stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
22,198 Commits 2 Branches 0 Tags 1.2 GiB
48ce9464b0
Commit Graph

451 Commits

Author SHA1 Message Date
Lana Steuck
b697d670cb Merge 2012-02-28 18:01:54 -08:00
Sean Mullan
48ca85ec46 7147830: NullPointerException in java.security.Policy.implies() when the ProtectionDomain has a null code sou 
Reviewed-by: vinnie
 2012-02-27 11:44:50 -05:00
Lana Steuck
9c6aee1cdf Merge 2012-02-23 07:54:49 -08:00
Lana Steuck
cd51c0ed25 Merge 2012-02-23 00:14:45 -08:00
Weijun Wang
d21a6ce41f 7144530: KeyTab.getInstance(String) no longer handles keyTabNames with "file:" prefix 
Reviewed-by: valeriep
 2012-02-21 08:51:26 +08:00
Abhijit Saha
162d75c68c Merge 2012-02-20 11:31:53 -08:00
Vinnie Ryan
abfc726cc4 7142888: sun/security/tools/jarsigner/ec.sh fail on sparc 
Reviewed-by: xuelei
 2012-02-14 11:47:41 +00:00
Florian Weimer
9b65dbabc1 6879539: enable empty password support for pkcs12 keystore 
Reviewed-by: vinnie, weijun
 2012-02-10 11:41:22 +08:00
Weijun Wang
18a83d872b 6880619: reg tests for 6879540 
Reviewed-by: valeriep
 2012-02-08 11:44:36 +08:00
Bradford Wetmore
8ac9bc5858 7141910: Incorrect copyright dates on new test cases 
Reviewed-by: mullan
 2012-02-01 16:00:39 -08:00
Bradford Wetmore
08fe131e34 7126889: Incorrect SSLEngine debug output 
Reviewed-by: xuelei
 2012-01-26 17:16:05 -08:00
Xue-Lei Andrew Fan
830a24d326 7132248: sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CookieHttpsClientTest.java failing 
Reviewed-by: alanb
 2012-01-23 04:44:16 -08:00
Chris Hegarty
c77eb16a79 7129083: CookieManager does not store cookies if url is read before setting cookie manager 
Reviewed-by: michaelm
 2012-01-16 18:05:29 +00:00
Weijun Wang
5cbd245bad 7118809: rcache deadlock 
Reviewed-by: valeriep
 2012-01-16 10:10:56 +08:00
Xue-Lei Andrew Fan
8b5551f1eb 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 
Reviewed-by: weijun
 2012-01-12 03:39:37 -08:00
Xue-Lei Andrew Fan
74fcfe6c7e 7123519: problems with certification path 
Also including the contribution from Dennis Gu

Reviewed-by: mullan, weijun
 2012-01-09 20:55:52 -08:00
Valerie Peng
1081efba4f 6414899: P11Digest should support cloning 
Enhanced the PKCS11 Digest implementation to support cloning

Reviewed-by: vinnie
 2012-01-05 18:18:04 -08:00
Weijun Wang
440adedd51 7122169: TcpTimeout fail for various reasons 
Reviewed-by: alanb
 2011-12-22 15:35:55 +08:00
Weijun Wang
687f622f95 7115744: Do not call File::deleteOnExit in security tests 
Reviewed-by: xuelei
 2011-11-28 18:16:29 +08:00
Xue-Lei Andrew Fan
7115a56a21 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager 
Also reviewed by Dennis.Gu@oracle.com

Reviewed-by: mullan
 2011-11-23 03:40:12 -08:00
Lana Steuck
9fb09f41b6 Merge 2011-11-14 18:18:22 -08:00
Abhijit Saha
f03cbcc678 Merge 2011-11-14 11:52:09 -08:00
Bradford Wetmore
becccc16ec 7053252: New regression test does not compile on windows-amd64 
Reviewed-by: valeriep
 2011-10-31 16:23:43 -07:00
Bradford Wetmore
089b5b16e3 7105780: Add SSLSocket client/SSLEngine server to templates directory 
Reviewed-by: xuelei
 2011-10-31 11:54:19 -07:00
Xue-Lei Andrew Fan
bdb9312b86 7105940: Test regression: KeyStore must be from provider SunPKCS11-NSSKeyStore 
Reviewed-by: weijun
 2011-10-28 07:18:54 -07:00
Bradford Wetmore
d25a9c128f 7031830: bad_record_mac failure on TLSv1.2 enabled connection with SSLEngine 
Reviewed-by: xuelei, weijun, asaha
 2011-10-18 11:58:57 -07:00
Weijun Wang
ab1010388d 7099399: cannot deal with CRL file larger than 16MB 
Reviewed-by: xuelei, mullan
 2011-10-17 17:11:26 +08:00
Sean Mullan
4bc227715b 6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package 
Reviewed-by: mchung
 2011-10-13 13:50:17 -04:00
Xue-Lei Andrew Fan
3c41c66fb1 7096936: issue in jsse/runtime 
7096937: TEST: com/sun/net/ssl/internal/ssl/GenSSLConfigs/main.java need modification as a result of TLS fix

