Merge
diff --git a/.hgtags b/.hgtags
index 0bdb92a..4171aeb 100644
--- a/.hgtags
+++ b/.hgtags
@@ -185,3 +185,4 @@
61ddb3fd000a09ab05bff1940b0ac211661e94cf jdk8-b61
50b8b17449d200c66bfd68fb4f3a9197432c9e2b jdk8-b62
f117a3e06f78a258074674ad17601f99bcb1ce0d jdk8-b63
+26dbd73fb7662a29b3e47179fdc88a0bfa4e231e jdk8-b64
diff --git a/make/common/shared/Defs-control.gmk b/make/common/shared/Defs-control.gmk
index 1385809..50dd44a 100644
--- a/make/common/shared/Defs-control.gmk
+++ b/make/common/shared/Defs-control.gmk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1995, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1995, 2012, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -88,9 +88,9 @@
dummy := $(shell $(MKDIR) -p $(TEMP_DIR))
# The language version we want for this jdk build
-SOURCE_LANGUAGE_VERSION=7
+SOURCE_LANGUAGE_VERSION=8
# The class version we want for this jdk build
-TARGET_CLASS_VERSION=7
+TARGET_CLASS_VERSION=8
# The MESSAGE, WARNING and ERROR files are used to store sanity check and
# source check messages, warnings and errors.
diff --git a/make/common/shared/Defs-java.gmk b/make/common/shared/Defs-java.gmk
index 3dba492..0d755ed 100644
--- a/make/common/shared/Defs-java.gmk
+++ b/make/common/shared/Defs-java.gmk
@@ -143,12 +143,12 @@
endif
# Add the source level
-SOURCE_LANGUAGE_VERSION = 7
+SOURCE_LANGUAGE_VERSION = 8
LANGUAGE_VERSION = -source $(SOURCE_LANGUAGE_VERSION)
JAVACFLAGS += $(LANGUAGE_VERSION)
# Add the class version we want
-TARGET_CLASS_VERSION = 7
+TARGET_CLASS_VERSION = 8
CLASS_VERSION = -target $(TARGET_CLASS_VERSION)
JAVACFLAGS += $(CLASS_VERSION)
JAVACFLAGS += -encoding ascii
diff --git a/make/java/invoke/Makefile b/make/java/invoke/Makefile
index 93b1f46..1bdbd9a 100644
--- a/make/java/invoke/Makefile
+++ b/make/java/invoke/Makefile
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,7 @@
# The sources built here use new language syntax to generate
# method handle calls. Let's be sure we are using that format.
-LANGUAGE_VERSION = -source 7
-CLASS_VERSION = -target 7
+LANGUAGE_VERSION = -source 8
+CLASS_VERSION = -target 8
include $(BUILDDIR)/common/Classes.gmk
diff --git a/make/sun/javazic/tzdata/VERSION b/make/sun/javazic/tzdata/VERSION
index 80cedce..85db871 100644
--- a/make/sun/javazic/tzdata/VERSION
+++ b/make/sun/javazic/tzdata/VERSION
@@ -21,4 +21,4 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
-tzdata2012c
+tzdata2012i
diff --git a/make/sun/javazic/tzdata/africa b/make/sun/javazic/tzdata/africa
index 74c8861..7db9b3d 100644
--- a/make/sun/javazic/tzdata/africa
+++ b/make/sun/javazic/tzdata/africa
@@ -260,7 +260,7 @@
# I received a mail from an airline which says that the daylight
# saving time in Egypt will end in the night of 2007-09-06 to 2007-09-07.
# From Jesper Norgaard Welen (2007-08-15): [The following agree:]
-# http://www.nentjes.info/Bill/bill5.htm
+# http://www.nentjes.info/Bill/bill5.htm
# http://www.timeanddate.com/worldclock/city.html?n=53
# From Steffen Thorsen (2007-09-04): The official information...:
# http://www.sis.gov.eg/En/EgyptOnline/Miscellaneous/000002/0207000000000000001580.htm
@@ -314,18 +314,18 @@
# in September.
# From Steffen Thorsen (2009-08-11):
-# We have been able to confirm the August change with the Egyptian Cabinet
+# We have been able to confirm the August change with the Egyptian Cabinet
# Information and Decision Support Center:
# <a href="http://www.timeanddate.com/news/time/egypt-dst-ends-2009.html">
# http://www.timeanddate.com/news/time/egypt-dst-ends-2009.html
# </a>
-#
+#
# The Middle East News Agency
# <a href="http://www.mena.org.eg/index.aspx">
# http://www.mena.org.eg/index.aspx
# </a>
# also reports "Egypt starts winter time on August 21"
-# today in article numbered "71, 11/08/2009 12:25 GMT."
+# today in article numbered "71, 11/08/2009 12:25 GMT."
# Only the title above is available without a subscription to their service,
# and can be found by searching for "winter" in their search engine
# (at least today).
@@ -504,7 +504,7 @@
# From Steffen Thorsen (2008-06-25):
# Mauritius plans to observe DST from 2008-11-01 to 2009-03-31 on a trial
# basis....
-# It seems that Mauritius observed daylight saving time from 1982-10-10 to
+# It seems that Mauritius observed daylight saving time from 1982-10-10 to
# 1983-03-20 as well, but that was not successful....
# http://www.timeanddate.com/news/time/mauritius-daylight-saving-time.html
@@ -528,12 +528,12 @@
# than previously announced (2008-11-01 to 2009-03-31). The new start
# date is 2008-10-26 at 02:00 and the new end date is 2009-03-27 (no time
# given, but it is probably at either 2 or 3 wall clock time).
-#
-# A little strange though, since the article says that they moved the date
-# to align itself with Europe and USA which also change time on that date,
-# but that means they have not paid attention to what happened in
-# USA/Canada last year (DST ends first Sunday in November). I also wonder
-# why that they end on a Friday, instead of aligning with Europe which
+#
+# A little strange though, since the article says that they moved the date
+# to align itself with Europe and USA which also change time on that date,
+# but that means they have not paid attention to what happened in
+# USA/Canada last year (DST ends first Sunday in November). I also wonder
+# why that they end on a Friday, instead of aligning with Europe which
# changes two days later.
# From Alex Krivenyshev (2008-07-11):
@@ -592,7 +592,7 @@
# </a>
# From Arthur David Olson (2009-07-11):
-# The "mauritius-dst-will-not-repeat" wrapup includes this:
+# The "mauritius-dst-will-not-repeat" wrapup includes this:
# "The trial ended on March 29, 2009, when the clocks moved back by one hour
# at 2am (or 02:00) local time..."
@@ -686,8 +686,8 @@
# XXX--guess that it is only Morocco for now; guess only 2008 for now.
# From Steffen Thorsen (2008-08-27):
-# Morocco will change the clocks back on the midnight between August 31
-# and September 1. They originally planned to observe DST to near the end
+# Morocco will change the clocks back on the midnight between August 31
+# and September 1. They originally planned to observe DST to near the end
# of September:
#
# One article about it (in French):
@@ -821,6 +821,23 @@
# "...à partir du dernier dimance d'avril et non fins mars,
# comme annoncé précédemment."
+# From Milamber Space Network (2012-07-17):
+# The official return to GMT is announced by the Moroccan government:
+# <a href="http://www.mmsp.gov.ma/fr/actualites.aspx?id=288">
+# http://www.mmsp.gov.ma/fr/actualites.aspx?id=288 [in French]
+# </a>
+#
+# Google translation, lightly edited:
+# Back to the standard time of the Kingdom (GMT)
+# Pursuant to Decree No. 2-12-126 issued on 26 Jumada (I) 1433 (April 18,
+# 2012) and in accordance with the order of Mr. President of the
+# Government No. 3-47-12 issued on 24 Sha'ban (11 July 2012), the Ministry
+# of Public Service and Administration Modernization announces the return
+# of the legal time of the Kingdom (GMT) from Friday, July 20, 2012 until
+# Monday, August 20, 2012. So the time will be delayed by 60 minutes from
+# 3:00 am Friday, July 20, 2012 and will again be advanced by 60 minutes
+# August 20, 2012 from 2:00 am.
+
# RULE NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Morocco 1939 only - Sep 12 0:00 1:00 S
@@ -848,6 +865,8 @@
Rule Morocco 2011 only - Jul 31 0 0 -
Rule Morocco 2012 max - Apr lastSun 2:00 1:00 S
Rule Morocco 2012 max - Sep lastSun 3:00 0 -
+Rule Morocco 2012 only - Jul 20 3:00 0 -
+Rule Morocco 2012 only - Aug 20 2:00 1:00 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Africa/Casablanca -0:30:20 - LMT 1913 Oct 26
@@ -876,7 +895,7 @@
# Forecasting Riaan van Zyl explained that the far eastern parts of
# the country are close to 40 minutes earlier in sunrise than the rest
# of the country.
-#
+#
# From Paul Eggert (2007-03-31):
# Apparently the Caprivi Strip informally observes Botswana time, but
# we have no details. In the meantime people there can use Africa/Gaborone.
diff --git a/make/sun/javazic/tzdata/asia b/make/sun/javazic/tzdata/asia
index ccf7945..9ef3ef8 100644
--- a/make/sun/javazic/tzdata/asia
+++ b/make/sun/javazic/tzdata/asia
@@ -124,7 +124,7 @@
# From Alexander Krivenyshev (2012-02-10):
# According to News Armenia, on Feb 9, 2012,
# http://newsarmenia.ru/society/20120209/42609695.html
-#
+#
# The Armenia National Assembly adopted final reading of Amendments to the
# Law "On procedure of calculation time on the territory of the Republic of
# Armenia" according to which Armenia [is] abolishing Daylight Saving Time.
@@ -204,15 +204,15 @@
# </a>
# From A. N. M. Kamrus Saadat (2009-06-15):
-# Finally we've got the official mail regarding DST start time where DST start
-# time is mentioned as Jun 19 2009, 23:00 from BTRC (Bangladesh
-# Telecommunication Regulatory Commission).
+# Finally we've got the official mail regarding DST start time where DST start
+# time is mentioned as Jun 19 2009, 23:00 from BTRC (Bangladesh
+# Telecommunication Regulatory Commission).
#
# No DST end date has been announced yet.
# From Alexander Krivenyshev (2009-09-25):
-# Bangladesh won't go back to Standard Time from October 1, 2009,
-# instead it will continue DST measure till the cabinet makes a fresh decision.
+# Bangladesh won't go back to Standard Time from October 1, 2009,
+# instead it will continue DST measure till the cabinet makes a fresh decision.
#
# Following report by same newspaper-"The Daily Star Friday":
# "DST change awaits cabinet decision-Clock won't go back by 1-hr from Oct 1"
@@ -226,8 +226,8 @@
# From Steffen Thorsen (2009-10-13):
# IANS (Indo-Asian News Service) now reports:
-# Bangladesh has decided that the clock advanced by an hour to make
-# maximum use of daylight hours as an energy saving measure would
+# Bangladesh has decided that the clock advanced by an hour to make
+# maximum use of daylight hours as an energy saving measure would
# "continue for an indefinite period."
#
# One of many places where it is published:
@@ -255,7 +255,7 @@
# From Alexander Krivenyshev (2010-03-22):
# According to Bangladesh newspaper "The Daily Star,"
-# Cabinet cancels Daylight Saving Time
+# Cabinet cancels Daylight Saving Time
# <a href="http://www.thedailystar.net/newDesign/latest_news.php?nid=22817">
# http://www.thedailystar.net/newDesign/latest_news.php?nid=22817
# </a>
@@ -383,11 +383,11 @@
# observing daylight saving time in 1986.
#
# From Thomas S. Mullaney (2008-02-11):
-# I think you're combining two subjects that need to treated
-# separately: daylight savings (which, you're correct, wasn't
-# implemented until the 1980s) and the unified time zone centered near
-# Beijing (which was implemented in 1949). Briefly, there was also a
-# "Lhasa Time" in Tibet and "Urumqi Time" in Xinjiang. The first was
+# I think you're combining two subjects that need to treated
+# separately: daylight savings (which, you're correct, wasn't
+# implemented until the 1980s) and the unified time zone centered near
+# Beijing (which was implemented in 1949). Briefly, there was also a
+# "Lhasa Time" in Tibet and "Urumqi Time" in Xinjiang. The first was
# ceased, and the second eventually recognized (again, in the 1980s).
#
# From Paul Eggert (2008-06-30):
@@ -524,7 +524,7 @@
# as of 2009-10-28:
# Year Period
# 1941 1 Apr to 30 Sep
-# 1942 Whole year
+# 1942 Whole year
# 1943 Whole year
# 1944 Whole year
# 1945 Whole year
@@ -615,16 +615,16 @@
# From Arthur David Olson (2010-04-07):
# Here's Google's translation of the table at the bottom of the "summert.htm" page:
# Decade Name Start and end date
-# Republic of China 34 years to 40 years (AD 1945-1951 years) Summer Time May 1 to September 30
-# 41 years of the Republic of China (AD 1952) Daylight Saving Time March 1 to October 31
-# Republic of China 42 years to 43 years (AD 1953-1954 years) Daylight Saving Time April 1 to October 31
-# In the 44 years to 45 years (AD 1955-1956 years) Daylight Saving Time April 1 to September 30
-# Republic of China 46 years to 48 years (AD 1957-1959) Summer Time April 1 to September 30
-# Republic of China 49 years to 50 years (AD 1960-1961) Summer Time June 1 to September 30
-# Republic of China 51 years to 62 years (AD 1962-1973 years) Stop Summer Time
-# Republic of China 63 years to 64 years (1974-1975 AD) Daylight Saving Time April 1 to September 30
-# Republic of China 65 years to 67 years (1976-1978 AD) Stop Daylight Saving Time
-# Republic of China 68 years (AD 1979) Daylight Saving Time July 1 to September 30
+# Republic of China 34 years to 40 years (AD 1945-1951 years) Summer Time May 1 to September 30
+# 41 years of the Republic of China (AD 1952) Daylight Saving Time March 1 to October 31
+# Republic of China 42 years to 43 years (AD 1953-1954 years) Daylight Saving Time April 1 to October 31
+# In the 44 years to 45 years (AD 1955-1956 years) Daylight Saving Time April 1 to September 30
+# Republic of China 46 years to 48 years (AD 1957-1959) Summer Time April 1 to September 30
+# Republic of China 49 years to 50 years (AD 1960-1961) Summer Time June 1 to September 30
+# Republic of China 51 years to 62 years (AD 1962-1973 years) Stop Summer Time
+# Republic of China 63 years to 64 years (1974-1975 AD) Daylight Saving Time April 1 to September 30
+# Republic of China 65 years to 67 years (1976-1978 AD) Stop Daylight Saving Time
+# Republic of China 68 years (AD 1979) Daylight Saving Time July 1 to September 30
# Republic of China since 69 years (AD 1980) Stop Daylight Saving Time
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
@@ -1193,15 +1193,15 @@
#
# ftp://ftp.cs.huji.ac.il/pub/tz/announcements/2005+beyond.ps
-# From Paul Eggert (2005-02-22):
+# From Paul Eggert (2012-10-26):
# I used Ephraim Silverberg's dst-israel.el program
# <ftp://ftp.cs.huji.ac.il/pub/tz/software/dst-israel.el> (2005-02-20)
# along with Ed Reingold's cal-hebrew in GNU Emacs 21.4,
-# to generate the transitions in this list.
+# to generate the transitions from 2005 through 2012.
# (I replaced "lastFri" with "Fri>=26" by hand.)
-# The spring transitions below all correspond to the following Rule:
+# The spring transitions all correspond to the following Rule:
#
-# Rule Zion 2005 max - Mar Fri>=26 2:00 1:00 D
+# Rule Zion 2005 2012 - Mar Fri>=26 2:00 1:00 D
#
# but older zic implementations (e.g., Solaris 8) do not support
# "Fri>=26" to mean April 1 in years like 2005, so for now we list the
@@ -1218,39 +1218,36 @@
Rule Zion 2010 only - Sep 12 2:00 0 S
Rule Zion 2011 only - Apr 1 2:00 1:00 D
Rule Zion 2011 only - Oct 2 2:00 0 S
-Rule Zion 2012 2015 - Mar Fri>=26 2:00 1:00 D
+Rule Zion 2012 only - Mar Fri>=26 2:00 1:00 D
Rule Zion 2012 only - Sep 23 2:00 0 S
-Rule Zion 2013 only - Sep 8 2:00 0 S
-Rule Zion 2014 only - Sep 28 2:00 0 S
-Rule Zion 2015 only - Sep 20 2:00 0 S
-Rule Zion 2016 only - Apr 1 2:00 1:00 D
-Rule Zion 2016 only - Oct 9 2:00 0 S
-Rule Zion 2017 2021 - Mar Fri>=26 2:00 1:00 D
-Rule Zion 2017 only - Sep 24 2:00 0 S
-Rule Zion 2018 only - Sep 16 2:00 0 S
-Rule Zion 2019 only - Oct 6 2:00 0 S
-Rule Zion 2020 only - Sep 27 2:00 0 S
-Rule Zion 2021 only - Sep 12 2:00 0 S
-Rule Zion 2022 only - Apr 1 2:00 1:00 D
-Rule Zion 2022 only - Oct 2 2:00 0 S
-Rule Zion 2023 2032 - Mar Fri>=26 2:00 1:00 D
-Rule Zion 2023 only - Sep 24 2:00 0 S
-Rule Zion 2024 only - Oct 6 2:00 0 S
-Rule Zion 2025 only - Sep 28 2:00 0 S
-Rule Zion 2026 only - Sep 20 2:00 0 S
-Rule Zion 2027 only - Oct 10 2:00 0 S
-Rule Zion 2028 only - Sep 24 2:00 0 S
-Rule Zion 2029 only - Sep 16 2:00 0 S
-Rule Zion 2030 only - Oct 6 2:00 0 S
-Rule Zion 2031 only - Sep 21 2:00 0 S
-Rule Zion 2032 only - Sep 12 2:00 0 S
-Rule Zion 2033 only - Apr 1 2:00 1:00 D
-Rule Zion 2033 only - Oct 2 2:00 0 S
-Rule Zion 2034 2037 - Mar Fri>=26 2:00 1:00 D
-Rule Zion 2034 only - Sep 17 2:00 0 S
-Rule Zion 2035 only - Oct 7 2:00 0 S
-Rule Zion 2036 only - Sep 28 2:00 0 S
-Rule Zion 2037 only - Sep 13 2:00 0 S
+
+# From Ephraim Silverberg (2012-10-18):
+
+# Yesterday, the Interior Ministry Committee, after more than a year
+# past, approved sending the proposed June 2011 changes to the Time
+# Decree Law back to the Knesset for second and third (final) votes
+# before the upcoming elections on Jan. 22, 2013. Hence, although the
+# changes are not yet law, they are expected to be so before February 2013.
+#
+# As of 2013, DST starts at 02:00 on the Friday before the last Sunday in March.
+# DST ends at 02:00 on the first Sunday after October 1, unless it occurs on the
+# second day of the Jewish Rosh Hashana holiday, in which case DST ends a day
+# later (i.e. at 02:00 the first Monday after October 2).
+# [Rosh Hashana holidays are factored in until 2100.]
+
+# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
+Rule Zion 2013 max - Mar Fri>=23 2:00 1:00 D
+Rule Zion 2013 2026 - Oct Sun>=2 2:00 0 S
+Rule Zion 2027 only - Oct Mon>=3 2:00 0 S
+Rule Zion 2028 max - Oct Sun>=2 2:00 0 S
+# The following rules are commented out for now, as they break older
+# versions of zic that support only signed 32-bit timestamps, i.e.,
+# through 2038-01-19 03:14:07 UTC.
+#Rule Zion 2028 2053 - Oct Sun>=2 2:00 0 S
+#Rule Zion 2054 only - Oct Mon>=3 2:00 0 S
+#Rule Zion 2055 2080 - Oct Sun>=2 2:00 0 S
+#Rule Zion 2081 only - Oct Mon>=3 2:00 0 S
+#Rule Zion 2082 max - Oct Sun>=2 2:00 0 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Jerusalem 2:20:56 - LMT 1880
@@ -1385,6 +1382,16 @@
# From Arthur David Olson (2009-04-06):
# We still have Jordan switching to DST on Thursdays in 2000 and 2001.
+# From Steffen Thorsen (2012-10-25):
+# Yesterday the government in Jordan announced that they will not
+# switch back to standard time this winter, so the will stay on DST
+# until about the same time next year (at least).
+# http://www.petra.gov.jo/Public_News/Nws_NewsDetails.aspx?NewsID=88950
+#
+# From Paul Eggert (2012-10-25):
+# For now, assume this is just a one-year measure. If it becomes
+# permanent, we should move Jordan from EET to AST effective tomorrow.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Jordan 1973 only - Jun 6 0:00 1:00 S
Rule Jordan 1973 1975 - Oct 1 0:00 0 -
@@ -1413,7 +1420,8 @@
Rule Jordan 2003 only - Oct 24 0:00s 0 -
Rule Jordan 2004 only - Oct 15 0:00s 0 -
Rule Jordan 2005 only - Sep lastFri 0:00s 0 -
-Rule Jordan 2006 max - Oct lastFri 0:00s 0 -
+Rule Jordan 2006 2011 - Oct lastFri 0:00s 0 -
+Rule Jordan 2013 max - Oct lastFri 0:00s 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Amman 2:23:44 - LMT 1931
2:00 Jordan EE%sT
@@ -1858,15 +1866,15 @@
# shown 8 per cent higher consumption of electricity.
# From Alex Krivenyshev (2008-05-15):
-#
-# Here is an article that Pakistan plan to introduce Daylight Saving Time
+#
+# Here is an article that Pakistan plan to introduce Daylight Saving Time
# on June 1, 2008 for 3 months.
-#
-# "... The federal cabinet on Wednesday announced a new conservation plan to help
-# reduce load shedding by approving the closure of commercial centres at 9pm and
-# moving clocks forward by one hour for the next three months.
+#
+# "... The federal cabinet on Wednesday announced a new conservation plan to help
+# reduce load shedding by approving the closure of commercial centres at 9pm and
+# moving clocks forward by one hour for the next three months.
# ...."
-#
+#
# <a href="http://www.worldtimezone.net/dst_news/dst_news_pakistan01.html">
# http://www.worldtimezone.net/dst_news/dst_news_pakistan01.html
# </a>
@@ -1926,7 +1934,7 @@
# Government has decided to restore the previous time by moving the
# clocks backward by one hour from October 1. A formal announcement to
# this effect will be made after the Prime Minister grants approval in
-# this regard."
+# this regard."
# <a href="http://www.thenews.com.pk/updates.asp?id=87168">
# http://www.thenews.com.pk/updates.asp?id=87168
# </a>
@@ -2222,7 +2230,7 @@
# <a href="http://www.maannews.net/eng/ViewDetails.aspx?ID=306795">
# http://www.maannews.net/eng/ViewDetails.aspx?ID=306795
# </a>
-# the clocks were set back one hour at 2010-08-11 00:00:00 local time in
+# the clocks were set back one hour at 2010-08-11 00:00:00 local time in
# Gaza and the West Bank.
# Some more background info:
# <a href="http://www.timeanddate.com/news/time/westbank-gaza-end-dst-2010.html">
@@ -2261,7 +2269,7 @@
# The rules for Egypt are stolen from the `africa' file.
# From Steffen Thorsen (2011-09-30):
-# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30
+# West Bank did end Daylight Saving Time this morning/midnight (2011-09-30
# 00:00).
# So West Bank and Gaza now have the same time again.
#
@@ -2316,6 +2324,8 @@
# From Arthur David Olson (2011-09-20):
# 2011 transitions per http://www.timeanddate.com as of 2011-09-20.
+# From Paul Eggert (2012-10-12):
+# 2012 transitions per http://www.timeanddate.com as of 2012-10-12.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Gaza 2:17:52 - LMT 1900 Oct
@@ -2326,7 +2336,7 @@
2:00 Palestine EE%sT 2011 Apr 2 12:01
2:00 1:00 EEST 2011 Aug 1
2:00 - EET 2012 Mar 30
- 2:00 1:00 EEST 2012 Sep 28
+ 2:00 1:00 EEST 2012 Sep 21 1:00
2:00 - EET
Zone Asia/Hebron 2:20:23 - LMT 1900 Oct
@@ -2341,7 +2351,7 @@
2:00 - EET 2011 Aug 30
2:00 1:00 EEST 2011 Sep 30 3:00
2:00 - EET 2012 Mar 30
- 2:00 1:00 EEST 2012 Sep 28 3:00
+ 2:00 1:00 EEST 2012 Sep 21 1:00
2:00 - EET
# Paracel Is
@@ -2535,19 +2545,19 @@
# having it between Wednesday and Thursday (two workdays in Syria) since the
# weekend in Syria is not Saturday and Sunday, but Friday and Saturday. So now
# it is implemented at midnight of the last workday before weekend...
-#
+#
# From Steffen Thorsen (2007-10-27):
# Jesper Norgaard Welen wrote:
-#
+#
# > "Winter local time in Syria will be observed at midnight of Thursday 1
# > November 2007, and the clock will be put back 1 hour."
-#
+#
# I found confirmation on this in this gov.sy-article (Arabic):
# http://wehda.alwehda.gov.sy/_print_veiw.asp?FileName=12521710520070926111247
-#
+#
# which using Google's translate tools says:
-# Council of Ministers also approved the commencement of work on
-# identifying the winter time as of Friday, 2/11/2007 where the 60th
+# Council of Ministers also approved the commencement of work on
+# identifying the winter time as of Friday, 2/11/2007 where the 60th
# minute delay at midnight Thursday 1/11/2007.
Rule Syria 2007 only - Nov Fri>=1 0:00 0 -
@@ -2613,8 +2623,8 @@
# </a>
# From Steffen Thorsen (2009-10-27):
-# The Syrian Arab News Network on 2009-09-29 reported that Syria will
-# revert back to winter (standard) time on midnight between Thursday
+# The Syrian Arab News Network on 2009-09-29 reported that Syria will
+# revert back to winter (standard) time on midnight between Thursday
# 2009-10-29 and Friday 2009-10-30:
# <a href="http://www.sana.sy/ara/2/2009/09/29/247012.htm">
# http://www.sana.sy/ara/2/2009/09/29/247012.htm (Arabic)
diff --git a/make/sun/javazic/tzdata/australasia b/make/sun/javazic/tzdata/australasia
index 3a63e2d..7f83448 100644
--- a/make/sun/javazic/tzdata/australasia
+++ b/make/sun/javazic/tzdata/australasia
@@ -306,9 +306,9 @@
# </a>
# From Alexander Krivenyshev (2010-10-24):
-# According to Radio Fiji and Fiji Times online, Fiji will end DST 3
+# According to Radio Fiji and Fiji Times online, Fiji will end DST 3
# weeks earlier than expected - on March 6, 2011, not March 27, 2011...
-# Here is confirmation from Government of the Republic of the Fiji Islands,
+# Here is confirmation from Government of the Republic of the Fiji Islands,
# Ministry of Information (fiji.gov.fj) web site:
# <a href="http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=2608:daylight-savings&catid=71:press-releases&Itemid=155">
# http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=2608:daylight-savings&catid=71:press-releases&Itemid=155
@@ -319,15 +319,15 @@
# </a>
# From Steffen Thorsen (2011-10-03):
-# Now the dates have been confirmed, and at least our start date
+# Now the dates have been confirmed, and at least our start date
# assumption was correct (end date was one week wrong).
#
# <a href="http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155">
# www.fiji.gov.fj/index.php?option=com_content&view=article&id=4966:daylight-saving-starts-in-fiji&catid=71:press-releases&Itemid=155
# </a>
# which says
-# Members of the public are reminded to change their time to one hour in
-# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to
+# Members of the public are reminded to change their time to one hour in
+# advance at 2am to 3am on October 23, 2011 and one hour back at 3am to
# 2am on February 26 next year.
# From Ken Rylander (2011-10-24)
@@ -344,15 +344,23 @@
# The commencement of daylight saving will remain unchanged and start
# on the 23rd of October, 2011.
+# From the Fiji Government Online Portal (2012-08-21) via Steffen Thorsen:
+# The Minister for Labour, Industrial Relations and Employment Mr Jone Usamate
+# today confirmed that Fiji will start daylight savings at 2 am on Sunday 21st
+# October 2012 and end at 3 am on Sunday 20th January 2013.
+# http://www.fiji.gov.fj/index.php?option=com_content&view=article&id=6702&catid=71&Itemid=155
+#
+# From Paul Eggert (2012-08-31):
+# For now, guess a pattern of the penultimate Sundays in October and January.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Fiji 1998 1999 - Nov Sun>=1 2:00 1:00 S
Rule Fiji 1999 2000 - Feb lastSun 3:00 0 -
Rule Fiji 2009 only - Nov 29 2:00 1:00 S
Rule Fiji 2010 only - Mar lastSun 3:00 0 -
-Rule Fiji 2010 only - Oct 24 2:00 1:00 S
+Rule Fiji 2010 max - Oct Sun>=18 2:00 1:00 S
Rule Fiji 2011 only - Mar Sun>=1 3:00 0 -
-Rule Fiji 2011 only - Oct 23 2:00 1:00 S
-Rule Fiji 2012 only - Jan 22 3:00 0 -
+Rule Fiji 2012 max - Jan Sun>=18 3:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Fiji 11:53:40 - LMT 1915 Oct 26 # Suva
12:00 Fiji FJ%sT # Fiji Time
@@ -581,7 +589,7 @@
# From David Zuelke (2011-05-09):
# Subject: Samoa to move timezone from east to west of international date line
-#
+#
# <a href="http://www.morningstar.co.uk/uk/markets/newsfeeditem.aspx?id=138501958347963">
# http://www.morningstar.co.uk/uk/markets/newsfeeditem.aspx?id=138501958347963
# </a>
@@ -643,6 +651,23 @@
# Although Samoa has used Daylight Saving Time in the 2010-2011 and 2011-2012
# seasons, there is not yet any indication that this trend will continue on
# a regular basis. For now, we have explicitly listed the transitions below.
+#
+# From Nicky (2012-09-10):
+# Daylight Saving Time commences on Sunday 30th September 2012 and
+# ends on Sunday 7th of April 2013.
+#
+# Please find link below for more information.
+# http://www.mcil.gov.ws/mcil_publications.html
+#
+# That publication also includes dates for Summer of 2013/4 as well
+# which give the impression of a pattern in selecting dates for the
+# future, so for now, we will guess this will continue.
+
+# Western Samoa
+# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
+Rule WS 2012 max - Sep lastSun 3:00 1 D
+Rule WS 2012 max - Apr Sun>=1 4:00 0 -
+# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Apia 12:33:04 - LMT 1879 Jul 5
-11:26:56 - LMT 1911
-11:30 - SAMT 1950 # Samoa Time
@@ -650,8 +675,8 @@
-11:00 1:00 WSDT 2011 Apr 2 4:00
-11:00 - WST 2011 Sep 24 3:00
-11:00 1:00 WSDT 2011 Dec 30
- 13:00 1:00 WSDT 2012 Apr 1 4:00
- 13:00 - WST
+ 13:00 1:00 WSDT 2012 Apr Sun>=1 4:00
+ 13:00 WS WS%sT
# Solomon Is
# excludes Bougainville, for which see Papua New Guinea
@@ -663,25 +688,25 @@
#
# From Gwillim Law (2011-12-29)
# A correspondent informed me that Tokelau, like Samoa, will be skipping
-# December 31 this year, thereby changing its time zone from UTC-10 to
-# UTC+14. When I tried to verify this statement, I found a confirming
-# article in Time magazine online
-# <a href="http://www.time.com/time/world/article/0,8599,2103243,00.html">
-# (http://www.time.com/time/world/article/0,8599,2103243,00.html).
-# </a>
+# December 31 this year ...
#
-# From Jonathan Leffler (2011-12-29)
-# Information from the BBC to the same effect:
-# <a href="http://www.bbc.co.uk/news/world-asia-16351377">
-# http://www.bbc.co.uk/news/world-asia-16351377
-# </a>
+# From Steffen Thorsen (2012-07-25)
+# ... we double checked by calling hotels and offices based in Tokelau asking
+# about the time there, and they all told a time that agrees with UTC+13....
+# Shanks says UTC-10 from 1901 [but] ... there is a good chance the change
+# actually was to UTC-11 back then.
#
-# Patch supplied by Tim Parenti (2011-12-29)
+# From Paul Eggert (2012-07-25)
+# A Google Books snippet of Appendix to the Journals of the House of
+# Representatives of New Zealand, Session 1948,
+# <http://books.google.com/books?id=ZaVCAQAAIAAJ>, page 65, says Tokelau
+# was "11 hours slow on G.M.T." Go with Thorsen and assume Shanks & Pottenger
+# are off by an hour starting in 1901.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Pacific/Fakaofo -11:24:56 - LMT 1901
- -10:00 - TKT 2011 Dec 30 # Tokelau Time
- 14:00 - TKT
+ -11:00 - TKT 2011 Dec 30 # Tokelau Time
+ 13:00 - TKT
# Tonga
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
@@ -1362,22 +1387,22 @@
# See "southeast Australia" above for 2008 and later.
# From Steffen Thorsen (2009-04-28):
-# According to the official press release, South Australia's extended daylight
-# saving period will continue with the same rules as used during the 2008-2009
+# According to the official press release, South Australia's extended daylight
+# saving period will continue with the same rules as used during the 2008-2009
# summer (southern hemisphere).
-#
+#
# From
# <a href="http://www.safework.sa.gov.au/uploaded_files/DaylightDatesSet.pdf">
# http://www.safework.sa.gov.au/uploaded_files/DaylightDatesSet.pdf
# </a>
-# The extended daylight saving period that South Australia has been trialling
+# The extended daylight saving period that South Australia has been trialling
# for over the last year is now set to be ongoing.
-# Daylight saving will continue to start on the first Sunday in October each
+# Daylight saving will continue to start on the first Sunday in October each
# year and finish on the first Sunday in April the following year.
-# Industrial Relations Minister, Paul Caica, says this provides South Australia
-# with a consistent half hour time difference with NSW, Victoria, Tasmania and
+# Industrial Relations Minister, Paul Caica, says this provides South Australia
+# with a consistent half hour time difference with NSW, Victoria, Tasmania and
# the ACT for all 52 weeks of the year...
-#
+#
# We have a wrap-up here:
# <a href="http://www.timeanddate.com/news/time/south-australia-extends-dst.html">
# http://www.timeanddate.com/news/time/south-australia-extends-dst.html
diff --git a/make/sun/javazic/tzdata/europe b/make/sun/javazic/tzdata/europe
index 55714aa..9a0d0b9 100644
--- a/make/sun/javazic/tzdata/europe
+++ b/make/sun/javazic/tzdata/europe
@@ -597,12 +597,12 @@
# According to Kremlin press service, Russian President Dmitry Medvedev
# signed a federal law "On calculation of time" on June 9, 2011.
# According to the law Russia is abolishing daylight saving time.
-#
-# Medvedev signed a law "On the Calculation of Time" (in russian):
+#
+# Medvedev signed a law "On the Calculation of Time" (in russian):
# <a href="http://bmockbe.ru/events/?ID=7583">
# http://bmockbe.ru/events/?ID=7583
# </a>
-#
+#
# Medvedev signed a law on the calculation of the time (in russian):
# <a href="http://www.regnum.ru/news/polit/1413906.html">
# http://www.regnum.ru/news/polit/1413906.html
@@ -1710,7 +1710,7 @@
# From Alexander Krivenyshev (2011-10-26)
# NO need to divide Moldova into two timezones at this point.
# As of today, Transnistria (Pridnestrovie)- Tiraspol reversed its own
-# decision to abolish DST this winter.
+# decision to abolish DST this winter.
