println(line);
}
public static void main(String[] args) {
URL[] urlsa = new URL[1];
URL[] urlsb = new URL[1];
public static void main(String[] args) throws Exception {
if (!CompilerUtils.compile(SRC_DIR, TEST_DIR)) {
throw new RuntimeException("Failed to compile "
+ SRC_DIR.toAbsolutePath().toString());
}
URL[] url = new URL[1];
try {
String testDir = System.getProperty("test.classes", ".");
String sep = System.getProperty("file.separator");
urlsa[0] = new URL("file://" + testDir + sep + "SA" + sep);
urlsb[0] = new URL("file://" + testDir + sep + "SB" + sep);
url[0] = new URL("file://" + TEST_DIR + File.separator);
} catch (MalformedURLException e) {
e.printStackTrace();
}
// Set up Classloader delegation hierarchy
saLoader = new DelegatingLoader(urlsa);
sbLoader = new DelegatingLoader(urlsb);
saLoader = new DelegatingLoader(url);
sbLoader = new DelegatingLoader(url);
String[] saClasses = { "comSA.SupBob", "comSA.Alice" };
String[] sbClasses = { "comSB.SupAlice", "comSB.Bob" };
@ -69,11 +90,15 @@ public class Starter implements Runnable {
}
}
private static void test(String clsForSA, String clsForSB) {
Starter ia = new Starter("SA", saLoader, clsForSA);
Starter ib = new Starter("SB", sbLoader, clsForSB);
new Thread(ia).start();
new Thread(ib).start();
private static void test(String clsForSA, String clsForSB) throws InterruptedException {
DelegateTest ia = new DelegateTest("SA", saLoader, clsForSA);
DelegateTest ib = new DelegateTest("SB", sbLoader, clsForSB);
Thread ta = new Thread(ia);
Thread tb = new Thread(ib);
ta.start();
tb.start();
ta.join();
tb.join();
}
public static void sleep() {
@ -85,7 +110,7 @@ public class Starter implements Runnable {
}
}
private Starter(String id, DelegatingLoader dl, String startClass) {
private DelegateTest(String id, DelegatingLoader dl, String startClass) {
this.id = id;
this.dl = dl;
this.startClass = startClass;

6
jdk/test/java/lang/ClassLoader/deadlock/DelegatingLoader.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -75,7 +75,7 @@ public class DelegatingLoader extends URLClassLoader {
throws ClassNotFoundException {
for (int i = 0; i < delClasses.length; i++) {
if (delClasses[i].equals(className)) {
Starter.log("Delegating class loading for " + className);
DelegateTest.log("Delegating class loading for " + className);
try {
Thread.sleep(500);
} catch (InterruptedException ie) {
@ -85,7 +85,7 @@ public class DelegatingLoader extends URLClassLoader {
}
}
Starter.log("Loading local class " + className);
DelegateTest.log("Loading local class " + className);
// synchronized (getClassLoadingLock(className)) {
return super.loadClass(className, resolve);
// }

122
jdk/test/java/lang/ClassLoader/deadlock/TestCrossDelegate.sh
View File

@ -1,122 +0,0 @@
#
# Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
# @test
# @bug 4735126
# @summary (cl) ClassLoader.loadClass locks all instances in chain
# when delegating
#
# @run shell/timeout=300 TestCrossDelegate.sh
# if running by hand on windows, change TESTSRC and TESTCLASSES to "."
if [ "${TESTSRC}" = "" ] ; then
TESTSRC=`pwd`
fi
if [ "${TESTCLASSES}" = "" ] ; then
TESTCLASSES=`pwd`
fi
# if running by hand on windows, change this to appropriate value
if [ "${TESTJAVA}" = "" ] ; then
echo "TESTJAVA not set. Test cannot execute."
echo "FAILED!!!"
exit 1
fi
if [ "${COMPILEJAVA}" = "" ] ; then
COMPILEJAVA="${TESTJAVA}"
fi
# set platform-specific variables
OS=`uname -s`
case "$OS" in
SunOS )
FS="/"
;;
Linux )
FS="/"
;;
Darwin )
FS="/"
;;
AIX )
FS="/"
;;
Windows*)
FS="\\"
;;
CYGWIN* )
FS="\\"
TESTCLASSES=`/usr/bin/cygpath -a -s -m ${TESTCLASSES}`
;;
esac
echo TESTSRC=${TESTSRC}
echo TESTCLASSES=${TESTCLASSES}
echo TESTJAVA=${TESTJAVA}
echo ""
# compile test
${COMPILEJAVA}${FS}bin${FS}javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} \
-d ${TESTCLASSES} \
${TESTSRC}${FS}Starter.java ${TESTSRC}${FS}DelegatingLoader.java
STATUS=$?
if [ ${STATUS} -ne 0 ]
then
exit ${STATUS}
fi
# set up test
${COMPILEJAVA}${FS}bin${FS}javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} \
-d ${TESTCLASSES}${FS} \
${TESTSRC}${FS}Alice.java ${TESTSRC}${FS}SupBob.java \
${TESTSRC}${FS}Bob.java ${TESTSRC}${FS}SupAlice.java
cd ${TESTCLASSES}
DIRS="SA SB"
for dir in $DIRS
do
if [ -d ${dir} ]; then
rm -rf ${dir}
fi
mkdir ${dir}
mv com${dir} ${dir}
done
# run test
${TESTJAVA}${FS}bin${FS}java \
${TESTVMOPTS} \
--add-opens java.base/java.lang=ALL-UNNAMED \
-verbose:class -Xlog:class+load -cp . \
-Dtest.classes=${TESTCLASSES} \
Starter cross
# -XX:+UnlockDiagnosticVMOptions -XX:+UnsyncloadClass \
# save error status
STATUS=$?
# clean up
rm -rf ${TESTCLASSES}${FS}SA ${TESTCLASSES}${FS}SB
# return
exit ${STATUS}