Reviewed-by: wetmore, jdn, xuelei
 2011-09-30 18:47:53 -07:00
Xue-Lei Andrew Fan
73b50710f0 7064341: jsse/runtime security problem 
Reviewed-by: wetmore
 2011-09-29 17:31:30 -07:00
Weijun Wang
650bd8320d 7077646: gssapi wrap for CFX per-message tokens always set FLAG_ACCEPTOR_SUBKEY 
Reviewed-by: valeriep
 2011-09-28 14:21:11 +08:00
Weijun Wang
a912e7557c 7077640: gss wrap for cfx doesn't handle rrc != 0 
Reviewed-by: valeriep
 2011-09-28 14:21:10 +08:00
Weijun Wang
a099202006 7089889: Krb5LoginModule.login() throws an exception if used without a keytab 
Reviewed-by: xuelei, valeriep
 2011-09-28 14:21:10 +08:00
Weijun Wang
700ceee11e 7047200: keytool safe store 
Reviewed-by: xuelei
 2011-09-09 11:18:18 +08:00
Weijun Wang
ba77c3a48f 7067974: multiple ETYPE-INFO-ENTRY with same etype and different salt 
Reviewed-by: valeriep
 2011-09-07 08:56:55 +08:00
Weijun Wang
a37d582eec 7083664: test hard code of using c:/temp but this dir might not exist 
Reviewed-by: xuelei, ohair
 2011-08-31 09:22:50 +08:00
Weijun Wang
444f4d009b 7079144: concise_jarsigner.sh test often fails on solaris 
Reviewed-by: xuelei
 2011-08-15 11:43:09 +08:00
Weijun Wang
f769f7067f 7078816: /test/sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failure 
Reviewed-by: alanb
 2011-08-15 10:42:41 +08:00
Weijun Wang
610c9dd4e3 7055363: jdk_security3 test target cleanup 
Reviewed-by: alanb, xuelei
 2011-08-12 12:26:31 +08:00
Weijun Wang
d159e01aeb 7076415: sun/security/krb5/runNameEquals.sh failed on sles 10 
Reviewed-by: xuelei
 2011-08-12 11:20:45 +08:00
Weijun Wang
840e8200ad 7061379: [Kerberos] Cross-realm authentication fails, due to nameType problem 
Reviewed-by: valeriep
 2011-08-04 18:18:45 +08:00
Xue-Lei Andrew Fan
2ee0410a0c 7068662: Reserve and restore the default locale 
Reviewed-by: alanb, weijun
 2011-07-29 02:50:58 -07:00
Chris Hegarty
281db94b24 6670868: StackOverFlow with bad authenticated Proxy tunnels 
Reviewed-by: michaelm
 2011-07-27 18:10:10 +01:00
Lana Steuck
371dfdfc58 Merge 2011-06-23 14:56:38 -07:00
Xue-Lei Andrew Fan
58f8a03a50 7057022: test/sun/security/pkcs11/fips/ClientJSSEServerJSSE.java has invalid jtreg tags 
Reviewed-by: weijun
 2011-06-23 04:23:50 -07:00
Lana Steuck
69ce407621 Merge 2011-06-22 23:23:58 -07:00
Xue-Lei Andrew Fan
5798f5bb9d 6952814: sun/security/ssl/com/sun/net/ssl/internal/ssl/InputRecord/InterruptedIO.java failing in PIT 
Reviewed-by: alanb
 2011-06-22 19:37:18 -07:00
Weijun Wang
9ce9d5e6ba 7043737: klist does not detect non-existing keytab 
Reviewed-by: valeriep
 2011-06-08 14:01:34 +08:00
Abhijit Saha
cfdb3ec24b Merge 2011-05-26 21:37:40 -07:00
Weijun Wang
61e1313498 7040151: SPNEGO GSS code does not parse tokens in accordance to RFC 2478 
Reviewed-by: valeriep
 2011-05-03 02:48:59 +08:00
Weijun Wang
317bcf10c2 7040916: DynamicKeyTab test fails on Windows 
Reviewed-by: xuelei
 2011-05-01 14:22:32 +08:00
Vinnie Ryan
f202396944 6578658: Request for raw RSA (NONEwithRSA) Signature support in SunMSCAPI 
Reviewed-by: wetmore
 2011-04-29 00:21:54 +01:00
Vinnie Ryan
5f5ccc0a66 Merge 2011-04-27 20:24:30 +01:00
Vinnie Ryan
8c88165312 6753664: Support SHA256 (and higher) in SunMSCAPI 
Reviewed-by: mullan
 2011-04-27 20:21:32 +01:00
Weijun Wang
a9a765fdfc 6950929: Failures on Solaris sparc 64bit sun/security/krb5/auto/BadKdc4.java (and linux?) 
Reviewed-by: xuelei
 2011-04-27 17:11:06 +08:00
Valerie Peng
b0c37f182f 7003952: SEC: securely load DLLs and launch executables using fully qualified path 
Enforce full path when specifying library locations.

Reviewed-by: wetmore, ohair
 2011-04-26 15:59:51 -07:00
Vinnie Ryan
dc6eb040b7 6931562: Support SunMSCAPI Security Provider in Windows 64-bit releases of JVM 
Reviewed-by: mullan
 2011-04-22 17:03:51 +01:00
Vinnie Ryan
5982362c7d Merge 2011-04-21 14:25:46 +01:00
Vinnie Ryan
c74acca8b0 6888925: SunMSCAPI's Cipher can't use RSA public keys obtained from other sources 
Reviewed-by: mullan
 2011-04-21 14:23:57 +01:00
Weijun Wang
68d5cd6f23 6894072: always refresh keytab 
Reviewed-by: valeriep
 2011-04-20 18:41:32 +08:00
Lana Steuck
b99716e22a Merge 2011-04-17 16:19:29 -07:00
Valerie Peng
16ddb7350c 7035115: sun/security/pkcs11/Provider/ConfigShortPath.java compilation failed 
Updated the test to use reflection and skip when SunPKCS11 provider not present.

Reviewed-by: weijun
 2011-04-15 15:56:12 -07:00
Kelly O'Hair
7c8e01891a Merge 2011-04-13 16:56:16 -07:00
Valerie Peng
86875ab33d 6986789: Sun pkcs11 provider fails to parse path name containing "+" 
Modified to accept '+' as valid character.