# Following Moldova and neighboring Ukraine- Transnistria (Pridnestrovie)-
# Tiraspol will go back to winter time on October 30, 2011.
# News from Moldova (in russian):
@@ -2600,11 +2600,11 @@
# http://www.alomaliye.com/bkk_2002_3769.htm
# From Gökdeniz Karadağ (2011-03-10):
-#
+#
# According to the articles linked below, Turkey will change into summer
# time zone (GMT+3) on March 28, 2011 at 3:00 a.m. instead of March 27.
# This change is due to a nationwide exam on 27th.
-#
+#
# <a href="http://www.worldbulletin.net/?aType=haber&ArticleID=70872">
# http://www.worldbulletin.net/?aType=haber&ArticleID=70872
# </a>
@@ -2721,7 +2721,7 @@
# time this year after all.
#
# From Udo Schwedt (2011-10-18):
-# As far as I understand, the recent change to the Ukranian time zone
+# As far as I understand, the recent change to the Ukranian time zone
# (Europe/Kiev) to introduce permanent daylight saving time (similar
# to Russia) was reverted today:
#
diff --git a/make/sun/javazic/tzdata/leapseconds b/make/sun/javazic/tzdata/leapseconds
index f8902f7..ab6720d 100644
--- a/make/sun/javazic/tzdata/leapseconds
+++ b/make/sun/javazic/tzdata/leapseconds
@@ -100,8 +100,8 @@
#
#
# A positive leap second will be introduced at the end of June 2012.
-# The sequence of dates of the UTC second markers will be:
-#
+# The sequence of dates of the UTC second markers will be:
+#
# 2012 June 30, 23h 59m 59s
# 2012 June 30, 23h 59m 60s
# 2012 July 1, 0h 0m 0s
@@ -118,6 +118,6 @@
#
#
# Daniel GAMBIS
-# Head
+# Head
# Earth Orientation Center of IERS
# Observatoire de Paris, France
diff --git a/make/sun/javazic/tzdata/northamerica b/make/sun/javazic/tzdata/northamerica
index 2b94d05..c303326 100644
--- a/make/sun/javazic/tzdata/northamerica
+++ b/make/sun/javazic/tzdata/northamerica
@@ -501,7 +501,7 @@
-8:00 US P%sT 1946
-8:00 - PST 1969
-8:00 US P%sT 1980 Apr 27 2:00
- -9:00 US Y%sT 1980 Oct 26 2:00
+ -9:00 US Y%sT 1980 Oct 26 2:00
-8:00 US P%sT 1983 Oct 30 2:00
-9:00 US Y%sT 1983 Nov 30
-9:00 US AK%sT
@@ -1866,7 +1866,7 @@
# Here is a summary of the three clock change events in Creston's history:
# 1. 1884 or 1885: adoption of Mountain Standard Time (GMT-7)
# Exact date unknown
-# 2. Oct 1916: switch to Pacific Standard Time (GMT-8)
+# 2. Oct 1916: switch to Pacific Standard Time (GMT-8)
# Exact date in October unknown; Sunday October 1 is a reasonable guess.
# 3. June 1918: switch to Pacific Daylight Time (GMT-7)
# Exact date in June unknown; Sunday June 2 is a reasonable guess.
@@ -2696,20 +2696,20 @@
# except that it switches at midnight standard time as usual.
#
# From Steffen Thorsen (2007-10-25):
-# Carlos Alberto Fonseca Arauz informed me that Cuba will end DST one week
+# Carlos Alberto Fonseca Arauz informed me that Cuba will end DST one week
# earlier - on the last Sunday of October, just like in 2006.
-#
+#
# He supplied these references:
-#
+#
# http://www.prensalatina.com.mx/article.asp?ID=%7B4CC32C1B-A9F7-42FB-8A07-8631AFC923AF%7D&language=ES
# http://actualidad.terra.es/sociedad/articulo/cuba_llama_ahorrar_energia_cambio_1957044.htm
-#
+#
# From Alex Kryvenishev (2007-10-25):
# Here is also article from Granma (Cuba):
-#
+#
# [Regira] el Horario Normal desde el [proximo] domingo 28 de octubre
# http://www.granma.cubaweb.cu/2007/10/24/nacional/artic07.html
-#
+#
# http://www.worldtimezone.com/dst_news/dst_news_cuba03.html
# From Arthur David Olson (2008-03-09):
@@ -2793,7 +2793,7 @@
# </a>
#
# From Steffen Thorsen (2011-10-30)
-# Cuba will end DST two weeks later this year. Instead of going back
+# Cuba will end DST two weeks later this year. Instead of going back
# tonight, it has been delayed to 2011-11-13 at 01:00.
#
# One source (Spanish)
@@ -2805,11 +2805,11 @@
# <a href="http://www.timeanddate.com/news/time/cuba-time-changes-2011.html">
# http://www.timeanddate.com/news/time/cuba-time-changes-2011.html
# </a>
-#
+#
# From Steffen Thorsen (2012-03-01)
-# According to Radio Reloj, Cuba will start DST on Midnight between March
+# According to Radio Reloj, Cuba will start DST on Midnight between March
# 31 and April 1.
-#
+#
# Radio Reloj has the following info (Spanish):
# <a href="http://www.radioreloj.cu/index.php/noticias-radio-reloj/71-miscelaneas/7529-cuba-aplicara-el-horario-de-verano-desde-el-1-de-abril">
# http://www.radioreloj.cu/index.php/noticias-radio-reloj/71-miscelaneas/7529-cuba-aplicara-el-horario-de-verano-desde-el-1-de-abril
@@ -2820,6 +2820,13 @@
# http://www.timeanddate.com/news/time/cuba-starts-dst-2012.html
# </a>
+# From Steffen Thorsen (2012-11-03):
+# Radio Reloj and many other sources report that Cuba is changing back
+# to standard time on 2012-11-04:
+# http://www.radioreloj.cu/index.php/noticias-radio-reloj/36-nacionales/9961-regira-horario-normal-en-cuba-desde-el-domingo-cuatro-de-noviembre
+# From Paul Eggert (2012-11-03):
+# For now, assume the future rule is first Sunday in November.
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Cuba 1928 only - Jun 10 0:00 1:00 D
Rule Cuba 1928 only - Oct 10 0:00 0 S
@@ -2857,7 +2864,7 @@
Rule Cuba 2011 only - Mar Sun>=15 0:00s 1:00 D
Rule Cuba 2011 only - Nov 13 0:00s 0 S
Rule Cuba 2012 only - Apr 1 0:00s 1:00 D
-Rule Cuba 2012 max - Oct lastSun 0:00s 0 S
+Rule Cuba 2012 max - Nov Sun>=1 0:00s 0 S
Rule Cuba 2013 max - Mar Sun>=8 0:00s 1:00 D
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
diff --git a/make/sun/javazic/tzdata/southamerica b/make/sun/javazic/tzdata/southamerica
index dd746f3..0d6797e 100644
--- a/make/sun/javazic/tzdata/southamerica
+++ b/make/sun/javazic/tzdata/southamerica
@@ -254,7 +254,7 @@
Rule Arg 2007 only - Dec 30 0:00 1:00 S
Rule Arg 2008 2009 - Mar Sun>=15 0:00 0 -
Rule Arg 2008 only - Oct Sun>=15 0:00 1:00 S
-
+
# From Mariano Absatz (2004-05-21):
# Today it was officially published that the Province of Mendoza is changing
# its timezone this winter... starting tomorrow night....
@@ -344,9 +344,9 @@
# confirms what Alex Krivenyshev has earlier sent to the tz
# emailing list about that San Luis plans to return to standard
# time much earlier than the rest of the country. It also
-# confirms that upon request the provinces San Juan and Mendoza
-# refused to follow San Luis in this change.
-#
+# confirms that upon request the provinces San Juan and Mendoza
+# refused to follow San Luis in this change.
+#
# The change is supposed to take place Monday the 21.st at 0:00
# hours. As far as I understand it if this goes ahead, we need
# a new timezone for San Luis (although there are also documented
@@ -408,7 +408,7 @@
# <a href="http://www.lanacion.com.ar/nota.asp?nota_id=1107912">
# http://www.lanacion.com.ar/nota.asp?nota_id=1107912
# </a>
-#
+#
# The press release says:
# (...) anunció que el próximo domingo a las 00:00 los puntanos deberán
# atrasar una hora sus relojes.
@@ -822,8 +822,8 @@
#
# From Alexander Krivenyshev (2011-10-04):
# State Bahia will return to Daylight savings time this year after 8 years off.
-# The announcement was made by Governor Jaques Wagner in an interview to a
-# television station in Salvador.
+# The announcement was made by Governor Jaques Wagner in an interview to a
+# television station in Salvador.
# In Portuguese:
# <a href="http://g1.globo.com/bahia/noticia/2011/10/governador-jaques-wagner-confirma-horario-de-verao-na-bahia.html">
@@ -852,6 +852,15 @@
# http://www.in.gov.br/visualiza/index.jsp?data=13/10/2011&jornal=1000&pagina=6&totalArquivos=6
# </a>
+# From Kelley Cook (2012-10-16):
+# The governor of state of Bahia in Brazil announced on Thursday that
+# due to public pressure, he is reversing the DST policy they implemented
+# last year and will not be going to Summer Time on October 21st....
+# http://www.correio24horas.com.br/r/artigo/apos-pressoes-wagner-suspende-horario-de-verao-na-bahia
+
+# From Rodrigo Severo (2012-10-16):
+# Tocantins state will have DST.
+# http://noticias.terra.com.br/brasil/noticias/0,,OI6232536-EI306.html
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
# Decree <a href="http://pcdsh01.on.br/HV20466.htm">20,466</a> (1931-10-01)
@@ -1071,7 +1080,8 @@
-3:00 Brazil BR%sT 1990 Sep 17
-3:00 - BRT 1995 Sep 14
-3:00 Brazil BR%sT 2003 Sep 24
- -3:00 - BRT
+ -3:00 - BRT 2012 Oct 21
+ -3:00 Brazil BR%sT
#
# Alagoas (AL), Sergipe (SE)
Zone America/Maceio -2:22:52 - LMT 1914
@@ -1090,7 +1100,8 @@
Zone America/Bahia -2:34:04 - LMT 1914
-3:00 Brazil BR%sT 2003 Sep 24
-3:00 - BRT 2011 Oct 16
- -3:00 Brazil BR%sT
+ -3:00 Brazil BR%sT 2012 Oct 21
+ -3:00 - BRT
#
# Goias (GO), Distrito Federal (DF), Minas Gerais (MG),
# Espirito Santo (ES), Rio de Janeiro (RJ), Sao Paulo (SP), Parana (PR),
@@ -1182,7 +1193,7 @@
# Due to drought, Chile extends Daylight Time in three weeks. This
# is one-time change (Saturday 3/29 at 24:00 for America/Santiago
# and Saturday 3/29 at 22:00 for Pacific/Easter)
-# The Supreme Decree is located at
+# The Supreme Decree is located at
# <a href="http://www.shoa.cl/servicios/supremo316.pdf">
# http://www.shoa.cl/servicios/supremo316.pdf
# </a>
@@ -1193,7 +1204,7 @@
# From Jose Miguel Garrido (2008-03-05):
# ...
-# You could see the announces of the change on
+# You could see the announces of the change on
# <a href="http://www.shoa.cl/noticias/2008/04hora/hora.htm">
# http://www.shoa.cl/noticias/2008/04hora/hora.htm
# </a>.
diff --git a/make/tools/GenerateCharacter/CharacterData01.java.template b/make/tools/GenerateCharacter/CharacterData01.java.template
index a1d2822..44bd980 100644
--- a/make/tools/GenerateCharacter/CharacterData01.java.template
+++ b/make/tools/GenerateCharacter/CharacterData01.java.template
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -311,6 +311,8 @@
case 0x011063: retval = 90; break; // BRAHMI NUMBER NINETY
case 0x011064: retval = 100; break; // BRAHMI NUMBER ONE HUNDRED
case 0x011065: retval = 1000; break; // BRAHMI NUMBER ONE THOUSAND
+ case 0x012432: retval = 216000; break; // CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH
+ case 0x012433: retval = 432000; break; // CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN
case 0x01D36C: retval = 40; break; // COUNTING ROD TENS DIGIT FOUR
case 0x01D36D: retval = 50; break; // COUNTING ROD TENS DIGIT FIVE
case 0x01D36E: retval = 60; break; // COUNTING ROD TENS DIGIT SIX
diff --git a/make/tools/UnicodeData/PropList.txt b/make/tools/UnicodeData/PropList.txt
index f9dcb2a..9ce7eec 100644
--- a/make/tools/UnicodeData/PropList.txt
+++ b/make/tools/UnicodeData/PropList.txt
@@ -1,8 +1,8 @@
-# PropList-6.1.0.txt
-# Date: 2011-11-30, 01:49:54 GMT [MD]
+# PropList-6.2.0.txt
+# Date: 2012-05-23, 20:34:59 GMT [MD]
#
# Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
# For terms of use, see http://www.unicode.org/terms_of_use.html
# For documentation, see http://www.unicode.org/reports/tr44/
diff --git a/make/tools/UnicodeData/Scripts.txt b/make/tools/UnicodeData/Scripts.txt
index 2516f88..1a8e722 100644
--- a/make/tools/UnicodeData/Scripts.txt
+++ b/make/tools/UnicodeData/Scripts.txt
@@ -1,8 +1,8 @@
-# Scripts-6.1.0.txt
-# Date: 2011-11-27, 05:10:50 GMT [MD]
+# Scripts-6.2.0.txt
+# Date: 2012-06-04, 17:21:29 GMT [MD]
#
# Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
# For terms of use, see http://www.unicode.org/terms_of_use.html
# For documentation, see http://www.unicode.org/reports/tr44/
@@ -146,7 +146,7 @@
208A..208C ; Common # Sm [3] SUBSCRIPT PLUS SIGN..SUBSCRIPT EQUALS SIGN
208D ; Common # Ps SUBSCRIPT LEFT PARENTHESIS
208E ; Common # Pe SUBSCRIPT RIGHT PARENTHESIS
-20A0..20B9 ; Common # Sc [26] EURO-CURRENCY SIGN..INDIAN RUPEE SIGN
+20A0..20BA ; Common # Sc [27] EURO-CURRENCY SIGN..TURKISH LIRA SIGN
2100..2101 ; Common # So [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT
2102 ; Common # L& DOUBLE-STRUCK CAPITAL C
2103..2106 ; Common # So [4] DEGREE CELSIUS..CADA UNA
@@ -576,7 +576,7 @@
E0001 ; Common # Cf LANGUAGE TAG
E0020..E007F ; Common # Cf [96] TAG SPACE..CANCEL TAG
-# Total code points: 6412
+# Total code points: 6413
# ================================================
@@ -760,7 +760,7 @@
061E ; Arabic # Po ARABIC TRIPLE DOT PUNCTUATION MARK
0620..063F ; Arabic # Lo [32] ARABIC LETTER KASHMIRI YEH..ARABIC LETTER FARSI YEH WITH THREE DOTS ABOVE
0641..064A ; Arabic # Lo [10] ARABIC LETTER FEH..ARABIC LETTER YEH
-0656..065E ; Arabic # Mn [9] ARABIC SUBSCRIPT ALEF..ARABIC FATHA WITH TWO DOTS
+0656..065F ; Arabic # Mn [10] ARABIC SUBSCRIPT ALEF..ARABIC WAVY HAMZA BELOW
066A..066D ; Arabic # Po [4] ARABIC PERCENT SIGN..ARABIC FIVE POINTED STAR
066E..066F ; Arabic # Lo [2] ARABIC LETTER DOTLESS BEH..ARABIC LETTER DOTLESS QAF
0671..06D3 ; Arabic # Lo [99] ARABIC LETTER ALEF WASLA..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE
@@ -827,7 +827,7 @@
1EEAB..1EEBB ; Arabic # Lo [17] ARABIC MATHEMATICAL DOUBLE-STRUCK LAM..ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
1EEF0..1EEF1 ; Arabic # Sm [2] ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL..ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
-# Total code points: 1234
+# Total code points: 1235
# ================================================
@@ -1477,7 +1477,6 @@
0300..036F ; Inherited # Mn [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
0485..0486 ; Inherited # Mn [2] COMBINING CYRILLIC DASIA PNEUMATA..COMBINING CYRILLIC PSILI PNEUMATA
064B..0655 ; Inherited # Mn [11] ARABIC FATHATAN..ARABIC HAMZA BELOW
-065F ; Inherited # Mn ARABIC WAVY HAMZA BELOW
0670 ; Inherited # Mn ARABIC LETTER SUPERSCRIPT ALEF
0951..0952 ; Inherited # Mn [2] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI STRESS SIGN ANUDATTA
1CD0..1CD2 ; Inherited # Mn [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
@@ -1504,7 +1503,7 @@
1D1AA..1D1AD ; Inherited # Mn [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
E0100..E01EF ; Inherited # Mn [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
-# Total code points: 524
+# Total code points: 523
# ================================================
diff --git a/make/tools/UnicodeData/SpecialCasing.txt b/make/tools/UnicodeData/SpecialCasing.txt
index d650b6d..994043f 100644
--- a/make/tools/UnicodeData/SpecialCasing.txt
+++ b/make/tools/UnicodeData/SpecialCasing.txt
@@ -1,8 +1,8 @@
-# SpecialCasing-6.1.0.txt
-# Date: 2011-11-27, 05:10:51 GMT [MD]
+# SpecialCasing-6.2.0.txt
+# Date: 2012-05-23, 20:35:15 GMT [MD]
#
# Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
# For terms of use, see http://www.unicode.org/terms_of_use.html
# For documentation, see http://www.unicode.org/reports/tr44/
#
diff --git a/make/tools/UnicodeData/UnicodeData.txt b/make/tools/UnicodeData/UnicodeData.txt
index 9f20405..086379e 100644
--- a/make/tools/UnicodeData/UnicodeData.txt
+++ b/make/tools/UnicodeData/UnicodeData.txt
@@ -7190,6 +7190,7 @@
20B7;SPESMILO SIGN;Sc;0;ET;;;;;N;;;;;
20B8;TENGE SIGN;Sc;0;ET;;;;;N;;;;;
20B9;INDIAN RUPEE SIGN;Sc;0;ET;;;;;N;;;;;
+20BA;TURKISH LIRA SIGN;Sc;0;ET;;;;;N;;;;;
20D0;COMBINING LEFT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT HARPOON ABOVE;;;;
20D1;COMBINING RIGHT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT HARPOON ABOVE;;;;
20D2;COMBINING LONG VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG VERTICAL BAR OVERLAY;;;;
@@ -18703,8 +18704,8 @@
1242F;CUNEIFORM NUMERIC SIGN THREE SHARU VARIANT FORM;Nl;0;L;;;;3;N;;;;;
12430;CUNEIFORM NUMERIC SIGN FOUR SHARU;Nl;0;L;;;;4;N;;;;;
12431;CUNEIFORM NUMERIC SIGN FIVE SHARU;Nl;0;L;;;;5;N;;;;;
-12432;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH;Nl;0;L;;;;;N;;;;;
-12433;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN;Nl;0;L;;;;;N;;;;;
+12432;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS DISH;Nl;0;L;;;;216000;N;;;;;
+12433;CUNEIFORM NUMERIC SIGN SHAR2 TIMES GAL PLUS MIN;Nl;0;L;;;;432000;N;;;;;
12434;CUNEIFORM NUMERIC SIGN ONE BURU;Nl;0;L;;;;1;N;;;;;
12435;CUNEIFORM NUMERIC SIGN TWO BURU;Nl;0;L;;;;2;N;;;;;
12436;CUNEIFORM NUMERIC SIGN THREE BURU;Nl;0;L;;;;3;N;;;;;
@@ -18739,8 +18740,8 @@
12453;CUNEIFORM NUMERIC SIGN FOUR BAN2 VARIANT FORM;Nl;0;L;;;;4;N;;;;;
12454;CUNEIFORM NUMERIC SIGN FIVE BAN2;Nl;0;L;;;;5;N;;;;;
12455;CUNEIFORM NUMERIC SIGN FIVE BAN2 VARIANT FORM;Nl;0;L;;;;5;N;;;;;
-12456;CUNEIFORM NUMERIC SIGN NIGIDAMIN;Nl;0;L;;;;;N;;;;;
-12457;CUNEIFORM NUMERIC SIGN NIGIDAESH;Nl;0;L;;;;;N;;;;;
+12456;CUNEIFORM NUMERIC SIGN NIGIDAMIN;Nl;0;L;;;;-1;N;;;;;
+12457;CUNEIFORM NUMERIC SIGN NIGIDAESH;Nl;0;L;;;;-1;N;;;;;
12458;CUNEIFORM NUMERIC SIGN ONE ESHE3;Nl;0;L;;;;1;N;;;;;
12459;CUNEIFORM NUMERIC SIGN TWO ESHE3;Nl;0;L;;;;2;N;;;;;
1245A;CUNEIFORM NUMERIC SIGN ONE THIRD DISH;Nl;0;L;;;;1/3;N;;;;;
diff --git a/make/tools/UnicodeData/VERSION b/make/tools/UnicodeData/VERSION
index dfda3e0..6abaeb2 100644
--- a/make/tools/UnicodeData/VERSION
+++ b/make/tools/UnicodeData/VERSION
@@ -1 +1 @@
-6.1.0
+6.2.0
diff --git a/makefiles/GendataTimeZone.gmk b/makefiles/GendataTimeZone.gmk
index 37520ce..dcca735 100644
--- a/makefiles/GendataTimeZone.gmk
+++ b/makefiles/GendataTimeZone.gmk
@@ -26,7 +26,7 @@
GENDATA_TIMEZONE :=
# TODO: read from make/sun/javazic/tzdata/VERSION
-GENDATA_TIMEZONE_VERSION := tzdata2012c
+GENDATA_TIMEZONE_VERSION := tzdata2012i
GENDATA_TIMEZONE_DST := $(JDK_OUTPUTDIR)/lib/zi
GENDATA_TIMEZONE_TMP := $(JDK_OUTPUTDIR)/gendata_timezone
diff --git a/makefiles/Setup.gmk b/makefiles/Setup.gmk
index ebcf816..5ca687f 100644
--- a/makefiles/Setup.gmk
+++ b/makefiles/Setup.gmk
@@ -45,7 +45,7 @@
JVM:=$(JAVA),\
JAVAC:=$(JAVAC_JARS),\
JAVAH:=$(JAVAH_JARS),\
- FLAGS:=-bootclasspath $(JDK_OUTPUTDIR)/classes -source 7 -target 7 -encoding ascii -XDignore.symbol.file=true $(DISABLE_WARNINGS),\
+ FLAGS:=-bootclasspath $(JDK_OUTPUTDIR)/classes -source 8 -target 8 -encoding ascii -XDignore.symbol.file=true $(DISABLE_WARNINGS),\
SERVER_DIR:=$(SJAVAC_SERVER_DIR),\
SERVER_JVM:=$(SJAVAC_SERVER_JAVA)))
diff --git a/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java b/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java
index b246916..26dd086 100644
--- a/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java
+++ b/src/share/classes/com/sun/crypto/provider/PBEKeyFactory.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -55,12 +55,25 @@
}
static {
- validTypes = new HashSet<String>(4);
+ validTypes = new HashSet<String>(17);
validTypes.add("PBEWithMD5AndDES".toUpperCase());
validTypes.add("PBEWithSHA1AndDESede".toUpperCase());
validTypes.add("PBEWithSHA1AndRC2_40".toUpperCase());
+ validTypes.add("PBEWithSHA1AndRC2_128".toUpperCase());
+ validTypes.add("PBEWithSHA1AndRC4_40".toUpperCase());
+ validTypes.add("PBEWithSHA1AndRC4_128".toUpperCase());
// Proprietary algorithm.
validTypes.add("PBEWithMD5AndTripleDES".toUpperCase());
+ validTypes.add("PBEWithHmacSHA1AndAES_128".toUpperCase());
+ validTypes.add("PBEWithHmacSHA224AndAES_128".toUpperCase());
+ validTypes.add("PBEWithHmacSHA256AndAES_128".toUpperCase());
+ validTypes.add("PBEWithHmacSHA384AndAES_128".toUpperCase());
+ validTypes.add("PBEWithHmacSHA512AndAES_128".toUpperCase());
+ validTypes.add("PBEWithHmacSHA1AndAES_256".toUpperCase());
+ validTypes.add("PBEWithHmacSHA224AndAES_256".toUpperCase());
+ validTypes.add("PBEWithHmacSHA256AndAES_256".toUpperCase());
+ validTypes.add("PBEWithHmacSHA384AndAES_256".toUpperCase());
+ validTypes.add("PBEWithHmacSHA512AndAES_256".toUpperCase());
}
public static final class PBEWithMD5AndDES
@@ -84,6 +97,27 @@
}
}
+ public static final class PBEWithSHA1AndRC2_128
+ extends PBEKeyFactory {
+ public PBEWithSHA1AndRC2_128() {
+ super("PBEWithSHA1AndRC2_128");
+ }
+ }
+
+ public static final class PBEWithSHA1AndRC4_40
+ extends PBEKeyFactory {
+ public PBEWithSHA1AndRC4_40() {
+ super("PBEWithSHA1AndRC4_40");
+ }
+ }
+
+ public static final class PBEWithSHA1AndRC4_128
+ extends PBEKeyFactory {
+ public PBEWithSHA1AndRC4_128() {
+ super("PBEWithSHA1AndRC4_128");
+ }
+ }
+
/*
* Private proprietary algorithm for supporting JCEKS.
*/
@@ -94,6 +128,75 @@
}
}
+ public static final class PBEWithHmacSHA1AndAES_128
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA1AndAES_128() {
+ super("PBEWithHmacSHA1AndAES_128");
+ }
+ }
+
+ public static final class PBEWithHmacSHA224AndAES_128
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA224AndAES_128() {
+ super("PBEWithHmacSHA224AndAES_128");
+ }
+ }
+
+ public static final class PBEWithHmacSHA256AndAES_128
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA256AndAES_128() {
+ super("PBEWithHmacSHA256AndAES_128");
+ }
+ }
+
+ public static final class PBEWithHmacSHA384AndAES_128
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA384AndAES_128() {
+ super("PBEWithHmacSHA384AndAES_128");
+ }
+ }
+
+ public static final class PBEWithHmacSHA512AndAES_128
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA512AndAES_128() {
+ super("PBEWithHmacSHA512AndAES_128");
+ }
+ }
+
+ public static final class PBEWithHmacSHA1AndAES_256
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA1AndAES_256() {
+ super("PBEWithHmacSHA1AndAES_256");
+ }
+ }
+
+ public static final class PBEWithHmacSHA224AndAES_256
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA224AndAES_256() {
+ super("PBEWithHmacSHA224AndAES_256");
+ }
+ }
+
+ public static final class PBEWithHmacSHA256AndAES_256
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA256AndAES_256() {
+ super("PBEWithHmacSHA256AndAES_256");
+ }
+ }
+
+ public static final class PBEWithHmacSHA384AndAES_256
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA384AndAES_256() {
+ super("PBEWithHmacSHA384AndAES_256");
+ }
+ }
+
+ public static final class PBEWithHmacSHA512AndAES_256
+ extends PBEKeyFactory {
+ public PBEWithHmacSHA512AndAES_256() {
+ super("PBEWithHmacSHA512AndAES_256");
+ }
+ }
/**
* Generates a <code>SecretKey</code> object from the provided key
diff --git a/src/share/classes/com/sun/crypto/provider/PBEParameters.java b/src/share/classes/com/sun/crypto/provider/PBEParameters.java
index 114303f..4d17f77 100644
--- a/src/share/classes/com/sun/crypto/provider/PBEParameters.java
+++ b/src/share/classes/com/sun/crypto/provider/PBEParameters.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -57,6 +57,9 @@
// the iteration count
private int iCount = 0;
+ // the cipher parameter
+ private AlgorithmParameterSpec cipherParam = null;
+
protected void engineInit(AlgorithmParameterSpec paramSpec)
throws InvalidParameterSpecException
{
@@ -66,6 +69,7 @@
}
this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
+ this.cipherParam = ((PBEParameterSpec)paramSpec).getParameterSpec();
}
protected void engineInit(byte[] encoded)
@@ -102,7 +106,8 @@
throws InvalidParameterSpecException
{
if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
- return paramSpec.cast(new PBEParameterSpec(this.salt, this.iCount));
+ return paramSpec.cast(
+ new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
} else {
throw new InvalidParameterSpecException
("Inappropriate parameter specification");
diff --git a/src/share/classes/com/sun/crypto/provider/PBES1Core.java b/src/share/classes/com/sun/crypto/provider/PBES1Core.java
new file mode 100644
index 0000000..1e206a2
--- /dev/null
+++ b/src/share/classes/com/sun/crypto/provider/PBES1Core.java
@@ -0,0 +1,539 @@
+/*
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.security.*;
+import java.security.spec.*;
+import javax.crypto.*;
+import javax.crypto.spec.*;
+
+/**
+ * This class represents password-based encryption as defined by the PKCS #5
+ * standard.
+ *
+ * @author Jan Luehe
+ *
+ *
+ * @see javax.crypto.Cipher
+ */
+final class PBES1Core {
+
+ // the encapsulated DES cipher
+ private CipherCore cipher;
+ private MessageDigest md;
+ private int blkSize;
+ private String algo = null;
+ private byte[] salt = null;
+ private int iCount = 10;
+
+ /**
+ * Creates an instance of PBE Cipher using the specified CipherSpi
+ * instance.
+ *
+ */
+ PBES1Core(String cipherAlg) throws NoSuchAlgorithmException,
+ NoSuchPaddingException {
+ algo = cipherAlg;
+ if (algo.equals("DES")) {
+ cipher = new CipherCore(new DESCrypt(),
+ DESConstants.DES_BLOCK_SIZE);
+ } else if (algo.equals("DESede")) {
+
+ cipher = new CipherCore(new DESedeCrypt(),
+ DESConstants.DES_BLOCK_SIZE);
+ } else {
+ throw new NoSuchAlgorithmException("No Cipher implementation " +
+ "for PBEWithMD5And" + algo);
+ }
+ cipher.setMode("CBC");
+ cipher.setPadding("PKCS5Padding");
+ // get instance of MD5
+ md = MessageDigest.getInstance("MD5");
+ }
+
+ /**
+ * Sets the mode of this cipher. This algorithm can only be run in CBC
+ * mode.
+ *
+ * @param mode the cipher mode
+ *
+ * @exception NoSuchAlgorithmException if the requested cipher mode is
+ * invalid
+ */
+ void setMode(String mode) throws NoSuchAlgorithmException {
+ cipher.setMode(mode);
+ }
+
+ /**
+ * Sets the padding mechanism of this cipher. This algorithm only uses
+ * PKCS #5 padding.
+ *
+ * @param padding the padding mechanism
+ *
+ * @exception NoSuchPaddingException if the requested padding mechanism
+ * is invalid
+ */
+ void setPadding(String paddingScheme) throws NoSuchPaddingException {
+ cipher.setPadding(paddingScheme);
+ }
+
+ /**
+ * Returns the block size (in bytes).
+ *
+ * @return the block size (in bytes)
+ */
+ int getBlockSize() {
+ return DESConstants.DES_BLOCK_SIZE;
+ }
+
+ /**
+ * Returns the length in bytes that an output buffer would need to be in
+ * order to hold the result of the next <code>update</code> or
+ * <code>doFinal</code> operation, given the input length
+ * <code>inputLen</code> (in bytes).
+ *
+ * <p>This call takes into account any unprocessed (buffered) data from a
+ * previous <code>update</code> call, and padding.
+ *
+ * <p>The actual output length of the next <code>update</code> or
+ * <code>doFinal</code> call may be smaller than the length returned by
+ * this method.
+ *
+ * @param inputLen the input length (in bytes)
+ *
+ * @return the required output buffer size (in bytes)
+ *
+ */
+ int getOutputSize(int inputLen) {
+ return cipher.getOutputSize(inputLen);
+ }
+
+ /**
+ * Returns the initialization vector (IV) in a new buffer.
+ *
+ * <p> This is useful in the case where a random IV has been created
+ * (see <a href = "#init">init</a>),
+ * or in the context of password-based encryption or
+ * decryption, where the IV is derived from a user-supplied password.
+ *
+ * @return the initialization vector in a new buffer, or null if the
+ * underlying algorithm does not use an IV, or if the IV has not yet
+ * been set.
+ */
+ byte[] getIV() {
+ return cipher.getIV();
+ }
+
+ /**
+ * Returns the parameters used with this cipher.
+ *
+ * <p>The returned parameters may be the same that were used to initialize
+ * this cipher, or may contain the default set of parameters or a set of
+ * randomly generated parameters used by the underlying cipher
+ * implementation (provided that the underlying cipher implementation
+ * uses a default set of parameters or creates new parameters if it needs
+ * parameters but was not initialized with any).
+ *
+ * @return the parameters used with this cipher, or null if this cipher
+ * does not use any parameters.
+ */
+ AlgorithmParameters getParameters() {
+ AlgorithmParameters params = null;
+ if (salt == null) {
+ salt = new byte[8];
+ SunJCE.RANDOM.nextBytes(salt);
+ }
+ PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
+ try {
+ params = AlgorithmParameters.getInstance("PBEWithMD5And" +
+ (algo.equalsIgnoreCase("DES")? "DES":"TripleDES"), "SunJCE");
+ } catch (NoSuchAlgorithmException nsae) {
+ // should never happen
+ throw new RuntimeException("SunJCE called, but not configured");
+ } catch (NoSuchProviderException nspe) {
+ // should never happen
+ throw new RuntimeException("SunJCE called, but not configured");
+ }
+ try {
+ params.init(pbeSpec);
+ } catch (InvalidParameterSpecException ipse) {
+ // should never happen
+ throw new RuntimeException("PBEParameterSpec not supported");
+ }
+ return params;
+ }
+
+ /**
+ * Initializes this cipher with a key, a set of
+ * algorithm parameters, and a source of randomness.
+ * The cipher is initialized for one of the following four operations:
+ * encryption, decryption, key wrapping or key unwrapping, depending on
+ * the value of <code>opmode</code>.
+ *
+ * <p>If this cipher (including its underlying feedback or padding scheme)
+ * requires any random bytes, it will get them from <code>random</code>.