118
jdk/test/java/lang/ClassLoader/deadlock/TestOneWayDelegate.sh
View File

@ -1,118 +0,0 @@
#
# Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
# @test
# @bug 4735126
# @summary (cl) ClassLoader.loadClass locks all instances in chain
# when delegating
#
# @run shell TestOneWayDelegate.sh
# if running by hand on windows, change TESTSRC and TESTCLASSES to "."
if [ "${TESTSRC}" = "" ] ; then
TESTSRC=`pwd`
fi
if [ "${TESTCLASSES}" = "" ] ; then
TESTCLASSES=`pwd`
fi
# if running by hand on windows, change this to appropriate value
if [ "${TESTJAVA}" = "" ] ; then
echo "TESTJAVA not set. Test cannot execute."
echo "FAILED!!!"
exit 1
fi
if [ "${COMPILEJAVA}" = "" ] ; then
COMPILEJAVA="${TESTJAVA}"
fi
echo TESTSRC=${TESTSRC}
echo TESTCLASSES=${TESTCLASSES}
echo TESTJAVA=${TESTJAVA}
echo COMPILEJAVA=${COMPILEJAVA}
echo ""
# set platform-specific variables
OS=`uname -s`
case "$OS" in
SunOS )
FS="/"
;;
Linux )
FS="/"
;;
Darwin )
FS="/"
;;
AIX )
FS="/"
;;
Windows* | CYGWIN* )
FS="\\"
;;
esac
# compile test
${COMPILEJAVA}${FS}bin${FS}javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} \
-d ${TESTCLASSES} \
${TESTSRC}${FS}Starter.java ${TESTSRC}${FS}DelegatingLoader.java
STATUS=$?
if [ ${STATUS} -ne 0 ]
then
exit ${STATUS}
fi
# set up test
${COMPILEJAVA}${FS}bin${FS}javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} \
-d ${TESTCLASSES}${FS} \
${TESTSRC}${FS}Alice.java ${TESTSRC}${FS}SupBob.java \
${TESTSRC}${FS}Bob.java ${TESTSRC}${FS}SupAlice.java
cd ${TESTCLASSES}
DIRS="SA SB"
for dir in $DIRS
do
if [ -d ${dir} ]; then
rm -rf ${dir}
fi
mkdir ${dir}
mv com${dir} ${dir}
done
# run test
${TESTJAVA}${FS}bin${FS}java \
${TESTVMOPTS} \
--add-opens java.base/java.lang=ALL-UNNAMED \
-verbose:class -Xlog:class+load -cp . \
-Dtest.classes=${TESTCLASSES} \
Starter one-way
# -XX:+UnlockDiagnosticVMOptions -XX:+UnsyncloadClass \
# save error status
STATUS=$?
# clean up
rm -rf ${TESTCLASSES}${FS}SA ${TESTCLASSES}${FS}SB
# return
exit ${STATUS}

0
jdk/test/java/lang/ClassLoader/deadlock/Alice.java → jdk/test/java/lang/ClassLoader/deadlock/src/comSA/Alice.java
View File

0
jdk/test/java/lang/ClassLoader/deadlock/SupBob.java → jdk/test/java/lang/ClassLoader/deadlock/src/comSA/SupBob.java
View File

0
jdk/test/java/lang/ClassLoader/deadlock/Bob.java → jdk/test/java/lang/ClassLoader/deadlock/src/comSB/Bob.java
View File

0
jdk/test/java/lang/ClassLoader/deadlock/SupAlice.java → jdk/test/java/lang/ClassLoader/deadlock/src/comSB/SupAlice.java
View File

4
jdk/test/java/lang/ProcessBuilder/Basic.java
View File

@ -277,9 +277,7 @@ public class Basic {
environment = new TreeMap<>(environment);
for (Map.Entry<String,String> e : environment.entrySet())
// Ignore magic environment variables added by the launcher
if (! e.getKey().equals("NLSPATH") &&
! e.getKey().equals("XFILESEARCHPATH") &&
! e.getKey().equals("LD_LIBRARY_PATH"))
if (! e.getKey().equals("LD_LIBRARY_PATH"))
sb.append(e.getKey())
.append('=')
.append(e.getValue())

90
jdk/test/java/lang/invoke/PermuteArgsReturnVoidTest.java Normal file
View File

@ -0,0 +1,90 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* @test
* @bug 8184119
* @summary test permutation when return value is directly derived from an argument
* @run testng/othervm test.java.lang.invoke.PermuteArgsReturnVoidTest
*/
package test.java.lang.invoke;
import org.testng.Assert;
import org.testng.annotations.Test;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import static java.lang.invoke.MethodHandles.dropArguments;
import static java.lang.invoke.MethodHandles.identity;
public class PermuteArgsReturnVoidTest {
static String consumeIdentity(String s, int i1, int i2) {
return s;
}
static void consumeVoid(String s, int i1, int i2) {
}
@Test
public void testReturnOnStack() throws Throwable {
MethodHandles.Lookup l = MethodHandles.lookup();
MethodHandle consumeIdentity = l.findStatic(
PermuteArgsReturnVoidTest.class, "consumeIdentity",
MethodType.methodType(String.class, String.class, int.class, int.class));
MethodHandle consumeVoid = l.findStatic(
PermuteArgsReturnVoidTest.class, "consumeVoid",
MethodType.methodType(void.class, String.class, int.class, int.class));
MethodHandle f = MethodHandles.foldArguments(consumeIdentity, consumeVoid);
MethodHandle p = MethodHandles.permuteArguments(f, MethodType.methodType(String.class, String.class, int.class, int.class), 0, 2, 1);
String s = (String) p.invoke("IN", 0, 0);
Assert.assertEquals(s.getClass(), String.class);
Assert.assertEquals(s, "IN");
}
@Test
public void testReturnFromArg() throws Throwable {
MethodHandles.Lookup l = MethodHandles.lookup();
MethodHandle consumeIdentity = dropArguments(
identity(String.class), 1, int.class, int.class);
MethodHandle consumeVoid = l.findStatic(
PermuteArgsReturnVoidTest.class, "consumeVoid",
MethodType.methodType(void.class, String.class, int.class, int.class));
MethodHandle f = MethodHandles.foldArguments(consumeIdentity, consumeVoid);
MethodHandle p = MethodHandles.permuteArguments(f, MethodType.methodType(String.class, String.class, int.class, int.class), 0, 2, 1);
String s = (String) p.invoke("IN", 0, 0);
Assert.assertEquals(s.getClass(), String.class);
Assert.assertEquals(s, "IN");
}
}

181
jdk/test/java/rmi/activation/nonLocalActivation/NonLocalActivationTest.java Normal file
View File