Reviewed-by: weijun
 2011-04-12 16:09:17 -07:00
Weijun Wang
6f7b1ef68a 7030180: AES 128/256 decrypt exception 
Reviewed-by: valeriep
 2011-04-11 10:22:39 +08:00
Xue-Lei Andrew Fan
2a48e38d0f 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled 
Reorg the SSLContext implementation

Reviewed-by: weijun
 2011-04-08 02:00:09 -07:00
Kelly O'Hair
d2b1e20c7d 7033660: Update copyright year to 2011 on any files changed in 2011 
Reviewed-by: dholmes
 2011-04-06 22:06:11 -07:00
Weijun Wang
2c02243de9 7032354: no-addresses should not be used on acceptor side 
Reviewed-by: valeriep
 2011-04-07 08:51:33 +08:00
Weijun Wang
680370af5b 7031536: test/sun/security/krb5/auto/HttpNegotiateServer.java should not use static ports 
Reviewed-by: xuelei
 2011-03-28 18:04:17 +08:00
Weijun Wang
1ce7eeaa52 7019384: Realm.getRealmsList returns realms list in wrong (reverse) order 
Reviewed-by: xuelei
 2011-03-28 18:04:10 +08:00
Xue-Lei Andrew Fan
4efe3a9cb7 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 
The signature of server key exanage message could be null

Reviewed-by: vinnie
 2011-03-21 22:02:00 -07:00
Xue-Lei Andrew Fan
7705e63e30 7022855: Export "PKIX" as the standard algorithm name of KeyManagerFactory 
Export the existing "NewSunX509" algorithm implementation using the standard name "PKIX"

Reviewed-by: weijun, wetmore
 2011-03-15 23:13:35 -07:00
Vinnie Ryan
328f8c8455 6986477: sun/security/mscapi/AccessKeyStore.sh test is failing on jdk7 
Reviewed-by: valeriep
 2011-03-11 09:55:03 +00:00
Valerie Peng
1daa47b01d 6994008: PKCS11 should support "RSA" and "RSA/ECB/NoPadding" ciphers 
Add support for RSA_X_509 mechanism and aliasing of "RSA" to "RSA/ECB/PKCS1Padding".

Reviewed-by: wetmore
 2011-03-07 14:14:37 -08:00
Weijun Wang
314c75c742 7020531: test: java/security/cert/CertificateFactory/openssl/OpenSSLCert.java file not closed after run 
Reviewed-by: alanb, smarks
 2011-03-01 16:22:22 +08:00
Weijun Wang
b777a1fbae 7021789: Remove jarsigner -crl option 
Reviewed-by: mullan
 2011-02-28 23:02:37 +08:00
Valerie Peng
4ce8048909 6604496: Support for CKM_AES_CTR (counter mode) 
Enhanced SunPKCS11 provider to support AES/CTR/NoPadding transformation.

Reviewed-by: vinnie
 2011-02-22 12:01:35 -08:00
Weijun Wang
d4fbb08ec0 7018928: test failure: sun/security/krb5/auto/SSL.java 
Reviewed-by: valeriep
 2011-02-15 12:11:15 +08:00
Sean Coffey
6ed5196d7d 7016897: Copyright header correction : test/sun/security/provider/SeedGenerator/SeedGeneratorChoice.java 
Reviewed-by: vinnie
 2011-02-03 11:28:04 +00:00
Xue-Lei Andrew Fan
85a3f20cef 7011497: new CertPathValidatorException.BasicReason enum constant for constrained algorithm 
Add new BasicReason and improve trust anchor searching method during cert path validation

Reviewed-by: mullan
 2011-02-01 04:45:10 -08:00
Stuart Marks
ba58eb7896 7012003: diamond conversion for ssl 
Reviewed-by: wetmore
 2011-01-14 15:31:45 -08:00
Stuart Marks
07549260db 7008713: diamond conversion of kerberos5 and security tools 
Reviewed-by: weijun
 2011-01-12 13:52:09 -08:00
Lana Steuck
fb91d40572 Merge 2011-01-04 17:05:38 -08:00
Kelly O'Hair
6b6a611c8e 6962318: Update copyright year 
Reviewed-by: xdono
 2010-12-28 15:53:50 -08:00
Valerie Peng
16faa79cf4 6581254: pkcs11 provider fails to parse configuration file contains windows short path 
Modified configuration parsing code to support "~".

Reviewed-by: weijun
 2010-12-22 18:30:34 -08:00
Weijun Wang
fdbca6b5f6 6975866: api/org_ietf/jgss/GSSContext/index.html#wrapUnwrapIOTest started to fail since jdk7 b102 
Reviewed-by: valeriep
 2010-12-17 11:03:33 +08:00
Sean Coffey
6c39971cb7 6998583: NativeSeedGenerator is making 8192 byte read requests from entropy pool on each init 
Reviewed-by: wetmore, andrew, vinnie
 2010-12-10 15:11:47 +00:00
Weijun Wang
d9f1152680 6896700: Validation of signatures succeed when it should fail 
Reviewed-by: wetmore
 2010-12-06 10:48:18 +08:00
Weijun Wang
6ad8ffe59b 7004168: jarsigner -verify checks for KeyUsage codesigning ext on all certs instead of just signing cert 
Reviewed-by: mullan
 2010-12-06 10:46:26 +08:00
Weijun Wang
1d7abe0313 7004035: signed jar with only META-INF/* inside is not verifiable 
Reviewed-by: mullan
 2010-12-06 10:46:18 +08:00
Weijun Wang
3281356d0f 7004721: ktarg.sh fails when there's no default realm 
Reviewed-by: xuelei
 2010-12-06 06:49:18 +08:00
Weijun Wang
9f743252e5 7002036: ktab return code changes on a error case 
Reviewed-by: valeriep
 2010-11-24 07:43:06 +08:00
Weijun Wang
11c0d2dbec 6979329: CCacheInputStream fails to read ticket cache files from Kerberos 1.8.1 
Reviewed-by: valeriep
 2010-11-22 09:43:58 +08:00
Valerie Peng
358ee90f29 6720456: New 4150 may have larger blowfish keysizes 
Changed to use TBD value instead of FAIL

Reviewed-by: weijun
 2010-11-19 17:05:47 -08:00
Valerie Peng
0ec3c185d5 6687725: Internal PKCS5Padding impl should throw IllegalBlockSizeException and not BadPaddingException 
Changed to throw IllegalBlockSizeException when the data length isn't multiples of block size

Reviewed-by: wetmore
 2010-11-15 14:38:41 -08:00
Weijun Wang
707e6f0318 6960894: Better AS-REQ creation and processing 
Reviewed-by: valeriep
 2010-11-12 21:33:14 +08:00
Weijun Wang
2fa98fdbd7 6987827: security/util/Resources.java needs improvement 
Reviewed-by: valeriep
 2010-11-11 15:51:12 +08:00
Weijun Wang
5b6c23c809 6952519: kdc_timeout is not being honoured when using TCP 
Reviewed-by: valeriep
 2010-11-09 08:34:11 +08:00
Weijun Wang
42b61014b3 6997740: ktab entry related test compilation error 
Reviewed-by: valeriep
 2010-11-06 09:11:18 +08:00
Xue-Lei Andrew Fan
f685cc171a 6916074: Add support for TLS 1.2 
6985179: To support Server Name Indication extension for JSSE client

Introduces the algorithm constraints to support signature and hash algorithm selection. Includes contributions from wetmore and weijung.