+ *
+ * @param opmode the operation mode of this cipher (this is one of
+ * the following:
+ * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>),
+ * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
+ * @param key the encryption key
+ * @param params the algorithm parameters
+ * @param random the source of randomness
+ *
+ * @exception InvalidKeyException if the given key is inappropriate for
+ * initializing this cipher
+ * @exception InvalidAlgorithmParameterException if the given algorithm
+ * parameters are inappropriate for this cipher
+ */
+ void init(int opmode, Key key, AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ if (((opmode == Cipher.DECRYPT_MODE) ||
+ (opmode == Cipher.UNWRAP_MODE)) && (params == null)) {
+ throw new InvalidAlgorithmParameterException("Parameters "
+ + "missing");
+ }
+ if ((key == null) ||
+ (key.getEncoded() == null) ||
+ !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+ throw new InvalidKeyException("Missing password");
+ }
+
+ if (params == null) {
+ // create random salt and use default iteration count
+ salt = new byte[8];
+ random.nextBytes(salt);
+ } else {
+ if (!(params instanceof PBEParameterSpec)) {
+ throw new InvalidAlgorithmParameterException
+ ("Wrong parameter type: PBE expected");
+ }
+ salt = ((PBEParameterSpec) params).getSalt();
+ // salt must be 8 bytes long (by definition)
+ if (salt.length != 8) {
+ throw new InvalidAlgorithmParameterException
+ ("Salt must be 8 bytes long");
+ }
+ iCount = ((PBEParameterSpec) params).getIterationCount();
+ if (iCount <= 0) {
+ throw new InvalidAlgorithmParameterException
+ ("IterationCount must be a positive number");
+ }
+ }
+
+ byte[] derivedKey = deriveCipherKey(key);
+ // use all but the last 8 bytes as the key value
+ SecretKeySpec cipherKey = new SecretKeySpec(derivedKey, 0,
+ derivedKey.length-8, algo);
+ // use the last 8 bytes as the IV
+ IvParameterSpec ivSpec = new IvParameterSpec(derivedKey,
+ derivedKey.length-8,
+ 8);
+ // initialize the underlying cipher
+ cipher.init(opmode, cipherKey, ivSpec, random);
+ }
+
+ private byte[] deriveCipherKey(Key key) {
+
+ byte[] result = null;
+ byte[] passwdBytes = key.getEncoded();
+
+ if (algo.equals("DES")) {
+ // P || S (password concatenated with salt)
+ byte[] concat = new byte[passwdBytes.length + salt.length];
+ System.arraycopy(passwdBytes, 0, concat, 0, passwdBytes.length);
+ java.util.Arrays.fill(passwdBytes, (byte)0x00);
+ System.arraycopy(salt, 0, concat, passwdBytes.length, salt.length);
+
+ // digest P || S with c iterations
+ byte[] toBeHashed = concat;
+ for (int i = 0; i < iCount; i++) {
+ md.update(toBeHashed);
+ toBeHashed = md.digest(); // this resets the digest
+ }
+ java.util.Arrays.fill(concat, (byte)0x00);
+ result = toBeHashed;
+ } else if (algo.equals("DESede")) {
+ // if the 2 salt halves are the same, invert one of them
+ int i;
+ for (i=0; i<4; i++) {
+ if (salt[i] != salt[i+4])
+ break;
+ }
+ if (i==4) { // same, invert 1st half
+ for (i=0; i<2; i++) {
+ byte tmp = salt[i];
+ salt[i] = salt[3-i];
+ salt[3-1] = tmp;
+ }
+ }
+
+ // Now digest each half (concatenated with password). For each
+ // half, go through the loop as many times as specified by the
+ // iteration count parameter (inner for loop).
+ // Concatenate the output from each digest round with the
+ // password, and use the result as the input to the next digest
+ // operation.
+ byte[] kBytes = null;
+ IvParameterSpec iv = null;
+ byte[] toBeHashed = null;
+ result = new byte[DESedeKeySpec.DES_EDE_KEY_LEN +
+ DESConstants.DES_BLOCK_SIZE];
+ for (i = 0; i < 2; i++) {
+ toBeHashed = new byte[salt.length/2];
+ System.arraycopy(salt, i*(salt.length/2), toBeHashed, 0,
+ toBeHashed.length);
+ for (int j=0; j < iCount; j++) {
+ md.update(toBeHashed);
+ md.update(passwdBytes);
+ toBeHashed = md.digest(); // this resets the digest
+ }
+ System.arraycopy(toBeHashed, 0, result, i*16,
+ toBeHashed.length);
+ }
+ }
+ return result;
+ }
+
+ void init(int opmode, Key key, AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ PBEParameterSpec pbeSpec = null;
+ if (params != null) {
+ try {
+ pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
+ } catch (InvalidParameterSpecException ipse) {
+ throw new InvalidAlgorithmParameterException("Wrong parameter "
+ + "type: PBE "
+ + "expected");
+ }
+ }
+ init(opmode, key, pbeSpec, random);
+ }
+
+ /**
+ * Continues a multiple-part encryption or decryption operation
+ * (depending on how this cipher was initialized), processing another data
+ * part.
+ *
+ * <p>The first <code>inputLen</code> bytes in the <code>input</code>
+ * buffer, starting at <code>inputOffset</code>, are processed, and the
+ * result is stored in a new buffer.
+ *
+ * @param input the input buffer
+ * @param inputOffset the offset in <code>input</code> where the input
+ * starts
+ * @param inputLen the input length
+ *
+ * @return the new buffer with the result
+ *
+ */
+ byte[] update(byte[] input, int inputOffset, int inputLen) {
+ return cipher.update(input, inputOffset, inputLen);
+ }
+
+ /**
+ * Continues a multiple-part encryption or decryption operation
+ * (depending on how this cipher was initialized), processing another data
+ * part.
+ *
+ * <p>The first <code>inputLen</code> bytes in the <code>input</code>
+ * buffer, starting at <code>inputOffset</code>, are processed, and the
+ * result is stored in the <code>output</code> buffer, starting at
+ * <code>outputOffset</code>.
+ *
+ * @param input the input buffer
+ * @param inputOffset the offset in <code>input</code> where the input
+ * starts
+ * @param inputLen the input length
+ * @param output the buffer for the result
+ * @param outputOffset the offset in <code>output</code> where the result
+ * is stored
+ *
+ * @return the number of bytes stored in <code>output</code>
+ *
+ * @exception ShortBufferException if the given output buffer is too small
+ * to hold the result
+ */
+ int update(byte[] input, int inputOffset, int inputLen,
+ byte[] output, int outputOffset)
+ throws ShortBufferException {
+ return cipher.update(input, inputOffset, inputLen,
+ output, outputOffset);
+ }
+
+ /**
+ * Encrypts or decrypts data in a single-part operation,
+ * or finishes a multiple-part operation.
+ * The data is encrypted or decrypted, depending on how this cipher was
+ * initialized.
+ *
+ * <p>The first <code>inputLen</code> bytes in the <code>input</code>
+ * buffer, starting at <code>inputOffset</code>, and any input bytes that
+ * may have been buffered during a previous <code>update</code> operation,
+ * are processed, with padding (if requested) being applied.
+ * The result is stored in a new buffer.
+ *
+ * <p>The cipher is reset to its initial state (uninitialized) after this
+ * call.
+ *
+ * @param input the input buffer
+ * @param inputOffset the offset in <code>input</code> where the input
+ * starts
+ * @param inputLen the input length
+ *
+ * @return the new buffer with the result
+ *
+ * @exception IllegalBlockSizeException if this cipher is a block cipher,
+ * no padding has been requested (only in encryption mode), and the total
+ * input length of the data processed by this cipher is not a multiple of
+ * block size
+ * @exception BadPaddingException if decrypting and padding is choosen,
+ * but the last input data does not have proper padding bytes.
+ */
+ byte[] doFinal(byte[] input, int inputOffset, int inputLen)
+ throws IllegalBlockSizeException, BadPaddingException {
+ return cipher.doFinal(input, inputOffset, inputLen);
+ }
+
+ /**
+ * Encrypts or decrypts data in a single-part operation,
+ * or finishes a multiple-part operation.
+ * The data is encrypted or decrypted, depending on how this cipher was
+ * initialized.
+ *
+ * <p>The first <code>inputLen</code> bytes in the <code>input</code>
+ * buffer, starting at <code>inputOffset</code>, and any input bytes that
+ * may have been buffered during a previous <code>update</code> operation,
+ * are processed, with padding (if requested) being applied.
+ * The result is stored in the <code>output</code> buffer, starting at
+ * <code>outputOffset</code>.
+ *
+ * <p>The cipher is reset to its initial state (uninitialized) after this
+ * call.
+ *
+ * @param input the input buffer
+ * @param inputOffset the offset in <code>input</code> where the input
+ * starts
+ * @param inputLen the input length
+ * @param output the buffer for the result
+ * @param outputOffset the offset in <code>output</code> where the result
+ * is stored
+ *
+ * @return the number of bytes stored in <code>output</code>
+ *
+ * @exception IllegalBlockSizeException if this cipher is a block cipher,
+ * no padding has been requested (only in encryption mode), and the total
+ * input length of the data processed by this cipher is not a multiple of
+ * block size
+ * @exception ShortBufferException if the given output buffer is too small
+ * to hold the result
+ * @exception BadPaddingException if decrypting and padding is choosen,
+ * but the last input data does not have proper padding bytes.
+ */
+ int doFinal(byte[] input, int inputOffset, int inputLen,
+ byte[] output, int outputOffset)
+ throws ShortBufferException, IllegalBlockSizeException,
+ BadPaddingException {
+ return cipher.doFinal(input, inputOffset, inputLen,
+ output, outputOffset);
+ }
+
+ /**
+ * Wrap a key.
+ *
+ * @param key the key to be wrapped.
+ *
+ * @return the wrapped key.
+ *
+ * @exception IllegalBlockSizeException if this cipher is a block
+ * cipher, no padding has been requested, and the length of the
+ * encoding of the key to be wrapped is not a
+ * multiple of the block size.
+ *
+ * @exception InvalidKeyException if it is impossible or unsafe to
+ * wrap the key with this cipher (e.g., a hardware protected key is
+ * being passed to a software only cipher).
+ */
+ byte[] wrap(Key key)
+ throws IllegalBlockSizeException, InvalidKeyException {
+ byte[] result = null;
+
+ try {
+ byte[] encodedKey = key.getEncoded();
+ if ((encodedKey == null) || (encodedKey.length == 0)) {
+ throw new InvalidKeyException("Cannot get an encoding of " +
+ "the key to be wrapped");
+ }
+
+ result = doFinal(encodedKey, 0, encodedKey.length);
+ } catch (BadPaddingException e) {
+ // Should never happen
+ }
+
+ return result;
+ }
+
+ /**
+ * Unwrap a previously wrapped key.
+ *
+ * @param wrappedKey the key to be unwrapped.
+ *
+ * @param wrappedKeyAlgorithm the algorithm the wrapped key is for.
+ *
+ * @param wrappedKeyType the type of the wrapped key.
+ * This is one of <code>Cipher.SECRET_KEY</code>,
+ * <code>Cipher.PRIVATE_KEY</code>, or <code>Cipher.PUBLIC_KEY</code>.
+ *
+ * @return the unwrapped key.
+ *
+ * @exception NoSuchAlgorithmException if no installed providers
+ * can create keys of type <code>wrappedKeyType</code> for the
+ * <code>wrappedKeyAlgorithm</code>.
+ *
+ * @exception InvalidKeyException if <code>wrappedKey</code> does not
+ * represent a wrapped key of type <code>wrappedKeyType</code> for
+ * the <code>wrappedKeyAlgorithm</code>.
+ */
+ Key unwrap(byte[] wrappedKey,
+ String wrappedKeyAlgorithm,
+ int wrappedKeyType)
+ throws InvalidKeyException, NoSuchAlgorithmException {
+ byte[] encodedKey;
+ try {
+ encodedKey = doFinal(wrappedKey, 0, wrappedKey.length);
+ } catch (BadPaddingException ePadding) {
+ throw new InvalidKeyException("The wrapped key is not padded " +
+ "correctly");
+ } catch (IllegalBlockSizeException eBlockSize) {
+ throw new InvalidKeyException("The wrapped key does not have " +
+ "the correct length");
+ }
+ return ConstructKeys.constructKey(encodedKey, wrappedKeyAlgorithm,
+ wrappedKeyType);
+ }
+}
diff --git a/src/share/classes/com/sun/crypto/provider/PBES2Core.java b/src/share/classes/com/sun/crypto/provider/PBES2Core.java
new file mode 100644
index 0000000..4e5eb8e
--- /dev/null
+++ b/src/share/classes/com/sun/crypto/provider/PBES2Core.java
@@ -0,0 +1,421 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.io.UnsupportedEncodingException;
+import java.security.*;
+import java.security.spec.*;
+import javax.crypto.*;
+import javax.crypto.interfaces.*;
+import javax.crypto.spec.*;
+
+/**
+ * This class represents password-based encryption as defined by the PKCS #5
+ * standard.
+ * These algorithms implement PBE with HmacSHA1/HmacSHA2-family and AES-CBC.
+ * Padding is done as described in PKCS #5.
+ *
+ * @author Jan Luehe
+ *
+ *
+ * @see javax.crypto.Cipher
+ */
+abstract class PBES2Core extends CipherSpi {
+
+ private static final int DEFAULT_SALT_LENGTH = 20;
+ private static final int DEFAULT_COUNT = 4096;
+
+ // the encapsulated cipher
+ private final CipherCore cipher;
+ private final int keyLength; // in bits
+ private final int blkSize; // in bits
+ private final PBKDF2Core kdf;
+ private final String pbeAlgo;
+ private final String cipherAlgo;
+ private int iCount = DEFAULT_COUNT;
+ private byte[] salt = null;
+ private IvParameterSpec ivSpec = null;
+
+ /**
+ * Creates an instance of PBE Scheme 2 according to the selected
+ * password-based key derivation function and encryption scheme.
+ */
+ PBES2Core(String kdfAlgo, String cipherAlgo, int keySize)
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+
+ this.cipherAlgo = cipherAlgo;
+ keyLength = keySize * 8;
+ pbeAlgo = "PBEWith" + kdfAlgo + "And" + cipherAlgo + "_" + keyLength;
+
+ if (cipherAlgo.equals("AES")) {
+ blkSize = AESConstants.AES_BLOCK_SIZE;
+ cipher = new CipherCore(new AESCrypt(), blkSize);
+
+ switch(kdfAlgo) {
+ case "HmacSHA1":
+ kdf = new PBKDF2Core.HmacSHA1();
+ break;
+ case "HmacSHA224":
+ kdf = new PBKDF2Core.HmacSHA224();
+ break;
+ case "HmacSHA256":
+ kdf = new PBKDF2Core.HmacSHA256();
+ break;
+ case "HmacSHA384":
+ kdf = new PBKDF2Core.HmacSHA384();
+ break;
+ case "HmacSHA512":
+ kdf = new PBKDF2Core.HmacSHA512();
+ break;
+ default:
+ throw new NoSuchAlgorithmException(
+ "No Cipher implementation for " + kdfAlgo);
+ }
+ } else {
+ throw new NoSuchAlgorithmException("No Cipher implementation for " +
+ pbeAlgo);
+ }
+ cipher.setMode("CBC");
+ cipher.setPadding("PKCS5Padding");
+ }
+
+ protected void engineSetMode(String mode) throws NoSuchAlgorithmException {
+ if ((mode != null) && (!mode.equalsIgnoreCase("CBC"))) {
+ throw new NoSuchAlgorithmException("Invalid cipher mode: " + mode);
+ }
+ }
+
+ protected void engineSetPadding(String paddingScheme)
+ throws NoSuchPaddingException {
+ if ((paddingScheme != null) &&
+ (!paddingScheme.equalsIgnoreCase("PKCS5Padding"))) {
+ throw new NoSuchPaddingException("Invalid padding scheme: " +
+ paddingScheme);
+ }
+ }
+
+ protected int engineGetBlockSize() {
+ return blkSize;
+ }
+
+ protected int engineGetOutputSize(int inputLen) {
+ return cipher.getOutputSize(inputLen);
+ }
+
+ protected byte[] engineGetIV() {
+ return cipher.getIV();
+ }
+
+ protected AlgorithmParameters engineGetParameters() {
+ AlgorithmParameters params = null;
+ if (salt == null) {
+ // generate random salt and use default iteration count
+ salt = new byte[DEFAULT_SALT_LENGTH];
+ SunJCE.RANDOM.nextBytes(salt);
+ iCount = DEFAULT_COUNT;
+ }
+ if (ivSpec == null) {
+ // generate random IV
+ byte[] ivBytes = new byte[blkSize];
+ SunJCE.RANDOM.nextBytes(ivBytes);
+ ivSpec = new IvParameterSpec(ivBytes);
+ }
+ PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount, ivSpec);
+ try {
+ params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
+ } catch (NoSuchAlgorithmException nsae) {
+ // should never happen
+ throw new RuntimeException("SunJCE called, but not configured");
+ } catch (NoSuchProviderException nspe) {
+ // should never happen
+ throw new RuntimeException("SunJCE called, but not configured");
+ }
+ try {
+ params.init(pbeSpec);
+ } catch (InvalidParameterSpecException ipse) {
+ // should never happen
+ throw new RuntimeException("PBEParameterSpec not supported");
+ }
+ return params;
+ }
+
+ protected void engineInit(int opmode, Key key, SecureRandom random)
+ throws InvalidKeyException {
+ try {
+ engineInit(opmode, key, (AlgorithmParameterSpec) null, random);
+ } catch (InvalidAlgorithmParameterException ie) {
+ InvalidKeyException ike =
+ new InvalidKeyException("requires PBE parameters");
+ ike.initCause(ie);
+ throw ike;
+ }
+ }
+
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+
+ if ((key == null) ||
+ (key.getEncoded() == null) ||
+ !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+ throw new InvalidKeyException("Missing password");
+ }
+
+ // TBD: consolidate the salt, ic and IV parameter checks below
+
+ // Extract salt and iteration count from the key, if present
+ if (key instanceof javax.crypto.interfaces.PBEKey) {
+ salt = ((javax.crypto.interfaces.PBEKey)key).getSalt();
+ if (salt != null && salt.length < 8) {
+ throw new InvalidAlgorithmParameterException(
+ "Salt must be at least 8 bytes long");
+ }
+ iCount = ((javax.crypto.interfaces.PBEKey)key).getIterationCount();
+ if (iCount == 0) {
+ iCount = DEFAULT_COUNT;
+ } else if (iCount < 0) {
+ throw new InvalidAlgorithmParameterException(
+ "Iteration count must be a positive number");
+ }
+ }
+
+ // Extract salt, iteration count and IV from the params, if present
+ if (params == null) {
+ if (salt == null) {
+ // generate random salt and use default iteration count
+ salt = new byte[DEFAULT_SALT_LENGTH];
+ random.nextBytes(salt);
+ iCount = DEFAULT_COUNT;
+ }
+ if ((opmode == Cipher.ENCRYPT_MODE) ||
+ (opmode == Cipher.WRAP_MODE)) {
+ // generate random IV
+ byte[] ivBytes = new byte[blkSize];
+ random.nextBytes(ivBytes);
+ ivSpec = new IvParameterSpec(ivBytes);
+ }
+ } else {
+ if (!(params instanceof PBEParameterSpec)) {
+ throw new InvalidAlgorithmParameterException
+ ("Wrong parameter type: PBE expected");
+ }
+ // salt and iteration count from the params take precedence
+ byte[] specSalt = ((PBEParameterSpec) params).getSalt();
+ if (specSalt != null && specSalt.length < 8) {
+ throw new InvalidAlgorithmParameterException(
+ "Salt must be at least 8 bytes long");
+ }
+ salt = specSalt;
+ int specICount = ((PBEParameterSpec) params).getIterationCount();
+ if (specICount == 0) {
+ specICount = DEFAULT_COUNT;
+ } else if (specICount < 0) {
+ throw new InvalidAlgorithmParameterException(
+ "Iteration count must be a positive number");
+ }
+ iCount = specICount;
+
+ AlgorithmParameterSpec specParams =
+ ((PBEParameterSpec) params).getParameterSpec();
+ if (specParams != null) {
+ if (specParams instanceof IvParameterSpec) {
+ ivSpec = (IvParameterSpec)specParams;
+ } else {
+ throw new InvalidAlgorithmParameterException(
+ "Wrong parameter type: IV expected");
+ }
+ } else if ((opmode == Cipher.ENCRYPT_MODE) ||
+ (opmode == Cipher.WRAP_MODE)) {
+ // generate random IV
+ byte[] ivBytes = new byte[blkSize];
+ random.nextBytes(ivBytes);
+ ivSpec = new IvParameterSpec(ivBytes);
+ } else {
+ throw new InvalidAlgorithmParameterException(
+ "Missing parameter type: IV expected");
+ }
+ }
+
+ SecretKeySpec cipherKey = null;
+ byte[] derivedKey = null;
+ byte[] passwdBytes = key.getEncoded();
+ char[] passwdChars = new char[passwdBytes.length];
+
+ for (int i=0; i<passwdChars.length; i++)
+ passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
+
+ PBEKeySpec pbeSpec =
+ new PBEKeySpec(passwdChars, salt, iCount, blkSize * 8);
+ // password char[] was cloned in PBEKeySpec constructor,
+ // so we can zero it out here
+ java.util.Arrays.fill(passwdChars, ' ');
+ java.util.Arrays.fill(passwdBytes, (byte)0x00);
+
+ SecretKey s = null;
+
+ try {
+ s = kdf.engineGenerateSecret(pbeSpec);
+
+ } catch (InvalidKeySpecException ikse) {
+ InvalidKeyException ike =
+ new InvalidKeyException("Cannot construct PBE key");
+ ike.initCause(ikse);
+ throw ike;
+ }
+ derivedKey = s.getEncoded();
+ cipherKey = new SecretKeySpec(derivedKey, cipherAlgo);
+
+ // initialize the underlying cipher
+ cipher.init(opmode, cipherKey, ivSpec, random);
+ }
+
+ protected void engineInit(int opmode, Key key, AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ AlgorithmParameterSpec pbeSpec = null;
+ if (params != null) {
+ try {
+ pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
+ } catch (InvalidParameterSpecException ipse) {
+ throw new InvalidAlgorithmParameterException(
+ "Wrong parameter type: PBE expected");
+ }
+ }
+ engineInit(opmode, key, pbeSpec, random);
+ }
+
+ protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) {
+ return cipher.update(input, inputOffset, inputLen);
+ }
+
+ protected int engineUpdate(byte[] input, int inputOffset, int inputLen,
+ byte[] output, int outputOffset)
+ throws ShortBufferException {
+ return cipher.update(input, inputOffset, inputLen,
+ output, outputOffset);
+ }
+
+ protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
+ throws IllegalBlockSizeException, BadPaddingException {
+ return cipher.doFinal(input, inputOffset, inputLen);
+ }
+
+ protected int engineDoFinal(byte[] input, int inputOffset, int inputLen,
+ byte[] output, int outputOffset)
+ throws ShortBufferException, IllegalBlockSizeException,
+ BadPaddingException {
+ return cipher.doFinal(input, inputOffset, inputLen,
+ output, outputOffset);
+ }
+
+ protected int engineGetKeySize(Key key) throws InvalidKeyException {
+ return keyLength;
+ }
+
+ protected byte[] engineWrap(Key key)
+ throws IllegalBlockSizeException, InvalidKeyException {
+ return cipher.wrap(key);
+ }
+
+ protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm,
+ int wrappedKeyType)
+ throws InvalidKeyException, NoSuchAlgorithmException {
+ byte[] encodedKey;
+ return cipher.unwrap(wrappedKey, wrappedKeyAlgorithm,
+ wrappedKeyType);
+ }
+
+ public static final class HmacSHA1AndAES_128 extends PBES2Core {
+ public HmacSHA1AndAES_128()
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ super("HmacSHA1", "AES", 16);
+ }
+ }
+
+ public static final class HmacSHA224AndAES_128 extends PBES2Core {
+ public HmacSHA224AndAES_128()
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ super("HmacSHA224", "AES", 16);
+ }
+ }
+
+ public static final class HmacSHA256AndAES_128 extends PBES2Core {
+ public HmacSHA256AndAES_128()
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ super("HmacSHA256", "AES", 16);
+ }
+ }
+
+ public static final class HmacSHA384AndAES_128 extends PBES2Core {
+ public HmacSHA384AndAES_128()
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ super("HmacSHA384", "AES", 16);
+ }
+ }
+
+ public static final class HmacSHA512AndAES_128 extends PBES2Core {
+ public HmacSHA512AndAES_128()
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ super("HmacSHA512", "AES", 16);
+ }
+ }
+
+ public static final class HmacSHA1AndAES_256 extends PBES2Core {
+ public HmacSHA1AndAES_256()
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ super("HmacSHA1", "AES", 32);
+ }
+ }
+
+ public static final class HmacSHA224AndAES_256 extends PBES2Core {
+ public HmacSHA224AndAES_256()
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ super("HmacSHA224", "AES", 32);
+ }
+ }
+
+ public static final class HmacSHA256AndAES_256 extends PBES2Core {
+ public HmacSHA256AndAES_256()
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ super("HmacSHA256", "AES", 32);
+ }
+ }
+
+ public static final class HmacSHA384AndAES_256 extends PBES2Core {
+ public HmacSHA384AndAES_256()
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ super("HmacSHA384", "AES", 32);
+ }
+ }
+
+ public static final class HmacSHA512AndAES_256 extends PBES2Core {
+ public HmacSHA512AndAES_256()
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ super("HmacSHA512", "AES", 32);
+ }
+ }
+}
diff --git a/src/share/classes/com/sun/crypto/provider/PBES2Parameters.java b/src/share/classes/com/sun/crypto/provider/PBES2Parameters.java
new file mode 100644
index 0000000..fd6abe3
--- /dev/null
+++ b/src/share/classes/com/sun/crypto/provider/PBES2Parameters.java
@@ -0,0 +1,522 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.io.*;
+import java.math.BigInteger;
+import java.security.NoSuchAlgorithmException;
+import java.security.AlgorithmParametersSpi;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.PBEParameterSpec;
+import sun.misc.HexDumpEncoder;
+import sun.security.util.*;
+
+/**
+ * This class implements the parameter set used with password-based
+ * encryption scheme 2 (PBES2), which is defined in PKCS#5 as follows:
+ *
+ * <pre>
+ * -- PBES2
+ *
+ * PBES2Algorithms ALGORITHM-IDENTIFIER ::=
+ * { {PBES2-params IDENTIFIED BY id-PBES2}, ...}
+ *
+ * id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
+ *
+ * PBES2-params ::= SEQUENCE {
+ * keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
+ * encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }
+ *
+ * PBES2-KDFs ALGORITHM-IDENTIFIER ::=
+ * { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
+ *
+ * PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
+ *
+ * -- PBKDF2
+ *
+ * PBKDF2Algorithms ALGORITHM-IDENTIFIER ::=
+ * { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...}
+ *
+ * id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
+ *
+ * PBKDF2-params ::= SEQUENCE {
+ * salt CHOICE {
+ * specified OCTET STRING,
+ * otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
+ * },
+ * iterationCount INTEGER (1..MAX),
+ * keyLength INTEGER (1..MAX) OPTIONAL,
+ * prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
+ * }
+ *
+ * PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }
+ *
+ * PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= {
+ * {NULL IDENTIFIED BY id-hmacWithSHA1} |
+ * {NULL IDENTIFIED BY id-hmacWithSHA224} |
+ * {NULL IDENTIFIED BY id-hmacWithSHA256} |
+ * {NULL IDENTIFIED BY id-hmacWithSHA384} |
+ * {NULL IDENTIFIED BY id-hmacWithSHA512}, ... }
+ *
+ * algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::=
+ * {algorithm id-hmacWithSHA1, parameters NULL : NULL}
+ *
+ * id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7}
+ *
+ * PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
+ *
+ * </pre>
+ */
+
+abstract class PBES2Parameters extends AlgorithmParametersSpi {
+
+ private static final int pkcs5PBKDF2[] =
+ {1, 2, 840, 113549, 1, 5, 12};
+ private static final int pkcs5PBES2[] =
+ {1, 2, 840, 113549, 1, 5, 13};
+ private static final int hmacWithSHA1[] =
+ {1, 2, 840, 113549, 2, 7};
+ private static final int hmacWithSHA224[] =
+ {1, 2, 840, 113549, 2, 8};
+ private static final int hmacWithSHA256[] =
+ {1, 2, 840, 113549, 2, 9};
+ private static final int hmacWithSHA384[] =
+ {1, 2, 840, 113549, 2, 10};
+ private static final int hmacWithSHA512[] =
+ {1, 2, 840, 113549, 2, 11};
+ private static final int aes128CBC[] =
+ {2, 16, 840, 1, 101, 3, 4, 1, 2};
+ private static final int aes192CBC[] =
+ {2, 16, 840, 1, 101, 3, 4, 1, 22};
+ private static final int aes256CBC[] =
+ {2, 16, 840, 1, 101, 3, 4, 1, 42};
+
+ private static ObjectIdentifier pkcs5PBKDF2_OID;
+ private static ObjectIdentifier pkcs5PBES2_OID;
+ private static ObjectIdentifier hmacWithSHA1_OID;
+ private static ObjectIdentifier hmacWithSHA224_OID;
+ private static ObjectIdentifier hmacWithSHA256_OID;
+ private static ObjectIdentifier hmacWithSHA384_OID;
+ private static ObjectIdentifier hmacWithSHA512_OID;
+ private static ObjectIdentifier aes128CBC_OID;
+ private static ObjectIdentifier aes192CBC_OID;
+ private static ObjectIdentifier aes256CBC_OID;
+
+ static {
+ try {
+ pkcs5PBKDF2_OID = new ObjectIdentifier(pkcs5PBKDF2);
+ pkcs5PBES2_OID = new ObjectIdentifier(pkcs5PBES2);
+ hmacWithSHA1_OID = new ObjectIdentifier(hmacWithSHA1);
+ hmacWithSHA224_OID = new ObjectIdentifier(hmacWithSHA224);
+ hmacWithSHA256_OID = new ObjectIdentifier(hmacWithSHA256);
+ hmacWithSHA384_OID = new ObjectIdentifier(hmacWithSHA384);
+ hmacWithSHA512_OID = new ObjectIdentifier(hmacWithSHA512);
+ aes128CBC_OID = new ObjectIdentifier(aes128CBC);
+ aes192CBC_OID = new ObjectIdentifier(aes192CBC);
+ aes256CBC_OID = new ObjectIdentifier(aes256CBC);
+ } catch (IOException ioe) {
+ // should not happen
+ }
+ }
+
+ // the PBES2 algorithm name
+ private String pbes2AlgorithmName = null;
+
+ // the salt
+ private byte[] salt = null;
+
+ // the iteration count
+ private int iCount = 0;
+
+ // the cipher parameter
+ private AlgorithmParameterSpec cipherParam = null;
+
+ // the key derivation function (default is HmacSHA1)
+ private ObjectIdentifier kdfAlgo_OID = hmacWithSHA1_OID;
+
+ // the encryption function
+ private ObjectIdentifier cipherAlgo_OID = null;
+
+ // the cipher keysize (in bits)
+ private int keysize = -1;
+
+ PBES2Parameters() {
+ // KDF, encryption & keysize values are set later, in engineInit(byte[])
+ }
+
+ PBES2Parameters(String pbes2AlgorithmName) throws NoSuchAlgorithmException {
+ int and;
+ String kdfAlgo = null;
+ String cipherAlgo = null;
+
+ // Extract the KDF and encryption algorithm names
+ this.pbes2AlgorithmName = pbes2AlgorithmName;
+ if (pbes2AlgorithmName.startsWith("PBEWith") &&
+ (and = pbes2AlgorithmName.indexOf("And", 7 + 1)) > 0) {
+ kdfAlgo = pbes2AlgorithmName.substring(7, and);
+ cipherAlgo = pbes2AlgorithmName.substring(and + 3);
+
+ // Check for keysize
+ int underscore;
+ if ((underscore = cipherAlgo.indexOf('_')) > 0) {
+ int slash;
+ if ((slash = cipherAlgo.indexOf('/', underscore + 1)) > 0) {
+ keysize =
+ Integer.parseInt(cipherAlgo.substring(underscore + 1,
+ slash));
+ } else {
+ keysize =
+ Integer.parseInt(cipherAlgo.substring(underscore + 1));
+ }
+ cipherAlgo = cipherAlgo.substring(0, underscore);
+ }
+ } else {
+ throw new NoSuchAlgorithmException("No crypto implementation for " +
+ pbes2AlgorithmName);
+ }
+
+ switch (kdfAlgo) {
+ case "HmacSHA1":
+ kdfAlgo_OID = hmacWithSHA1_OID;
+ break;
+ case "HmacSHA224":
+ kdfAlgo_OID = hmacWithSHA224_OID;
+ break;
+ case "HmacSHA256":
+ kdfAlgo_OID = hmacWithSHA256_OID;
+ break;
+ case "HmacSHA384":
+ kdfAlgo_OID = hmacWithSHA384_OID;
+ break;
+ case "HmacSHA512":
+ kdfAlgo_OID = hmacWithSHA512_OID;
+ break;
+ default:
+ throw new NoSuchAlgorithmException(
+ "No crypto implementation for " + kdfAlgo);
+ }
+
+ if (cipherAlgo.equals("AES")) {
+ this.keysize = keysize;
+ switch (keysize) {
+ case 128:
+ cipherAlgo_OID = aes128CBC_OID;
+ break;
+ case 256:
+ cipherAlgo_OID = aes256CBC_OID;
+ break;
+ default:
+ throw new NoSuchAlgorithmException(
+ "No Cipher implementation for " + keysize + "-bit " +
+ cipherAlgo);
+ }
+ } else {
+ throw new NoSuchAlgorithmException("No Cipher implementation for " +
+ cipherAlgo);
+ }
+ }
+
+ protected void engineInit(AlgorithmParameterSpec paramSpec)
+ throws InvalidParameterSpecException
+ {
+ if (!(paramSpec instanceof PBEParameterSpec)) {
+ throw new InvalidParameterSpecException
+ ("Inappropriate parameter specification");
+ }
+ this.salt = ((PBEParameterSpec)paramSpec).getSalt().clone();
+ this.iCount = ((PBEParameterSpec)paramSpec).getIterationCount();
+ this.cipherParam = ((PBEParameterSpec)paramSpec).getParameterSpec();
+ }
+
+ protected void engineInit(byte[] encoded)
+ throws IOException
+ {
+ String kdfAlgo = null;
+ String cipherAlgo = null;
+
+ DerValue pBES2Algorithms = new DerValue(encoded);
+ if (pBES2Algorithms.tag != DerValue.tag_Sequence) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 SEQUENCE tag");
+ }
+ if (!pkcs5PBES2_OID.equals(pBES2Algorithms.data.getOID())) {
+ throw new IOException("PBE parameter parsing error: "
+ + "expecting the object identifier for PBES2");
+ }
+ if (pBES2Algorithms.tag != DerValue.tag_Sequence) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 SEQUENCE tag");
+ }
+
+ DerValue pBES2_params = pBES2Algorithms.data.getDerValue();
+ if (pBES2_params.tag != DerValue.tag_Sequence) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 SEQUENCE tag");
+ }
+ kdfAlgo = parseKDF(pBES2_params.data.getDerValue());
+
+ if (pBES2_params.tag != DerValue.tag_Sequence) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 SEQUENCE tag");
+ }
+ cipherAlgo = parseES(pBES2_params.data.getDerValue());
+
+ pbes2AlgorithmName = new StringBuilder().append("PBEWith")
+ .append(kdfAlgo).append("And").append(cipherAlgo).toString();
+ }
+
+ private String parseKDF(DerValue keyDerivationFunc) throws IOException {
+ String kdfAlgo = null;
+
+ if (!pkcs5PBKDF2_OID.equals(keyDerivationFunc.data.getOID())) {
+ throw new IOException("PBE parameter parsing error: "
+ + "expecting the object identifier for PBKDF2");
+ }
+ if (keyDerivationFunc.tag != DerValue.tag_Sequence) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 SEQUENCE tag");
+ }
+ DerValue pBKDF2_params = keyDerivationFunc.data.getDerValue();
+ if (pBKDF2_params.tag != DerValue.tag_Sequence) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 SEQUENCE tag");
+ }
+ DerValue specified = pBKDF2_params.data.getDerValue();
+ // the 'specified' ASN.1 CHOICE for 'salt' is supported
+ if (specified.tag == DerValue.tag_OctetString) {
+ salt = specified.getOctetString();
+ } else {
+ // the 'otherSource' ASN.1 CHOICE for 'salt' is not supported
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 OCTET STRING tag");
+ }
+ iCount = pBKDF2_params.data.getInteger();
+ DerValue keyLength = pBKDF2_params.data.getDerValue();
+ if (keyLength.tag == DerValue.tag_Integer) {
+ keysize = keyLength.getInteger() * 8; // keysize (in bits)
+ }
+ if (pBKDF2_params.tag == DerValue.tag_Sequence) {
+ DerValue prf = pBKDF2_params.data.getDerValue();
+ kdfAlgo_OID = prf.data.getOID();
+ if (hmacWithSHA1_OID.equals(kdfAlgo_OID)) {
+ kdfAlgo = "HmacSHA1";
+ } else if (hmacWithSHA224_OID.equals(kdfAlgo_OID)) {
+ kdfAlgo = "HmacSHA224";
+ } else if (hmacWithSHA256_OID.equals(kdfAlgo_OID)) {
+ kdfAlgo = "HmacSHA256";
+ } else if (hmacWithSHA384_OID.equals(kdfAlgo_OID)) {
+ kdfAlgo = "HmacSHA384";
+ } else if (hmacWithSHA512_OID.equals(kdfAlgo_OID)) {
+ kdfAlgo = "HmacSHA512";
+ } else {
+ throw new IOException("PBE parameter parsing error: "
+ + "expecting the object identifier for a HmacSHA key "
+ + "derivation function");
+ }
+ if (prf.data.available() != 0) {
+ // parameter is 'NULL' for all HmacSHA KDFs
+ DerValue parameter = prf.data.getDerValue();
+ if (parameter.tag != DerValue.tag_Null) {
+ throw new IOException("PBE parameter parsing error: "
+ + "not an ASN.1 NULL tag");
+ }
+ }
+ }
+
+ return kdfAlgo;
+ }
+
+ private String parseES(DerValue encryptionScheme) throws IOException {
+ String cipherAlgo = null;
+
+ cipherAlgo_OID = encryptionScheme.data.getOID();
+ if (aes128CBC_OID.equals(cipherAlgo_OID)) {
+ cipherAlgo = "AES_128";
+ // parameter is AES-IV 'OCTET STRING (SIZE(16))'
+ cipherParam =
+ new IvParameterSpec(encryptionScheme.data.getOctetString());
+ keysize = 128;
+ } else if (aes256CBC_OID.equals(cipherAlgo_OID)) {
+ cipherAlgo = "AES_256";
+ // parameter is AES-IV 'OCTET STRING (SIZE(16))'
+ cipherParam =
+ new IvParameterSpec(encryptionScheme.data.getOctetString());
+ keysize = 256;
+ } else {
+ throw new IOException("PBE parameter parsing error: "
+ + "expecting the object identifier for AES cipher");
+ }
+
+ return cipherAlgo;
+ }
+
+ protected void engineInit(byte[] encoded, String decodingMethod)
+ throws IOException
+ {
+ engineInit(encoded);
+ }
+
+ protected <T extends AlgorithmParameterSpec>
+ T engineGetParameterSpec(Class<T> paramSpec)
+ throws InvalidParameterSpecException
+ {
+ if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
+ return paramSpec.cast(
+ new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
+ } else {
+ throw new InvalidParameterSpecException
+ ("Inappropriate parameter specification");
+ }
+ }
+
+ protected byte[] engineGetEncoded() throws IOException {
+ DerOutputStream out = new DerOutputStream();
+ DerOutputStream pBES2Algorithms = new DerOutputStream();
+ pBES2Algorithms.putOID(pkcs5PBES2_OID);
+
+ DerOutputStream pBES2_params = new DerOutputStream();
+
+ DerOutputStream keyDerivationFunc = new DerOutputStream();
+ keyDerivationFunc.putOID(pkcs5PBKDF2_OID);
+
+ DerOutputStream pBKDF2_params = new DerOutputStream();
+ pBKDF2_params.putOctetString(salt); // choice: 'specified OCTET STRING'
+ pBKDF2_params.putInteger(iCount);
+ pBKDF2_params.putInteger(keysize / 8); // derived key length (in octets)
+
+ DerOutputStream prf = new DerOutputStream();
+ // algorithm is id-hmacWithSHA1/SHA224/SHA256/SHA384/SHA512
+ prf.putOID(kdfAlgo_OID);
+ // parameters is 'NULL'
+ prf.putNull();
+ pBKDF2_params.write(DerValue.tag_Sequence, prf);
+
+ keyDerivationFunc.write(DerValue.tag_Sequence, pBKDF2_params);
+ pBES2_params.write(DerValue.tag_Sequence, keyDerivationFunc);
+
+ DerOutputStream encryptionScheme = new DerOutputStream();
+ // algorithm is id-aes128-CBC or id-aes256-CBC
+ encryptionScheme.putOID(cipherAlgo_OID);
+ // parameters is 'AES-IV ::= OCTET STRING (SIZE(16))'
+ if (cipherParam != null && cipherParam instanceof IvParameterSpec) {
+ encryptionScheme.putOctetString(
+ ((IvParameterSpec)cipherParam).getIV());
+ } else {
+ throw new IOException("Wrong parameter type: IV expected");
+ }
+ pBES2_params.write(DerValue.tag_Sequence, encryptionScheme);
+
+ pBES2Algorithms.write(DerValue.tag_Sequence, pBES2_params);
+ out.write(DerValue.tag_Sequence, pBES2Algorithms);
+
+ return out.toByteArray();
+ }
+
+ protected byte[] engineGetEncoded(String encodingMethod)
+ throws IOException
+ {
+ return engineGetEncoded();
+ }
+
+ /*
+ * Returns a formatted string describing the parameters.