@ -0,0 +1,181 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.net.InetAddress;
import java.rmi.AccessException;
import java.rmi.activation.ActivationSystem;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Set;
/*
* @test
* @bug 8174770
* @summary Verify that ActivationSystem rejects non-local access.
* The test is manual because the (non-local) host running rmid must be supplied as a property.
* @run main/manual/othervm -Dactivation.host=rmid-host NonLocalActivationTest
*/
/**
* Lookup the ActivationSystem on a different host and invoke its remote interface methods.
* They should all throw an exception, non-local access is prohibited.
*
* This test is a manual test and uses rmid running on a *different* host.
* The default port (1098) for the Activation System is ok and expected.
* Login or ssh to the different host and invoke {@code $JDK_HOME/bin/rmid}.
* It will not show any output.
*
* On the first host modify the @run command above to replace "rmid-host"
* with the hostname or IP address of the different host and run the test with jtreg.
*/
public class NonLocalActivationTest
{
public static void main(String[] args) throws Exception {
String host = System.getProperty("activation.host");
if (host == null || host.isEmpty()) {
throw new RuntimeException("Specify host with system property: -Dactivation.host=<host>");
}
// Check if running the test on a local system; it only applies to remote
String myHostName = InetAddress.getLocalHost().getHostName();
Set<InetAddress> myAddrs = Set.of(InetAddress.getAllByName(myHostName));
Set<InetAddress> hostAddrs = Set.of(InetAddress.getAllByName(host));
if (hostAddrs.stream().anyMatch(i -> myAddrs.contains(i))
|| hostAddrs.stream().anyMatch(h -> h.isLoopbackAddress())) {
throw new RuntimeException("Error: property 'activation.host' must not be the local host%n");
}
// Locate the registry operated by the ActivationSystem
// Test SystemRegistryImpl
Registry registry = LocateRegistry.getRegistry(host, ActivationSystem.SYSTEM_PORT);
try {
// Verify it is an ActivationSystem registry
registry.lookup("java.rmi.activation.ActivationSystem");
} catch (Exception nf) {
throw new RuntimeException("Not a ActivationSystem registry, does not contain java.rmi.activation.ActivationSystem", nf);
}
try {
registry.bind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: bind");
} catch (Exception e) {
assertIsAccessException(e, "Registry.bind");
}
try {
registry.rebind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: rebind");
} catch (Exception e) {
assertIsAccessException(e, "Registry.rebind");
}
try {
registry.unbind("foo");
throw new RuntimeException("Remote access should not succeed for method: unbind");
} catch (Exception e) {
assertIsAccessException(e, "Registry.unbind");
}
// Locate the ActivationSystem on the specified host and default port.
// Test each of the ActivationSystem methods
ActivationSystem as = (ActivationSystem) registry.lookup("java.rmi.activation.ActivationSystem");
// Argument is not material, access check is before arg processing
try {
as.registerGroup(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.getActivationDesc(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.getActivationGroupDesc(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.registerObject(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.unregisterGroup(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.unregisterObject(null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.setActivationDesc(null, null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
try {
as.setActivationGroupDesc(null, null);
} catch (Exception aex) {
assertIsAccessException(aex, "ActivationSystem.nonLocalAccess");
}
}
/**
* Check the exception chain for the expected AccessException and message.
* @param ex the exception from the remote invocation.
*/
private static void assertIsAccessException(Exception ex, String msg1) {
Throwable t = ex;
System.out.println();
while (!(t instanceof AccessException) && t.getCause() != null) {
t = t.getCause();
}
if (t instanceof AccessException) {
String msg = t.getMessage();
int asIndex = msg.indexOf(msg1);
int disallowIndex = msg.indexOf("disallowed");
int nonLocalHostIndex = msg.indexOf("non-local host");
if (asIndex < 0 ||
disallowIndex < 0 ||
nonLocalHostIndex < 0 ) {
throw new RuntimeException("exception message is malformed", t);
}
System.out.printf("Found expected AccessException: %s%n", t);
} else {
throw new RuntimeException("AccessException did not occur", ex);
}
}
}

120
jdk/test/java/rmi/registry/nonLocalRegistry/NonLocalRegistryTest.java Normal file
View File

@ -0,0 +1,120 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.net.InetAddress;
import java.rmi.AccessException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Set;
/* @test
* @bug 8174770
* @summary Verify that Registry rejects non-local access for bind, unbind, rebind.
* The test is manual because the (non-local) host running rmiregistry must be supplied as a property.
* @run main/othervm/manual -Dregistry.host=rmi-registry-host NonLocalRegistryTest
*/
/**
* Verify that access checks for Registry.bind(), .rebind(), and .unbind()
* are prevented on remote access to the registry.
*
* This test is a manual test and uses a standard rmiregistry running
* on a *different* host.
* The test verifies that the access check is performed *before* the object to be
* bound or rebound is deserialized.
*
* Login or ssh to the different host and invoke {@code $JDK_HOME/bin/rmiregistry}.
* It will not show any output.
*
* On the first host modify the @run command above to replace "rmi-registry-host"
* with the hostname or IP address of the different host and run the test with jtreg.
*/
public class NonLocalRegistryTest {
public static void main(String[] args) throws Exception {
String host = System.getProperty("registry.host");
if (host == null || host.isEmpty()) {
throw new RuntimeException("Specify host with system property: -Dregistry.host=<host>");
}
// Check if running the test on a local system; it only applies to remote
String myHostName = InetAddress.getLocalHost().getHostName();
Set<InetAddress> myAddrs = Set.of(InetAddress.getAllByName(myHostName));
Set<InetAddress> hostAddrs = Set.of(InetAddress.getAllByName(host));
if (hostAddrs.stream().anyMatch(i -> myAddrs.contains(i))
|| hostAddrs.stream().anyMatch(h -> h.isLoopbackAddress())) {
throw new RuntimeException("Error: property 'registry.host' must not be the local host%n");
}
Registry registry = LocateRegistry.getRegistry(host, Registry.REGISTRY_PORT);
try {
registry.bind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: bind");
} catch (Exception e) {
assertIsAccessException(e);
}
try {
registry.rebind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: rebind");
} catch (Exception e) {
assertIsAccessException(e);
}
try {
registry.unbind("foo");
throw new RuntimeException("Remote access should not succeed for method: unbind");
} catch (Exception e) {
assertIsAccessException(e);
}
}
/**
* Check the exception chain for the expected AccessException and message.
* @param ex the exception from the remote invocation.
*/
private static void assertIsAccessException(Throwable ex) {
Throwable t = ex;
while (!(t instanceof AccessException) && t.getCause() != null) {
t = t.getCause();
}
if (t instanceof AccessException) {
String msg = t.getMessage();
int asIndex = msg.indexOf("Registry");
int rrIndex = msg.indexOf("Registry.Registry"); // Obsolete error text
int disallowIndex = msg.indexOf("disallowed");
int nonLocalHostIndex = msg.indexOf("non-local host");
if (asIndex < 0 ||
rrIndex != -1 ||
disallowIndex < 0 ||
nonLocalHostIndex < 0 ) {
throw new RuntimeException("exception message is malformed", t);
}
System.out.printf("Found expected AccessException: %s%n%n", t);
} else {
throw new RuntimeException("AccessException did not occur when expected", ex);
}
}
}