Reviewed-by: wetmore, weijun
 2010-11-01 22:02:35 -07:00
Xue-Lei Andrew Fan
aab01a90d7 4873188: Support TLS 1.1 
Reviewed-by: wetmore, weijun
 2010-10-30 18:39:17 +08:00
Weijun Wang
d2ef113186 6950546: "ktab -d name etype" to "ktab -d name [-e etype] [kvno | all | old]" 
6984764: kerberos fails if service side keytab is generated using JDK ktab

Reviewed-by: valeriep
 2010-10-28 21:14:44 +08:00
Chris Hegarty
0615bd9a48 Merge 2010-10-08 11:27:55 +01:00
Lana Steuck
53e6cf8989 Merge 2010-09-25 12:00:05 -07:00
Weijun Wang
b32aa9d2d5 6986868: TEST failure: sun/security/tools/jarsigner/crl.sh 
Reviewed-by: ohair
 2010-09-25 10:21:30 +08:00
Lana Steuck
a682d9348d Merge 2010-09-16 11:19:43 -07:00
Weijun Wang
ce46bf1737 6982840: sun/security/tools/jarsigner/emptymanifest.sh fails 
Reviewed-by: dholmes
 2010-09-14 10:18:16 +08:00
Kelly O'Hair
f7e31fc6c2 6982137: Rebranding pass 2 - missed copyright changes 
Reviewed-by: mbykov
 2010-09-09 16:26:46 -07:00
Weijun Wang
34198dbc4c 6976536: Solaris JREs do not have the krb5.kdc.bad.policy configured by default 
Reviewed-by: valeriep
 2010-08-19 11:26:32 +08:00
Chris Hegarty
784f62993b 6973030: NTLM proxy authentication fails with https 
Reviewed-by: michaelm
 2010-08-03 12:03:03 +01:00
Weijun Wang
9d92d626e3 6972005: ConfPlusProp.java test failure when DNS has info for realm 
Reviewed-by: xuelei
 2010-07-26 17:21:51 +08:00
Xue-Lei Andrew Fan
f5561769de 6867345: Turkish regional options cause NPE in sun.security.x509.AlgorithmId.algOID 
Reviewed-by: mullan, weijun
 2010-07-24 22:59:41 +08:00
Abhijit Saha
1e52a8c736 Merge 2010-07-16 09:26:55 -07:00
Weijun Wang
c20e1ffd6c 6670889: Keystore created under Hindi Locale causing ArrayIndexOutOfBoundsException 
Reviewed-by: chegar
 2010-07-13 20:27:01 +08:00
Abhijit Saha
97d968d3ff Merge 2010-06-24 10:56:00 -07:00
Weijun Wang
c93ecb6623 6946669: SSL/Krb5 should not call EncryptedData.reset(data, false) 
Reviewed-by: xuelei
 2010-06-24 14:26:35 +08:00
Weijun Wang
6426b52076 6844907: krb5 etype order should be from strong to weak 
Reviewed-by: valeriep
 2010-06-24 14:26:28 +08:00
Weijun Wang
4bdcad4b69 6958026: Problem with PKCS12 keystore 
Reviewed-by: mullan
 2010-06-24 14:26:22 +08:00
Weijun Wang
5141220c5e 6959292: regression: cannot login if session key and preauth does not use the same etype 
Reviewed-by: xuelei, valeriep
 2010-06-17 13:46:15 +08:00
Xue-Lei Andrew Fan
53a219bfee 6914943: Implement final TLS renegotiation fix 
RFC 5746 implementation