+ *
+ * The algorithn name pattern is: "PBEWith<prf>And<encryption>"
+ * where <prf> is one of: HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384,
+ * or HmacSHA512, and <encryption> is AES with a keysize suffix.
+ */
+ protected String engineToString() {
+ return pbes2AlgorithmName;
+ }
+
+ public static final class General extends PBES2Parameters {
+ public General() throws NoSuchAlgorithmException {
+ super();
+ }
+ }
+
+ public static final class HmacSHA1AndAES_128 extends PBES2Parameters {
+ public HmacSHA1AndAES_128() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA1AndAES_128");
+ }
+ }
+
+ public static final class HmacSHA224AndAES_128 extends PBES2Parameters {
+ public HmacSHA224AndAES_128() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA224AndAES_128");
+ }
+ }
+
+ public static final class HmacSHA256AndAES_128 extends PBES2Parameters {
+ public HmacSHA256AndAES_128() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA256AndAES_128");
+ }
+ }
+
+ public static final class HmacSHA384AndAES_128 extends PBES2Parameters {
+ public HmacSHA384AndAES_128() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA384AndAES_128");
+ }
+ }
+
+ public static final class HmacSHA512AndAES_128 extends PBES2Parameters {
+ public HmacSHA512AndAES_128() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA512AndAES_128");
+ }
+ }
+
+ public static final class HmacSHA1AndAES_256 extends PBES2Parameters {
+ public HmacSHA1AndAES_256() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA1AndAES_256");
+ }
+ }
+
+ public static final class HmacSHA224AndAES_256 extends PBES2Parameters {
+ public HmacSHA224AndAES_256() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA224AndAES_256");
+ }
+ }
+
+ public static final class HmacSHA256AndAES_256 extends PBES2Parameters {
+ public HmacSHA256AndAES_256() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA256AndAES_256");
+ }
+ }
+
+ public static final class HmacSHA384AndAES_256 extends PBES2Parameters {
+ public HmacSHA384AndAES_256() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA384AndAES_256");
+ }
+ }
+
+ public static final class HmacSHA512AndAES_256 extends PBES2Parameters {
+ public HmacSHA512AndAES_256() throws NoSuchAlgorithmException {
+ super("PBEWithHmacSHA512AndAES_256");
+ }
+ }
+}
diff --git a/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java b/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java
index 66ed95b..d448f27 100644
--- a/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java
+++ b/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndDESCipher.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@
public final class PBEWithMD5AndDESCipher extends CipherSpi {
// the encapsulated DES cipher
- private PBECipherCore core;
+ private PBES1Core core;
/**
* Creates an instance of this cipher, and initializes its mode (CBC) and
@@ -58,7 +58,7 @@
*/
public PBEWithMD5AndDESCipher()
throws NoSuchAlgorithmException, NoSuchPaddingException {
- core = new PBECipherCore("DES");
+ core = new PBES1Core("DES");
}
/**
diff --git a/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java b/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java
index 4427984..d6216a8 100644
--- a/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java
+++ b/src/share/classes/com/sun/crypto/provider/PBEWithMD5AndTripleDESCipher.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -55,7 +55,7 @@
*/
public final class PBEWithMD5AndTripleDESCipher extends CipherSpi {
- private PBECipherCore core;
+ private PBES1Core core;
/**
* Creates an instance of this cipher, and initializes its mode (CBC) and
@@ -70,7 +70,7 @@
throws NoSuchAlgorithmException, NoSuchPaddingException
{
// set the encapsulated cipher to do triple DES
- core = new PBECipherCore("DESede");
+ core = new PBES1Core("DESede");
}
/**
diff --git a/src/share/classes/com/sun/crypto/provider/PBKDF2Core.java b/src/share/classes/com/sun/crypto/provider/PBKDF2Core.java
new file mode 100644
index 0000000..c8e8608
--- /dev/null
+++ b/src/share/classes/com/sun/crypto/provider/PBKDF2Core.java
@@ -0,0 +1,182 @@
+/*
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.security.InvalidKeyException;
+import java.security.spec.KeySpec;
+import java.security.spec.InvalidKeySpecException;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactorySpi;
+import javax.crypto.spec.PBEKeySpec;
+
+/**
+ * This class implements a key factory for PBE keys derived using
+ * PBKDF2 with HmacSHA1/HmacSHA224/HmacSHA256/HmacSHA384/HmacSHA512
+ * pseudo random function (PRF) as defined in PKCS#5 v2.1.
+ *
+ * @author Valerie Peng
+ *
+ */
+abstract class PBKDF2Core extends SecretKeyFactorySpi {
+
+ private final String prfAlgo;
+
+ PBKDF2Core(String prfAlgo) {
+ this.prfAlgo = prfAlgo;
+ }
+
+ /**
+ * Generates a <code>SecretKey</code> object from the provided key
+ * specification (key material).
+ *
+ * @param keySpec the specification (key material) of the secret key
+ *
+ * @return the secret key
+ *
+ * @exception InvalidKeySpecException if the given key specification
+ * is inappropriate for this key factory to produce a public key.
+ */
+ protected SecretKey engineGenerateSecret(KeySpec keySpec)
+ throws InvalidKeySpecException
+ {
+ if (!(keySpec instanceof PBEKeySpec)) {
+ throw new InvalidKeySpecException("Invalid key spec");
+ }
+ PBEKeySpec ks = (PBEKeySpec) keySpec;
+ return new PBKDF2KeyImpl(ks, prfAlgo);
+ }
+
+ /**
+ * Returns a specification (key material) of the given key
+ * in the requested format.
+ *
+ * @param key the key
+ *
+ * @param keySpec the requested format in which the key material shall be
+ * returned
+ *
+ * @return the underlying key specification (key material) in the
+ * requested format
+ *
+ * @exception InvalidKeySpecException if the requested key
+ * specification is inappropriate for the given key, or the
+ * given key cannot be processed (e.g., the given key has an
+ * unrecognized algorithm or format).
+ */
+ protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl)
+ throws InvalidKeySpecException {
+ if (key instanceof javax.crypto.interfaces.PBEKey) {
+ // Check if requested key spec is amongst the valid ones
+ if ((keySpecCl != null)
+ && PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
+ javax.crypto.interfaces.PBEKey pKey =
+ (javax.crypto.interfaces.PBEKey) key;
+ return new PBEKeySpec
+ (pKey.getPassword(), pKey.getSalt(),
+ pKey.getIterationCount(), pKey.getEncoded().length*8);
+ } else {
+ throw new InvalidKeySpecException("Invalid key spec");
+ }
+ } else {
+ throw new InvalidKeySpecException("Invalid key " +
+ "format/algorithm");
+ }
+ }
+
+ /**
+ * Translates a <code>SecretKey</code> object, whose provider may be
+ * unknown or potentially untrusted, into a corresponding
+ * <code>SecretKey</code> object of this key factory.
+ *
+ * @param key the key whose provider is unknown or untrusted
+ *
+ * @return the translated key
+ *
+ * @exception InvalidKeyException if the given key cannot be processed by
+ * this key factory.
+ */
+ protected SecretKey engineTranslateKey(SecretKey key)
+ throws InvalidKeyException {
+ if ((key != null) &&
+ (key.getAlgorithm().equalsIgnoreCase("PBKDF2With" + prfAlgo)) &&
+ (key.getFormat().equalsIgnoreCase("RAW"))) {
+
+ // Check if key originates from this factory
+ if (key instanceof com.sun.crypto.provider.PBKDF2KeyImpl) {
+ return key;
+ }
+ // Check if key implements the PBEKey
+ if (key instanceof javax.crypto.interfaces.PBEKey) {
+ javax.crypto.interfaces.PBEKey pKey =
+ (javax.crypto.interfaces.PBEKey) key;
+ try {
+ PBEKeySpec spec =
+ new PBEKeySpec(pKey.getPassword(),
+ pKey.getSalt(),
+ pKey.getIterationCount(),
+ pKey.getEncoded().length*8);
+ return new PBKDF2KeyImpl(spec, prfAlgo);
+ } catch (InvalidKeySpecException re) {
+ InvalidKeyException ike = new InvalidKeyException
+ ("Invalid key component(s)");
+ ike.initCause(re);
+ throw ike;
+ }
+ }
+ }
+ throw new InvalidKeyException("Invalid key format/algorithm");
+ }
+
+ public static final class HmacSHA1 extends PBKDF2Core {
+ public HmacSHA1() {
+ super("HmacSHA1");
+ }
+ }
+
+ public static final class HmacSHA224 extends PBKDF2Core {
+ public HmacSHA224() {
+ super("HmacSHA224");
+ }
+ }
+
+ public static final class HmacSHA256 extends PBKDF2Core {
+ public HmacSHA256() {
+ super("HmacSHA256");
+ }
+ }
+
+ public static final class HmacSHA384 extends PBKDF2Core {
+ public HmacSHA384() {
+ super("HmacSHA384");
+ }
+ }
+
+ public static final class HmacSHA512 extends PBKDF2Core {
+ public HmacSHA512() {
+ super("HmacSHA512");
+ }
+ }
+}
diff --git a/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java b/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java
new file mode 100644
index 0000000..fef4eda
--- /dev/null
+++ b/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java
@@ -0,0 +1,216 @@
+/*
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.crypto.provider;
+
+import java.util.Arrays;
+import java.nio.ByteBuffer;
+
+import javax.crypto.MacSpi;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+import java.security.*;
+import java.security.spec.*;
+
+/**
+ * This is an implementation of the PBMAC1 algorithms as defined
+ * in PKCS#5 v2.1 standard.
+ */
+abstract class PBMAC1Core extends HmacCore {
+
+ private static final int DEFAULT_SALT_LENGTH = 20;
+ private static final int DEFAULT_COUNT = 4096;
+
+ private final String kdfAlgo;
+ private final String hashAlgo;
+ private final PBKDF2Core kdf;
+ private final int blockLength; // in octets
+
+ /**
+ * Creates an instance of PBMAC1 according to the selected
+ * password-based key derivation function.
+ */
+ PBMAC1Core(String kdfAlgo, String hashAlgo, int blockLength)
+ throws NoSuchAlgorithmException {
+
+ super(hashAlgo, blockLength);
+ this.kdfAlgo = kdfAlgo;
+ this.hashAlgo = hashAlgo;
+ this.blockLength = blockLength;
+
+ switch(kdfAlgo) {
+ case "HmacSHA1":
+ kdf = new PBKDF2Core.HmacSHA1();
+ break;
+ case "HmacSHA224":
+ kdf = new PBKDF2Core.HmacSHA224();
+ break;
+ case "HmacSHA256":
+ kdf = new PBKDF2Core.HmacSHA256();
+ break;
+ case "HmacSHA384":
+ kdf = new PBKDF2Core.HmacSHA384();
+ break;
+ case "HmacSHA512":
+ kdf = new PBKDF2Core.HmacSHA512();
+ break;
+ default:
+ throw new NoSuchAlgorithmException(
+ "No MAC implementation for " + kdfAlgo);
+ }
+ }
+
+ /**
+ * Initializes the HMAC with the given secret key and algorithm parameters.
+ *
+ * @param key the secret key.
+ * @param params the algorithm parameters.
+ *
+ * @exception InvalidKeyException if the given key is inappropriate for
+ * initializing this MAC.
+ * @exception InvalidAlgorithmParameterException if the given algorithm
+ * parameters are inappropriate for this MAC.
+ */
+ protected void engineInit(Key key, AlgorithmParameterSpec params)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ char[] passwdChars;
+ byte[] salt = null;
+ int iCount = 0;
+ if (key instanceof javax.crypto.interfaces.PBEKey) {
+ javax.crypto.interfaces.PBEKey pbeKey =
+ (javax.crypto.interfaces.PBEKey) key;
+ passwdChars = pbeKey.getPassword();
+ salt = pbeKey.getSalt(); // maybe null if unspecified
+ iCount = pbeKey.getIterationCount(); // maybe 0 if unspecified
+ } else if (key instanceof SecretKey) {
+ byte[] passwdBytes = key.getEncoded();
+ if ((passwdBytes == null) ||
+ !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3))) {
+ throw new InvalidKeyException("Missing password");
+ }
+ passwdChars = new char[passwdBytes.length];
+ for (int i=0; i<passwdChars.length; i++) {
+ passwdChars[i] = (char) (passwdBytes[i] & 0x7f);
+ }
+ } else {
+ throw new InvalidKeyException("SecretKey of PBE type required");
+ }
+ if (params == null) {
+ // generate default for salt and iteration count if necessary
+ if (salt == null) {
+ salt = new byte[DEFAULT_SALT_LENGTH];
+ SunJCE.RANDOM.nextBytes(salt);
+ }
+ if (iCount == 0) iCount = DEFAULT_COUNT;
+ } else if (!(params instanceof PBEParameterSpec)) {
+ throw new InvalidAlgorithmParameterException
+ ("PBEParameterSpec type required");
+ } else {
+ PBEParameterSpec pbeParams = (PBEParameterSpec) params;
+ // make sure the parameter values are consistent
+ if (salt != null) {
+ if (!Arrays.equals(salt, pbeParams.getSalt())) {
+ throw new InvalidAlgorithmParameterException
+ ("Inconsistent value of salt between key and params");
+ }
+ } else {
+ salt = pbeParams.getSalt();
+ }
+ if (iCount != 0) {
+ if (iCount != pbeParams.getIterationCount()) {
+ throw new InvalidAlgorithmParameterException
+ ("Different iteration count between key and params");
+ }
+ } else {
+ iCount = pbeParams.getIterationCount();
+ }
+ }
+ // For security purpose, we need to enforce a minimum length
+ // for salt; just require the minimum salt length to be 8-byte
+ // which is what PKCS#5 recommends and openssl does.
+ if (salt.length < 8) {
+ throw new InvalidAlgorithmParameterException
+ ("Salt must be at least 8 bytes long");
+ }
+ if (iCount <= 0) {
+ throw new InvalidAlgorithmParameterException
+ ("IterationCount must be a positive number");
+ }
+
+ PBEKeySpec pbeSpec =
+ new PBEKeySpec(passwdChars, salt, iCount, blockLength);
+ // password char[] was cloned in PBEKeySpec constructor,
+ // so we can zero it out here
+ java.util.Arrays.fill(passwdChars, ' ');
+
+ SecretKey s = null;
+
+ try {
+ s = kdf.engineGenerateSecret(pbeSpec);
+
+ } catch (InvalidKeySpecException ikse) {
+ InvalidKeyException ike =
+ new InvalidKeyException("Cannot construct PBE key");
+ ike.initCause(ikse);
+ throw ike;
+ }
+ byte[] derivedKey = s.getEncoded();
+ SecretKey cipherKey = new SecretKeySpec(derivedKey, kdfAlgo);
+
+ super.engineInit(cipherKey, null);
+ }
+
+ public static final class HmacSHA1 extends PBMAC1Core {
+ public HmacSHA1() throws NoSuchAlgorithmException {
+ super("HmacSHA1", "SHA1", 64);
+ }
+ }
+
+ public static final class HmacSHA224 extends PBMAC1Core {
+ public HmacSHA224() throws NoSuchAlgorithmException {
+ super("HmacSHA224", "SHA-224", 64);
+ }
+ }
+
+ public static final class HmacSHA256 extends PBMAC1Core {
+ public HmacSHA256() throws NoSuchAlgorithmException {
+ super("HmacSHA256", "SHA-256", 64);
+ }
+ }
+
+ public static final class HmacSHA384 extends PBMAC1Core {
+ public HmacSHA384() throws NoSuchAlgorithmException {
+ super("HmacSHA384", "SHA-384", 128);
+ }
+ }
+
+ public static final class HmacSHA512 extends PBMAC1Core {
+ public HmacSHA512() throws NoSuchAlgorithmException {
+ super("HmacSHA512", "SHA-512", 128);
+ }
+ }
+}
diff --git a/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java b/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java
index ea9d43f..45f1c30 100644
--- a/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java
+++ b/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java
@@ -35,19 +35,24 @@
/**
* This class implements password-base encryption algorithm with
- * SHA1 digest and the following Ciphers in CBC mode
+ * SHA1 digest and the following Ciphers (in CBC mode, where applicable):
* - DESede cipher and
- * - RC2 Cipher with 40-bit effective key length
+ * - RC2 Cipher with 40-bit or 128-bit effective key length and
+ * - RC4 Cipher with 40-bit or 128-bit effective key length
* as defined by PKCS #12 version 1.0 standard.
*
* @author Valerie Peng
* @see javax.crypto.CipherSpi
*/
final class PKCS12PBECipherCore {
+
+ // TBD: replace CipherCore with a CipherSpi object to simplify maintenance
+
private CipherCore cipher;
private int blockSize;
private int keySize;
private String algo = null;
+ private String pbeAlgo = null;
private byte[] salt = null;
private int iCount = 0;
@@ -58,8 +63,16 @@
static final int CIPHER_IV = 2;
static final int MAC_KEY = 3;
+ // Uses default hash algorithm (SHA-1)
static byte[] derive(char[] chars, byte[] salt,
int ic, int n, int type) {
+ return derive(chars, salt, ic, n, type, "SHA-1", 64);
+ }
+
+ // Uses supplied hash algorithm
+ static byte[] derive(char[] chars, byte[] salt, int ic, int n, int type,
+ String hashAlgo, int blockLength) {
+
// Add in trailing NULL terminator. Special case:
// no terminator if password is "\0".
int length = chars.length*2;
@@ -75,21 +88,23 @@
passwd[j] = (byte) ((chars[i] >>> 8) & 0xFF);
passwd[j+1] = (byte) (chars[i] & 0xFF);
}
- int v = 512 / 8;
- int u = 160 / 8;
- int c = roundup(n, u) / u;
- byte[] D = new byte[v];
- int s = roundup(salt.length, v);
- int p = roundup(passwd.length, v);
- byte[] I = new byte[s + p];
byte[] key = new byte[n];
- Arrays.fill(D, (byte)type);
- concat(salt, I, 0, s);
- concat(passwd, I, s, p);
-
try {
- MessageDigest sha = MessageDigest.getInstance("SHA1");
+ MessageDigest sha = MessageDigest.getInstance(hashAlgo);
+
+ int v = blockLength;
+ int u = sha.getDigestLength();
+ int c = roundup(n, u) / u;
+ byte[] D = new byte[v];
+ int s = roundup(salt.length, v);
+ int p = roundup(passwd.length, v);
+ byte[] I = new byte[s + p];
+
+ Arrays.fill(D, (byte)type);
+ concat(salt, I, 0, s);
+ concat(passwd, I, s, p);
+
byte[] Ai;
byte[] B = new byte[v];
byte[] tmp = new byte[v];
@@ -150,23 +165,30 @@
PKCS12PBECipherCore(String symmCipherAlg, int defKeySize)
throws NoSuchAlgorithmException {
+
algo = symmCipherAlg;
- SymmetricCipher symmCipher = null;
- if (algo.equals("DESede")) {
- symmCipher = new DESedeCrypt();
- } else if (algo.equals("RC2")) {
- symmCipher = new RC2Crypt();
+ if (algo.equals("RC4")) {
+ pbeAlgo = "PBEWithSHA1AndRC4_" + defKeySize * 8;
} else {
- throw new NoSuchAlgorithmException("No Cipher implementation " +
+ SymmetricCipher symmCipher = null;
+ if (algo.equals("DESede")) {
+ symmCipher = new DESedeCrypt();
+ pbeAlgo = "PBEWithSHA1AndDESede";
+ } else if (algo.equals("RC2")) {
+ symmCipher = new RC2Crypt();
+ pbeAlgo = "PBEWithSHA1AndRC2_" + defKeySize * 8;
+ } else {
+ throw new NoSuchAlgorithmException("No Cipher implementation " +
"for PBEWithSHA1And" + algo);
- }
- blockSize = symmCipher.getBlockSize();
- cipher = new CipherCore(symmCipher, blockSize);
- cipher.setMode("CBC");
- try {
- cipher.setPadding("PKCS5Padding");
- } catch (NoSuchPaddingException nspe) {
- // should not happen
+ }
+ blockSize = symmCipher.getBlockSize();
+ cipher = new CipherCore(symmCipher, blockSize);
+ cipher.setMode("CBC");
+ try {
+ cipher.setPadding("PKCS5Padding");
+ } catch (NoSuchPaddingException nspe) {
+ // should not happen
+ }
}
keySize = defKeySize;
}
@@ -210,8 +232,7 @@
}
PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
try {
- params = AlgorithmParameters.getInstance("PBEWithSHA1And" +
- (algo.equalsIgnoreCase("RC2")?"RC2_40":algo), "SunJCE");
+ params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
} catch (GeneralSecurityException gse) {
// should never happen
throw new RuntimeException(
@@ -229,6 +250,13 @@
void implInit(int opmode, Key key, AlgorithmParameterSpec params,
SecureRandom random) throws InvalidKeyException,
InvalidAlgorithmParameterException {
+ implInit(opmode, key, params, random, null);
+ }
+
+ void implInit(int opmode, Key key, AlgorithmParameterSpec params,
+ SecureRandom random, CipherSpi cipherImpl)
+ throws InvalidKeyException,
+ InvalidAlgorithmParameterException {
char[] passwdChars = null;
salt = null;
iCount = 0;
@@ -309,17 +337,29 @@
byte[] derivedKey = derive(passwdChars, salt, iCount,
keySize, CIPHER_KEY);
SecretKey cipherKey = new SecretKeySpec(derivedKey, algo);
- byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
- CIPHER_IV);
- IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
- // initialize the underlying cipher
- cipher.init(opmode, cipherKey, ivSpec, random);
+ if (cipherImpl != null && cipherImpl instanceof ARCFOURCipher) {
+ ((ARCFOURCipher)cipherImpl).engineInit(opmode, cipherKey, random);
+
+ } else {
+ byte[] derivedIv = derive(passwdChars, salt, iCount, 8,
+ CIPHER_IV);
+ IvParameterSpec ivSpec = new IvParameterSpec(derivedIv, 0, 8);
+
+ // initialize the underlying cipher
+ cipher.init(opmode, cipherKey, ivSpec, random);
+ }
}
void implInit(int opmode, Key key, AlgorithmParameters params,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
+ implInit(opmode, key, params, random, null);
+ }
+
+ void implInit(int opmode, Key key, AlgorithmParameters params,
+ SecureRandom random, CipherSpi cipherImpl)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
AlgorithmParameterSpec paramSpec = null;
if (params != null) {
try {
@@ -329,13 +369,19 @@
"requires PBE parameters");
}
}
- implInit(opmode, key, paramSpec, random);
+ implInit(opmode, key, paramSpec, random, cipherImpl);
}
void implInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
+ implInit(opmode, key, random, null);
+ }
+
+ void implInit(int opmode, Key key, SecureRandom random,
+ CipherSpi cipherImpl) throws InvalidKeyException {
try {
- implInit(opmode, key, (AlgorithmParameterSpec) null, random);
+ implInit(opmode, key, (AlgorithmParameterSpec) null, random,
+ cipherImpl);
} catch (InvalidAlgorithmParameterException iape) {
throw new InvalidKeyException("requires PBE parameters");
}
@@ -526,4 +572,245 @@
return core.implWrap(key);
}
}
+
+ public static final class PBEWithSHA1AndRC2_128 extends CipherSpi {
+ private final PKCS12PBECipherCore core;
+ public PBEWithSHA1AndRC2_128() throws NoSuchAlgorithmException {
+ core = new PKCS12PBECipherCore("RC2", 16);
+ }
+ protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+ throws IllegalBlockSizeException, BadPaddingException {
+ return core.implDoFinal(in, inOff, inLen);
+ }
+ protected int engineDoFinal(byte[] in, int inOff, int inLen,
+ byte[] out, int outOff)
+ throws ShortBufferException, IllegalBlockSizeException,
+ BadPaddingException {
+ return core.implDoFinal(in, inOff, inLen, out, outOff);
+ }
+ protected int engineGetBlockSize() {
+ return core.implGetBlockSize();
+ }
+ protected byte[] engineGetIV() {
+ return core.implGetIV();
+ }
+ protected int engineGetKeySize(Key key) throws InvalidKeyException {
+ return core.implGetKeySize(key);
+ }
+ protected int engineGetOutputSize(int inLen) {
+ return core.implGetOutputSize(inLen);
+ }
+ protected AlgorithmParameters engineGetParameters() {
+ return core.implGetParameters();
+ }
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ core.implInit(opmode, key, params, random);
+ }
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ core.implInit(opmode, key, params, random);
+ }
+ protected void engineInit(int opmode, Key key, SecureRandom random)
+ throws InvalidKeyException {
+ core.implInit(opmode, key, random);
+ }
+ protected void engineSetMode(String mode)
+ throws NoSuchAlgorithmException {
+ core.implSetMode(mode);
+ }
+ protected void engineSetPadding(String paddingScheme)
+ throws NoSuchPaddingException {
+ core.implSetPadding(paddingScheme);
+ }
+ protected Key engineUnwrap(byte[] wrappedKey,
+ String wrappedKeyAlgorithm,
+ int wrappedKeyType)
+ throws InvalidKeyException, NoSuchAlgorithmException {
+ return core.implUnwrap(wrappedKey, wrappedKeyAlgorithm,
+ wrappedKeyType);
+ }
+ protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+ return core.implUpdate(in, inOff, inLen);
+ }
+ protected int engineUpdate(byte[] in, int inOff, int inLen,
+ byte[] out, int outOff)
+ throws ShortBufferException {
+ return core.implUpdate(in, inOff, inLen, out, outOff);
+ }
+ protected byte[] engineWrap(Key key)
+ throws IllegalBlockSizeException, InvalidKeyException {
+ return core.implWrap(key);
+ }
+ }
+
+ public static final class PBEWithSHA1AndRC4_40 extends CipherSpi {
+ private static final int RC4_KEYSIZE = 5;
+ private final PKCS12PBECipherCore core;
+ private final ARCFOURCipher cipher;
+
+ public PBEWithSHA1AndRC4_40() throws NoSuchAlgorithmException {
+ core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
+ cipher = new ARCFOURCipher();
+ }
+ protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+ throws IllegalBlockSizeException, BadPaddingException {
+ return cipher.engineDoFinal(in, inOff, inLen);
+ }
+ protected int engineDoFinal(byte[] in, int inOff, int inLen,
+ byte[] out, int outOff)
+ throws ShortBufferException, IllegalBlockSizeException,
+ BadPaddingException {
+ return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
+ }
+ protected int engineGetBlockSize() {
+ return cipher.engineGetBlockSize();
+ }
+ protected byte[] engineGetIV() {
+ return cipher.engineGetIV();
+ }
+ protected int engineGetKeySize(Key key) throws InvalidKeyException {
+ return RC4_KEYSIZE;
+ }
+ protected int engineGetOutputSize(int inLen) {
+ return cipher.engineGetOutputSize(inLen);
+ }
+ protected AlgorithmParameters engineGetParameters() {
+ return core.implGetParameters();
+ }
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ core.implInit(opmode, key, params, random, cipher);
+ }
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ core.implInit(opmode, key, params, random, cipher);
+ }
+ protected void engineInit(int opmode, Key key, SecureRandom random)
+ throws InvalidKeyException {
+ core.implInit(opmode, key, random, cipher);
+ }
+ protected void engineSetMode(String mode)
+ throws NoSuchAlgorithmException {
+ if (mode.equalsIgnoreCase("ECB") == false) {
+ throw new NoSuchAlgorithmException("Unsupported mode " + mode);
+ }
+ }
+ protected void engineSetPadding(String paddingScheme)
+ throws NoSuchPaddingException {
+ if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
+ throw new NoSuchPaddingException("Padding must be NoPadding");
+ }
+ }
+ protected Key engineUnwrap(byte[] wrappedKey,
+ String wrappedKeyAlgorithm,
+ int wrappedKeyType)
+ throws InvalidKeyException, NoSuchAlgorithmException {
+ return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
+ wrappedKeyType);
+ }
+ protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+ return cipher.engineUpdate(in, inOff, inLen);
+ }
+ protected int engineUpdate(byte[] in, int inOff, int inLen,
+ byte[] out, int outOff)
+ throws ShortBufferException {
+ return cipher.engineUpdate(in, inOff, inLen, out, outOff);
+ }
+ protected byte[] engineWrap(Key key)
+ throws IllegalBlockSizeException, InvalidKeyException {
+ return cipher.engineWrap(key);
+ }
+ }
+
+ public static final class PBEWithSHA1AndRC4_128 extends CipherSpi {
+ private static final int RC4_KEYSIZE = 16;
+ private final PKCS12PBECipherCore core;
+ private final ARCFOURCipher cipher;
+
+ public PBEWithSHA1AndRC4_128() throws NoSuchAlgorithmException {
+ core = new PKCS12PBECipherCore("RC4", RC4_KEYSIZE);
+ cipher = new ARCFOURCipher();
+ }
+ protected byte[] engineDoFinal(byte[] in, int inOff, int inLen)
+ throws IllegalBlockSizeException, BadPaddingException {
+ return cipher.engineDoFinal(in, inOff, inLen);
+ }
+ protected int engineDoFinal(byte[] in, int inOff, int inLen,
+ byte[] out, int outOff)
+ throws ShortBufferException, IllegalBlockSizeException,
+ BadPaddingException {
+ return cipher.engineDoFinal(in, inOff, inLen, out, outOff);
+ }
+ protected int engineGetBlockSize() {
+ return cipher.engineGetBlockSize();
+ }
+ protected byte[] engineGetIV() {
+ return cipher.engineGetIV();
+ }
+ protected int engineGetKeySize(Key key) throws InvalidKeyException {
+ return RC4_KEYSIZE;
+ }
+ protected int engineGetOutputSize(int inLen) {
+ return cipher.engineGetOutputSize(inLen);
+ }
+ protected AlgorithmParameters engineGetParameters() {
+ return core.implGetParameters();
+ }
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ core.implInit(opmode, key, params, random, cipher);
+ }
+ protected void engineInit(int opmode, Key key,
+ AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException {
+ core.implInit(opmode, key, params, random, cipher);
+ }
+ protected void engineInit(int opmode, Key key, SecureRandom random)
+ throws InvalidKeyException {
+ core.implInit(opmode, key, random, cipher);
+ }
+ protected void engineSetMode(String mode)
+ throws NoSuchAlgorithmException {
+ if (mode.equalsIgnoreCase("ECB") == false) {
+ throw new NoSuchAlgorithmException("Unsupported mode " + mode);
+ }
+ }
+ protected void engineSetPadding(String paddingScheme)
+ throws NoSuchPaddingException {
+ if (paddingScheme.equalsIgnoreCase("NoPadding") == false) {
+ throw new NoSuchPaddingException("Padding must be NoPadding");
+ }
+ }
+ protected Key engineUnwrap(byte[] wrappedKey,
+ String wrappedKeyAlgorithm,
+ int wrappedKeyType)
+ throws InvalidKeyException, NoSuchAlgorithmException {
+ return cipher.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
+ wrappedKeyType);
+ }
+ protected byte[] engineUpdate(byte[] in, int inOff, int inLen) {
+ return cipher.engineUpdate(in, inOff, inLen);
+ }
+ protected int engineUpdate(byte[] in, int inOff, int inLen,
+ byte[] out, int outOff)
+ throws ShortBufferException {
+ return cipher.engineUpdate(in, inOff, inLen, out, outOff);
+ }
+ protected byte[] engineWrap(Key key)
+ throws IllegalBlockSizeException, InvalidKeyException {
+ return cipher.engineWrap(key);
+ }
+ }
}
diff --git a/src/share/classes/com/sun/crypto/provider/SunJCE.java b/src/share/classes/com/sun/crypto/provider/SunJCE.java
index 925343e..3edac42 100644
--- a/src/share/classes/com/sun/crypto/provider/SunJCE.java
+++ b/src/share/classes/com/sun/crypto/provider/SunJCE.java
@@ -77,10 +77,14 @@
"(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, "
+ "Diffie-Hellman, HMAC)";
- private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
+ private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1";
+ private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2";
private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3";
+ private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5";
+ private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6";
private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3";
private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12";
+ private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13";
private static final String OID_PKCS3 = "1.2.840.113549.1.3.1";
/* Are we debugging? -- for developers */
@@ -138,21 +142,18 @@
put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING");
put("Cipher.DESedeWrap SupportedKeyFormats", "RAW");
+ // PBES1
+
put("Cipher.PBEWithMD5AndDES",
"com.sun.crypto.provider.PBEWithMD5AndDESCipher");
put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES,
"PBEWithMD5AndDES");
put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES,
"PBEWithMD5AndDES");
+
put("Cipher.PBEWithMD5AndTripleDES",
"com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
- put("Cipher.PBEWithSHA1AndRC2_40",
- "com.sun.crypto.provider.PKCS12PBECipherCore$" +
- "PBEWithSHA1AndRC2_40");
- put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
- put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
- "PBEWithSHA1AndRC2_40");
+
put("Cipher.PBEWithSHA1AndDESede",
"com.sun.crypto.provider.PKCS12PBECipherCore$" +
"PBEWithSHA1AndDESede");
@@ -161,6 +162,78 @@
put("Alg.Alias.Cipher." + OID_PKCS12_DESede,
"PBEWithSHA1AndDESede");
+ put("Cipher.PBEWithSHA1AndRC2_40",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+ "PBEWithSHA1AndRC2_40");
+ put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40,
+ "PBEWithSHA1AndRC2_40");
+ put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40,
+ "PBEWithSHA1AndRC2_40");
+
+ put("Cipher.PBEWithSHA1AndRC2_128",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+ "PBEWithSHA1AndRC2_128");
+ put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128,
+ "PBEWithSHA1AndRC2_128");
+ put("Alg.Alias.Cipher." + OID_PKCS12_RC2_128,
+ "PBEWithSHA1AndRC2_128");
+
+ put("Cipher.PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+ "PBEWithSHA1AndRC4_40");
+ put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40,
+ "PBEWithSHA1AndRC4_40");
+ put("Alg.Alias.Cipher." + OID_PKCS12_RC4_40,
+ "PBEWithSHA1AndRC4_40");
+
+ put("Cipher.PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PKCS12PBECipherCore$" +
+ "PBEWithSHA1AndRC4_128");
+ put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128,
+ "PBEWithSHA1AndRC4_128");
+ put("Alg.Alias.Cipher." + OID_PKCS12_RC4_128,
+ "PBEWithSHA1AndRC4_128");
+
+ //PBES2
+
+ put("Cipher.PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
+
+ put("Cipher.PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA224AndAES_128");
+
+ put("Cipher.PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA256AndAES_128");
+
+ put("Cipher.PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA384AndAES_128");
+
+ put("Cipher.PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA512AndAES_128");
+
+ put("Cipher.PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
+
+ put("Cipher.PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA224AndAES_256");
+
+ put("Cipher.PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA256AndAES_256");
+
+ put("Cipher.PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA384AndAES_256");
+
+ put("Cipher.PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBES2Core$" +
+ "HmacSHA512AndAES_256");
+
put("Cipher.Blowfish",
"com.sun.crypto.provider.BlowfishCipher");
put("Cipher.Blowfish SupportedModes", BLOCK_MODES);
@@ -301,6 +374,7 @@
"DiffieHellman");
put("Alg.Alias.KeyPairGenerator."+OID_PKCS3,
"DiffieHellman");
+
/*
* Algorithm parameter generation engines
*/
@@ -371,6 +445,64 @@
put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
+ put("AlgorithmParameters.PBEWithSHA1AndRC2_128",
+ "com.sun.crypto.provider.PBEParameters");
+ put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_128,
+ "PBEWithSHA1AndRC2_128");
+ put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128,
+ "PBEWithSHA1AndRC2_128");
+
+ put("AlgorithmParameters.PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PBEParameters");
+ put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_40,
+ "PBEWithSHA1AndRC4_40");
+ put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40,
+ "PBEWithSHA1AndRC4_40");
+
+ put("AlgorithmParameters.PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PBEParameters");
+ put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_128,
+ "PBEWithSHA1AndRC4_128");
+ put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128,
+ "PBEWithSHA1AndRC4_128");
+
+ put("AlgorithmParameters.PBES2",
+ "com.sun.crypto.provider.PBES2Parameters$General");
+ put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_PBES2,
+ "PBES2");
+ put("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2,
+ "PBES2");
+
+ put("AlgorithmParameters.PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128");
+
+ put("AlgorithmParameters.PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128");
+
+ put("AlgorithmParameters.PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128");
+
+ put("AlgorithmParameters.PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128");
+
+ put("AlgorithmParameters.PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
+
+ put("AlgorithmParameters.PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
+
+ put("AlgorithmParameters.PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256");
+
+ put("AlgorithmParameters.PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256");
+
+ put("AlgorithmParameters.PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256");
+
+ put("AlgorithmParameters.PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
+
put("AlgorithmParameters.Blowfish",
"com.sun.crypto.provider.BlowfishParameters");
@@ -378,6 +510,7 @@
"com.sun.crypto.provider.AESParameters");
put("Alg.Alias.AlgorithmParameters.Rijndael", "AES");
+
put("AlgorithmParameters.RC2",
"com.sun.crypto.provider.RC2Parameters");
@@ -393,6 +526,7 @@
put("Alg.Alias.KeyFactory.OID."+OID_PKCS3,
"DiffieHellman");
put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman");
+
/*
* Secret-key factories
*/
@@ -441,13 +575,90 @@
put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40,
"PBEWithSHA1AndRC2_40");
+ put("SecretKeyFactory.PBEWithSHA1AndRC2_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128"
+ );
+ put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128,
+ "PBEWithSHA1AndRC2_128");
+ put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128,
+ "PBEWithSHA1AndRC2_128");
+
+ put("SecretKeyFactory.PBEWithSHA1AndRC4_40",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40"
+ );
+
+ put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40,
+ "PBEWithSHA1AndRC4_40");
+ put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40,
+ "PBEWithSHA1AndRC4_40");
+
+ put("SecretKeyFactory.PBEWithSHA1AndRC4_128",
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128"
+ );
+
+ put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128,
+ "PBEWithSHA1AndRC4_128");
+ put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128,
+ "PBEWithSHA1AndRC4_128");
+
+ put("SecretKeyFactory.PBEWithHmacSHA1AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA1AndAES_128");
+
+ put("SecretKeyFactory.PBEWithHmacSHA224AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA224AndAES_128");
+
+ put("SecretKeyFactory.PBEWithHmacSHA256AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA256AndAES_128");
+
+ put("SecretKeyFactory.PBEWithHmacSHA384AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA384AndAES_128");
+
+ put("SecretKeyFactory.PBEWithHmacSHA512AndAES_128",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA512AndAES_128");
+
+ put("SecretKeyFactory.PBEWithHmacSHA1AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA1AndAES_256");
+
+ put("SecretKeyFactory.PBEWithHmacSHA224AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA224AndAES_256");
+
+ put("SecretKeyFactory.PBEWithHmacSHA256AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA256AndAES_256");
+
+ put("SecretKeyFactory.PBEWithHmacSHA384AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA384AndAES_256");
+
+ put("SecretKeyFactory.PBEWithHmacSHA512AndAES_256",
+ "com.sun.crypto.provider.PBEKeyFactory$" +
+ "PBEWithHmacSHA512AndAES_256");
+
+ // PBKDF2
+
put("SecretKeyFactory.PBKDF2WithHmacSHA1",
- "com.sun.crypto.provider.PBKDF2HmacSHA1Factory");
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA1");
put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2,
"PBKDF2WithHmacSHA1");
put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2,
"PBKDF2WithHmacSHA1");
+ put("SecretKeyFactory.PBKDF2WithHmacSHA224",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
+ put("SecretKeyFactory.PBKDF2WithHmacSHA256",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
+ put("SecretKeyFactory.PBKDF2WithHmacSHA384",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
+ put("SecretKeyFactory.PBKDF2WithHmacSHA512",
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
+
/*
* MAC
*/
@@ -475,6 +686,19 @@
put("Mac.HmacPBESHA1",
"com.sun.crypto.provider.HmacPKCS12PBESHA1");
+ // PBMAC1
+
+ put("Mac.PBEWithHmacSHA1",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA1");
+ put("Mac.PBEWithHmacSHA224",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA224");
+ put("Mac.PBEWithHmacSHA256",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA256");
+ put("Mac.PBEWithHmacSHA384",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA384");
+ put("Mac.PBEWithHmacSHA512",
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA512");
+
put("Mac.SslMacMD5",
"com.sun.crypto.provider.SslMacCore$SslMacMD5");
put("Mac.SslMacSHA1",
@@ -487,6 +711,10 @@
put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
+ put("Mac.HmacPBESHA224 SupportedKeyFormats", "RAW");
+ put("Mac.HmacPBESHA256 SupportedKeyFormats", "RAW");
+ put("Mac.HmacPBESHA384 SupportedKeyFormats", "RAW");
+ put("Mac.HmacPBESHA512 SupportedKeyFormats", "RAW");
put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
diff --git a/src/share/classes/com/sun/java/util/jar/pack/Constants.java b/src/share/classes/com/sun/java/util/jar/pack/Constants.java
index c4c3a8f..b5c1d12 100644
--- a/src/share/classes/com/sun/java/util/jar/pack/Constants.java
+++ b/src/share/classes/com/sun/java/util/jar/pack/Constants.java
@@ -59,6 +59,9 @@
public final static Package.Version JAVA7_MAX_CLASS_VERSION =
Package.Version.of(51, 00);
+ public final static Package.Version JAVA8_MAX_CLASS_VERSION =
+ Package.Version.of(52, 00);
+
public final static int JAVA_PACKAGE_MAGIC = 0xCAFED00D;
public final static Package.Version JAVA5_PACKAGE_VERSION =
@@ -72,7 +75,7 @@
// upper limit, should point to the latest class version
public final static Package.Version JAVA_MAX_CLASS_VERSION =
- JAVA7_MAX_CLASS_VERSION;
+ JAVA8_MAX_CLASS_VERSION;
// upper limit should point to the latest package version, for version info!.