602
jdk/test/java/rmi/testlibrary/TestSocketFactory.java Normal file
View File

@ -0,0 +1,602 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.ByteArrayOutputStream;
import java.io.FilterInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.SocketException;
import java.net.SocketOption;
import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
import java.rmi.server.RMIClientSocketFactory;
import java.rmi.server.RMIServerSocketFactory;
import java.rmi.server.RMISocketFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.testng.Assert;
import org.testng.TestNG;
import org.testng.annotations.Test;
import org.testng.annotations.DataProvider;
/**
* A RMISocketFactory utility factory to log RMI stream contents and to
* match and replace output stream contents to simulate failures.
*/
public class TestSocketFactory extends RMISocketFactory
implements RMIClientSocketFactory, RMIServerSocketFactory, Serializable {
private static final long serialVersionUID = 1L;
private volatile transient byte[] matchBytes;
private volatile transient byte[] replaceBytes;
private transient final List<InterposeSocket> sockets = new ArrayList<>();
private transient final List<InterposeServerSocket> serverSockets = new ArrayList<>();
public static final boolean DEBUG = false;
/**
* Debugging output can be synchronized with logging of RMI actions.
*
* @param format a printf format
* @param args any args
*/
private static void DEBUG(String format, Object... args) {
if (DEBUG) {
System.err.printf(format, args);
}
}
/**
* Create a socket factory that creates InputStreams that log
* and OutputStreams that log .
*/
public TestSocketFactory() {
this.matchBytes = new byte[0];
this.replaceBytes = this.matchBytes;
System.out.printf("Creating TestSocketFactory()%n");
}
public void setMatchReplaceBytes(byte[] matchBytes, byte[] replaceBytes) {
this.matchBytes = Objects.requireNonNull(matchBytes, "matchBytes");
this.replaceBytes = Objects.requireNonNull(replaceBytes, "replaceBytes");
sockets.forEach( s -> s.setMatchReplaceBytes(matchBytes, replaceBytes));
serverSockets.forEach( s -> s.setMatchReplaceBytes(matchBytes, replaceBytes));
}
@Override
public Socket createSocket(String host, int port) throws IOException {
Socket socket = RMISocketFactory.getDefaultSocketFactory()
.createSocket(host, port);
InterposeSocket s = new InterposeSocket(socket, matchBytes, replaceBytes);
sockets.add(s);
return s;
}
/**
* Return the current list of sockets.
* @return Return a snapshot of the current list of sockets
*/
public List<InterposeSocket> getSockets() {
List<InterposeSocket> snap = new ArrayList<>(sockets);
return snap;
}
@Override
public ServerSocket createServerSocket(int port) throws IOException {
ServerSocket serverSocket = RMISocketFactory.getDefaultSocketFactory()
.createServerSocket(port);
InterposeServerSocket ss = new InterposeServerSocket(serverSocket, matchBytes, replaceBytes);
serverSockets.add(ss);
return ss;
}
/**
* Return the current list of server sockets.
* @return Return a snapshot of the current list of server sockets
*/
public List<InterposeServerSocket> getServerSockets() {
List<InterposeServerSocket> snap = new ArrayList<>(serverSockets);
return snap;
}
/**
* An InterposeSocket wraps a socket that produces InputStreams
* and OutputStreams that log the traffic.
* The OutputStreams it produces match an array of bytes and replace them.
* Useful for injecting protocol and content errors.
*/
public static class InterposeSocket extends Socket {
private final Socket socket;
private InputStream in;
private MatchReplaceOutputStream out;
private volatile byte[] matchBytes;
private volatile byte[] replaceBytes;
private final ByteArrayOutputStream inLogStream;
private final ByteArrayOutputStream outLogStream;
private final String name;
private static volatile int num = 0; // index for created InterposeSockets
public InterposeSocket(Socket socket, byte[] matchBytes, byte[] replaceBytes) {
this.socket = socket;
this.matchBytes = Objects.requireNonNull(matchBytes, "matchBytes");
this.replaceBytes = Objects.requireNonNull(replaceBytes, "replaceBytes");
this.inLogStream = new ByteArrayOutputStream();
this.outLogStream = new ByteArrayOutputStream();
this.name = "IS" + ++num + "::"
+ Thread.currentThread().getName() + ": "
+ socket.getLocalPort() + " < " + socket.getPort();
}
public void setMatchReplaceBytes(byte[] matchBytes, byte[] replaceBytes) {
this.matchBytes = matchBytes;
this.replaceBytes = replaceBytes;
out.setMatchReplaceBytes(matchBytes, replaceBytes);
}
@Override
public void connect(SocketAddress endpoint) throws IOException {
socket.connect(endpoint);
}
@Override
public void connect(SocketAddress endpoint, int timeout) throws IOException {
socket.connect(endpoint, timeout);
}
@Override
public void bind(SocketAddress bindpoint) throws IOException {
socket.bind(bindpoint);
}
@Override
public InetAddress getInetAddress() {
return socket.getInetAddress();
}
@Override
public InetAddress getLocalAddress() {
return socket.getLocalAddress();
}
@Override
public int getPort() {
return socket.getPort();
}
@Override
public int getLocalPort() {
return socket.getLocalPort();
}
@Override
public SocketAddress getRemoteSocketAddress() {
return socket.getRemoteSocketAddress();
}
@Override
public SocketAddress getLocalSocketAddress() {
return socket.getLocalSocketAddress();
}
@Override
public SocketChannel getChannel() {
return socket.getChannel();
}
@Override
public synchronized void close() throws IOException {
socket.close();
}
@Override
public String toString() {
return "InterposeSocket " + name + ": " + socket.toString();
}
@Override
public boolean isConnected() {
return socket.isConnected();
}
@Override
public boolean isBound() {
return socket.isBound();
}
@Override
public boolean isClosed() {
return socket.isClosed();
}
@Override
public <T> Socket setOption(SocketOption<T> name, T value) throws IOException {
return socket.setOption(name, value);
}
@Override
public <T> T getOption(SocketOption<T> name) throws IOException {
return socket.getOption(name);
}
@Override
public Set<SocketOption<?>> supportedOptions() {
return socket.supportedOptions();
}
@Override
public synchronized InputStream getInputStream() throws IOException {
if (in == null) {
in = socket.getInputStream();
String name = Thread.currentThread().getName() + ": "
+ socket.getLocalPort() + " < " + socket.getPort();
in = new LoggingInputStream(in, name, inLogStream);
DEBUG("Created new InterposeInputStream: %s%n", name);
}
return in;
}
@Override
public synchronized OutputStream getOutputStream() throws IOException {
if (out == null) {
OutputStream o = socket.getOutputStream();
String name = Thread.currentThread().getName() + ": "
+ socket.getLocalPort() + " > " + socket.getPort();
out = new MatchReplaceOutputStream(o, name, outLogStream, matchBytes, replaceBytes);
DEBUG("Created new MatchReplaceOutputStream: %s%n", name);
}
return out;
}
/**
* Return the bytes logged from the input stream.
* @return Return the bytes logged from the input stream.
*/
public byte[] getInLogBytes() {
return inLogStream.toByteArray();
}
/**
* Return the bytes logged from the output stream.
* @return Return the bytes logged from the output stream.
*/
public byte[] getOutLogBytes() {
return outLogStream.toByteArray();
}
}
/**
* InterposeServerSocket is a ServerSocket that wraps each Socket it accepts
* with an InterposeSocket so that its input and output streams can be monitored.
*/
public static class InterposeServerSocket extends ServerSocket {
private final ServerSocket socket;
private volatile byte[] matchBytes;
private volatile byte[] replaceBytes;
private final List<InterposeSocket> sockets = new ArrayList<>();