Reviewed-by: wetmore, weijun
 2010-06-12 00:42:51 -07:00
Weijun Wang
b0277a9631 6958869: regression: PKIXValidator fails when multiple trust anchors have same dn 
Reviewed-by: xuelei, wetmore, mullan
 2010-06-11 11:38:36 +08:00
Weijun Wang
2d9fcecd29 6951366: kerberos login failure on win2008 with AD set to win2000 compat mode 
Reviewed-by: valeriep, xuelei
 2010-06-04 19:28:53 +08:00
Weijun Wang
141897fe19 6950931: test fails on windows sun/security/tools/jarsigner/crl.sh 
Reviewed-by: wetmore, xuelei
 2010-06-01 10:52:42 +08:00
Lana Steuck
fd45b4188c Merge 2010-05-28 12:10:14 -07:00
Kelly O'Hair
fe008ae27a 6943119: Rebrand source copyright notices 
Reviewed-by: darcy, weijun
 2010-05-25 15:58:33 -07:00
Weijun Wang
235a3e379c 6948287: KDC test strange knvo 
Reviewed-by: xuelei
 2010-05-25 18:20:54 +08:00
Weijun Wang
480f0af4e8 6932525: Incorrect encryption types of KDC_REQ_BODY of AS-REQ with pre-authentication 
Reviewed-by: valeriep
 2010-05-24 10:05:04 +08:00
Weijun Wang
a7fbe2d858 6882687: KerberosTime too imprecise 
Reviewed-by: valeriep
 2010-05-24 09:37:02 +08:00
Weijun Wang
874ec0972c 6948803: CertPath validation regression caused by SHA1 replacement root and MD2 disable feature 
Reviewed-by: xuelei, mullan
 2010-05-24 09:28:06 +08:00
Weijun Wang
7c6813eb7a 6890876: jarsigner can add CRL info into signed jar 
Reviewed-by: mullan
 2010-05-06 13:42:52 +08:00
Weijun Wang
a94d06f6b7 6948909: Jarsigner removes MANIFEST.MF info for badly packages jar's 
Reviewed-by: mullan, xuelei
 2010-05-06 11:26:16 +08:00
Weijun Wang
20fbeb53cd 6844193: support max_retries in krb5.conf 
Reviewed-by: valeriep
 2010-04-29 15:51:10 +08:00
Weijun Wang
7cc72590c7 6856069: PrincipalName.clone() does not invoke super.clone() 
Reviewed-by: chegar
 2010-04-22 12:45:36 +08:00
Weijun Wang
5d137e0d2f 6944847: native gss lib names on linux 
Reviewed-by: valeriep
 2010-04-20 19:30:31 +08:00
Weijun Wang
592e8de4e1 6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly 
Reviewed-by: xuelei, mullan
 2010-04-16 10:13:23 +08:00
Weijun Wang
7afbc895a8 6937978: let keytool -gencert generate the chain 
Reviewed-by: mullan
 2010-04-16 10:06:07 +08:00
Chris Hegarty
61ab8e5bfd 6943219: test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java fail in linux 
Reviewed-by: andrew
 2010-04-15 16:37:16 +01:00
Xue-Lei Andrew Fan
52e1e32cdb 6941936: Broken pipe error of test case DNSIdentities.java 
Reviewed-by: chegar
 2010-04-10 09:13:12 +08:00
Abhijit Saha
39f32d7819 Merge 2010-03-29 07:17:02 -07:00
Xue-Lei Andrew Fan
0f50eeb222 6693917: regression tests need to update for supporting ECC on solaris 11 
Reviewed-by: weijun
 2010-03-29 13:27:25 +08:00
Abhijit Saha
4e39344d24 Merge 2010-03-24 17:32:04 -07:00
Abhijit Saha
b60d36a19a Merge 2010-03-24 14:16:57 -07:00
Chris Hegarty
498067c8a3 6614957: HttpsURLConnection not using the set SSLSocketFactory for creating all its Sockets 
6771432: createSocket() - smpatch fails using 1.6.0_10 because of "Unconnected sockets not implemented"
6766775: X509 certificate hostname checking is broken in JDK1.6.0_10

All three bugs are interdependent

Reviewed-by: xuelei
 2010-03-23 13:54:36 +00:00
Valerie Peng
b05376b108 6837847: PKCS#11 A SecureRandom and a serialization error following installation of 1.5.0_18 
Added a custom readObject method to PKCS11 SecureRandom impl

Reviewed-by: wetmore
 2010-03-18 17:56:39 -07:00
Valerie Peng
c0cdafcd43 6695485: SignedObject constructor throws ProviderException if it's called using provider "SunPKCS11-Solaris" 
Added checking for RSA key lengths in initSign and initVerify

Reviewed-by: vinnie
 2010-03-18 17:05:42 -07:00
Weijun Wang
23a0fee518 6829283: HTTP/Negotiate: Autheticator triggered again when user cancels the first one 
Reviewed-by: chegar
 2010-03-18 18:26:37 +08:00
Weijun Wang
69e5f8b791 6868865: Test: sun/security/tools/jarsigner/oldsig.sh fails under all platforms 
Reviewed-by: wetmore
 2010-03-17 09:55:04 +08:00
Weijun Wang
8055ab99b7 6844909: support allow_weak_crypto in krb5.conf 
Reviewed-by: valeriep
 2010-03-04 10:37:16 +08:00
Weijun Wang
913e14a463 6922482: keytool's help on -file always shows 'output file' 
Reviewed-by: wetmore
 2010-02-03 17:04:52 +08:00
Weijun Wang
4641ee098b 6919610: KeyTabInputStream uses static field for per-instance value 
Reviewed-by: mullan
 2010-01-26 17:03:48 +08:00
Weijun Wang
9645beba5c 6917791: KeyTabEntry, when the byte value smaller then 16, the string drop '0' 
Reviewed-by: xuelei
 2010-01-19 11:43:45 +08:00
Weijun Wang
a3071a3b47 6913636: kvno check in JSSE 
Reviewed-by: valeriep
 2010-01-05 10:40:44 +08:00
Weijun Wang
d6e00a699d 6895424: RFC 5653 
Reviewed-by: valeriep
 2010-01-05 10:40:36 +08:00
Weijun Wang
56ac52238f 6907425: JCK Kerberos tests fail since b77 
Reviewed-by: valeriep
 2009-12-24 13:56:28 +08:00
Weijun Wang
709a5076d8 6843127: krb5 should not try to access unavailable kdc too often 
Reviewed-by: valeriep, mullan
 2009-12-24 13:56:19 +08:00
Weijun Wang
8e1f9a0dd3 6908628: ObjectIdentifier s11n test fails 
Reviewed-by: xuelei
 2009-12-09 11:15:25 +08:00
Xue-Lei Andrew Fan
309744138c 6898739: TLS renegotiation issue 
The interim fix disables TLS/SSL renegotiation