public final static Package.Version MAX_PACKAGE_VERSION =
diff --git a/src/share/classes/com/sun/naming/internal/ResourceManager.java b/src/share/classes/com/sun/naming/internal/ResourceManager.java
index de0c110..7443fbc 100644
--- a/src/share/classes/com/sun/naming/internal/ResourceManager.java
+++ b/src/share/classes/com/sun/naming/internal/ResourceManager.java
@@ -542,14 +542,26 @@
try {
NamingEnumeration<InputStream> resources =
helper.getResources(cl, APP_RESOURCE_FILE_NAME);
- while (resources.hasMore()) {
- Properties props = new Properties();
- props.load(resources.next());
+ try {
+ while (resources.hasMore()) {
+ Properties props = new Properties();
+ InputStream istream = resources.next();
+ try {
+ props.load(istream);
+ } finally {
+ istream.close();
+ }
- if (result == null) {
- result = props;
- } else {
- mergeTables(result, props);
+ if (result == null) {
+ result = props;
+ } else {
+ mergeTables(result, props);
+ }
+ }
+ } finally {
+ while (resources.hasMore()) {
+ InputStream istream = (InputStream)resources.next();
+ istream.close();
}
}
@@ -557,13 +569,17 @@
InputStream istream =
helper.getJavaHomeLibStream(JRELIB_PROPERTY_FILE_NAME);
if (istream != null) {
- Properties props = new Properties();
- props.load(istream);
+ try {
+ Properties props = new Properties();
+ props.load(istream);
- if (result == null) {
- result = props;
- } else {
- mergeTables(result, props);
+ if (result == null) {
+ result = props;
+ } else {
+ mergeTables(result, props);
+ }
+ } finally {
+ istream.close();
}
}
diff --git a/src/share/classes/com/sun/security/jgss/ExtendedGSSCredential.java b/src/share/classes/com/sun/security/jgss/ExtendedGSSCredential.java
new file mode 100644
index 0000000..8f09482
--- /dev/null
+++ b/src/share/classes/com/sun/security/jgss/ExtendedGSSCredential.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.security.jgss;
+
+import org.ietf.jgss.*;
+
+/**
+ * The extended GSSCredential interface for supporting additional
+ * functionalities not defined by {@code org.ietf.jgss.GSSCredential}.
+ * @since 1.8
+ */
+public interface ExtendedGSSCredential extends GSSCredential {
+ /**
+ * Impersonates a principal. In Kerberos, this can be implemented
+ * using the Microsoft S4U2self extension.
+ * <p>
+ * A {@link GSSException#NO_CRED GSSException.NO_CRED} will be thrown if the
+ * impersonation fails. A {@link GSSException#FAILURE GSSException.FAILURE}
+ * will be thrown if the impersonation method is not available to this
+ * credential object.
+ * @param name the name of the principal to impersonate
+ * @return a credential for that principal
+ * @throws GSSException containing the following
+ * major error codes:
+ * {@link GSSException#NO_CRED GSSException.NO_CRED}
+ * {@link GSSException#FAILURE GSSException.FAILURE}
+ */
+ public GSSCredential impersonate(GSSName name) throws GSSException;
+}
diff --git a/src/share/classes/java/lang/Character.java b/src/share/classes/java/lang/Character.java
index 5d957a9..53bb738 100644
--- a/src/share/classes/java/lang/Character.java
+++ b/src/share/classes/java/lang/Character.java
@@ -40,7 +40,7 @@
* a character's category (lowercase letter, digit, etc.) and for converting
* characters from uppercase to lowercase and vice versa.
* <p>
- * Character information is based on the Unicode Standard, version 6.1.0.
+ * Character information is based on the Unicode Standard, version 6.2.0.
* <p>
* The methods and data of class {@code Character} are defined by
* the information in the <i>UnicodeData</i> file that is part of the
@@ -3758,8 +3758,7 @@
0x0640, // 0640..0640; COMMON
0x0641, // 0641..064A; ARABIC
0x064B, // 064B..0655; INHERITED
- 0x0656, // 0656..065E; ARABIC
- 0x065F, // 065F..065F; INHERITED
+ 0x0656, // 0656..065F; ARABIC
0x0660, // 0660..0669; COMMON
0x066A, // 066A..066F; ARABIC
0x0670, // 0670..0670; INHERITED
@@ -4081,7 +4080,6 @@
ARABIC,
INHERITED,
ARABIC,
- INHERITED,
COMMON,
ARABIC,
INHERITED,
diff --git a/src/share/classes/java/lang/Math.java b/src/share/classes/java/lang/Math.java
index 7f4ab4f..b8cef07 100644
--- a/src/share/classes/java/lang/Math.java
+++ b/src/share/classes/java/lang/Math.java
@@ -742,6 +742,7 @@
* @param y the second value
* @return the result
* @throws ArithmeticException if the result overflows an int
+ * @since 1.8
*/
public static int addExact(int x, int y) {
int r = x + y;
@@ -760,6 +761,7 @@
* @param y the second value
* @return the result
* @throws ArithmeticException if the result overflows a long
+ * @since 1.8
*/
public static long addExact(long x, long y) {
long r = x + y;
@@ -778,6 +780,7 @@
* @param y the second value to subtract from the first
* @return the result
* @throws ArithmeticException if the result overflows an int
+ * @since 1.8
*/
public static int subtractExact(int x, int y) {
int r = x - y;
@@ -797,6 +800,7 @@
* @param y the second value to subtract from the first
* @return the result
* @throws ArithmeticException if the result overflows a long
+ * @since 1.8
*/
public static long subtractExact(long x, long y) {
long r = x - y;
@@ -816,6 +820,7 @@
* @param y the second value
* @return the result
* @throws ArithmeticException if the result overflows an int
+ * @since 1.8
*/
public static int multiplyExact(int x, int y) {
long r = (long)x * (long)y;
@@ -833,6 +838,7 @@
* @param y the second value
* @return the result
* @throws ArithmeticException if the result overflows a long
+ * @since 1.8
*/
public static long multiplyExact(long x, long y) {
long r = x * y;
@@ -857,6 +863,7 @@
* @param value the long value
* @return the argument as an int
* @throws ArithmeticException if the {@code argument} overflows an int
+ * @since 1.8
*/
public static int toIntExact(long value) {
if ((int)value != value) {
@@ -866,6 +873,159 @@
}
/**
+ * Returns the largest (closest to positive infinity)
+ * {@code int} value that is less than or equal to the algebraic quotient.
+ * There is one special case, if the dividend is the
+ * {@linkplain Integer#MIN_VALUE Integer.MIN_VALUE} and the divisor is {@code -1},
+ * then integer overflow occurs and
+ * the result is equal to the {@code Integer.MIN_VALUE}.
+ * <p>
+ * Normal integer division operates under the round to zero rounding mode
+ * (truncation). This operation instead acts under the round toward
+ * negative infinity (floor) rounding mode.
+ * The floor rounding mode gives different results than truncation
+ * when the exact result is negative.
+ * <ul>
+ * <li>If the signs of the arguments are the same, the results of
+ * {@code floorDiv} and the {@code /} operator are the same. <br>
+ * For example, {@code floorDiv(4, 3) == 1} and {@code (4 / 3) == 1}.</li>
+ * <li>If the signs of the arguments are different, the quotient is negative and
+ * {@code floorDiv} returns the integer less than or equal to the quotient
+ * and the {@code /} operator returns the integer closest to zero.<br>
+ * For example, {@code floorDiv(-4, 3) == -2},
+ * whereas {@code (-4 / 3) == -1}.
+ * </li>
+ * </ul>
+ * <p>
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the largest (closest to positive infinity)
+ * {@code int} value that is less than or equal to the algebraic quotient.
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see #floorMod(int, int)
+ * @see #floor(double)
+ * @since 1.8
+ */
+ public static int floorDiv(int x, int y) {
+ int r = x / y;
+ // if the signs are different and modulo not zero, round down
+ if ((x ^ y) < 0 && (r * y != x)) {
+ r--;
+ }
+ return r;
+ }
+
+ /**
+ * Returns the largest (closest to positive infinity)
+ * {@code long} value that is less than or equal to the algebraic quotient.
+ * There is one special case, if the dividend is the
+ * {@linkplain Long#MIN_VALUE Long.MIN_VALUE} and the divisor is {@code -1},
+ * then integer overflow occurs and
+ * the result is equal to the {@code Long.MIN_VALUE}.
+ * <p>
+ * Normal integer division operates under the round to zero rounding mode
+ * (truncation). This operation instead acts under the round toward
+ * negative infinity (floor) rounding mode.
+ * The floor rounding mode gives different results than truncation
+ * when the exact result is negative.
+ * <p>
+ * For examples, see {@link #floorDiv(int, int)}.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the largest (closest to positive infinity)
+ * {@code long} value that is less than or equal to the algebraic quotient.
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see #floorMod(long, long)
+ * @see #floor(double)
+ * @since 1.8
+ */
+ public static long floorDiv(long x, long y) {
+ long r = x / y;
+ // if the signs are different and modulo not zero, round down
+ if ((x ^ y) < 0 && (r * y != x)) {
+ r--;
+ }
+ return r;
+ }
+
+ /**
+ * Returns the floor modulus of the {@code int} arguments.
+ * <p>
+ * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+ * has the same sign as the divisor {@code y}, and
+ * is in the range of {@code -abs(y) < r < +abs(y)}.
+ *
+ * <p>
+ * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+ * <ul>
+ * <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+ * </ul>
+ * <p>
+ * The difference in values between {@code floorMod} and
+ * the {@code %} operator is due to the difference between
+ * {@code floorDiv} that returns the integer less than or equal to the quotient
+ * and the {@code /} operator that returns the integer closest to zero.
+ * <p>
+ * Examples:
+ * <ul>
+ * <li>If the signs of the arguments are the same, the results
+ * of {@code floorMod} and the {@code %} operator are the same. <br>
+ * <ul>
+ * <li>{@code floorMod(4, 3) == 1}; and {@code (4 % 3) == 1}</li>
+ * </ul>
+ * <li>If the signs of the arguments are different, the results differ from the {@code %} operator.<br>
+ * <ul>
+ * <li>{@code floorMod(+4, -3) == -2}; and {@code (+4 % -3) == +1} </li>
+ * <li>{@code floorMod(-4, +3) == +2}; and {@code (-4 % +3) == -1} </li>
+ * <li>{@code floorMod(-4, -3) == -1}; and {@code (-4 % -3) == -1 } </li>
+ * </ul>
+ * </li>
+ * </ul>
+ * <p>
+ * If the signs of arguments are unknown and a positive modulus
+ * is needed it can be computed as {@code (floorMod(x, y) + abs(y)) % abs(y)}.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see #floorDiv(int, int)
+ * @since 1.8
+ */
+ public static int floorMod(int x, int y) {
+ int r = x - floorDiv(x, y) * y;
+ return r;
+ }
+
+ /**
+ * Returns the floor modulus of the {@code long} arguments.
+ * <p>
+ * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+ * has the same sign as the divisor {@code y}, and
+ * is in the range of {@code -abs(y) < r < +abs(y)}.
+ *
+ * <p>
+ * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+ * <ul>
+ * <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+ * </ul>
+ * <p>
+ * For examples, see {@link #floorMod(int, int)}.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see #floorDiv(long, long)
+ * @since 1.8
+ */
+ public static long floorMod(long x, long y) {
+ return x - floorDiv(x, y) * y;
+ }
+
+ /**
* Returns the absolute value of an {@code int} value.
* If the argument is not negative, the argument is returned.
* If the argument is negative, the negation of the argument is returned.
diff --git a/src/share/classes/java/lang/StrictMath.java b/src/share/classes/java/lang/StrictMath.java
index f5a96b2..e59c8d0 100644
--- a/src/share/classes/java/lang/StrictMath.java
+++ b/src/share/classes/java/lang/StrictMath.java
@@ -365,7 +365,7 @@
* @param a the value to be floored or ceiled
* @param negativeBoundary result for values in (-1, 0)
* @param positiveBoundary result for values in (0, 1)
- * @param sign the sign of the result
+ * @param increment value to add when the argument is non-integral
*/
private static double floorOrCeil(double a,
double negativeBoundary,
@@ -702,7 +702,7 @@
* <p>This method is properly synchronized to allow correct use by
* more than one thread. However, if many threads need to generate
* pseudorandom numbers at a great rate, it may reduce contention
- * for each thread to have its own pseudorandom number generator.
+ * for each thread to have its own pseudorandom-number generator.
*
* @return a pseudorandom {@code double} greater than or equal
* to {@code 0.0} and less than {@code 1.0}.
@@ -745,7 +745,7 @@
}
/**
- * Return the difference of the arguments,
+ * Returns the difference of the arguments,
* throwing an exception if the result overflows an {@code int}.
*
* @param x the first value
@@ -760,7 +760,7 @@
}
/**
- * Return the difference of the arguments,
+ * Returns the difference of the arguments,
* throwing an exception if the result overflows a {@code long}.
*
* @param x the first value
@@ -775,7 +775,7 @@
}
/**
- * Return the product of the arguments,
+ * Returns the product of the arguments,
* throwing an exception if the result overflows an {@code int}.
*
* @param x the first value
@@ -790,7 +790,7 @@
}
/**
- * Return the product of the arguments,
+ * Returns the product of the arguments,
* throwing an exception if the result overflows a {@code long}.
*
* @param x the first value
@@ -805,7 +805,7 @@
}
/**
- * Return the value of the {@code long} argument;
+ * Returns the value of the {@code long} argument;
* throwing an exception if the value overflows an {@code int}.
*
* @param value the long value
@@ -819,6 +819,107 @@
}
/**
+ * Returns the largest (closest to positive infinity)
+ * {@code int} value that is less than or equal to the algebraic quotient.
+ * There is one special case, if the dividend is the
+ * {@linkplain Integer#MIN_VALUE Integer.MIN_VALUE} and the divisor is {@code -1},
+ * then integer overflow occurs and
+ * the result is equal to the {@code Integer.MIN_VALUE}.
+ * <p>
+ * See {@link Math#floorDiv(int, int) Math.floorDiv} for examples and
+ * a comparison to the integer division {@code /} operator.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the largest (closest to positive infinity)
+ * {@code int} value that is less than or equal to the algebraic quotient.
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see Math#floorDiv(int, int)
+ * @see Math#floor(double)
+ * @since 1.8
+ */
+ public static int floorDiv(int x, int y) {
+ return Math.floorDiv(x, y);
+ }
+
+ /**
+ * Returns the largest (closest to positive infinity)
+ * {@code long} value that is less than or equal to the algebraic quotient.
+ * There is one special case, if the dividend is the
+ * {@linkplain Long#MIN_VALUE Long.MIN_VALUE} and the divisor is {@code -1},
+ * then integer overflow occurs and
+ * the result is equal to the {@code Long.MIN_VALUE}.
+ * <p>
+ * See {@link Math#floorDiv(int, int) Math.floorDiv} for examples and
+ * a comparison to the integer division {@code /} operator.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the largest (closest to positive infinity)
+ * {@code long} value that is less than or equal to the algebraic quotient.
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see Math#floorDiv(long, long)
+ * @see Math#floor(double)
+ * @since 1.8
+ */
+ public static long floorDiv(long x, long y) {
+ return Math.floorDiv(x, y);
+ }
+
+ /**
+ * Returns the floor modulus of the {@code int} arguments.
+ * <p>
+ * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+ * has the same sign as the divisor {@code y}, and
+ * is in the range of {@code -abs(y) < r < +abs(y)}.
+ * <p>
+ * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+ * <ul>
+ * <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+ * </ul>
+ * <p>
+ * See {@link Math#floorMod(int, int) Math.floorMod} for examples and
+ * a comparison to the {@code %} operator.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see Math#floorMod(int, int)
+ * @see StrictMath#floorDiv(int, int)
+ * @since 1.8
+ */
+ public static int floorMod(int x, int y) {
+ return Math.floorMod(x , y);
+ }
+ /**
+ * Returns the floor modulus of the {@code long} arguments.
+ * <p>
+ * The floor modulus is {@code x - (floorDiv(x, y) * y)},
+ * has the same sign as the divisor {@code y}, and
+ * is in the range of {@code -abs(y) < r < +abs(y)}.
+ * <p>
+ * The relationship between {@code floorDiv} and {@code floorMod} is such that:
+ * <ul>
+ * <li>{@code floorDiv(x, y) * y + floorMod(x, y) == x}
+ * </ul>
+ * <p>
+ * See {@link Math#floorMod(int, int) Math.floorMod} for examples and
+ * a comparison to the {@code %} operator.
+ *
+ * @param x the dividend
+ * @param y the divisor
+ * @return the floor modulus {@code x - (floorDiv(x, y) * y)}
+ * @throws ArithmeticException if the divisor {@code y} is zero
+ * @see Math#floorMod(long, long)
+ * @see StrictMath#floorDiv(long, long)
+ * @since 1.8
+ */
+ public static long floorMod(long x, long y) {
+ return Math.floorMod(x, y);
+ }
+
+ /**
* Returns the absolute value of an {@code int} value.
* If the argument is not negative, the argument is returned.
* If the argument is negative, the negation of the argument is returned.
@@ -1543,7 +1644,7 @@
}
/**
- * Return {@code d} ×
+ * Returns {@code d} ×
* 2<sup>{@code scaleFactor}</sup> rounded as if performed
* by a single correctly rounded floating-point multiply to a
* member of the double value set. See the Java
@@ -1577,7 +1678,7 @@
}
/**
- * Return {@code f} ×
+ * Returns {@code f} ×
* 2<sup>{@code scaleFactor}</sup> rounded as if performed
* by a single correctly rounded floating-point multiply to a
* member of the float value set. See the Java
diff --git a/src/share/classes/java/lang/annotation/ElementType.java b/src/share/classes/java/lang/annotation/ElementType.java
index 9170549..a1125ff 100644
--- a/src/share/classes/java/lang/annotation/ElementType.java
+++ b/src/share/classes/java/lang/annotation/ElementType.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -46,7 +46,7 @@
/** Method declaration */
METHOD,
- /** Parameter declaration */
+ /** Formal parameter declaration */
PARAMETER,
/** Constructor declaration */
@@ -59,5 +59,19 @@
ANNOTATION_TYPE,
/** Package declaration */
- PACKAGE
+ PACKAGE,
+
+ /**
+ * Type parameter declaration
+ *
+ * @since 1.8
+ */
+ TYPE_PARAMETER,
+
+ /**
+ * Use of a type
+ *
+ * @since 1.8
+ */
+ TYPE_USE
}
diff --git a/src/share/classes/java/security/cert/CertPathBuilder.java b/src/share/classes/java/security/cert/CertPathBuilder.java
index 096627d..3d12221 100644
--- a/src/share/classes/java/security/cert/CertPathBuilder.java
+++ b/src/share/classes/java/security/cert/CertPathBuilder.java
@@ -315,12 +315,14 @@
* Returns a {@code CertPathChecker} that the encapsulated
* {@code CertPathBuilderSpi} implementation uses to check the revocation
* status of certificates. A PKIX implementation returns objects of
- * type {@code PKIXRevocationChecker}.
+ * type {@code PKIXRevocationChecker}. Each invocation of this method
+ * returns a new instance of {@code CertPathChecker}.
*
* <p>The primary purpose of this method is to allow callers to specify
* additional input parameters and options specific to revocation checking.
* See the class description for an example.
*
+ * @return a {@code CertPathChecker}
* @throws UnsupportedOperationException if the service provider does not
* support this method
* @since 1.8
diff --git a/src/share/classes/java/security/cert/CertPathValidator.java b/src/share/classes/java/security/cert/CertPathValidator.java
index 9d912ac..6720482 100644
--- a/src/share/classes/java/security/cert/CertPathValidator.java
+++ b/src/share/classes/java/security/cert/CertPathValidator.java
@@ -327,12 +327,14 @@
* Returns a {@code CertPathChecker} that the encapsulated
* {@code CertPathValidatorSpi} implementation uses to check the revocation
* status of certificates. A PKIX implementation returns objects of
- * type {@code PKIXRevocationChecker}.
+ * type {@code PKIXRevocationChecker}. Each invocation of this method
+ * returns a new instance of {@code CertPathChecker}.
*
* <p>The primary purpose of this method is to allow callers to specify
* additional input parameters and options specific to revocation checking.
* See the class description for an example.
*
+ * @return a {@code CertPathChecker}
* @throws UnsupportedOperationException if the service provider does not
* support this method
* @since 1.8
diff --git a/src/share/classes/java/security/cert/PKIXRevocationChecker.java b/src/share/classes/java/security/cert/PKIXRevocationChecker.java
index ba85686..2446c82 100644
--- a/src/share/classes/java/security/cert/PKIXRevocationChecker.java
+++ b/src/share/classes/java/security/cert/PKIXRevocationChecker.java
@@ -63,8 +63,8 @@
* and then the {@code PKIXParameters} is passed along with the {@code CertPath}
* to be validated to the {@link CertPathValidator#validate validate} method
* of a PKIX {@code CertPathValidator}. When supplying a revocation checker in
- * this manner, do not enable the default revocation checking mechanism (by
- * calling {@link PKIXParameters#setRevocationEnabled}.
+ * this manner, it will be used to check revocation irrespective of the setting
+ * of the {@link PKIXParameters#isRevocationEnabled RevocationEnabled} flag.
*
* <p>Note that when a {@code PKIXRevocationChecker} is added to
* {@code PKIXParameters}, it clones the {@code PKIXRevocationChecker};
@@ -88,7 +88,7 @@
private URI ocspResponder;
private X509Certificate ocspResponderCert;
private List<Extension> ocspExtensions = Collections.<Extension>emptyList();
- private Map<X509Certificate, byte[]> ocspStapled = Collections.emptyMap();
+ private Map<X509Certificate, byte[]> ocspResponses = Collections.emptyMap();
private Set<Option> options = Collections.emptySet();
protected PKIXRevocationChecker() {}
@@ -169,40 +169,40 @@
}
/**
- * Sets the stapled OCSP responses. These responses are used to determine
+ * Sets the OCSP responses. These responses are used to determine
* the revocation status of the specified certificates when OCSP is used.
*
- * @param responses a map of stapled OCSP responses. Each key is an
+ * @param responses a map of OCSP responses. Each key is an
* {@code X509Certificate} that maps to the corresponding
* DER-encoded OCSP response for that certificate. A deep copy of
* the map is performed to protect against subsequent modification.
*/
- public void setOCSPStapledResponses(Map<X509Certificate, byte[]> responses)
+ public void setOCSPResponses(Map<X509Certificate, byte[]> responses)
{
if (responses == null) {
- this.ocspStapled = Collections.<X509Certificate, byte[]>emptyMap();
+ this.ocspResponses = Collections.<X509Certificate, byte[]>emptyMap();
} else {
Map<X509Certificate, byte[]> copy = new HashMap<>(responses.size());
for (Map.Entry<X509Certificate, byte[]> e : responses.entrySet()) {
copy.put(e.getKey(), e.getValue().clone());
}
- this.ocspStapled = copy;
+ this.ocspResponses = copy;
}
}
/**
- * Gets the stapled OCSP responses. These responses are used to determine
+ * Gets the OCSP responses. These responses are used to determine
* the revocation status of the specified certificates when OCSP is used.
*
- * @return a map of stapled OCSP responses. Each key is an
+ * @return a map of OCSP responses. Each key is an
* {@code X509Certificate} that maps to the corresponding
* DER-encoded OCSP response for that certificate. A deep copy of
* the map is returned to protect against subsequent modification.
* Returns an empty map if no responses have been specified.
*/
- public Map<X509Certificate, byte[]> getOCSPStapledResponses() {
- Map<X509Certificate, byte[]> copy = new HashMap<>(ocspStapled.size());
- for (Map.Entry<X509Certificate, byte[]> e : ocspStapled.entrySet()) {
+ public Map<X509Certificate, byte[]> getOCSPResponses() {
+ Map<X509Certificate, byte[]> copy = new HashMap<>(ocspResponses.size());
+ for (Map.Entry<X509Certificate, byte[]> e : ocspResponses.entrySet()) {
copy.put(e.getKey(), e.getValue().clone());
}
return copy;
@@ -234,10 +234,10 @@
public Object clone() {
PKIXRevocationChecker copy = (PKIXRevocationChecker)super.clone();
copy.ocspExtensions = new ArrayList<>(ocspExtensions);
- copy.ocspStapled = new HashMap<>(ocspStapled);
- // deep-copy the encoded stapled responses, since they are mutable
+ copy.ocspResponses = new HashMap<>(ocspResponses);
+ // deep-copy the encoded responses, since they are mutable
for (Map.Entry<X509Certificate, byte[]> entry :
- copy.ocspStapled.entrySet())
+ copy.ocspResponses.entrySet())
{
byte[] encoded = entry.getValue();
entry.setValue(encoded.clone());
diff --git a/src/share/classes/javax/crypto/spec/PBEParameterSpec.java b/src/share/classes/javax/crypto/spec/PBEParameterSpec.java
index b33d5bd..8ea186e 100644
--- a/src/share/classes/javax/crypto/spec/PBEParameterSpec.java
+++ b/src/share/classes/javax/crypto/spec/PBEParameterSpec.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,7 @@
private byte[] salt;
private int iterationCount;
+ private AlgorithmParameterSpec paramSpec = null;
/**
* Constructs a parameter set for password-based encryption as defined in
@@ -57,6 +58,25 @@
}
/**
+ * Constructs a parameter set for password-based encryption as defined in
+ * the PKCS #5 standard.