public InterposeServerSocket(ServerSocket socket, byte[] matchBytes, byte[] replaceBytes) throws IOException {
this.socket = socket;
this.matchBytes = Objects.requireNonNull(matchBytes, "matchBytes");
this.replaceBytes = Objects.requireNonNull(replaceBytes, "replaceBytes");
}
public void setMatchReplaceBytes(byte[] matchBytes, byte[] replaceBytes) {
this.matchBytes = matchBytes;
this.replaceBytes = replaceBytes;
sockets.forEach(s -> s.setMatchReplaceBytes(matchBytes, replaceBytes));
}
/**
* Return a snapshot of the current list of sockets created from this server socket.
* @return Return a snapshot of the current list of sockets
*/
public List<InterposeSocket> getSockets() {
List<InterposeSocket> snap = new ArrayList<>(sockets);
return snap;
}
@Override
public void bind(SocketAddress endpoint) throws IOException {
socket.bind(endpoint);
}
@Override
public void bind(SocketAddress endpoint, int backlog) throws IOException {
socket.bind(endpoint, backlog);
}
@Override
public InetAddress getInetAddress() {
return socket.getInetAddress();
}
@Override
public int getLocalPort() {
return socket.getLocalPort();
}
@Override
public SocketAddress getLocalSocketAddress() {
return socket.getLocalSocketAddress();
}
@Override
public Socket accept() throws IOException {
Socket s = socket.accept();
InterposeSocket socket = new InterposeSocket(s, matchBytes, replaceBytes);
sockets.add(socket);
return socket;
}
@Override
public void close() throws IOException {
socket.close();
}
@Override
public ServerSocketChannel getChannel() {
return socket.getChannel();
}
@Override
public boolean isClosed() {
return socket.isClosed();
}
@Override
public String toString() {
return socket.toString();
}
@Override
public <T> ServerSocket setOption(SocketOption<T> name, T value) throws IOException {
return socket.setOption(name, value);
}
@Override
public <T> T getOption(SocketOption<T> name) throws IOException {
return socket.getOption(name);
}
@Override
public Set<SocketOption<?>> supportedOptions() {
return socket.supportedOptions();
}
@Override
public synchronized void setSoTimeout(int timeout) throws SocketException {
socket.setSoTimeout(timeout);
}
@Override
public synchronized int getSoTimeout() throws IOException {
return socket.getSoTimeout();
}
}
/**
* LoggingInputStream is a stream and logs all bytes read to it.
* For identification it is given a name.
*/
public static class LoggingInputStream extends FilterInputStream {
private int bytesIn = 0;
private final String name;
private final OutputStream log;
public LoggingInputStream(InputStream in, String name, OutputStream log) {
super(in);
this.name = name;
this.log = log;
}
@Override
public int read() throws IOException {
int b = super.read();
if (b >= 0) {
log.write(b);
bytesIn++;
}
return b;
}
@Override
public int read(byte[] b, int off, int len) throws IOException {
int bytes = super.read(b, off, len);
if (bytes > 0) {
log.write(b, off, bytes);
bytesIn += bytes;
}
return bytes;
}
@Override
public int read(byte[] b) throws IOException {
return read(b, 0, b.length);
}
@Override
public void close() throws IOException {
super.close();
}
@Override
public String toString() {
return String.format("%s: In: (%d)", name, bytesIn);
}
}
/**
* An OutputStream that replaces one string of bytes with another.
* If any range matches, the match starts after the partial match.
*/
static class MatchReplaceOutputStream extends OutputStream {
private final OutputStream out;
private final String name;
private volatile byte[] matchBytes;
private volatile byte[] replaceBytes;
int matchIndex;
private int bytesOut = 0;
private final OutputStream log;
MatchReplaceOutputStream(OutputStream out, String name, OutputStream log,
byte[] matchBytes, byte[] replaceBytes) {
this.out = out;
this.name = name;
this.matchBytes = Objects.requireNonNull(matchBytes, "matchBytes");
this.replaceBytes = Objects.requireNonNull(replaceBytes, "replaceBytes");
matchIndex = 0;
this.log = log;
}
public void setMatchReplaceBytes(byte[] matchBytes, byte[] replaceBytes) {
this.matchBytes = matchBytes;
this.replaceBytes = replaceBytes;
matchIndex = 0;
}
public void write(int b) throws IOException {
b = b & 0xff;
if (matchBytes.length == 0) {
out.write(b);
log.write(b);
bytesOut++;
return;
}
if (b == (matchBytes[matchIndex] & 0xff)) {
if (++matchIndex >= matchBytes.length) {
matchIndex = 0;
DEBUG( "TestSocketFactory MatchReplace %s replaced %d bytes at offset: %d (x%04x)%n",
name, replaceBytes.length, bytesOut, bytesOut);
out.write(replaceBytes);
log.write(replaceBytes);
bytesOut += replaceBytes.length;
}
} else {
if (matchIndex > 0) {
// mismatch, write out any that matched already
if (matchIndex > 0) // Only non-trivial matches
DEBUG( "Partial match %s matched %d bytes at offset: %d (0x%04x), expected: x%02x, actual: x%02x%n",
name, matchIndex, bytesOut, bytesOut, matchBytes[matchIndex], b);
out.write(matchBytes, 0, matchIndex);
log.write(matchBytes, 0, matchIndex);
bytesOut += matchIndex;
matchIndex = 0;
}
if (b == (matchBytes[matchIndex] & 0xff)) {
matchIndex++;
} else {
out.write(b);
log.write(b);
bytesOut++;
}
}
}
@Override
public String toString() {
return String.format("%s: Out: (%d)", name, bytesOut);
}
}
private static byte[] orig = new byte[]{
(byte) 0x80, 0x05,
0x73, 0x72, 0x00, 0x12, // TC_OBJECT, TC_CLASSDESC, length = 18
0x6A, 0x61, 0x76, 0x61, 0x2E, 0x72, 0x6D, 0x69, 0x2E, // "java.rmi."
0x64, 0x67, 0x63, 0x2E, 0x4C, 0x65, 0x61, 0x73, 0x65 // "dgc.Lease"
};
private static byte[] repl = new byte[]{
(byte) 0x80, 0x05,
0x73, 0x72, 0x00, 0x12, // TC_OBJECT, TC_CLASSDESC, length = 18
0x6A, 0x61, 0x76, 0x61, 0x2E, (byte) 'l', (byte) 'a', (byte) 'n', (byte) 'g',
0x2E, (byte) 'R', (byte) 'u', (byte) 'n', (byte) 'n', (byte) 'a', (byte) 'b', (byte) 'l',
(byte) 'e'
};
@DataProvider(name = "MatchReplaceData")
static Object[][] matchReplaceData() {
byte[] empty = new byte[0];
byte[] byte1 = new byte[]{1, 2, 3, 4, 5, 6};
byte[] bytes2 = new byte[]{1, 2, 4, 3, 5, 6};
byte[] bytes3 = new byte[]{6, 5, 4, 3, 2, 1};
byte[] bytes4 = new byte[]{1, 2, 0x10, 0x20, 0x30, 0x40, 5, 6};
byte[] bytes4a = new byte[]{1, 2, 0x10, 0x20, 0x30, 0x40, 5, 7}; // mostly matches bytes4
byte[] bytes5 = new byte[]{0x30, 0x40, 5, 6};
byte[] bytes6 = new byte[]{1, 2, 0x10, 0x20, 0x30};
return new Object[][]{
{new byte[]{}, new byte[]{}, empty, empty},
{new byte[]{}, new byte[]{}, byte1, byte1},
{new byte[]{3, 4}, new byte[]{4, 3}, byte1, bytes2}, //swap bytes
{new byte[]{3, 4}, new byte[]{0x10, 0x20, 0x30, 0x40}, byte1, bytes4}, // insert
{new byte[]{1, 2, 0x10, 0x20}, new byte[]{}, bytes4, bytes5}, // delete head
{new byte[]{0x40, 5, 6}, new byte[]{}, bytes4, bytes6}, // delete tail
{new byte[]{0x40, 0x50}, new byte[]{0x60, 0x50}, bytes4, bytes4}, // partial match, replace nothing
{bytes4a, bytes3, bytes4, bytes4}, // long partial match, not replaced
{orig, repl, orig, repl},
};
}
@Test(enabled = true, dataProvider = "MatchReplaceData")
static void test3(byte[] match, byte[] replace,
byte[] input, byte[] expected) {
System.out.printf("match: %s, replace: %s%n", Arrays.toString(match), Arrays.toString(replace));
try (ByteArrayOutputStream output = new ByteArrayOutputStream();
ByteArrayOutputStream log = new ByteArrayOutputStream();
OutputStream out = new MatchReplaceOutputStream(output, "test3",
log, match, replace)) {
out.write(input);
byte[] actual = output.toByteArray();
long index = Arrays.mismatch(actual, expected);
if (index >= 0) {
System.out.printf("array mismatch, offset: %d%n", index);
System.out.printf("actual: %s%n", Arrays.toString(actual));
System.out.printf("expected: %s%n", Arrays.toString(expected));
}
Assert.assertEquals(actual, expected, "match/replace fail");
} catch (IOException ioe) {
Assert.fail("unexpected exception", ioe);
}
}
}