Reviewed-by: mullan, chegar, wetmore
 2009-12-07 21:16:41 -08:00
Joe Darcy
c40412f4f4 6907177: Update jdk tests to remove unncessary -source and -target options 
Reviewed-by: ohair
 2009-12-03 18:19:10 -08:00
Vinnie Ryan
5debca27af 6906854: SSL/Krb5 testcase should not use a fixed port number 
Reviewed-by: alanb
 2009-12-03 21:30:27 +00:00
Vinnie Ryan
7a403456e5 Merge 2009-12-02 17:34:56 +00:00
Vinnie Ryan
6e6324c607 6906510: Fix testcase for 6894643: Separate out dependency on Kerberos 
Reviewed-by: weijun
 2009-12-02 17:06:50 +00:00
Weijun Wang
22d5c338db 6770883: Infinite loop if SPNEGO specified as sun.security.jgss.mechanism 
Reviewed-by: valeriep
 2009-11-27 08:51:58 +08:00
Weijun Wang
6a6d0a3c7a 6853328: Support OK-AS-DELEGATE flag 
Reviewed-by: valeriep
 2009-11-27 08:51:28 +08:00
Vinnie Ryan
2a073650dc Merge 2009-11-12 23:04:42 +00:00
Vinnie Ryan
005e04bd07 6894643: Separate out dependency on Kerberos 
Reviewed-by: alanb, xuelei
 2009-11-12 23:00:23 +00:00
Abhijit Saha
84e0ce5651 Merge 2009-10-28 15:47:55 -07:00
Weijun Wang
692684aa31 6890872: keytool -printcert to recognize signed jar files 
Reviewed-by: mullan
 2009-10-28 15:32:49 +08:00
Weijun Wang
9b3b87dab8 6893158: AP_REQ check should use key version number 
Reviewed-by: valeriep, xuelei
 2009-10-28 15:32:30 +08:00
Abhijit Saha
fcbc383092 Merge 2009-10-21 11:34:19 -07:00
Weijun Wang
5e986ae424 6870812: enhance security tools to use ECC algorithms 
Reviewed-by: vinnie, mullan
 2009-10-21 08:17:35 +08:00
Abhijit Saha
c6c70af568 Merge 2009-10-06 21:40:55 -07:00
Weijun Wang
2882b91893 6868579: RFE: jarsigner to support reading password from environment variable 
Reviewed-by: xuelei, wetmore
 2009-10-02 18:49:46 +08:00
Weijun Wang
10b2d33a48 6862679: ESC: AD Authentication with user with umlauts fails 
Reviewed-by: valeriep, mullan
 2009-10-02 18:47:34 +08:00
Weijun Wang
fcaded312e 6324292: keytool -help is unhelpful 
Reviewed-by: xuelei, mullan
 2009-10-02 18:44:34 +08:00
Michael McMahon
ef945f9722 6886108: Test case B4933582 binding to fixed port number 
Reviewed-by: chegar
 2009-09-29 10:00:57 +01:00
Weijun Wang
a4622c3ab0 6885166: regression test for 6877357 (IPv6 address does not work) error (timed out) 
Reviewed-by: xuelei
 2009-09-24 21:35:34 +08:00
Weijun Wang
938ca04641 6877357: IPv6 address does not work 
Reviewed-by: xuelei, alanb
 2009-09-22 10:01:32 +08:00
Vinnie Ryan
f13c1a7ce9 6884175: CR cleanup for 6840752: Provide out-of-the-box support for ECC algorithms 
Reviewed-by: wetmore
 2009-09-21 23:01:42 +01:00
Abhijit Saha
5456677e02 Merge 2009-09-05 07:55:05 -07:00
Weijun Wang
58285b80f7 6871847: AlgorithmId.get("SHA256withECDSA") not available 
Reviewed-by: vinnie
 2009-09-04 14:59:20 +08:00
Weijun Wang
fe71efb327 6876328: different names for the same digest algorithms breaks jarsigner 
Reviewed-by: mullan
 2009-09-04 14:58:01 +08:00
Abhijit Saha
9a9bb90a70 Merge 2009-08-26 08:38:57 -07:00
Weijun Wang
50754f7c2e 6868864: Kerberos tests fail under windows/cygwin 
Reviewed-by: wetmore
 2009-08-26 12:17:29 +08:00
Vinnie Ryan
f249b36d72 6872048: bad private keys are generated for 2 specific ECC curves 
Reviewed-by: wetmore
 2009-08-24 18:37:37 +01:00
Weijun Wang
e936496a7b 6875033: regression: test of 6867665 fail 
Reviewed-by: xuelei
 2009-08-24 18:37:48 +08:00
Weijun Wang
7c86823f01 6867665: Problem with keytabs with multiple kvno's (key versions) 
Reviewed-by: valeriep, ohair
 2009-08-20 11:24:42 +08:00
Xue-Lei Andrew Fan
c14324faa5 6861062: Disable MD2 support 
Reviewed-by: mullan, weijun
 2009-08-18 20:47:13 -07:00
Weijun Wang
94bafe8b8f 6864911: ASN.1/DER input stream parser needs more work 
Reviewed-by: mullan, xuelei
 2009-08-18 12:10:12 +08:00
Vinnie Ryan
3ed22e2e7a Merge 2009-08-11 16:57:09 +01:00
Vinnie Ryan
59d983ade0 6840752: Provide out-of-the-box support for ECC algorithms 
Reviewed-by: alanb, mullan, wetmore
 2009-08-11 16:52:26 +01:00
Weijun Wang
be3a1f1294 6821190: more InquireType values for ExtendedGSSContext 
Reviewed-by: valeriep
 2009-08-11 12:20:32 +08:00
Weijun Wang
50689ce536 6710360: export Kerberos session key to applications 
Reviewed-by: valeriep
 2009-08-11 12:17:13 +08:00
Weijun Wang
cb2742d7b2 6866479: libzip.so caused JVM to crash when running jarsigner 
Reviewed-by: mullan
 2009-08-11 12:15:24 +08:00
Bradford Wetmore
fc188b8b29 6867657: Many JSN tests do not run under cygwin 
Reviewed-by: ohair
 2009-08-06 17:56:59 -07:00
Weijun Wang
3fef36803a 6867687: keytool's standard.sh test timeout sometimes 
Reviewed-by: xuelei
 2009-08-02 13:40:03 +08:00
Weijun Wang
bdafe7ca74 6867231: Regression: jdk/test/sun/security/krb5/ConfPlusProp.java error against jdk7/pit/b68 
Reviewed-by: xuelei
 2009-07-31 16:21:30 +08:00
Weijun Wang
945ec03563 6561126: keytool should use larger default keysize for keypairs 
Reviewed-by: mullan
 2009-07-22 16:41:14 +08:00
Weijun Wang
20ee77e0d0 6847026: keytool should be able to generate certreq and cert without subject name 
Reviewed-by: xuelei
 2009-07-22 16:40:04 +08:00
Weijun Wang
f1b3e33db7 6858589: more changes to Config on system properties 
Reviewed-by: valeriep
 2009-07-22 16:39:34 +08:00
Tim Bell
a2d17d381e Merge 2009-07-13 23:58:49 -07:00
Weijun Wang
9148ed61cf 6857795: krb5.conf ignored if system properties on realm and kdc are provided 
Reviewed-by: xuelei
 2009-07-08 12:07:43 +08:00
Weijun Wang
96a8d1a9f8 6857802: GSS getRemainingInitLifetime method returns milliseconds not seconds 
Reviewed-by: xuelei
 2009-07-08 12:07:16 +08:00
Andy Herrick
14323dd4c7 Merge 2009-07-06 14:10:31 -04:00
Weijun Wang
c9930b0e4f 6855671: DerOutputStream encodes negative integer incorrectly 
Reviewed-by: xuelei
 2009-06-30 11:55:58 +08:00
Andy Herrick
974a4682e4 Merge 2009-06-29 12:06:42 -04:00
Weijun Wang
1d5c589340 6851973: ignore incoming channel binding if acceptor does not set one 
Reviewed-by: valeriep
 2009-06-19 18:03:27 +08:00
Weijun Wang
f5d1fbc0b4 6712755: jarsigner fails to sign itextasian.jar since 1.5.0_b14, it works with 1.5.0_13 
Reviewed-by: mullan
 2009-06-18 11:12:13 +08:00
Weijun Wang
7b2694f5b3 6849275: enhance krb5 reg tests 
Reviewed-by: xuelei
 2009-06-17 15:26:58 +08:00
Andy Herrick
e487e25584 6797688: Umbrella: Merge all JDK 6u4 - 6u12 deployment code into JDK7 
6845973: Update JDK7 with deployment changes in 6u13, 6u14
4802695: Support 64-bit Java Plug-in and Java webstart on Windows/Linux on AMD64
6825019: DownloadManager should not be loaded and referenced for full JRE
6738770: REGRESSION:JSException throws when use LiveConnect javascript facility
6772884: plugin2 : java.lang.OutOfMemoryError or crash
6707535: Crossing domain hole affecting multiple sites/domains using plug-in
6728071: Non-verification of Update files may allow unintended updates
6704154: Code loaded from local filesystem should not get access to localhost
6727081: Web Start security restrictions bypass using special extension jnlp
6727079: Java Web Start Socket() restriction bypass
6727071: Cache location/user name information disclosure in SingleInstanceImpl
6716217: AppletClassLoader adds permissions based on codebase regardless of CS
6694892: Java Webstart inclusion via system properties override [CVE-2008-2086]
6704074: localhost socket access due to cache location exposed
6703909: Java webstart arbitrary file creation using nativelib
6665315: browser crashes when deployment.properties has more slashes ( / )
6660121: Encoding values in JNLP files can cause buffer overflow
6606110: URLConnection.setProxiedHost for resources that are loaded via proxy
6581221: SSV(VISTA): Redirection FAILS to work if user does a downgrade install
6609756: Buffer Overflow in Java ActiveX component
6608712: Bypassing the same origin policy in Java with crafted names
6534630: "gnumake clobber" doesn't
6849953: JDK7 - replacement of bufferoverflowU.lib on amd64 breaks build
6849029: Need some JDK7 merge clean-up after comments on the webrev
6847582: Build problem on JDK7 with isSecureProperty in merge
6827935: JDK 7 deployment merging - problem in Compiler-msvm.gmk
6823215: latest merge fixes from 6u12 -> JDK7
6816153: further mergers for JDK7 deployment integration
6807074: Fix Java Kernel and JQS in initial JDK7 builds