+ *
+ * @param salt the salt. The contents of <code>salt</code> are copied
+ * to protect against subsequent modification.
+ * @param iterationCount the iteration count.
+ * @param paramSpec the cipher algorithm parameter specification.
+ * @exception NullPointerException if <code>salt</code> is null.
+ *
+ * @since 1.8
+ */
+ public PBEParameterSpec(byte[] salt, int iterationCount,
+ AlgorithmParameterSpec paramSpec) {
+ this.salt = salt.clone();
+ this.iterationCount = iterationCount;
+ this.paramSpec = paramSpec;
+ }
+
+ /**
* Returns the salt.
*
* @return the salt. Returns a new array
@@ -74,4 +94,15 @@
public int getIterationCount() {
return this.iterationCount;
}
+
+ /**
+ * Returns the cipher algorithm parameter specification.
+ *
+ * @return the parameter specification, or null if none was set.
+ *
+ * @since 1.8
+ */
+ public AlgorithmParameterSpec getParameterSpec() {
+ return this.paramSpec;
+ }
}
diff --git a/src/share/classes/javax/sql/rowset/serial/SerialArray.java b/src/share/classes/javax/sql/rowset/serial/SerialArray.java
index 6c9866d..8c07d2e 100644
--- a/src/share/classes/javax/sql/rowset/serial/SerialArray.java
+++ b/src/share/classes/javax/sql/rowset/serial/SerialArray.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,7 @@
import java.io.*;
import java.util.Map;
import java.net.URL;
-
+import java.util.Arrays;
/**
* A serialized version of an <code>Array</code>
@@ -525,6 +525,97 @@
}
/**
+ * Compares this SerialArray to the specified object. The result is {@code
+ * true} if and only if the argument is not {@code null} and is a {@code
+ * SerialArray} object whose elements are identical to this object's elements
+ *
+ * @param obj The object to compare this {@code SerialArray} against
+ *
+ * @return {@code true} if the given object represents a {@code SerialArray}
+ * equivalent to this SerialArray, {@code false} otherwise
+ *
+ */
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+
+ if (obj instanceof SerialArray) {
+ SerialArray sa = (SerialArray)obj;
+ return baseType == sa.baseType &&
+ baseTypeName.equals(sa.baseTypeName) &&
+ Arrays.equals(elements, sa.elements);
+ }
+ return false;
+ }
+
+ /**
+ * Returns a hash code for this SerialArray. The hash code for a
+ * {@code SerialArray} object is computed using the hash codes
+ * of the elements of the {@code SerialArray} object
+ *
+ * @return a hash code value for this object.
+ */
+ public int hashCode() {
+ return (((31 + Arrays.hashCode(elements)) * 31 + len) * 31 +
+ baseType) * 31 + baseTypeName.hashCode();
+ }
+
+ /**
+ * Returns a clone of this {@code SerialArray}. The copy will contain a
+ * reference to a clone of the underlying objects array, not a reference
+ * to the original underlying object array of this {@code SerialArray} object.
+ *
+ * @return a clone of this SerialArray
+ */
+ public Object clone() {
+ try {
+ SerialArray sa = (SerialArray) super.clone();
+ sa.elements = Arrays.copyOf(elements, len);
+ return sa;
+ } catch (CloneNotSupportedException ex) {
+ // this shouldn't happen, since we are Cloneable
+ throw new InternalError();
+ }
+
+ }
+
+ /**
+ * readObject is called to restore the state of the {@code SerialArray} from
+ * a stream.
+ */
+ private void readObject(ObjectInputStream s)
+ throws IOException, ClassNotFoundException {
+
+ ObjectInputStream.GetField fields = s.readFields();
+ Object[] tmp = (Object[])fields.get("elements", null);
+ if (tmp == null)
+ throw new InvalidObjectException("elements is null and should not be!");
+ elements = tmp.clone();
+ len = fields.get("len", 0);
+ if(elements.length != len)
+ throw new InvalidObjectException("elements is not the expected size");
+
+ baseType = fields.get("baseType", 0);
+ baseTypeName = (String)fields.get("baseTypeName", null);
+ }
+
+ /**
+ * writeObject is called to save the state of the {@code SerialArray}
+ * to a stream.
+ */
+ private void writeObject(ObjectOutputStream s)
+ throws IOException, ClassNotFoundException {
+
+ ObjectOutputStream.PutField fields = s.putFields();
+ fields.put("elements", elements);
+ fields.put("len", len);
+ fields.put("baseType", baseType);
+ fields.put("baseTypeName", baseTypeName);
+ s.writeFields();
+ }
+
+ /**
* The identifier that assists in the serialization of this <code>SerialArray</code>
* object.
*/
diff --git a/src/share/classes/javax/sql/rowset/serial/SerialDatalink.java b/src/share/classes/javax/sql/rowset/serial/SerialDatalink.java
index 6958cc8..8753617 100644
--- a/src/share/classes/javax/sql/rowset/serial/SerialDatalink.java
+++ b/src/share/classes/javax/sql/rowset/serial/SerialDatalink.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -100,10 +100,64 @@
return aURL;
}
+ /**
+ * Compares this {@code SerialDatalink} to the specified object.
+ * The result is {@code true} if and only if the argument is not
+ * {@code null} and is a {@code SerialDatalink} object whose URL is
+ * identical to this object's URL
+ *
+ * @param obj The object to compare this {@code SerialDatalink} against
+ *
+ * @return {@code true} if the given object represents a {@code SerialDatalink}
+ * equivalent to this SerialDatalink, {@code false} otherwise
+ *
+ */
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if (obj instanceof SerialDatalink) {
+ SerialDatalink sdl = (SerialDatalink) obj;
+ return url.equals(sdl.url);
+ }
+ return false;
+ }
/**
- * The identifier that assists in the serialization of this <code>SerialDatalink</code>
- * object.
+ * Returns a hash code for this {@code SerialDatalink}. The hash code for a
+ * {@code SerialDatalink} object is taken as the hash code of
+ * the {@code URL} it stores
+ *
+ * @return a hash code value for this object.
+ */
+ public int hashCode() {
+ return 31 + url.hashCode();
+ }
+
+ /**
+ * Returns a clone of this {@code SerialDatalink}.
+ *
+ * @return a clone of this SerialDatalink
+ */
+ public Object clone() {
+ try {
+ SerialDatalink sdl = (SerialDatalink) super.clone();
+ return sdl;
+ } catch (CloneNotSupportedException ex) {
+ // this shouldn't happen, since we are Cloneable
+ throw new InternalError();
+ }
+ }
+
+ /**
+ * readObject and writeObject are called to restore the state
+ * of the {@code SerialDatalink}
+ * from a stream. Note: we leverage the default Serialized form
+ */
+
+ /**
+ * The identifier that assists in the serialization of this
+ * {@code SerialDatalink} object.
*/
static final long serialVersionUID = 2826907821828733626L;
}
diff --git a/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java b/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java
index 4517ff3..ede4725 100644
--- a/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java
+++ b/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,8 @@
import java.io.*;
import java.lang.reflect.*;
+import java.util.Arrays;
+import java.util.Vector;
import javax.sql.rowset.RowSetWarning;
/**
@@ -49,7 +51,7 @@
/**
* Placeholder for object to be serialized.
*/
- private final Object obj;
+ private Object obj;
/**
@@ -82,18 +84,9 @@
// any of these are static, this should invalidate
// the action of attempting to persist these fields
// in a serialized form
-
- boolean anyStaticFields = false;
fields = c.getFields();
- for (int i = 0; i < fields.length; i++ ) {
- if ( fields[i].getModifiers() == Modifier.STATIC ) {
- anyStaticFields = true;
- }
- }
-
-
- if (anyStaticFields) {
+ if (hasStaticFields(fields)) {
throw new SerialException("Located static fields in " +
"object instance. Cannot serialize");
}
@@ -132,7 +125,7 @@
}
/**
- * The identifier that assists in the serialization of this
+ * The identifier that assists in the serialization of this
* <code>SerialJavaObject</code> object.
*/
static final long serialVersionUID = -1465795139032831023L;
@@ -142,15 +135,117 @@
* object. When there are multiple warnings, each warning is chained to the
* previous warning.
*/
- java.util.Vector<RowSetWarning> chain;
+ Vector<RowSetWarning> chain;
+
+ /**
+ * Compares this SerialJavaObject to the specified object.
+ * The result is {@code true} if and only if the argument
+ * is not {@code null} and is a {@code SerialJavaObject}
+ * object that is identical to this object
+ *
+ * @param o The object to compare this {@code SerialJavaObject} against
+ *
+ * @return {@code true} if the given object represents a {@code SerialJavaObject}
+ * equivalent to this SerialJavaObject, {@code false} otherwise
+ *
+ */
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o instanceof SerialJavaObject) {
+ SerialJavaObject sjo = (SerialJavaObject) o;
+ return obj.equals(sjo.obj);
+ }
+ return false;
+ }
+
+ /**
+ * Returns a hash code for this SerialJavaObject. The hash code for a
+ * {@code SerialJavaObject} object is taken as the hash code of
+ * the {@code Object} it stores
+ *
+ * @return a hash code value for this object.
+ */
+ public int hashCode() {
+ return 31 + obj.hashCode();
+ }
+
+ /**
+ * Returns a clone of this {@code SerialJavaObject}.
+ *
+ * @return a clone of this SerialJavaObject
+ */
+
+ public Object clone() {
+ try {
+ SerialJavaObject sjo = (SerialJavaObject) super.clone();
+ sjo.fields = Arrays.copyOf(fields, fields.length);
+ if (chain != null)
+ sjo.chain = new Vector<>(chain);
+ return sjo;
+ } catch (CloneNotSupportedException ex) {
+ // this shouldn't happen, since we are Cloneable
+ throw new InternalError();
+ }
+ }
/**
* Registers the given warning.
*/
private void setWarning(RowSetWarning e) {
if (chain == null) {
- chain = new java.util.Vector<>();
+ chain = new Vector<>();
}
chain.add(e);
}
+
+ /**
+ * readObject is called to restore the state of the {@code SerialJavaObject}
+ * from a stream.
+ */
+ private void readObject(ObjectInputStream s)
+ throws IOException, ClassNotFoundException {
+
+ ObjectInputStream.GetField fields1 = s.readFields();
+ @SuppressWarnings("unchecked")
+ Vector<RowSetWarning> tmp = (Vector<RowSetWarning>)fields1.get("chain", null);
+ if (tmp != null)
+ chain = new Vector<>(tmp);
+
+ obj = fields1.get("obj", null);
+ if (obj != null) {
+ fields = obj.getClass().getFields();
+ if(hasStaticFields(fields))
+ throw new IOException("Located static fields in " +
+ "object instance. Cannot serialize");
+ } else {
+ throw new IOException("Object cannot be null!");
+ }
+
+ }
+
+ /**
+ * writeObject is called to save the state of the {@code SerialJavaObject}
+ * to a stream.
+ */
+ private void writeObject(ObjectOutputStream s)
+ throws IOException {
+ ObjectOutputStream.PutField fields = s.putFields();
+ fields.put("obj", obj);
+ fields.put("chain", chain);
+ s.writeFields();
+ }
+
+ /*
+ * Check to see if there are any Static Fields in this object
+ */
+ private static boolean hasStaticFields(Field[] fields) {
+ for (Field field : fields) {
+ if ( field.getModifiers() == Modifier.STATIC) {
+ return true;
+ }
+ }
+ return false;
+ }
}
diff --git a/src/share/classes/javax/sql/rowset/serial/SerialRef.java b/src/share/classes/javax/sql/rowset/serial/SerialRef.java
index 1fc5e93..3d74592 100644
--- a/src/share/classes/javax/sql/rowset/serial/SerialRef.java
+++ b/src/share/classes/javax/sql/rowset/serial/SerialRef.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -163,7 +163,85 @@
}
/**
- * The identifier that assists in the serialization of this <code>SerialRef</code>
+ * Compares this SerialRef to the specified object. The result is {@code
+ * true} if and only if the argument is not {@code null} and is a {@code
+ * SerialRef} object that represents the same object as this
+ * object.
+ *
+ * @param obj The object to compare this {@code SerialRef} against
+ *
+ * @return {@code true} if the given object represents a {@code SerialRef}
+ * equivalent to this SerialRef, {@code false} otherwise
+ *
+ */
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if(obj instanceof SerialRef) {
+ SerialRef ref = (SerialRef)obj;
+ return baseTypeName.equals(ref.baseTypeName) &&
+ object.equals(ref.object);
+ }
+ return false;
+ }
+
+ /**
+ * Returns a hash code for this {@code SerialRef}.
+ * @return a hash code value for this object.
+ */
+ public int hashCode() {
+ return (31 + object.hashCode()) * 31 + baseTypeName.hashCode();
+ }
+
+ /**
+ * Returns a clone of this {@code SerialRef}. .
+ * The underlying {@code Ref} object will be set to null.
+ *
+ * @return a clone of this SerialRef
+ */
+ public Object clone() {
+ try {
+ SerialRef ref = (SerialRef) super.clone();
+ ref.reference = null;
+ return ref;
+ } catch (CloneNotSupportedException ex) {
+ // this shouldn't happen, since we are Cloneable
+ throw new InternalError();
+ }
+
+ }
+
+ /**
+ * readObject is called to restore the state of the SerialRef from
+ * a stream.
+ */
+ private void readObject(ObjectInputStream s)
+ throws IOException, ClassNotFoundException {
+ ObjectInputStream.GetField fields = s.readFields();
+ object = fields.get("object", null);
+ baseTypeName = (String) fields.get("baseTypeName", null);
+ reference = (Ref) fields.get("reference", null);
+ }
+
+ /**
+ * writeObject is called to save the state of the SerialRef
+ * to a stream.
+ */
+ private void writeObject(ObjectOutputStream s)
+ throws IOException, ClassNotFoundException {
+
+ ObjectOutputStream.PutField fields = s.putFields();
+ fields.put("baseTypeName", baseTypeName);
+ fields.put("object", object);
+ // Note: this check to see if it is an instance of Serializable
+ // is for backwards compatibiity
+ fields.put("reference", reference instanceof Serializable ? reference : null);
+ s.writeFields();
+ }
+
+ /**
+ * The identifier that assists in the serialization of this <code>SerialRef</code>
* object.
*/
static final long serialVersionUID = -4727123500609662274L;
diff --git a/src/share/classes/javax/sql/rowset/serial/SerialStruct.java b/src/share/classes/javax/sql/rowset/serial/SerialStruct.java
index 74d54bb..c48b0c7 100644
--- a/src/share/classes/javax/sql/rowset/serial/SerialStruct.java
+++ b/src/share/classes/javax/sql/rowset/serial/SerialStruct.java
@@ -250,6 +250,88 @@
}
/**
+ * Compares this SerialStruct to the specified object. The result is
+ * {@code true} if and only if the argument is not {@code null} and is a
+ * {@code SerialStruct} object whose attributes are identical to this
+ * object's attributes
+ *
+ * @param obj The object to compare this {@code SerialStruct} against
+ *
+ * @return {@code true} if the given object represents a {@code SerialStruct}
+ * equivalent to this SerialStruct, {@code false} otherwise
+ *
+ */
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if (obj instanceof SerialStruct) {
+ SerialStruct ss = (SerialStruct)obj;
+ return SQLTypeName.equals(ss.SQLTypeName) &&
+ Arrays.equals(attribs, ss.attribs);
+ }
+ return false;
+ }
+
+ /**
+ * Returns a hash code for this {@code SerialStruct}. The hash code for a
+ * {@code SerialStruct} object is computed using the hash codes
+ * of the attributes of the {@code SerialStruct} object and its
+ * {@code SQLTypeName}
+ *
+ * @return a hash code value for this object.
+ */
+ public int hashCode() {
+ return ((31 + Arrays.hashCode(attribs)) * 31) * 31
+ + SQLTypeName.hashCode();
+ }
+
+ /**
+ * Returns a clone of this {@code SerialStruct}. The copy will contain a
+ * reference to a clone of the underlying attribs array, not a reference
+ * to the original underlying attribs array of this {@code SerialStruct} object.
+ *
+ * @return a clone of this SerialStruct
+ */
+ public Object clone() {
+ try {
+ SerialStruct ss = (SerialStruct) super.clone();
+ ss.attribs = Arrays.copyOf(attribs, attribs.length);
+ return ss;
+ } catch (CloneNotSupportedException ex) {
+ // this shouldn't happen, since we are Cloneable
+ throw new InternalError();
+ }
+
+ }
+
+ /**
+ * readObject is called to restore the state of the {@code SerialStruct} from
+ * a stream.
+ */
+ private void readObject(ObjectInputStream s)
+ throws IOException, ClassNotFoundException {
+
+ ObjectInputStream.GetField fields = s.readFields();
+ Object[] tmp = (Object[])fields.get("attribs", null);
+ attribs = tmp == null ? null : tmp.clone();
+ SQLTypeName = (String)fields.get("SQLTypeName", null);
+ }
+
+ /**
+ * writeObject is called to save the state of the {@code SerialStruct}
+ * to a stream.
+ */
+ private void writeObject(ObjectOutputStream s)
+ throws IOException, ClassNotFoundException {
+
+ ObjectOutputStream.PutField fields = s.putFields();
+ fields.put("attribs", attribs);
+ fields.put("SQLTypeName", SQLTypeName);
+ s.writeFields();
+ }
+
+ /**
* The identifier that assists in the serialization of this
* <code>SerialStruct</code> object.
*/
diff --git a/src/share/classes/sun/nio/ch/FileChannelImpl.java b/src/share/classes/sun/nio/ch/FileChannelImpl.java
index 32381a5..a9b9791 100644
--- a/src/share/classes/sun/nio/ch/FileChannelImpl.java
+++ b/src/share/classes/sun/nio/ch/FileChannelImpl.java
@@ -302,12 +302,10 @@
}
}
- public FileChannel truncate(long size) throws IOException {
+ public FileChannel truncate(long newSize) throws IOException {
ensureOpen();
- if (size < 0)
- throw new IllegalArgumentException();
- if (size > size())
- return this;
+ if (newSize < 0)
+ throw new IllegalArgumentException("Negative size");
if (!writable)
throw new NonWritableChannelException();
synchronized (positionLock) {
@@ -320,6 +318,14 @@
if (!isOpen())
return null;
+ // get current size
+ long size;
+ do {
+ size = nd.size(fd);
+ } while ((size == IOStatus.INTERRUPTED) && isOpen());
+ if (!isOpen())
+ return null;
+
// get current position
do {
p = position0(fd, -1);
@@ -328,16 +334,18 @@
return null;
assert p >= 0;
- // truncate file
- do {
- rv = nd.truncate(fd, size);
- } while ((rv == IOStatus.INTERRUPTED) && isOpen());
- if (!isOpen())
- return null;
+ // truncate file if given size is less than the current size
+ if (newSize < size) {
+ do {
+ rv = nd.truncate(fd, newSize);
+ } while ((rv == IOStatus.INTERRUPTED) && isOpen());
+ if (!isOpen())
+ return null;
+ }
- // set position to size if greater than size
- if (p > size)
- p = size;
+ // if position is beyond new size then adjust it
+ if (p > newSize)
+ p = newSize;
do {
rv = (int)position0(fd, p);
} while ((rv == IOStatus.INTERRUPTED) && isOpen());
@@ -779,6 +787,8 @@
throws IOException
{
ensureOpen();
+ if (mode == null)
+ throw new NullPointerException("Mode is null");
if (position < 0L)
throw new IllegalArgumentException("Negative position");
if (size < 0L)
@@ -787,6 +797,7 @@
throw new IllegalArgumentException("Position + size overflow");
if (size > Integer.MAX_VALUE)
throw new IllegalArgumentException("Size exceeds Integer.MAX_VALUE");
+
int imode = -1;
if (mode == MapMode.READ_ONLY)
imode = MAP_RO;
diff --git a/src/share/classes/sun/security/jgss/GSSCaller.java b/src/share/classes/sun/security/jgss/GSSCaller.java
index bc6eaa2..278e7b9 100644
--- a/src/share/classes/sun/security/jgss/GSSCaller.java
+++ b/src/share/classes/sun/security/jgss/GSSCaller.java
@@ -31,10 +31,19 @@
* different callers.
*/
public class GSSCaller {
- public static final GSSCaller CALLER_UNKNOWN = new GSSCaller();
- public static final GSSCaller CALLER_INITIATE = new GSSCaller();
- public static final GSSCaller CALLER_ACCEPT = new GSSCaller();
- public static final GSSCaller CALLER_SSL_CLIENT = new GSSCaller();
- public static final GSSCaller CALLER_SSL_SERVER = new GSSCaller();
+ public static final GSSCaller CALLER_UNKNOWN = new GSSCaller("UNKNOWN");
+ public static final GSSCaller CALLER_INITIATE = new GSSCaller("INITIATE");
+ public static final GSSCaller CALLER_ACCEPT = new GSSCaller("ACCEPT");
+ public static final GSSCaller CALLER_SSL_CLIENT = new GSSCaller("SSL_CLIENT");
+ public static final GSSCaller CALLER_SSL_SERVER = new GSSCaller("SSL_SERVER");
+
+ private String name;
+ GSSCaller(String s) {
+ name = s;
+ }
+ @Override
+ public String toString() {
+ return "GSSCaller{" + name + '}';
+ }
}
diff --git a/src/share/classes/sun/security/jgss/GSSCredentialImpl.java b/src/share/classes/sun/security/jgss/GSSCredentialImpl.java
index 36037e1..6330f71 100644
--- a/src/share/classes/sun/security/jgss/GSSCredentialImpl.java
+++ b/src/share/classes/sun/security/jgss/GSSCredentialImpl.java
@@ -28,8 +28,9 @@
import org.ietf.jgss.*;
import sun.security.jgss.spi.*;
import java.util.*;
+import com.sun.security.jgss.*;
-public class GSSCredentialImpl implements GSSCredential {
+public class GSSCredentialImpl implements ExtendedGSSCredential {
private GSSManagerImpl gssManager = null;
private boolean destroyed = false;
@@ -122,6 +123,19 @@
}
}
+ public GSSCredential impersonate(GSSName name) throws GSSException {
+ if (destroyed) {
+ throw new IllegalStateException("This credential is " +
+ "no longer valid");
+ }
+ Oid mech = tempCred.getMechanism();
+ GSSNameSpi nameElement = (name == null ? null :
+ ((GSSNameImpl)name).getElement(mech));
+ GSSCredentialSpi cred = tempCred.impersonate(nameElement);
+ return (cred == null ?
+ null : new GSSCredentialImpl(gssManager, cred));
+ }
+
public GSSName getName() throws GSSException {
if (destroyed) {
throw new IllegalStateException("This credential is " +
diff --git a/src/share/classes/sun/security/jgss/HttpCaller.java b/src/share/classes/sun/security/jgss/HttpCaller.java
index ae56b27..b4f3e01 100644
--- a/src/share/classes/sun/security/jgss/HttpCaller.java
+++ b/src/share/classes/sun/security/jgss/HttpCaller.java
@@ -35,6 +35,7 @@
final private HttpCallerInfo hci;
public HttpCaller(HttpCallerInfo hci) {
+ super("HTTP_CLIENT");
this.hci = hci;
}
diff --git a/src/share/classes/sun/security/jgss/krb5/Krb5AcceptCredential.java b/src/share/classes/sun/security/jgss/krb5/Krb5AcceptCredential.java
index 1df500b..0f65137 100644
--- a/src/share/classes/sun/security/jgss/krb5/Krb5AcceptCredential.java
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5AcceptCredential.java
@@ -25,6 +25,7 @@
package sun.security.jgss.krb5;
+import java.io.IOException;
import org.ietf.jgss.*;
import sun.security.jgss.GSSCaller;
import sun.security.jgss.spi.*;
@@ -177,4 +178,21 @@
public void destroy() throws DestroyFailedException {
screds.destroy();
}
+
+ /**
+ * Impersonation is only available on the initiator side. The
+ * service must starts as an initiator to get an initial TGT to complete
+ * the S4U2self protocol.
+ */
+ @Override
+ public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+ Credentials cred = screds.getInitCred();
+ if (cred != null) {
+ return Krb5InitCredential.getInstance(this.name, cred)
+ .impersonate(name);
+ } else {
+ throw new GSSException(GSSException.FAILURE, -1,
+ "Only an initiate credentials can impersonate");
+ }
+ }
}
diff --git a/src/share/classes/sun/security/jgss/krb5/Krb5Context.java b/src/share/classes/sun/security/jgss/krb5/Krb5Context.java
index 37c7b98..be80740 100644
--- a/src/share/classes/sun/security/jgss/krb5/Krb5Context.java
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5Context.java
@@ -45,6 +45,7 @@
import javax.crypto.Cipher;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.*;
+import sun.security.krb5.internal.Ticket;
/**
* Implements the mechanism specific context class for the Kerberos v5
@@ -76,7 +77,7 @@
* values.
*/
- private boolean credDelegState = false;
+ private boolean credDelegState = false; // now only useful at client
private boolean mutualAuthState = true;
private boolean replayDetState = true;
private boolean sequenceDetState = true;
@@ -84,6 +85,8 @@
private boolean integState = true;
private boolean delegPolicyState = false;
+ private boolean isConstrainedDelegationTried = false;
+
private int mySeqNumber;
private int peerSeqNumber;
private int keySrc;
@@ -113,13 +116,11 @@
private Krb5CredElement myCred;
private Krb5CredElement delegatedCred; // Set only on acceptor side
- /* DESCipher instance used by the corresponding GSSContext */
- private Cipher desCipher = null;
-
// XXX See if the required info from these can be extracted and
// stored elsewhere
private Credentials serviceCreds;
private KrbApReq apReq;
+ Ticket serviceTicket;
final private GSSCaller caller;
private static final boolean DEBUG = Krb5Util.DEBUG;
@@ -248,7 +249,14 @@
* Is credential delegation enabled?
*/
public final boolean getCredDelegState() {
- return credDelegState;
+ if (isInitiator()) {
+ return credDelegState;
+ } else {
+ // Server side deleg state is not flagged by credDelegState.
+ // It can use constrained delegation.
+ tryConstrainedDelegation();
+ return delegatedCred != null;
+ }
}
/**
@@ -498,7 +506,8 @@
* Returns the delegated credential for the context. This
* is an optional feature of contexts which not all
* mechanisms will support. A context can be requested to
- * support credential delegation by using the <b>CRED_DELEG</b>.
+ * support credential delegation by using the <b>CRED_DELEG</b>,
+ * or it can request for a constrained delegation.
* This is only valid on the acceptor side of the context.
* @return GSSCredentialSpi object for the delegated credential
* @exception GSSException
@@ -507,11 +516,41 @@
public final GSSCredentialSpi getDelegCred() throws GSSException {
if (state != STATE_IN_PROCESS && state != STATE_DONE)
throw new GSSException(GSSException.NO_CONTEXT);
- if (delegatedCred == null)
+ if (isInitiator()) {
throw new GSSException(GSSException.NO_CRED);
+ }
+ tryConstrainedDelegation();
+ if (delegatedCred == null) {
+ throw new GSSException(GSSException.NO_CRED);
+ }
return delegatedCred;
}
+ private void tryConstrainedDelegation() {
+ if (state != STATE_IN_PROCESS && state != STATE_DONE) {
+ return;
+ }
+ // We will only try constrained delegation once (if necessary).
+ if (!isConstrainedDelegationTried) {
+ if (delegatedCred == null) {
+ if (DEBUG) {
+ System.out.println(">>> Constrained deleg from " + caller);
+ }
+ // The constrained delegation part. The acceptor needs to have
+ // isInitiator=true in order to get a TGT, either earlier at
+ // logon stage, if useSubjectCredsOnly, or now.
+ try {
+ delegatedCred = new Krb5ProxyCredential(
+ Krb5InitCredential.getInstance(
+ GSSCaller.CALLER_ACCEPT, myName, lifetime),
+ peerName, serviceTicket);
+ } catch (GSSException gsse) {
+ // OK, delegatedCred is null then
+ }
+ }
+ isConstrainedDelegationTried = true;
+ }
+ }
/**
* Tests if this is the initiator side of the context.
*
@@ -577,8 +616,15 @@
"No TGT available");
}
myName = (Krb5NameElement) myCred.getName();
- Credentials tgt =
- ((Krb5InitCredential) myCred).getKrb5Credentials();
+ Credentials tgt;
+ final Krb5ProxyCredential second;
+ if (myCred instanceof Krb5InitCredential) {
+ second = null;
+ tgt = ((Krb5InitCredential) myCred).getKrb5Credentials();
+ } else {
+ second = (Krb5ProxyCredential) myCred;
+ tgt = second.self.getKrb5Credentials();
+ }
checkPermission(peerName.getKrb5PrincipalName().getName(),
"initiate");
@@ -607,7 +653,9 @@
GSSCaller.CALLER_UNKNOWN,
// since it's useSubjectCredsOnly here,
// don't worry about the null
- myName.getKrb5PrincipalName().getName(),
+ second == null ?
+ myName.getKrb5PrincipalName().getName():
+ second.getName().getKrb5PrincipalName().getName(),
peerName.getKrb5PrincipalName().getName(),
acc);
}});
@@ -638,9 +686,17 @@
"the subject");
}
// Get Service ticket using the Kerberos protocols
- serviceCreds = Credentials.acquireServiceCreds(
+ if (second == null) {
+ serviceCreds = Credentials.acquireServiceCreds(
peerName.getKrb5PrincipalName().getName(),
tgt);
+ } else {
+ serviceCreds = Credentials.acquireS4U2proxyCreds(
+ peerName.getKrb5PrincipalName().getName(),
+ second.tkt,
+ second.getName().getKrb5PrincipalName(),
+ tgt);
+ }
if (GSSUtil.useSubjectCredsOnly(caller)) {
final Subject subject =
AccessController.doPrivileged(
@@ -776,6 +832,7 @@
retVal = new AcceptSecContextToken(this,
token.getKrbApReq()).encode();
}
+ serviceTicket = token.getKrbApReq().getCreds().getTicket();
myCred = null;
state = STATE_DONE;
} else {
@@ -802,8 +859,6 @@
return retVal;
}
-
-
/**
* Queries the context for largest data size to accomodate
* the specified protection and be <= maxTokSize.
diff --git a/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java b/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java
index 1932a95..fa9a95a 100644
--- a/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5InitCredential.java
@@ -309,8 +309,7 @@
int initLifetime)
throws GSSException {
- String realm = null;
- final String clientPrincipal, tgsPrincipal = null;
+ final String clientPrincipal;
/*
* Find the TGT for the realm that the client is in. If the client
@@ -318,20 +317,8 @@
*/
if (name != null) {
clientPrincipal = (name.getKrb5PrincipalName()).getName();
- realm = (name.getKrb5PrincipalName()).getRealmAsString();
} else {
clientPrincipal = null;
- try {
- Config config = Config.getInstance();
- realm = config.getDefaultRealm();
- } catch (KrbException e) {
- GSSException ge =
- new GSSException(GSSException.NO_CRED, -1,
- "Attempt to obtain INITIATE credentials failed!" +
- " (" + e.getMessage() + ")");
- ge.initCause(e);
- throw ge;
- }
}
final AccessControlContext acc = AccessController.getContext();
@@ -343,9 +330,11 @@
return AccessController.doPrivileged(
new PrivilegedExceptionAction<KerberosTicket>() {
public KerberosTicket run() throws Exception {
+ // It's OK to use null as serverPrincipal. TGT is almost
+ // the first ticket for a principal and we use list.
return Krb5Util.getTicket(
realCaller,
- clientPrincipal, tgsPrincipal, acc);
+ clientPrincipal, null, acc);
}});
} catch (PrivilegedActionException e) {
GSSException ge =
@@ -356,4 +345,20 @@
throw ge;
}
}
+
+ @Override
+ public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+ try {
+ Krb5NameElement kname = (Krb5NameElement)name;
+ Credentials newCred = Credentials.acquireS4U2selfCreds(
+ kname.getKrb5PrincipalName(), krb5Credentials);
+ return new Krb5ProxyCredential(this, kname, newCred.getTicket());
+ } catch (IOException | KrbException ke) {
+ GSSException ge =
+ new GSSException(GSSException.FAILURE, -1,
+ "Attempt to obtain S4U2self credentials failed!");
+ ge.initCause(ke);
+ throw ge;
+ }
+ }
}
diff --git a/src/share/classes/sun/security/jgss/krb5/Krb5ProxyCredential.java b/src/share/classes/sun/security/jgss/krb5/Krb5ProxyCredential.java
new file mode 100644
index 0000000..4c5690b
--- /dev/null
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5ProxyCredential.java
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.jgss.krb5;
+
+import org.ietf.jgss.*;
+import sun.security.jgss.spi.*;
+import java.util.Date;
+import sun.security.krb5.internal.Ticket;
+
+/**
+ * Implements the krb5 proxy credential element used in constrained
+ * delegation. It is used in both impersonation (where there is no Kerberos 5
+ * communication between the middle server and the client) and normal
+ * constrained delegation (where there is, but client has not called
+ * requestCredDeleg(true)).
+ * @since 1.8
+ */
+
+public class Krb5ProxyCredential
+ implements Krb5CredElement {
+
+ public final Krb5InitCredential self; // the middle server
+ private final Krb5NameElement client; // the client
+
+ // The ticket with cname=client and sname=self. This can be a normal
+ // service ticket or an S4U2self ticket.
+ public final Ticket tkt;
+
+ Krb5ProxyCredential(Krb5InitCredential self, Krb5NameElement client,
+ Ticket tkt) {
+ this.self = self;
+ this.tkt = tkt;
+ this.client = client;
+ }
+
+ // The client name behind the proxy
+ @Override
+ public final Krb5NameElement getName() throws GSSException {
+ return client;
+ }
+
+ @Override
+ public int getInitLifetime() throws GSSException {
+ // endTime of tkt is not used by KDC, and it's also not
+ // available in the case of kerberos constr deleg
+ return self.getInitLifetime();
+ }
+
+ @Override
+ public int getAcceptLifetime() throws GSSException {
+ return 0;
+ }
+
+ @Override
+ public boolean isInitiatorCredential() throws GSSException {
+ return true;
+ }
+
+ @Override
+ public boolean isAcceptorCredential() throws GSSException {
+ return false;
+ }
+
+ @Override
+ public final Oid getMechanism() {
+ return Krb5MechFactory.GSS_KRB5_MECH_OID;
+ }
+
+ @Override
+ public final java.security.Provider getProvider() {
+ return Krb5MechFactory.PROVIDER;
+ }
+
+ @Override
+ public void dispose() throws GSSException {
+ try {
+ self.destroy();
+ } catch (javax.security.auth.DestroyFailedException e) {
+ GSSException gssException =
+ new GSSException(GSSException.FAILURE, -1,
+ "Could not destroy credentials - " + e.getMessage());
+ gssException.initCause(e);
+ }
+ }
+
+ @Override
+ public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+ // Cannot impersonate multiple levels without the impersonatee's TGT.