104
jdk/test/java/util/zip/DeInflate.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/**
* @test
* @bug 7110149
* @bug 7110149 8184306
* @summary Test basic deflater & inflater functionality
* @key randomness
*/
@ -34,64 +34,110 @@ import java.util.zip.*;
public class DeInflate {
static void check(Deflater compresser, byte[] in, int len,
static void checkStream(Deflater def, byte[] in, int len,
byte[] out1, byte[] out2, boolean nowrap)
throws Throwable
{
Arrays.fill(out1, (byte)0);
Arrays.fill(out2, (byte)0);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
try (DeflaterOutputStream defos = new DeflaterOutputStream(baos, def)) {
defos.write(in, 0, len);
}
out1 = baos.toByteArray();
int m = out1.length;
Inflater inf = new Inflater(nowrap);
inf.setInput(out1, 0, m);
int n = inf.inflate(out2);
if (n != len ||
!Arrays.equals(Arrays.copyOf(in, len), Arrays.copyOf(out2, len)) ||
inf.inflate(out2) != 0) {
System.out.printf("m=%d, n=%d, len=%d, eq=%b%n",
m, n, len, Arrays.equals(in, out2));
throw new RuntimeException("De/inflater failed:" + def);
}
}
static void check(Deflater def, byte[] in, int len,
byte[] out1, byte[] out2, boolean nowrap)
throws Throwable
{
Arrays.fill(out1, (byte)0);
Arrays.fill(out2, (byte)0);
compresser.setInput(in, 0, len);
compresser.finish();
int m = compresser.deflate(out1);
def.setInput(in, 0, len);
def.finish();
int m = def.deflate(out1);
Inflater decompresser = new Inflater(nowrap);
decompresser.setInput(out1, 0, m);
int n = decompresser.inflate(out2);
Inflater inf = new Inflater(nowrap);
inf.setInput(out1, 0, m);
int n = inf.inflate(out2);
if (n != len ||
!Arrays.equals(Arrays.copyOf(in, len), Arrays.copyOf(out2, len)) ||
decompresser.inflate(out2) != 0) {
inf.inflate(out2) != 0) {
System.out.printf("m=%d, n=%d, len=%d, eq=%b%n",
m, n, len, Arrays.equals(in, out2));
throw new RuntimeException("De/inflater failed:" + compresser);
throw new RuntimeException("De/inflater failed:" + def);
}
}
private static Deflater newDeflater(int level, int strategy, boolean dowrap, byte[] tmp) {
Deflater def = new Deflater(level, dowrap);
if (strategy != Deflater.DEFAULT_STRATEGY) {
def.setStrategy(strategy);
// The first invocation after setLevel/Strategy()
// with a different level/stragety returns 0, if
// there is no need to flush out anything for the
// previous setting/"data", this is tricky and
// appears un-documented.
def.deflate(tmp);
}
return def;
}
private static Deflater resetDeflater(Deflater def, int level, int strategy) {
def.setLevel(level);
def.setStrategy(strategy);
def.reset();
return def;
}
public static void main(String[] args) throws Throwable {
byte[] dataIn = new byte[1024 * 512];
new Random().nextBytes(dataIn);
byte[] dataOut1 = new byte[dataIn.length + 1024];
byte[] dataOut2 = new byte[dataIn.length];
boolean wrap[] = new boolean[] { false, true };
Deflater defNotWrap = new Deflater(Deflater.DEFAULT_COMPRESSION, false);
Deflater defWrap = new Deflater(Deflater.DEFAULT_COMPRESSION, true);
for (int level = Deflater.DEFAULT_COMPRESSION;
level <= Deflater.BEST_COMPRESSION; level++) {
System.out.print("level=" + level + ", strategy= ");
for (int strategy = Deflater.DEFAULT_STRATEGY;
strategy <= Deflater.HUFFMAN_ONLY; strategy++) {
System.out.print(" " + strategy + " nowrap[");
for (int dowrap = 0; dowrap <= 1; dowrap++) {
System.out.print(" " + wrap[dowrap]);
for (boolean dowrap : new boolean[] { false, true }) {
System.out.println("level:" + level +
", strategy: " + strategy +
", dowrap: " + dowrap);
for (int i = 0; i < 5; i++) {
Deflater def = new Deflater(level, wrap[dowrap]);
if (strategy != Deflater.DEFAULT_STRATEGY) {
def.setStrategy(strategy);
// The first invocation after setLevel/Strategy()
// with a different level/stragety returns 0, if
// there is no need to flush out anything for the
// previous setting/"data", this is tricky and
// appears un-documented.
def.deflate(dataOut2);
}
int len = (i == 0)? dataIn.length
: new Random().nextInt(dataIn.length);
check(def, dataIn, len, dataOut1, dataOut2, wrap[dowrap]);
// use a new deflater
Deflater def = newDeflater(level, strategy, dowrap, dataOut2);
check(def, dataIn, len, dataOut1, dataOut2, dowrap);
// reuse the deflater (with reset) and test on stream, which
// uses a "smaller" buffer (smaller than the overall data)
def = resetDeflater(dowrap ? defWrap : defNotWrap, level, strategy);
checkStream(def, dataIn, len, dataOut1, dataOut2, dowrap);
}
}
System.out.print("] ");
}
System.out.println();
}
}
}