Initial changeset for implementing 6uX Deployment Features into JDK7

Reviewed-by: dgu, billyh
 2009-06-12 14:56:32 -04:00
Weijun Wang
8a52d1a9d5 6578647: Undefined requesting URL in java.net.Authenticator.getPasswordAuthentication() 
Reviewed-by: chegar, valeriep
 2009-06-09 14:17:05 +08:00
Xue-Lei Andrew Fan
5f228867b6 6822460: support self-issued certificate 
Checking self-issued certificate during certification path building

Reviewed-by: mullan, weijun
 2009-05-26 16:19:18 +08:00
Weijun Wang
04e56f7701 6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms 
Reviewed-by: xuelei
 2009-05-20 10:12:00 +08:00
Weijun Wang
2827ff39e5 6714845: Quotes in Kerberos configuration file are included in the values 
Reviewed-by: xuelei
 2009-04-09 15:32:55 +08:00
Weijun Wang
67bb035b94 4811968: ASN.1 (X509Certificate) implementations don't handle large OID components 
Reviewed-by: xuelei
 2009-04-08 13:54:34 +08:00
Weijun Wang
b01525e89b 6825352: support self-issued certificate in keytool 
Reviewed-by: xuelei
 2009-04-03 11:36:19 +08:00
Weijun Wang
739414c177 6802846: jarsigner needs enhanced cert validation(options) 
Reviewed-by: xuelei
 2009-03-27 11:05:45 +08:00
Weijun Wang
827d425560 6819272: keytool -importcert should read the whole input 
Reviewed-by: xuelei
 2009-03-19 11:17:06 +08:00
Weijun Wang
78ae650f8f 6815182: GSSAPI/SPNEGO does not work with server using MIT Kerberos library 
Reviewed-by: valeriep
 2009-03-13 09:20:56 +08:00
Weijun Wang
5f12c03c56 6813402: keytool cannot -printcert entries without extensions 
Reviewed-by: xuelei
 2009-03-05 14:49:55 +08:00
Xue-Lei Andrew Fan
d1f800c577 5067458: Loopback SSLSocketImpl createSocket is throwing an exception 
A null hostname should be regarded as a loopback address.