+ throw new GSSException(GSSException.FAILURE, -1,
+ "Only an initiate credentials can impersonate");
+ }
+}
diff --git a/src/share/classes/sun/security/jgss/krb5/Krb5Util.java b/src/share/classes/sun/security/jgss/krb5/Krb5Util.java
index 28df952..97f1a12 100644
--- a/src/share/classes/sun/security/jgss/krb5/Krb5Util.java
+++ b/src/share/classes/sun/security/jgss/krb5/Krb5Util.java
@@ -206,7 +206,7 @@
* identity, which can be:
* 1. Some KerberosKeys (generated from password)
* 2. A KeyTab (for a typical service)
- * 3. A TGT (for a user2user service. Not supported yet)
+ * 3. A TGT (for S4U2proxy extension)
*
* Note that some creds can coexist. For example, a user2user service
* can use its keytab (or keys) if the client can successfully obtain a
@@ -219,7 +219,7 @@
private List<KeyTab> ktabs;
private List<KerberosKey> kk;
private Subject subj;
- //private KerberosTicket tgt; // user2user, not supported yet
+ private KerberosTicket tgt;
private static ServiceCreds getInstance(
Subject subj, String serverPrincipal) {
@@ -255,6 +255,8 @@
subj, null, null, KeyTab.class);
sc.kk = SubjectComber.findMany(
subj, serverPrincipal, null, KerberosKey.class);
+ sc.tgt = SubjectComber.find(subj, null, null, KerberosTicket.class);
+
if (sc.ktabs.isEmpty() && sc.kk.isEmpty()) {
return null;
}
@@ -310,10 +312,22 @@
return ekeys;
}
+ public Credentials getInitCred() {
+ if (tgt == null) {
+ return null;
+ }
+ try {
+ return ticketToCreds(tgt);
+ } catch (KrbException | IOException e) {
+ return null;
+ }
+ }
+
public void destroy() {
kp = null;
ktabs = null;
kk = null;
+ tgt = null;
}
}
/**
@@ -357,7 +371,7 @@
};
public static Credentials ticketToCreds(KerberosTicket kerbTicket)
- throws KrbException, IOException {
+ throws KrbException, IOException {
return new Credentials(
kerbTicket.getEncoded(),
kerbTicket.getClient().getName(),
diff --git a/src/share/classes/sun/security/jgss/spi/GSSCredentialSpi.java b/src/share/classes/sun/security/jgss/spi/GSSCredentialSpi.java
index 0c7e628..bab8a5d 100644
--- a/src/share/classes/sun/security/jgss/spi/GSSCredentialSpi.java
+++ b/src/share/classes/sun/security/jgss/spi/GSSCredentialSpi.java
@@ -96,4 +96,13 @@
* @exception GSSException may be thrown
*/
public Oid getMechanism();
+
+ /**
+ * Impersonates another client.
+ *
+ * @param name the client to impersonate
+ * @return the new credential
+ * @exception GSSException may be thrown
+ */
+ public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException;
}
diff --git a/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java b/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java
index 849737a..d6bc6d9 100644
--- a/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java
+++ b/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java
@@ -1059,6 +1059,9 @@
if (mechContext != null) {
GSSCredentialImpl delegCred =
(GSSCredentialImpl)mechContext.getDelegCred();
+ if (delegCred == null) {
+ return null;
+ }
// determine delegated cred element usage
boolean initiate = false;
if (delegCred.getUsage() == GSSCredential.INITIATE_ONLY) {
diff --git a/src/share/classes/sun/security/jgss/spnego/SpNegoCredElement.java b/src/share/classes/sun/security/jgss/spnego/SpNegoCredElement.java
index ae99900..69116f5 100644
--- a/src/share/classes/sun/security/jgss/spnego/SpNegoCredElement.java
+++ b/src/share/classes/sun/security/jgss/spnego/SpNegoCredElement.java
@@ -88,4 +88,9 @@
public Oid getMechanism() {
return GSSUtil.GSS_SPNEGO_MECH_OID;
}
+
+ @Override
+ public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+ return cred.impersonate(name);
+ }
}
diff --git a/src/share/classes/sun/security/jgss/wrapper/GSSCredElement.java b/src/share/classes/sun/security/jgss/wrapper/GSSCredElement.java
index 275ef58..e38c4c6 100644
--- a/src/share/classes/sun/security/jgss/wrapper/GSSCredElement.java
+++ b/src/share/classes/sun/security/jgss/wrapper/GSSCredElement.java
@@ -28,6 +28,7 @@
import java.security.Provider;
import sun.security.jgss.GSSUtil;
import sun.security.jgss.spi.GSSCredentialSpi;
+import sun.security.jgss.spi.GSSNameSpi;
/**
* This class is essentially a wrapper class for the gss_cred_id_t
@@ -132,4 +133,10 @@
protected void finalize() throws Throwable {
dispose();
}
+
+ @Override
+ public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
+ throw new GSSException(GSSException.FAILURE, -1,
+ "Not supported yet");
+ }
}
diff --git a/src/share/classes/sun/security/krb5/Credentials.java b/src/share/classes/sun/security/krb5/Credentials.java
index bdb8f7c..bf4d57b 100644
--- a/src/share/classes/sun/security/krb5/Credentials.java
+++ b/src/share/classes/sun/security/krb5/Credentials.java
@@ -449,6 +449,18 @@
return CredentialsUtil.acquireServiceCreds(service, ccreds);
}
+ public static Credentials acquireS4U2selfCreds(PrincipalName user,
+ Credentials ccreds) throws KrbException, IOException {
+ return CredentialsUtil.acquireS4U2selfCreds(user, ccreds);
+ }
+
+ public static Credentials acquireS4U2proxyCreds(String service,
+ Ticket second, PrincipalName client, Credentials ccreds)
+ throws KrbException, IOException {
+ return CredentialsUtil.acquireS4U2proxyCreds(
+ service, second, client, ccreds);
+ }
+
public CredentialsCache getCache() {
return cache;
}
@@ -490,18 +502,19 @@
public String toString() {
StringBuffer buffer = new StringBuffer("Credentials:");
- buffer.append("\nclient=").append(client);
- buffer.append("\nserver=").append(server);
+ buffer.append( "\n client=").append(client);
+ buffer.append( "\n server=").append(server);
if (authTime != null) {
- buffer.append("\nauthTime=").append(authTime);
+ buffer.append("\n authTime=").append(authTime);
}
if (startTime != null) {
- buffer.append("\nstartTime=").append(startTime);
+ buffer.append("\n startTime=").append(startTime);
}
- buffer.append("\nendTime=").append(endTime);
- buffer.append("\nrenewTill=").append(renewTill);
- buffer.append("\nflags: ").append(flags);
- buffer.append("\nEType (int): ").append(key.getEType());
+ buffer.append( "\n endTime=").append(endTime);
+ buffer.append( "\n renewTill=").append(renewTill);
+ buffer.append( "\n flags=").append(flags);
+ buffer.append( "\nEType (skey)=").append(key.getEType());
+ buffer.append( "\n (tkt key)=").append(ticket.encPart.eType);
return buffer.toString();
}
diff --git a/src/share/classes/sun/security/krb5/EncryptedData.java b/src/share/classes/sun/security/krb5/EncryptedData.java
index f990768..0849f91 100644
--- a/src/share/classes/sun/security/krb5/EncryptedData.java
+++ b/src/share/classes/sun/security/krb5/EncryptedData.java
@@ -160,8 +160,6 @@
kvno = key.getKeyVersionNumber();
}
*/
-
- // currently destructive on cipher
public byte[] decrypt(
EncryptionKey key, int usage)
throws KdcErrException, KrbApErrException, KrbCryptoException {
@@ -175,7 +173,9 @@
EType etypeEngine = EType.getInstance(eType);
plain = etypeEngine.decrypt(cipher, key.getBytes(), usage);
- cipher = null;
+ // The service ticket will be used in S4U2proxy request. Therefore
+ // the raw ticket is still needed.
+ //cipher = null;
return etypeEngine.decryptedData(plain);
}
diff --git a/src/share/classes/sun/security/krb5/KrbApReq.java b/src/share/classes/sun/security/krb5/KrbApReq.java
index 3120490..f4e52d3 100644
--- a/src/share/classes/sun/security/krb5/KrbApReq.java
+++ b/src/share/classes/sun/security/krb5/KrbApReq.java
@@ -287,8 +287,9 @@
cusec = authenticator.cusec;
authenticator.ctime.setMicroSeconds(authenticator.cusec);
- if (!authenticator.cname.equals(enc_ticketPart.cname))
+ if (!authenticator.cname.equals(enc_ticketPart.cname)) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);
+ }
KerberosTime currTime = new KerberosTime(KerberosTime.NOW);
if (!authenticator.ctime.inClockSkew(currTime))
diff --git a/src/share/classes/sun/security/krb5/KrbKdcRep.java b/src/share/classes/sun/security/krb5/KrbKdcRep.java
index 1100aad..dd0e951 100644
--- a/src/share/classes/sun/security/krb5/KrbKdcRep.java
+++ b/src/share/classes/sun/security/krb5/KrbKdcRep.java
@@ -64,7 +64,12 @@
for (int i = 1; i < 6; i++) {
if (req.reqBody.kdcOptions.get(i) !=
- rep.encKDCRepPart.flags.get(i)) {
+ rep.encKDCRepPart.flags.get(i)) {
+ if (Krb5.DEBUG) {
+ System.out.println("> KrbKdcRep.check: at #" + i
+ + ". request for " + req.reqBody.kdcOptions.get(i)
+ + ", received " + rep.encKDCRepPart.flags.get(i));
+ }
throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);
}
}
diff --git a/src/share/classes/sun/security/krb5/KrbTgsRep.java b/src/share/classes/sun/security/krb5/KrbTgsRep.java
index 7ec3870..6fc6ceb 100644
--- a/src/share/classes/sun/security/krb5/KrbTgsRep.java
+++ b/src/share/classes/sun/security/krb5/KrbTgsRep.java
@@ -87,7 +87,7 @@
check(false, req, rep);
this.creds = new Credentials(rep.ticket,
- req.reqBody.cname,
+ rep.cname,
rep.ticket.sname,
enc_part.key,
enc_part.flags,
diff --git a/src/share/classes/sun/security/krb5/KrbTgsReq.java b/src/share/classes/sun/security/krb5/KrbTgsReq.java
index bbdb8a3..9cd84c6 100644
--- a/src/share/classes/sun/security/krb5/KrbTgsReq.java
+++ b/src/share/classes/sun/security/krb5/KrbTgsReq.java
@@ -35,6 +35,7 @@
import sun.security.krb5.internal.crypto.*;
import java.io.IOException;
import java.net.UnknownHostException;
+import java.util.Arrays;
/**
* This class encapsulates a Kerberos TGS-REQ that is sent from the
@@ -55,7 +56,7 @@
private byte[] obuf;
private byte[] ibuf;
- // Used in CredentialsUtil
+ // Used in CredentialsUtil
public KrbTgsReq(Credentials asCreds,
PrincipalName sname)
throws KrbException, IOException {
@@ -72,6 +73,45 @@
null); // EncryptionKey subSessionKey
}
+ // S4U2proxy
+ public KrbTgsReq(Credentials asCreds,
+ Ticket second,
+ PrincipalName sname)
+ throws KrbException, IOException {
+ this(KDCOptions.with(KDCOptions.CNAME_IN_ADDL_TKT,
+ KDCOptions.FORWARDABLE),
+ asCreds,
+ sname,
+ null,
+ null,
+ null,
+ null,
+ null,
+ null,
+ new Ticket[] {second}, // the service ticket
+ null);
+ }
+
+ // S4U2user
+ public KrbTgsReq(Credentials asCreds,
+ PrincipalName sname,
+ PAData extraPA)
+ throws KrbException, IOException {
+ this(KDCOptions.with(KDCOptions.FORWARDABLE),
+ asCreds,
+ asCreds.getClient(),
+ sname,
+ null,
+ null,
+ null,
+ null,
+ null,
+ null,
+ null,
+ null,
+ extraPA); // the PA-FOR-USER
+ }
+
// Called by Credentials, KrbCred
KrbTgsReq(
KDCOptions options,
@@ -85,14 +125,42 @@
AuthorizationData authorizationData,
Ticket[] additionalTickets,
EncryptionKey subKey) throws KrbException, IOException {
+ this(options, asCreds, asCreds.getClient(), sname,
+ from, till, rtime, eTypes, addresses,
+ authorizationData, additionalTickets, subKey, null);
+ }
- princName = asCreds.client;
+ private KrbTgsReq(
+ KDCOptions options,
+ Credentials asCreds,
+ PrincipalName cname,
+ PrincipalName sname,
+ KerberosTime from,
+ KerberosTime till,
+ KerberosTime rtime,
+ int[] eTypes,
+ HostAddresses addresses,
+ AuthorizationData authorizationData,
+ Ticket[] additionalTickets,
+ EncryptionKey subKey,
+ PAData extraPA) throws KrbException, IOException {
+
+ princName = cname;
servName = sname;
ctime = new KerberosTime(KerberosTime.NOW);
// check if they are valid arguments. The optional fields
// should be consistent with settings in KDCOptions.
+
+ // TODO: Is this necessary? If the TGT is not FORWARDABLE,
+ // you can still request for a FORWARDABLE ticket, just the
+ // KDC will give you a non-FORWARDABLE one. Even if you
+ // cannot use the ticket expected, it still contains info.
+ // This means there will be problem later. We already have
+ // flags check in KrbTgsRep. Of course, sometimes the KDC
+ // will not issue the ticket at all.
+
if (options.get(KDCOptions.FORWARDABLE) &&
(!(asCreds.flags.get(Krb5.TKT_OPTS_FORWARDABLE)))) {
throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
@@ -130,13 +198,13 @@
} else {
if (rtime != null) rtime = null;
}
- if (options.get(KDCOptions.ENC_TKT_IN_SKEY)) {
+ if (options.get(KDCOptions.ENC_TKT_IN_SKEY) || options.get(KDCOptions.CNAME_IN_ADDL_TKT)) {
if (additionalTickets == null)
throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
// in TGS_REQ there could be more than one additional
// tickets, but in file-based credential cache,
// there is only one additional ticket field.
- secondTicket = additionalTickets[0];
+ secondTicket = additionalTickets[0];
} else {
if (additionalTickets != null)
additionalTickets = null;
@@ -156,7 +224,8 @@
addresses,
authorizationData,
additionalTickets,
- subKey);
+ subKey,
+ extraPA);
obuf = tgsReqMessg.asn1Encode();
// XXX We need to revisit this to see if can't move it
@@ -221,7 +290,8 @@
HostAddresses addresses,
AuthorizationData authorizationData,
Ticket[] additionalTickets,
- EncryptionKey subKey)
+ EncryptionKey subKey,
+ PAData extraPA)
throws Asn1Exception, IOException, KdcErrException, KrbApErrException,
UnknownHostException, KrbCryptoException {
KerberosTime req_till = null;
@@ -318,10 +388,12 @@
null,
null).getMessage();
- PAData[] tgsPAData = new PAData[1];
- tgsPAData[0] = new PAData(Krb5.PA_TGS_REQ, tgs_ap_req);
-
- return new TGSReq(tgsPAData, reqBody);
+ PAData tgsPAData = new PAData(Krb5.PA_TGS_REQ, tgs_ap_req);
+ return new TGSReq(
+ extraPA != null ?
+ new PAData[] {extraPA, tgsPAData } :
+ new PAData[] {tgsPAData},
+ reqBody);
}
TGSReq getMessage() {
diff --git a/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java b/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java
index f1577c2..e6cd420 100644
--- a/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java
+++ b/src/share/classes/sun/security/krb5/internal/CredentialsUtil.java
@@ -32,17 +32,7 @@
package sun.security.krb5.internal;
import sun.security.krb5.*;
-import sun.security.krb5.internal.ccache.CredentialsCache;
-import java.util.StringTokenizer;
-import sun.security.krb5.internal.ktab.*;
-import java.io.File;
import java.io.IOException;
-import java.util.Date;
-import java.util.Vector;
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.io.UnsupportedEncodingException;
-import java.net.InetAddress;
/**
* This class is a utility that contains much of the TGS-Exchange
@@ -53,77 +43,158 @@
private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;
- /**
- * Acquires credentials for a specified service using initial credential. Wh
-en the service has a different realm
- * from the initial credential, we do cross-realm authentication - first, we
- use the current credential to get
- * a cross-realm credential from the local KDC, then use that cross-realm cr
-edential to request service credential
- * from the foreigh KDC.
- *
- * @param service the name of service principal using format components@real
-m
- * @param ccreds client's initial credential.
- * @exception Exception general exception will be thrown when any error occu
-rs.
- * @return a <code>Credentials</code> object.
- */
+ /**
+ * Used by a middle server to acquire credentials on behalf of a
+ * client to itself using the S4U2self extension.
+ * @param client the client to impersonate
+ * @param ccreds the TGT of the middle service
+ * @return the new creds (cname=client, sname=middle)
+ */
+ public static Credentials acquireS4U2selfCreds(PrincipalName client,
+ Credentials ccreds) throws KrbException, IOException {
+ String uRealm = client.getRealmString();
+ String localRealm = ccreds.getClient().getRealmString();
+ if (!uRealm.equals(localRealm)) {
+ // TODO: we do not support kerberos referral now
+ throw new KrbException("Cross realm impersonation not supported");
+ }
+ KrbTgsReq req = new KrbTgsReq(
+ ccreds,
+ ccreds.getClient(),
+ new PAData(Krb5.PA_FOR_USER,
+ new PAForUserEnc(client,
+ ccreds.getSessionKey()).asn1Encode()));
+ Credentials creds = req.sendAndGetCreds();
+ if (!creds.getClient().equals(client)) {
+ throw new KrbException("S4U2self request not honored by KDC");
+ }
+ return creds;
+ }
+
+ /**
+ * Used by a middle server to acquire a service ticket to a backend
+ * server using the S4U2proxy extension.
+ * @param backend the name of the backend service
+ * @param second the client's service ticket to the middle server
+ * @param ccreds the TGT of the middle server
+ * @return the creds (cname=client, sname=backend)
+ */
+ public static Credentials acquireS4U2proxyCreds(
+ String backend, Ticket second,
+ PrincipalName client, Credentials ccreds)
+ throws KrbException, IOException {
+ KrbTgsReq req = new KrbTgsReq(
+ ccreds,
+ second,
+ new PrincipalName(backend));
+ Credentials creds = req.sendAndGetCreds();
+ if (!creds.getClient().equals(client)) {
+ throw new KrbException("S4U2proxy request not honored by KDC");
+ }
+ return creds;
+ }
+
+ /**
+ * Acquires credentials for a specified service using initial
+ * credential. When the service has a different realm from the initial
+ * credential, we do cross-realm authentication - first, we use the
+ * current credential to get a cross-realm credential from the local KDC,
+ * then use that cross-realm credential to request service credential
+ * from the foreign KDC.
+ *
+ * @param service the name of service principal
+ * @param ccreds client's initial credential
+ */
public static Credentials acquireServiceCreds(
String service, Credentials ccreds)
- throws KrbException, IOException {
+ throws KrbException, IOException {
PrincipalName sname = new PrincipalName(service);
String serviceRealm = sname.getRealmString();
String localRealm = ccreds.getClient().getRealmString();
- /*
- if (!localRealm.equalsIgnoreCase(serviceRealm)) { //do cross-realm auth entication
- if (DEBUG) {
- System.out.println(">>>DEBUG: Credentails request cross realm ticket for " + "krbtgt/" + serviceRealm + "@" + localRealm);
- }
- Credentials crossCreds = serviceCreds(new ServiceName("krbtgt/" + serviceRealm + "@" + localRealm), ccreds);
- if (DEBUG) {
- printDebug(crossCreds);
- }
- Credentials result = serviceCreds(sname, crossCreds);
- if (DEBUG) {
- printDebug(result);
- }
- return result;
- }
- else return serviceCreds(sname, ccreds);
- */
-
- if (localRealm.equals(serviceRealm))
- {
- if (DEBUG)
- System.out.println(">>> Credentials acquireServiceCreds: same realm");
+ if (localRealm.equals(serviceRealm)) {
+ if (DEBUG) {
+ System.out.println(
+ ">>> Credentials acquireServiceCreds: same realm");
+ }
return serviceCreds(sname, ccreds);
}
+ Credentials theCreds = null;
+
+ boolean[] okAsDelegate = new boolean[1];
+ Credentials theTgt = getTGTforRealm(localRealm, serviceRealm,
+ ccreds, okAsDelegate);
+ if (theTgt != null) {
+ if (DEBUG) {
+ System.out.println(">>> Credentials acquireServiceCreds: "
+ + "got right tgt");
+ System.out.println(">>> Credentials acquireServiceCreds: "
+ + "obtaining service creds for " + sname);
+ }
+
+ try {
+ theCreds = serviceCreds(sname, theTgt);
+ } catch (Exception exc) {
+ if (DEBUG) {
+ System.out.println(exc);
+ }
+ theCreds = null;
+ }
+ }
+
+ if (theCreds != null) {
+ if (DEBUG) {
+ System.out.println(">>> Credentials acquireServiceCreds: "
+ + "returning creds:");
+ Credentials.printDebug(theCreds);
+ }
+ if (!okAsDelegate[0]) {
+ theCreds.resetDelegate();
+ }
+ return theCreds;
+ }
+ throw new KrbApErrException(Krb5.KRB_AP_ERR_GEN_CRED,
+ "No service creds");
+ }
+
+ /**
+ * Gets a TGT to another realm
+ * @param localRealm this realm
+ * @param serviceRealm the other realm
+ * @param ccreds TGT in this realm
+ * @param okAsDelegate an [out] argument to receive the okAsDelegate
+ * property. True only if all realms allow delegation.
+ * @return the TGT for the other realm, null if cannot find a path
+ * @throws KrbException if something goes wrong
+ */
+ private static Credentials getTGTforRealm(String localRealm,
+ String serviceRealm, Credentials ccreds, boolean[] okAsDelegate)
+ throws KrbException {
// Get a list of realms to traverse
String[] realms = Realm.getRealmsList(localRealm, serviceRealm);
- boolean okAsDelegate = true;
- if (realms == null || realms.length == 0)
- {
- if (DEBUG)
- System.out.println(">>> Credentials acquireServiceCreds: no realms list");
+ if (realms == null || realms.length == 0) {
+ if (DEBUG) {
+ System.out.println(
+ ">>> Credentials acquireServiceCreds: no realms list");
+ }
return null;
}
int i = 0, k = 0;
Credentials cTgt = null, newTgt = null, theTgt = null;
PrincipalName tempService = null;
- String realm = null, newTgtRealm = null, theTgtRealm = null;
+ String newTgtRealm = null;
- for (cTgt = ccreds, i = 0; i < realms.length;)
- {
+ okAsDelegate[0] = true;
+ for (cTgt = ccreds, i = 0; i < realms.length;) {
tempService = PrincipalName.tgsService(serviceRealm, realms[i]);
- if (DEBUG)
- {
- System.out.println(">>> Credentials acquireServiceCreds: main loop: [" + i +"] tempService=" + tempService);
+ if (DEBUG) {
+ System.out.println(
+ ">>> Credentials acquireServiceCreds: main loop: ["
+ + i +"] tempService=" + tempService);
}
try {
@@ -132,11 +203,10 @@
newTgt = null;
}
- if (newTgt == null)
- {
- if (DEBUG)
- {
- System.out.println(">>> Credentials acquireServiceCreds: no tgt; searching backwards");
+ if (newTgt == null) {
+ if (DEBUG) {
+ System.out.println(">>> Credentials acquireServiceCreds: "
+ + "no tgt; searching backwards");
}
/*
@@ -144,17 +214,15 @@
* realm as close to the target as possible.
* That means traversing the realms list backwards.
*/
-
for (newTgt = null, k = realms.length - 1;
- newTgt == null && k > i; k--)
- {
-
+ newTgt == null && k > i; k--) {
tempService = PrincipalName.tgsService(realms[k], realms[i]);
- if (DEBUG)
- {
- System.out.println(">>> Credentials acquireServiceCreds: inner loop: [" + k +"] tempService=" + tempService);
+ if (DEBUG) {
+ System.out.println(
+ ">>> Credentials acquireServiceCreds: "
+ + "inner loop: [" + k
+ + "] tempService=" + tempService);
}
-
try {
newTgt = serviceCreds(tempService, cTgt);
} catch (Exception exc) {
@@ -163,11 +231,10 @@
}
} // Ends 'if (newTgt == null)'
- if (newTgt == null)
- {
- if (DEBUG)
- {
- System.out.println(">>> Credentials acquireServiceCreds: no tgt; cannot get creds");
+ if (newTgt == null) {
+ if (DEBUG) {
+ System.out.println(">>> Credentials acquireServiceCreds: "
+ + "no tgt; cannot get creds");
}
break;
}
@@ -176,29 +243,24 @@
* We have a tgt. It may or may not be for the target.
* If it's for the target realm, we're done looking for a tgt.
*/
-
newTgtRealm = newTgt.getServer().getInstanceComponent();
- if (okAsDelegate && !newTgt.checkDelegate()) {
- if (DEBUG)
- {
+ if (okAsDelegate[0] && !newTgt.checkDelegate()) {
+ if (DEBUG) {
System.out.println(">>> Credentials acquireServiceCreds: " +
"global OK-AS-DELEGATE turned off at " +
newTgt.getServer());
}
- okAsDelegate = false;
+ okAsDelegate[0] = false;
}
- if (DEBUG)
- {
- System.out.println(">>> Credentials acquireServiceCreds: got tgt");
- //printDebug(newTgt);
+ if (DEBUG) {
+ System.out.println(">>> Credentials acquireServiceCreds: "
+ + "got tgt");
}
- if (newTgtRealm.equals(serviceRealm))
- {
+ if (newTgtRealm.equals(serviceRealm)) {
/* We got the right tgt */
theTgt = newTgt;
- theTgtRealm = newTgtRealm;
break;
}
@@ -207,17 +269,13 @@
* See if the realm of the new tgt is in the list of realms
* and continue looking from there.
*/
-
- for (k = i+1; k < realms.length; k++)
- {
- if (newTgtRealm.equals(realms[k]))
- {
+ for (k = i+1; k < realms.length; k++) {
+ if (newTgtRealm.equals(realms[k])) {
break;
}
}
- if (k < realms.length)
- {
+ if (k < realms.length) {
/*
* (re)set the counter so we start looking
* from the realm we just obtained a tgt for.
@@ -225,64 +283,24 @@
i = k;
cTgt = newTgt;
- if (DEBUG)
- {
- System.out.println(">>> Credentials acquireServiceCreds: continuing with main loop counter reset to " + i);
+ if (DEBUG) {
+ System.out.println(">>> Credentials acquireServiceCreds: "
+ + "continuing with main loop counter reset to " + i);
}
-
continue;
}
- else
- {
+ else {
/*
* The new tgt's realm is not in the heirarchy of realms.
* It's probably not safe to get a tgt from
* a tgs that is outside the known list of realms.
* Give up now.
*/
-
break;
}
} // Ends outermost/main 'for' loop
- Credentials theCreds = null;
-
- if (theTgt != null)
- {
- /* We have the right tgt. Let's get the service creds */
-
- if (DEBUG)
- {
- System.out.println(">>> Credentials acquireServiceCreds: got right tgt");
-
- //printDebug(theTgt);
-
- System.out.println(">>> Credentials acquireServiceCreds: obtaining service creds for " + sname);
- }
-
- try {
- theCreds = serviceCreds(sname, theTgt);
- } catch (Exception exc) {
- if (DEBUG)
- System.out.println(exc);
- theCreds = null;
- }
- }
-
- if (theCreds != null)
- {
- if (DEBUG)
- {
- System.out.println(">>> Credentials acquireServiceCreds: returning creds:");
- Credentials.printDebug(theCreds);
- }
- if (!okAsDelegate) {
- theCreds.resetDelegate();
- }
- return theCreds;
- }
- throw new KrbApErrException(Krb5.KRB_AP_ERR_GEN_CRED,
- "No service creds");
+ return theTgt;
}
/*
diff --git a/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java b/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java
index 943869d..2dd4c84 100644
--- a/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java
+++ b/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java
@@ -160,9 +160,10 @@
if (der.getData().available() > 0) {
caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true);
}
- if (der.getData().available() > 0) {
+ // We observe extra data from MSAD
+ /*if (der.getData().available() > 0) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
- }
+ }*/
}
/**
diff --git a/src/share/classes/sun/security/krb5/internal/KDCOptions.java b/src/share/classes/sun/security/krb5/internal/KDCOptions.java
index f154eeb..a3d9302 100644
--- a/src/share/classes/sun/security/krb5/internal/KDCOptions.java
+++ b/src/share/classes/sun/security/krb5/internal/KDCOptions.java
@@ -139,13 +139,45 @@
public static final int UNUSED9 = 9;
public static final int UNUSED10 = 10;
public static final int UNUSED11 = 11;
+ public static final int CNAME_IN_ADDL_TKT = 14;
public static final int RENEWABLE_OK = 27;
public static final int ENC_TKT_IN_SKEY = 28;
public static final int RENEW = 30;
public static final int VALIDATE = 31;
+ private static final String[] names = {
+ "RESERVED", //0
+ "FORWARDABLE", //1;
+ "FORWARDED", //2;
+ "PROXIABLE", //3;
+ "PROXY", //4;
+ "ALLOW_POSTDATE", //5;
+ "POSTDATED", //6;
+ "UNUSED7", //7;
+ "RENEWABLE", //8;
+ "UNUSED9", //9;
+ "UNUSED10", //10;
+ "UNUSED11", //11;
+ null,null,
+ "CNAME_IN_ADDL_TKT",//14;
+ null,null,null,null,null,null,null,null,null,null,null,null,
+ "RENEWABLE_OK", //27;
+ "ENC_TKT_IN_SKEY", //28;
+ null,
+ "RENEW", //30;
+ "VALIDATE", //31;
+ };
+
private boolean DEBUG = Krb5.DEBUG;
+ public static KDCOptions with(int... flags) {
+ KDCOptions options = new KDCOptions();
+ for (int flag: flags) {
+ options.set(flag, true);
+ }
+ return options;
+ }
+
public KDCOptions() {
super(Krb5.KDC_OPTS_MAX + 1);
setDefault();
@@ -238,6 +270,20 @@
return super.get(option);
}
+ @Override public String toString() {
+ StringBuilder sb = new StringBuilder();
+ sb.append("KDCOptions: ");
+ for (int i=0; i<Krb5.KDC_OPTS_MAX+1; i++) {
+ if (get(i)) {
+ if (names[i] != null) {
+ sb.append(names[i]).append(",");
+ } else {
+ sb.append(i).append(",");
+ }
+ }
+ }
+ return sb.toString();
+ }
private void setDefault() {
try {
diff --git a/src/share/classes/sun/security/krb5/internal/Krb5.java b/src/share/classes/sun/security/krb5/internal/Krb5.java
index 5f37afb..1d3bb64 100644
--- a/src/share/classes/sun/security/krb5/internal/Krb5.java
+++ b/src/share/classes/sun/security/krb5/internal/Krb5.java
@@ -158,6 +158,9 @@
public static final int PA_ETYPE_INFO = 11;
public static final int PA_ETYPE_INFO2 = 19;
+ // S4U2user info
+ public static final int PA_FOR_USER = 129;
+
//-------------------------------+-------------
//authorization data type |ad-type value
//-------------------------------+-------------
diff --git a/src/share/classes/sun/security/krb5/internal/PAData.java b/src/share/classes/sun/security/krb5/internal/PAData.java
index 573b4f2..f3fdb0b 100644
--- a/src/share/classes/sun/security/krb5/internal/PAData.java
+++ b/src/share/classes/sun/security/krb5/internal/PAData.java
@@ -312,6 +312,9 @@
}
}
break;
+ case Krb5.PA_FOR_USER:
+ sb.append("\t PA-FOR-USER\n");
+ break;
default:
// Unknown Pre-auth type
break;
diff --git a/src/share/classes/sun/security/krb5/internal/PAForUserEnc.java b/src/share/classes/sun/security/krb5/internal/PAForUserEnc.java
new file mode 100644
index 0000000..42c9caa
--- /dev/null
+++ b/src/share/classes/sun/security/krb5/internal/PAForUserEnc.java
@@ -0,0 +1,190 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.krb5.internal;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import sun.security.krb5.*;
+import sun.security.krb5.internal.crypto.KeyUsage;
+import sun.security.krb5.internal.util.KerberosString;
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+
+/**
+ * Implements the ASN.1 PA-FOR-USER type.
+ *
+ * <xmp>
+ * padata-type ::= PA-FOR-USER
+ * -- value 129
+ * padata-value ::= EncryptedData
+ * -- PA-FOR-USER-ENC
+ * PA-FOR-USER-ENC ::= SEQUENCE {
+ * userName[0] PrincipalName,
+ * userRealm[1] Realm,
+ * cksum[2] Checksum,
+ * auth-package[3] KerberosString
+ * }
+ * </xmp>
+ *
+ * <p>
+ * This definition reflects MS-SFU.
+ */
+
+public class PAForUserEnc {
+ final public PrincipalName name;
+ final private EncryptionKey key;
+ final public static String AUTH_PACKAGE = "Kerberos";
+
+ public PAForUserEnc(PrincipalName name, EncryptionKey key) {
+ this.name = name;
+ this.key = key;
+ }
+
+ /**
+ * Constructs a PA-FOR-USER object from a DER encoding.
+ * @param encoding the input object
+ * @param key the key to verify the checksum inside encoding
+ * @throws KrbException if the verification fails.
+ * Note: this method is now only used by test KDC, therefore
+ * the verification is ignored (at the moment).
+ */
+ public PAForUserEnc(DerValue encoding, EncryptionKey key)
+ throws Asn1Exception, KrbException, IOException {
+ DerValue der = null;
+ this.key = key;
+
+ if (encoding.getTag() != DerValue.tag_Sequence) {
+ throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+ }
+
+ // Realm after name? Quite abnormal.