133
jdk/test/javax/management/remote/nonLocalAccess/NonLocalJMXRemoteTest.java Normal file
View File

@ -0,0 +1,133 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.net.InetAddress;
import java.rmi.AccessException;
import java.rmi.NotBoundException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Set;
/* @test
* @bug 8174770
* @summary Verify that JMX Registry rejects non-local access for bind, unbind, rebind.
* The test is manual because the (non-local) host and port running JMX must be supplied as properties.
* @run main/othervm/manual -Djmx-registry.host=jmx-registry-host -Djmx-registry.port=jmx-registry-port NonLocalJMXRemoteTest
*/
/**
* Verify that access checks for the Registry exported by JMX Registry.bind(),
* .rebind(), and .unbind() are prevented on remote access to the registry.
* The test verifies that the access check is performed *before* the object to be
* bound or rebound is deserialized.
* This tests the SingleEntryRegistry implemented by JMX.
* This test is a manual test and uses JMX running on a *different* host.
* JMX can be enabled in any Java runtime; for example:
* login or ssh to the different host and invoke rmiregistry with arguments below.
* It will not show any output.
* {@code $JDK_HOME/bin/rmiregistry \
* -J-Dcom.sun.management.jmxremote.port=8888 \
* -J-Dcom.sun.management.jmxremote.local.only=false \
* -J-Dcom.sun.management.jmxremote.ssl=false \
* -J-Dcom.sun.management.jmxremote.authenticate=false
* }
* On the first host modify the @run command above to replace "jmx-registry-host"
* with the hostname or IP address of the different host and run the test with jtreg.
*/
public class NonLocalJMXRemoteTest {
public static void main(String[] args) throws Exception {
String host = System.getProperty("jmx-registry.host");
if (host == null || host.isEmpty()) {
throw new RuntimeException("Specify host with system property: -Djmx-registry.host=<host>");
}
int port = Integer.getInteger("jmx-registry.port", -1);
if (port <= 0) {
throw new RuntimeException("Specify port with system property: -Djmx-registry.port=<port>");
}
// Check if running the test on a local system; it only applies to remote
String myHostName = InetAddress.getLocalHost().getHostName();
Set<InetAddress> myAddrs = Set.of(InetAddress.getAllByName(myHostName));
Set<InetAddress> hostAddrs = Set.of(InetAddress.getAllByName(host));
if (hostAddrs.stream().anyMatch(i -> myAddrs.contains(i))
|| hostAddrs.stream().anyMatch(h -> h.isLoopbackAddress())) {
throw new RuntimeException("Error: property 'jmx-registry.host' must not be the local host%n");
}
Registry registry = LocateRegistry.getRegistry(host, port);
try {
// Verify it is a JMX Registry
registry.lookup("jmxrmi");
} catch (NotBoundException nf) {
throw new RuntimeException("Not a JMX registry, jmxrmi is not bound", nf);
}
try {
registry.bind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: bind");
} catch (Exception e) {
assertIsAccessException(e);
}
try {
registry.rebind("foo", null);
throw new RuntimeException("Remote access should not succeed for method: rebind");
} catch (Exception e) {
assertIsAccessException(e);
}
try {
registry.unbind("foo");
throw new RuntimeException("Remote access should not succeed for method: unbind");
} catch (Exception e) {
assertIsAccessException(e);
}
}
/**
* Check the exception chain for the expected AccessException and message.
* @param ex the exception from the remote invocation.
*/
private static void assertIsAccessException(Throwable ex) {
Throwable t = ex;
while (!(t instanceof AccessException) && t.getCause() != null) {
t = t.getCause();
}
if (t instanceof AccessException) {
String msg = t.getMessage();
int asIndex = msg.indexOf("Registry");
int disallowIndex = msg.indexOf("disallowed");
int nonLocalHostIndex = msg.indexOf("non-local host");
if (asIndex < 0 ||
disallowIndex < 0 ||
nonLocalHostIndex < 0 ) {
throw new RuntimeException("exception message is malformed", t);
}
System.out.printf("Found expected AccessException: %s%n%n", t);
} else {
throw new RuntimeException("AccessException did not occur when expected", ex);
}
}
}