Reviewed-by: weijun
 2009-02-23 17:32:52 +08:00
Weijun Wang
3a37d195f3 6780416: New keytool commands/options: -gencert, -printcertreq, -ext 
Reviewed-by: xuelei, mullan
 2009-02-23 10:05:55 +08:00
Weijun Wang
500caf95bd 6803376: BasicConstraintsExtension does not encode when (ca==false && pathLen<0) 
Reviewed-by: xuelei
 2009-02-23 10:05:41 +08:00
Weijun Wang
9081658837 6804045: DerValue does not accept empty OCTET STRING 
Reviewed-by: xuelei
 2009-02-23 10:04:52 +08:00
Weijun Wang
967dd884ac 6789935: cross-realm capath search error 
Reviewed-by: xuelei
 2009-02-23 10:04:25 +08:00
Xue-Lei Andrew Fan
f202d9a6e1 6697270: Inputstream dosent behave correct 
Do not try to read zero byte from a InputStream, and do always return immediately for zero byte reading in a InputStream implementation.

Reviewed-by: weijun
 2009-02-20 13:05:28 +08:00
Xue-Lei Andrew Fan
df345d27f4 6782783: regtest HttpsURLConnection/B6216082.java throws ClosedByInterruptException 
Make the test robust

Reviewed-by: weijun
 2009-02-04 19:10:09 +08:00
Weijun Wang
e7c217c72d 6552334: Enable DNS in Kerberos by default 
Reviewed-by: valeriep
 2009-02-03 09:38:13 +08:00
Xue-Lei Andrew Fan
8db7ed98ea 6728126: Parsing Extensions in Client Hello message is done in a wrong way 
The inputStream.read(byte[], int, 0) is not always return zero.

Reviewed-by: wetmore, weijun
 2008-11-13 23:08:11 -08:00
Weijun Wang
5c6f569aa5 6765491: Krb5LoginModule a little too restrictive, and the doc is not clear 
Reviewed-by: valeriep
 2008-11-12 16:01:06 +08:00
Weijun Wang
9f36c3b7c7 6733095: Failure when SPNEGO request non-Mutual 
Reviewed-by: valeriep
 2008-11-12 16:00:22 +08:00
Weijun Wang
d9d3a81168 6761072: new krb5 tests fail on multiple platforms 
Reviewed-by: xuelei
 2008-10-20 10:32:33 +08:00
Weijun Wang
f134b5139a 6706974: Add krb5 test infrastructure 
Reviewed-by: valeriep
 2008-10-17 13:02:00 +08:00
Weijun Wang
6d08d079f0 6731685: CertificateFactory.generateCertificates throws IOException on PKCS7 cert chain 
Reviewed-by: mullan
 2008-08-06 08:11:49 +08:00
Bradford Wetmore
54618c0601 Merge 2008-07-23 12:16:28 -07:00
Weijun Wang
9ac27197df 6480981: keytool should be able to import certificates from remote SSL servers 
Reviewed-by: vinnie, wetmore
 2008-07-09 12:03:16 +08:00
Xiomara Jayasena
2617d1d179 6719955: Update copyright year 
Update copyright year for files that have been modified in 2008

Reviewed-by: ohair, tbell
 2008-07-02 12:55:45 -07:00
Weijun Wang
b572eb5b2b 6711435: console.sh uses incompatible == 
Reviewed-by: xuelei
 2008-06-10 11:03:23 +08:00
Xue-Lei Andrew Fan
720109f8ec 6690018: RSAClientKeyExchange NullPointerException 
Checking certificate key length for RSA_EXPORT key exchange

Reviewed-by: wetmore, mullan
 2008-06-04 09:56:14 +08:00
Weijun Wang
c0dfc6ea21 6705313: Incorrect exit $? in keytool's autotest.sh 
Reviewed-by: valeriep
 2008-05-27 14:29:32 +08:00
Bradford Wetmore
e072682162 6706358: jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java has the wrong copyright notice 
Reviewed-by: valeriep
 2008-05-22 14:20:53 -07:00
Xue-Lei Andrew Fan
2dddf4033e 6668231: Presence of a critical subjectAltName causes JSSE's SunX509 to fail trusted checks 
Make the critical extension known to end entity checker.

Reviewed-by: wetmore, mullan
 2008-04-02 22:44:45 -04:00
Valerie Peng
adaa79491e 6599979: KeyStore.setEntry/setKeyEntry() do not override existing entry for secret key objects 
Override existing secret key entry when setEntry/setKeyEntry() is called

Reviewed-by: andreas
 2008-03-20 18:41:05 -07:00
Valerie Peng
4b9b2408f3 6572331: regression: cipher.wrap operation fails with CKR_ATTRIBUTE_VALUE_INVALID 
Check supported key size range and use encryption if needed

Reviewed-by: andreas
 2008-03-20 17:17:10 -07:00
Valerie Peng
83d7d2cdfb 4898461: Support for ECB and CBC/PKCS5Padding 
Add support for ECB mode and PKCS5Padding

Reviewed-by: andreas
 2008-03-20 16:02:23 -07:00
Xue-Lei Andrew Fan
04886b6f44 6447412: Issue with socket.close() for ssl sockets when poweroff on other system 
Support SSL sockets SOLINGER

Reviewed-by: chegar
 2008-03-17 03:11:29 -04:00
Xue-Lei Andrew Fan
4a616b5705 6618387: SSL client sessions do not close cleanly. A TCP reset occurs instead of a close_notify alert 
CloseIdelConnection() does not query the cached connection correctly.

Reviewed-by: chegar
 2008-03-16 01:37:44 -04:00
Weijun Wang
7434ffcbfb 6673164: dns_fallback parse error 
Reviewed-by: valeriep
 2008-03-12 09:32:38 +08:00
Weijun Wang
e75aa5c3ab 6643094: Test on keytool -startdate forgets about December 
Reviewed-by: xuelei
 2008-03-08 22:51:14 +08:00
Weijun Wang
0c6743a970 6590930: reed/write does not match for ccache 
Add null-awareness to ccache read

Reviewed-by: valeriep
 2008-03-05 22:15:45 +08:00
Weijun Wang
578a880fee 6648972: KDCReq.init always read padata 
PA-DATA is optional, only read it when it exists

Reviewed-by: valeriep
 2008-03-05 21:55:33 +08:00