2
jdk/test/tools/launcher/ArgsEnvVar.java
View File

@ -25,6 +25,8 @@
* @test
* @bug 8170832 8180447
* @summary Arguments passed in environment variable
* @modules jdk.compiler
* jdk.zipfs
* @build TestHelper
* @run main ArgsEnvVar
*/

2
jdk/test/tools/launcher/ArgsFileTest.java
View File

@ -25,6 +25,8 @@
* @test
* @bug 8027634
* @summary Argument parsing from file
* @modules jdk.compiler
* jdk.zipfs
* @build TestHelper
* @run main ArgsFileTest
*/

2
jdk/test/tools/launcher/Arrrghs.java
View File

@ -26,6 +26,8 @@
* @bug 5030233 6214916 6356475 6571029 6684582 6742159 4459600 6758881 6753938
* 6894719 6968053 7151434 7146424 8007333 8077822 8143640 8132379
* @summary Argument parsing validation.
* @modules jdk.compiler
* jdk.zipfs
* @compile -XDignore.symbol.file Arrrghs.java
* @run main/othervm Arrrghs
*/

2
jdk/test/tools/launcher/BigJar.java
View File

@ -25,6 +25,8 @@
* @test
* @bug 7194005
* @summary launcher handling of zip64 archives (Scenario A and B)
* @modules jdk.compiler
* jdk.zipfs
* @compile -XDignore.symbol.file BigJar.java
* @run main/timeout=600 BigJar
*/

2
jdk/test/tools/launcher/ExecutionEnvironment.java
View File

@ -25,6 +25,8 @@
* @test
* @bug 4780570 4731671 6354700 6367077 6670965 4882974
* @summary Checks for LD_LIBRARY_PATH and execution on *nixes
* @modules jdk.compiler
* jdk.zipfs
* @compile -XDignore.symbol.file ExecutionEnvironment.java
* @run main/othervm ExecutionEnvironment
*/

2
jdk/test/tools/launcher/LauncherMessageTest.java
View File

@ -25,6 +25,8 @@
* @test
* @bug 8167063
* @library /test/lib
* @modules jdk.compiler
* jdk.zipfs
* @build jdk.test.lib.Platform
* jdk.test.lib.util.FileUtils
* @run main LauncherMessageTest

2
jdk/test/tools/launcher/MainClassAttributeTest.java
View File

@ -26,6 +26,8 @@
* @bug 7067922
* @author sogoel
* @summary Test negative scenarios for main class attribute
* @modules jdk.compiler
* jdk.zipfs
* @build MainClassAttributeTest
* @run main MainClassAttributeTest
*/

2
jdk/test/tools/launcher/MiscTests.java
View File

@ -25,6 +25,8 @@
* @test
* @bug 6856415 8154212 8154470
* @summary Miscellaneous tests, Exceptions
* @modules jdk.compiler
* jdk.zipfs
* @compile -XDignore.symbol.file MiscTests.java
* @run main MiscTests
*/

2
jdk/test/tools/launcher/MultipleJRERemoved.java
View File

@ -25,6 +25,8 @@
* @test
* @bug 8067437
* @summary Verify Multiple JRE version support has been removed.
* @modules jdk.compiler
* jdk.zipfs
* @build TestHelper
* @run main MultipleJRERemoved
*/

2
jdk/test/tools/launcher/Settings.java
View File

@ -27,6 +27,8 @@ import java.io.IOException;
* @test
* @bug 6994753 7123582
* @summary tests -XshowSettings options
* @modules jdk.compiler
* jdk.zipfs
* @compile -XDignore.symbol.file Settings.java
* @run main Settings
* @author ksrini

10
jdk/test/tools/launcher/TestHelper.java
View File

@ -51,8 +51,7 @@ import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Arrays;
import javax.tools.JavaCompiler;
import javax.tools.ToolProvider;
import java.util.spi.ToolProvider;
import static java.nio.file.StandardCopyOption.*;
import static java.nio.file.StandardOpenOption.*;
@ -75,7 +74,7 @@ public class TestHelper {
static final boolean haveServerVM;
static final boolean haveClientVM;
static final JavaCompiler compiler;
static final ToolProvider compiler = ToolProvider.findFirst("javac").orElse(null);
static final boolean debug = Boolean.getBoolean("TestHelper.Debug");
static final boolean isWindows =
@ -130,7 +129,6 @@ public class TestHelper {
if (!is64Bit && !is32Bit) {
throw new RuntimeException("arch model is not 32 or 64 bit ?");
}
compiler = ToolProvider.getSystemJavaCompiler();
File binDir = new File(JAVAHOME, "bin");
JAVA_BIN = binDir.getAbsolutePath();
@ -275,7 +273,7 @@ public class TestHelper {
* A convenience method to compile java files.
*/
static void compile(String... compilerArgs) {
if (compiler.run(null, null, null, compilerArgs) != 0) {
if (compiler.run(System.out, System.err, compilerArgs) != 0) {
String sarg = "";
for (String x : compilerArgs) {
sarg.concat(x + " ");
@ -308,7 +306,7 @@ public class TestHelper {
String compileArgs[] = {
mainClass + ".java"
};
if (compiler.run(null, null, null, compileArgs) != 0) {
if (compiler.run(System.out, System.err, compileArgs) != 0) {
throw new RuntimeException("compilation failed " + mainClass + ".java");
}
if (mEntry == null) {

2
jdk/test/tools/launcher/TestMainWithoutEnclosing.java
View File

@ -30,6 +30,8 @@ import java.util.List;
* @test
* @bug 8076264
* @summary Launching app shouldn't require enclosing class for the main class.
* @modules jdk.compiler
* jdk.zipfs
* @compile TestMainWithoutEnclosing.java
* @run main TestMainWithoutEnclosing
*/

Some files were not shown because too many files have changed in this diff Show More