+ PrincipalName tmpName = null;
+ der = encoding.getData().getDerValue();
+ if ((der.getTag() & 0x1F) == 0x00) {
+ try {
+ tmpName = new PrincipalName(der.getData().getDerValue(),
+ new Realm("PLACEHOLDER"));
+ } catch (RealmException re) {
+ // Impossible
+ }
+ } else {
+ throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+ }
+
+ der = encoding.getData().getDerValue();
+ if ((der.getTag() & 0x1F) == 0x01) {
+ try {
+ Realm realm = new Realm(der.getData().getDerValue());
+ name = new PrincipalName(
+ tmpName.getNameType(), tmpName.getNameStrings(), realm);
+ } catch (RealmException re) {
+ throw new IOException(re);
+ }
+ } else {
+ throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+ }
+
+ der = encoding.getData().getDerValue();
+ if ((der.getTag() & 0x1F) == 0x02) {
+ // Deal with the checksum
+ } else {
+ throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+ }
+
+ der = encoding.getData().getDerValue();
+ if ((der.getTag() & 0x1F) == 0x03) {
+ String authPackage = new KerberosString(der.getData().getDerValue()).toString();
+ if (!authPackage.equalsIgnoreCase(AUTH_PACKAGE)) {
+ throw new IOException("Incorrect auth-package");
+ }
+ } else {
+ throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+ }
+ if (encoding.getData().available() > 0)
+ throw new Asn1Exception(Krb5.ASN1_BAD_ID);
+ }
+
+ public byte[] asn1Encode() throws Asn1Exception, IOException {
+ DerOutputStream bytes = new DerOutputStream();
+ bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), name.asn1Encode());
+ bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), name.getRealm().asn1Encode());
+
+ try {
+ Checksum cks = new Checksum(
+ Checksum.CKSUMTYPE_HMAC_MD5_ARCFOUR,
+ getS4UByteArray(),
+ key,
+ KeyUsage.KU_PA_FOR_USER_ENC_CKSUM);
+ bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), cks.asn1Encode());
+ } catch (KrbException ke) {
+ throw new IOException(ke);
+ }
+
+ DerOutputStream temp = new DerOutputStream();
+ temp.putDerValue(new KerberosString(AUTH_PACKAGE).toDerValue());
+ bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp);
+
+ temp = new DerOutputStream();
+ temp.write(DerValue.tag_Sequence, bytes);
+ return temp.toByteArray();
+ }
+
+ /**
+ * Returns S4UByteArray, the block to calculate checksum inside a
+ * PA-FOR-USER-ENC data structure. It includes:
+ * 1. userName.name-type encoded as a 4-byte integer in little endian
+ * byte order
+ * 2. all string values in the sequence of strings contained in the
+ * userName.name-string field
+ * 3. the string value of the userRealm field
+ * 4. the string value of auth-package field
+ */
+ public byte[] getS4UByteArray() {
+ try {
+ ByteArrayOutputStream ba = new ByteArrayOutputStream();
+ ba.write(new byte[4]);
+ for (String s: name.getNameStrings()) {
+ ba.write(s.getBytes("UTF-8"));
+ }
+ ba.write(name.getRealm().toString().getBytes("UTF-8"));
+ ba.write(AUTH_PACKAGE.getBytes("UTF-8"));
+ byte[] output = ba.toByteArray();
+ int pnType = name.getNameType();
+ output[0] = (byte)(pnType & 0xff);
+ output[1] = (byte)((pnType>>8) & 0xff);
+ output[2] = (byte)((pnType>>16) & 0xff);
+ output[3] = (byte)((pnType>>24) & 0xff);
+ return output;
+ } catch (IOException ioe) {
+ // not possible
+ throw new AssertionError("Cannot write ByteArrayOutputStream", ioe);
+ }
+ }
+
+ public String toString() {
+ return "PA-FOR-USER: " + name;
+ }
+}
diff --git a/src/share/classes/sun/security/krb5/internal/crypto/KeyUsage.java b/src/share/classes/sun/security/krb5/internal/crypto/KeyUsage.java
index fcc831b..69c6fc8 100644
--- a/src/share/classes/sun/security/krb5/internal/crypto/KeyUsage.java
+++ b/src/share/classes/sun/security/krb5/internal/crypto/KeyUsage.java
@@ -54,6 +54,7 @@
public static final int KU_ENC_KRB_PRIV_PART = 13; // KrbPriv
public static final int KU_ENC_KRB_CRED_PART = 14; // KrbCred
public static final int KU_KRB_SAFE_CKSUM = 15; // KrbSafe
+ public static final int KU_PA_FOR_USER_ENC_CKSUM = 17; // S4U2user
public static final int KU_AD_KDC_ISSUED_CKSUM = 19;
public static final boolean isValid(int usage) {
diff --git a/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java b/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
index 2a12a81..b2a71ce 100644
--- a/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
+++ b/src/share/classes/sun/security/krb5/internal/ktab/KeyTab.java
@@ -279,6 +279,9 @@
EncryptionKey key;
int size = entries.size();
ArrayList<EncryptionKey> keys = new ArrayList<>(size);
+ if (DEBUG) {
+ System.out.println("Looking for keys for: " + service);
+ }
for (int i = size-1; i >= 0; i--) {
entry = entries.elementAt(i);
if (entry.service.match(service)) {
diff --git a/src/share/classes/sun/security/pkcs/PKCS7.java b/src/share/classes/sun/security/pkcs/PKCS7.java
index 523c5d3..fa67e29 100644
--- a/src/share/classes/sun/security/pkcs/PKCS7.java
+++ b/src/share/classes/sun/security/pkcs/PKCS7.java
@@ -39,7 +39,6 @@
import sun.security.timestamp.*;
import sun.security.util.*;
import sun.security.x509.AlgorithmId;
-import sun.security.x509.CertificateIssuerName;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
import sun.security.x509.X509CRLImpl;
@@ -712,8 +711,8 @@
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
- tbsCert.get(CertificateIssuerName.NAME + "." +
- CertificateIssuerName.DN_NAME);
+ tbsCert.get(X509CertInfo.ISSUER + "." +
+ X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
diff --git a/src/share/classes/sun/security/provider/certpath/RevocationChecker.java b/src/share/classes/sun/security/provider/certpath/RevocationChecker.java
index e279fab..b65b6df 100644
--- a/src/share/classes/sun/security/provider/certpath/RevocationChecker.java
+++ b/src/share/classes/sun/security/provider/certpath/RevocationChecker.java
@@ -67,7 +67,7 @@
private URI responderURI;
private X509Certificate responderCert;
private List<CertStore> certStores;
- private Map<X509Certificate, byte[]> ocspStapled;
+ private Map<X509Certificate, byte[]> ocspResponses;
private List<Extension> ocspExtensions;
private boolean legacy;
@@ -140,7 +140,7 @@
} else {
crlDP = true;
}
- ocspStapled = getOCSPStapledResponses();
+ ocspResponses = getOCSPResponses();
ocspExtensions = getOCSPExtensions();
this.anchor = anchor;
@@ -645,11 +645,11 @@
try {
certId = new CertId(issuerCert, currCert.getSerialNumberObject());
- // check if there is a stapled OCSP response available
- byte[] responseBytes = ocspStapled.get(cert);
+ // check if there is a cached OCSP response available
+ byte[] responseBytes = ocspResponses.get(cert);
if (responseBytes != null) {
if (debug != null) {
- debug.println("Found stapled OCSP response");
+ debug.println("Found cached OCSP response");
}
response = new OCSPResponse(responseBytes);
diff --git a/src/share/classes/sun/security/tools/jarsigner/Main.java b/src/share/classes/sun/security/tools/jarsigner/Main.java
index 98f3ec2..159de08 100644
--- a/src/share/classes/sun/security/tools/jarsigner/Main.java
+++ b/src/share/classes/sun/security/tools/jarsigner/Main.java
@@ -2259,9 +2259,9 @@
X509CertInfo tbsCert = new
X509CertInfo(certChain[0].getTBSCertificate());
issuerName = (Principal)
- tbsCert.get(CertificateIssuerName.NAME + "." +
- CertificateIssuerName.DN_NAME);
- }
+ tbsCert.get(X509CertInfo.ISSUER + "." +
+ X509CertInfo.DN_NAME);
+ }
BigInteger serial = certChain[0].getSerialNumber();
String signatureAlgorithm;
diff --git a/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java b/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java
index 6f557b6..a8a748c 100644
--- a/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java
+++ b/src/share/classes/sun/security/tools/keytool/CertAndKeyGen.java
@@ -258,10 +258,10 @@
AlgorithmId algID = AlgorithmId.get(sigAlg);
info.set(X509CertInfo.ALGORITHM_ID,
new CertificateAlgorithmId(algID));
- info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname));
+ info.set(X509CertInfo.SUBJECT, myname);
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VALIDITY, interval);
- info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
+ info.set(X509CertInfo.ISSUER, myname);
if (ext != null) info.set(X509CertInfo.EXTENSIONS, ext);
cert = new X509CertImpl(info);
diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/classes/sun/security/tools/keytool/Main.java
index fd399fc..d0a6d6b 100644
--- a/src/share/classes/sun/security/tools/keytool/Main.java
+++ b/src/share/classes/sun/security/tools/keytool/Main.java
@@ -1145,7 +1145,7 @@
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name issuer = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
- CertificateSubjectName.DN_NAME);
+ X509CertInfo.DN_NAME);
Date firstDate = getStartDate(startDate);
Date lastDate = new Date();
@@ -1170,7 +1170,7 @@
info.set(X509CertInfo.ALGORITHM_ID,
new CertificateAlgorithmId(
AlgorithmId.get(sigAlgName)));
- info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
+ info.set(X509CertInfo.ISSUER, issuer);
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
boolean canRead = false;
@@ -1193,8 +1193,8 @@
PKCS10 req = new PKCS10(rawReq);
info.set(X509CertInfo.KEY, new CertificateX509Key(req.getSubjectPublicKeyInfo()));
- info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
- dname==null?req.getSubjectName():new X500Name(dname)));
+ info.set(X509CertInfo.SUBJECT,
+ dname==null?req.getSubjectName():new X500Name(dname));
CertificateExtensions reqex = null;
Iterator<PKCS10Attribute> attrs = req.getAttributes().getAttributes().iterator();
while (attrs.hasNext()) {
@@ -1234,7 +1234,7 @@
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "." +
- CertificateSubjectName.DN_NAME);
+ X509CertInfo.DN_NAME);
Date firstDate = getStartDate(startDate);
Date lastDate = (Date) firstDate.clone();
@@ -2405,16 +2405,16 @@
if (dname == null) {
// Get the owner name from the certificate
owner = (X500Name)certInfo.get(X509CertInfo.SUBJECT + "." +
- CertificateSubjectName.DN_NAME);
+ X509CertInfo.DN_NAME);
} else {
// Use the owner name specified at the command line
owner = new X500Name(dname);
certInfo.set(X509CertInfo.SUBJECT + "." +
- CertificateSubjectName.DN_NAME, owner);
+ X509CertInfo.DN_NAME, owner);
}
// Make issuer same as owner (self-signed!)
certInfo.set(X509CertInfo.ISSUER + "." +
- CertificateIssuerName.DN_NAME, owner);
+ X509CertInfo.DN_NAME, owner);
// The inner and outer signature algorithms have to match.
// The way we achieve that is really ugly, but there seems to be no
diff --git a/src/share/classes/sun/security/x509/X509CertImpl.java b/src/share/classes/sun/security/x509/X509CertImpl.java
index 5c965ff..64e06ce 100644
--- a/src/share/classes/sun/security/x509/X509CertImpl.java
+++ b/src/share/classes/sun/security/x509/X509CertImpl.java
@@ -96,12 +96,10 @@
*/
// x509.info.subject.dname
public static final String SUBJECT_DN = NAME + DOT + INFO + DOT +
- X509CertInfo.SUBJECT + DOT +
- CertificateSubjectName.DN_NAME;
+ X509CertInfo.SUBJECT + DOT + X509CertInfo.DN_NAME;
// x509.info.issuer.dname
public static final String ISSUER_DN = NAME + DOT + INFO + DOT +
- X509CertInfo.ISSUER + DOT +
- CertificateIssuerName.DN_NAME;
+ X509CertInfo.ISSUER + DOT + X509CertInfo.DN_NAME;
// x509.info.serialNumber.number
public static final String SERIAL_ID = NAME + DOT + INFO + DOT +
X509CertInfo.SERIAL_NUMBER + DOT +
@@ -890,9 +888,8 @@
if (info == null)
return null;
try {
- Principal subject = (Principal)info.get(
- CertificateSubjectName.NAME + DOT +
- CertificateSubjectName.DN_NAME);
+ Principal subject = (Principal)info.get(X509CertInfo.SUBJECT + DOT +
+ X509CertInfo.DN_NAME);
return subject;
} catch (Exception e) {
return null;
@@ -910,8 +907,8 @@
}
try {
X500Principal subject = (X500Principal)info.get(
- CertificateSubjectName.NAME + DOT +
- CertificateSubjectName.DN_PRINCIPAL);
+ X509CertInfo.SUBJECT + DOT +
+ "x500principal");
return subject;
} catch (Exception e) {
return null;
@@ -927,9 +924,8 @@
if (info == null)
return null;
try {
- Principal issuer = (Principal)info.get(
- CertificateIssuerName.NAME + DOT +
- CertificateIssuerName.DN_NAME);
+ Principal issuer = (Principal)info.get(X509CertInfo.ISSUER + DOT +
+ X509CertInfo.DN_NAME);
return issuer;
} catch (Exception e) {
return null;
@@ -947,8 +943,8 @@
}
try {
X500Principal issuer = (X500Principal)info.get(
- CertificateIssuerName.NAME + DOT +
- CertificateIssuerName.DN_PRINCIPAL);
+ X509CertInfo.ISSUER + DOT +
+ "x500principal");
return issuer;
} catch (Exception e) {
return null;
diff --git a/src/share/classes/sun/security/x509/X509CertInfo.java b/src/share/classes/sun/security/x509/X509CertInfo.java
index 7d3bb51..b7f2dd8 100644
--- a/src/share/classes/sun/security/x509/X509CertInfo.java
+++ b/src/share/classes/sun/security/x509/X509CertInfo.java
@@ -68,12 +68,13 @@
public static final String IDENT = "x509.info";
// Certificate attribute names
public static final String NAME = "info";
+ public static final String DN_NAME = "dname";
public static final String VERSION = CertificateVersion.NAME;
public static final String SERIAL_NUMBER = CertificateSerialNumber.NAME;
public static final String ALGORITHM_ID = CertificateAlgorithmId.NAME;
- public static final String ISSUER = CertificateIssuerName.NAME;
+ public static final String ISSUER = "issuer";
+ public static final String SUBJECT = "subject";
public static final String VALIDITY = CertificateValidity.NAME;
- public static final String SUBJECT = CertificateSubjectName.NAME;
public static final String KEY = CertificateX509Key.NAME;
public static final String ISSUER_ID = "issuerID";
public static final String SUBJECT_ID = "subjectID";
@@ -83,9 +84,9 @@
protected CertificateVersion version = new CertificateVersion();
protected CertificateSerialNumber serialNum = null;
protected CertificateAlgorithmId algId = null;
- protected CertificateIssuerName issuer = null;
+ protected X500Name issuer = null;
+ protected X500Name subject = null;
protected CertificateValidity interval = null;
- protected CertificateSubjectName subject = null;
protected CertificateX509Key pubKey = null;
// X509.v2 & v3 extensions
@@ -399,11 +400,7 @@
break;
case ATTR_ISSUER:
- if (suffix == null) {
- setIssuer(val);
- } else {
- issuer.set(suffix, val);
- }
+ setIssuer(val);
break;
case ATTR_VALIDITY:
@@ -415,11 +412,7 @@
break;
case ATTR_SUBJECT:
- if (suffix == null) {
- setSubject(val);
- } else {
- subject.set(suffix, val);
- }
+ setSubject(val);
break;
case ATTR_KEY:
@@ -493,11 +486,7 @@
}
break;
case (ATTR_ISSUER):
- if (suffix == null) {
- issuer = null;
- } else {
- issuer.delete(suffix);
- }
+ issuer = null;
break;
case (ATTR_VALIDITY):
if (suffix == null) {
@@ -507,11 +496,7 @@
}
break;
case (ATTR_SUBJECT):
- if (suffix == null) {
- subject = null;
- } else {
- subject.delete(suffix);
- }
+ subject = null;
break;
case (ATTR_KEY):
if (suffix == null) {
@@ -571,13 +556,13 @@
if (suffix == null) {
return(subject);
} else {
- return(subject.get(suffix));
+ return(getX500Name(suffix, false));
}
case (ATTR_ISSUER):
if (suffix == null) {
return(issuer);
} else {
- return(issuer.get(suffix));
+ return(getX500Name(suffix, true));
}
case (ATTR_KEY):
if (suffix == null) {
@@ -618,6 +603,21 @@
}
/*
+ * Get the Issuer or Subject name
+ */
+ private Object getX500Name(String name, boolean getIssuer)
+ throws IOException {
+ if (name.equalsIgnoreCase(X509CertInfo.DN_NAME)) {
+ return getIssuer ? issuer : subject;
+ } else if (name.equalsIgnoreCase("x500principal")) {
+ return getIssuer ? issuer.asX500Principal()
+ : subject.asX500Principal();
+ } else {
+ throw new IOException("Attribute name not recognized.");
+ }
+ }
+
+ /*
* This routine unmarshals the certificate information.
*/
private void parse(DerValue val)
@@ -646,9 +646,8 @@
algId = new CertificateAlgorithmId(in);
// Issuer name
- issuer = new CertificateIssuerName(in);
- X500Name issuerDN = (X500Name)issuer.get(CertificateIssuerName.DN_NAME);
- if (issuerDN.isEmpty()) {
+ issuer = new X500Name(in);
+ if (issuer.isEmpty()) {
throw new CertificateParsingException(
"Empty issuer DN not allowed in X509Certificates");
}
@@ -657,10 +656,9 @@
interval = new CertificateValidity(in);
// subject name
- subject = new CertificateSubjectName(in);
- X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME);
+ subject = new X500Name(in);
if ((version.compare(CertificateVersion.V1) == 0) &&
- subjectDN.isEmpty()) {
+ subject.isEmpty()) {
throw new CertificateParsingException(
"Empty subject DN not allowed in v1 certificate");
}
@@ -712,13 +710,12 @@
/*
* Verify if X.509 V3 Certificate is compliant with RFC 3280.
*/
- private void verifyCert(CertificateSubjectName subject,
+ private void verifyCert(X500Name subject,
CertificateExtensions extensions)
throws CertificateParsingException, IOException {
// if SubjectName is empty, check for SubjectAlternativeNameExtension
- X500Name subjectDN = (X500Name)subject.get(CertificateSubjectName.DN_NAME);
- if (subjectDN.isEmpty()) {
+ if (subject.isEmpty()) {
if (extensions == null) {
throw new CertificateParsingException("X.509 Certificate is " +
"incomplete: subject field is empty, and certificate " +
@@ -859,11 +856,11 @@
* @exception CertificateException on invalid data.
*/
private void setIssuer(Object val) throws CertificateException {
- if (!(val instanceof CertificateIssuerName)) {
+ if (!(val instanceof X500Name)) {
throw new CertificateException(
"Issuer class type invalid.");
}
- issuer = (CertificateIssuerName)val;
+ issuer = (X500Name)val;
}
/**
@@ -887,11 +884,11 @@
* @exception CertificateException on invalid data.
*/
private void setSubject(Object val) throws CertificateException {
- if (!(val instanceof CertificateSubjectName)) {
+ if (!(val instanceof X500Name)) {
throw new CertificateException(
"Subject class type invalid.");
}
- subject = (CertificateSubjectName)val;
+ subject = (X500Name)val;
}
/**
diff --git a/src/share/classes/sun/security/x509/certAttributes.html b/src/share/classes/sun/security/x509/certAttributes.html
index 088538e..79f6b5a 100644
--- a/src/share/classes/sun/security/x509/certAttributes.html
+++ b/src/share/classes/sun/security/x509/certAttributes.html
@@ -6,7 +6,7 @@
<h2><center>Certificate Attributes</center></h2>
<font size=3><center>July 1998</font></center>
<p>
-In JDK1.2 we provide an implementation of X.509 (version 3).
+In JDK1.2 we provide an implementation of X.509 (version 3).
The X509CertImpl class supports the following methods to
manipulate the various attributes of a certificate:
<pre>
@@ -86,9 +86,9 @@
<td>issuer</td>
<td>x509.info.issuer<br>
x509.info.issuer.dname</td>
-<td>CertificateIssuerName.IDENT<br>
+<td>none<br>
X509CertImpl.ISSUER_DN</td>
-<td>CertificateIssuerName<br>
+<td>X500Name<br>
X500Name</td>
</tr>
<tr>
@@ -109,9 +109,9 @@
<td>subject</td>
<td>x509.info.subject<br>
x509.info.subject.dname</td>
-<td>CertificateSubjectName.IDENT<br>
+<td>none<br>
X509CertImpl.SUBJECT_DN</td>
-<td>CertificateSubjectName<br>
+<td>X500Name<br>
X500Name</td>
</tr>
<tr>
@@ -127,18 +127,18 @@
<td>issuerUniqueID</td>
<td>x509.info.issuerID<br>
x509.info.issuerID.id</td>
-<td>CertificateIssuerUniqueIdentity.IDENT<br>
+<td>none<br>
none</td>
-<td>CertificateIssuerUniqueIdentity<br>
+<td>UniqueIdentity<br>
UniqueIdentity</td>
</tr>
<tr>
<td>subjectUniqueID</td>
<td>x509.info.subjectID<br>
x509.info.subjectID.id</td>
-<td>CertificateSubjectUniqueIdentity.IDENT<br>
+<td>none<br>
none</td>
-<td>CertificateSubjectUniqueIdentity<br>
+<td>UniqueIdentity<br>
UniqueIdentity</td>
</tr>
<tr>
diff --git a/src/share/classes/sun/tools/java/RuntimeConstants.java b/src/share/classes/sun/tools/java/RuntimeConstants.java
index 8a720f8..949573e 100644
--- a/src/share/classes/sun/tools/java/RuntimeConstants.java
+++ b/src/share/classes/sun/tools/java/RuntimeConstants.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -67,7 +67,7 @@
/* Class File Constants */
int JAVA_MAGIC = 0xcafebabe;
int JAVA_MIN_SUPPORTED_VERSION = 45;
- int JAVA_MAX_SUPPORTED_VERSION = 51;
+ int JAVA_MAX_SUPPORTED_VERSION = 52;
int JAVA_MAX_SUPPORTED_MINOR_VERSION = 0;
/* Generate class file version for 1.1 by default */
diff --git a/src/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java b/src/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java
index 346cba0..e6b3d9e 100644
--- a/src/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java
+++ b/src/share/classes/sun/util/locale/provider/JRELocaleProviderAdapter.java
@@ -329,9 +329,6 @@
tagset.add(token);
}
- // ensure en-US is there (mandated by the spec, e.g. Collator.getAvailableLocales())
- tagset.add("en-US");
-
return tagset;
}
diff --git a/src/share/classes/sun/util/locale/provider/LocaleServiceProviderPool.java b/src/share/classes/sun/util/locale/provider/LocaleServiceProviderPool.java
index 2683b7d..3a60061 100644
--- a/src/share/classes/sun/util/locale/provider/LocaleServiceProviderPool.java
+++ b/src/share/classes/sun/util/locale/provider/LocaleServiceProviderPool.java
@@ -26,6 +26,7 @@
package sun.util.locale.provider;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.IllformedLocaleException;
@@ -177,7 +178,7 @@
for (Class<? extends LocaleServiceProvider> c : spiClasses) {
LocaleServiceProviderPool pool =
LocaleServiceProviderPool.getPool(c);
- all.addAll(pool.getAvailableLocaleList());
+ all.addAll(pool.getAvailableLocaleSet());
}
allAvailableLocales = all.toArray(new Locale[0]);
@@ -207,13 +208,23 @@
* @return an array of the available locales
*/
public Locale[] getAvailableLocales() {
- Set<Locale> locList = getAvailableLocaleList();
+ Set<Locale> locList = new HashSet<>();
+ locList.addAll(getAvailableLocaleSet());
+ // Make sure it all contains JRE's locales for compatibility.
+ locList.addAll(Arrays.asList(LocaleProviderAdapter.forJRE().getAvailableLocales()));
Locale[] tmp = new Locale[locList.size()];
locList.toArray(tmp);
return tmp;
}
- private synchronized Set<Locale> getAvailableLocaleList() {
+ /**
+ * Returns the union of locale sets that are available from
+ * each service provider. This method does NOT return the
+ * defensive copy.
+ *
+ * @return a set of available locales
+ */
+ private synchronized Set<Locale> getAvailableLocaleSet() {
if (availableLocales == null) {
availableLocales = new HashSet<>();
for (LocaleServiceProvider lsp : providers.values()) {
@@ -222,9 +233,6 @@
availableLocales.add(getLookupLocale(locale));
}
}
-
- // Remove Locale.ROOT for the compatibility.
- availableLocales.remove(Locale.ROOT);
}
return availableLocales;
@@ -295,7 +303,7 @@
List<Locale> lookupLocales = getLookupLocales(locale);
- Set<Locale> available = getAvailableLocaleList();
+ Set<Locale> available = getAvailableLocaleSet();
for (Locale current : lookupLocales) {
if (available.contains(current)) {
S providersObj;
diff --git a/src/share/native/com/sun/java/util/jar/pack/constants.h b/src/share/native/com/sun/java/util/jar/pack/constants.h
index a3a8c55..dde13b8 100644
--- a/src/share/native/com/sun/java/util/jar/pack/constants.h
+++ b/src/share/native/com/sun/java/util/jar/pack/constants.h
@@ -35,12 +35,19 @@
#define JAVA_MAGIC 0xCAFEBABE
#define JAVA_MIN_MAJOR_VERSION 45
#define JAVA_MIN_MINOR_VERSION 3
+
#define JAVA5_MAX_MAJOR_VERSION 49
#define JAVA5_MAX_MINOR_VERSION 0
-// NOTE: Assume for now
+
#define JAVA6_MAX_MAJOR_VERSION 50
#define JAVA6_MAX_MINOR_VERSION 0
+#define JAVA7_MAX_MAJOR_VERSION 51
+#define JAVA7_MAX_MINOR_VERSION 0
+
+#define JAVA8_MAX_MAJOR_VERSION 52
+#define JAVA8_MAX_MINOR_VERSION 0
+
// package file constants
#define JAVA_PACKAGE_MAGIC 0xCAFED00D
#define JAVA5_PACKAGE_MAJOR_VERSION 150
diff --git a/src/share/native/java/lang/System.c b/src/share/native/java/lang/System.c
index 82b6691..84ae689 100644
--- a/src/share/native/java/lang/System.c
+++ b/src/share/native/java/lang/System.c
@@ -102,7 +102,7 @@
#define VENDOR_URL_BUG "http://bugreport.sun.com/bugreport/"
#endif
-#define JAVA_MAX_SUPPORTED_VERSION 51
+#define JAVA_MAX_SUPPORTED_VERSION 52
#define JAVA_MAX_SUPPORTED_MINOR_VERSION 0
#ifdef JAVA_SPECIFICATION_VENDOR /* Third party may NOT overwrite this. */
diff --git a/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c b/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c
index fa88866..abd2c2d 100644
--- a/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c
+++ b/src/share/native/sun/security/jgss/wrapper/GSSLibStub.c
@@ -26,6 +26,7 @@
#include "sun_security_jgss_wrapper_GSSLibStub.h"
#include "NativeUtil.h"
#include "NativeFunc.h"
+#include "jlong.h"
/* Constants for indicating what type of info is needed for inqueries */
const int TYPE_CRED_NAME = 10;
@@ -75,14 +76,14 @@
jclass jcls,
jbyteArray jbytes) {
gss_OID cOid;
- int i, len;
+ unsigned int i, len;
jbyte* bytes;
jthrowable gssEx;
jboolean found;
if (jbytes != NULL) {
found = JNI_FALSE;
- len = (*env)->GetArrayLength(env, jbytes) - 2;
+ len = (unsigned int)((*env)->GetArrayLength(env, jbytes) - 2);
bytes = (*env)->GetByteArrayElements(env, jbytes, NULL);
if (bytes != NULL) {
for (i = 0; i < ftab->mechs->count; i++) {
@@ -98,9 +99,9 @@
}
if (found != JNI_TRUE) {
checkStatus(env, NULL, GSS_S_BAD_MECH, 0, "[GSSLibStub_getMechPtr]");
- return NULL;
- } else return cOid;
- } else return GSS_C_NO_OID;
+ return ptr_to_jlong(NULL);
+ } else return ptr_to_jlong(cOid);
+ } else return ptr_to_jlong(GSS_C_NO_OID);
}
@@ -244,7 +245,7 @@
if (ftab->inquireNamesForMech != NULL) {
- mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+ mech = (gss_OID)jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
nameTypes = GSS_C_NO_OID_SET;
/* gss_inquire_names_for_mech(...) => N/A */
@@ -273,7 +274,7 @@
OM_uint32 minor, major;
gss_name_t nameHdl;
- nameHdl = (gss_name_t) pName;
+ nameHdl = (gss_name_t) jlong_to_ptr(pName);
sprintf(debugBuf, "[GSSLibStub_releaseName] %ld", (long) pName);
debug(env, debugBuf);
@@ -319,7 +320,7 @@
resetGSSBuffer(env, jnameVal, &nameVal);
checkStatus(env, jobj, major, minor, "[GSSLibStub_importName]");
- return (jlong) nameHdl;
+ return ptr_to_jlong(nameHdl);
}
@@ -339,8 +340,8 @@
int isEqual;
isEqual = 0;
- nameHdl1 = (gss_name_t) pName1;
- nameHdl2 = (gss_name_t) pName2;
+ nameHdl1 = (gss_name_t) jlong_to_ptr(pName1);
+ nameHdl2 = (gss_name_t) jlong_to_ptr(pName2);
sprintf(debugBuf, "[GSSLibStub_compareName] %ld %ld", (long) pName1,
(long) pName2);
@@ -370,12 +371,12 @@
gss_name_t nameHdl, mnNameHdl;
gss_OID mech;
- nameHdl = (gss_name_t) pName;
+ nameHdl = (gss_name_t) jlong_to_ptr(pName);
sprintf(debugBuf, "[GSSLibStub_canonicalizeName] %ld", (long) pName);
debug(env, debugBuf);
if (nameHdl != GSS_C_NO_NAME) {
- mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+ mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
mnNameHdl = GSS_C_NO_NAME;
/* gss_canonicalize_name(...) may return GSS_S_BAD_NAMETYPE,
@@ -391,7 +392,7 @@
checkStatus(env, jobj, major, minor, "[GSSLibStub_canonicalizeName]");
} else mnNameHdl = GSS_C_NO_NAME;
- return (jlong) mnNameHdl;
+ return ptr_to_jlong(mnNameHdl);
}
/*
@@ -408,7 +409,7 @@
gss_buffer_desc outBuf;
jbyteArray jresult;
- nameHdl = (gss_name_t) pName;
+ nameHdl = (gss_name_t) jlong_to_ptr(pName);
sprintf(debugBuf, "[GSSLibStub_exportName] %ld", (long) pName);
debug(env, debugBuf);
@@ -420,16 +421,16 @@
if (major == GSS_S_NAME_NOT_MN) {
debug(env, "[GSSLibStub_exportName] canonicalize and re-try");
- mNameHdl = (gss_name_t)
+ mNameHdl = (gss_name_t)jlong_to_ptr(
Java_sun_security_jgss_wrapper_GSSLibStub_canonicalizeName
- (env, jobj, pName);
+ (env, jobj, pName));
/* return immediately if an exception has occurred */
if ((*env)->ExceptionCheck(env)) {
return NULL;
}
major = (*ftab->exportName)(&minor, mNameHdl, &outBuf);
Java_sun_security_jgss_wrapper_GSSLibStub_releaseName
- (env, jobj, (jlong) mNameHdl);
+ (env, jobj, ptr_to_jlong(mNameHdl));
/* return immediately if an exception has occurred */
if ((*env)->ExceptionCheck(env)) {
return NULL;
@@ -460,7 +461,7 @@
jobject jtype;
jobjectArray jresult;
- nameHdl = (gss_name_t) pName;
+ nameHdl = (gss_name_t) jlong_to_ptr(pName);
sprintf(debugBuf, "[GSSLibStub_displayName] %ld", (long) pName);
debug(env, debugBuf);
@@ -512,10 +513,10 @@
debug(env, "[GSSLibStub_acquireCred]");
- mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+ mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
mechs = newGSSOIDSet(env, mech);
credUsage = (gss_cred_usage_t) usage;
- nameHdl = (gss_name_t) pName;
+ nameHdl = (gss_name_t) jlong_to_ptr(pName);
credHdl = GSS_C_NO_CREDENTIAL;
sprintf(debugBuf, "[GSSLibStub_acquireCred] pName=%ld, usage=%d",
@@ -534,7 +535,7 @@
debug(env, debugBuf);
checkStatus(env, jobj, major, minor, "[GSSLibStub_acquireCred]");
- return (jlong) credHdl;
+ return ptr_to_jlong(credHdl);
}
/*
@@ -550,9 +551,9 @@
OM_uint32 minor, major;
gss_cred_id_t credHdl;
- credHdl = (gss_cred_id_t) pCred;
+ credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
- sprintf(debugBuf, "[GSSLibStub_releaseCred] %ld", pCred);
+ sprintf(debugBuf, "[GSSLibStub_releaseCred] %ld", (long int)pCred);
debug(env, debugBuf);
if (credHdl != GSS_C_NO_CREDENTIAL) {
@@ -562,7 +563,7 @@
checkStatus(env, jobj, major, minor, "[GSSLibStub_releaseCred]");
}
- return (jlong) credHdl;
+ return ptr_to_jlong(credHdl);
}
/*
@@ -570,7 +571,7 @@
*/
void inquireCred(JNIEnv *env, jobject jobj, gss_cred_id_t pCred,
jint type, void *result) {
- OM_uint32 minor, major;
+ OM_uint32 minor, major=GSS_C_QOP_DEFAULT;
OM_uint32 routineErr;
gss_cred_id_t credHdl;
@@ -617,9 +618,9 @@
gss_name_t nameHdl;
gss_cred_id_t credHdl;
- credHdl = (gss_cred_id_t) pCred;
+ credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
- sprintf(debugBuf, "[GSSLibStub_getCredName] %ld", pCred);
+ sprintf(debugBuf, "[GSSLibStub_getCredName] %ld", (long int)pCred);
debug(env, debugBuf);
nameHdl = GSS_C_NO_NAME;
@@ -633,7 +634,7 @@
sprintf(debugBuf, "[GSSLibStub_getCredName] pName=%ld", (long) nameHdl);
debug(env, debugBuf);
- return (jlong) nameHdl;
+ return ptr_to_jlong(nameHdl);
}
/*
@@ -649,9 +650,9 @@
gss_cred_id_t credHdl;
OM_uint32 lifetime;
- credHdl = (gss_cred_id_t) pCred;
+ credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
- sprintf(debugBuf, "[GSSLibStub_getCredTime] %ld", pCred);
+ sprintf(debugBuf, "[GSSLibStub_getCredTime] %ld", (long int)pCred);
debug(env, debugBuf);
lifetime = 0;
@@ -677,9 +678,9 @@
gss_cred_usage_t usage;
gss_cred_id_t credHdl;
- credHdl = (gss_cred_id_t) pCred;
+ credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
- sprintf(debugBuf, "[GSSLibStub_getCredUsage] %ld", pCred);
+ sprintf(debugBuf, "[GSSLibStub_getCredUsage] %ld", (long int)pCred);
debug(env, debugBuf);
inquireCred(env, jobj, credHdl, TYPE_CRED_USAGE, &usage);
@@ -738,13 +739,13 @@
return NULL;
}
- mech2 = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+ mech2 = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
if (sameMech(env, mech, mech2) == JNI_TRUE) {
/* mech match - return the context object */
return (*env)->NewObject(env, CLS_NativeGSSContext,
MID_NativeGSSContext_ctor,
- (jlong) contextHdl, jobj);
+ ptr_to_jlong(contextHdl), jobj);
} else {
/* mech mismatch - clean up then return null */
major = (*ftab->deleteSecContext)(&minor, &contextHdl, GSS_C_NO_BUFFER);
@@ -784,11 +785,11 @@
*/
debug(env, "[GSSLibStub_initContext]");
- credHdl = (gss_cred_id_t) pCred;
- contextHdl = (gss_ctx_id_t)
- (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext);
- targetName = (gss_name_t) pName;
- mech = (gss_OID) (*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech);
+ credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
+ contextHdl = (gss_ctx_id_t) jlong_to_ptr(
+ (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext));
+ targetName = (gss_name_t) jlong_to_ptr(pName);
+ mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jobj, FID_GSSLibStub_pMech));
flags = (OM_uint32) (*env)->GetIntField(env, jcontextSpi,
FID_NativeGSSContext_flags);
time = getGSSTime((*env)->GetIntField(env, jcontextSpi,
@@ -821,7 +822,7 @@
if (GSS_ERROR(major) == GSS_S_COMPLETE) {
/* update member values if needed */
(*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext,
- (jlong) contextHdl);
+ ptr_to_jlong(contextHdl));
(*env)->SetIntField(env, jcontextSpi, FID_NativeGSSContext_flags, aFlags);
sprintf(debugBuf, "[GSSLibStub_initContext] set flags=0x%x", aFlags);
debug(env, debugBuf);
@@ -879,7 +880,7 @@
OM_uint32 aFlags;
OM_uint32 aTime;
gss_cred_id_t delCred;
- jobject jsrcName;
+ jobject jsrcName=GSS_C_NO_NAME;
jobject jdelCred;
jobject jMech;
jbyteArray jresult;
@@ -889,9 +890,9 @@
debug(env, "[GSSLibStub_acceptContext]");
- contextHdl = (gss_ctx_id_t)
- (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext);
- credHdl = (gss_cred_id_t) pCred;
+ contextHdl = (gss_ctx_id_t)jlong_to_ptr(
+ (*env)->GetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext));
+ credHdl = (gss_cred_id_t) jlong_to_ptr(pCred);
initGSSBuffer(env, jinToken, &inToken);
cb = getGSSCB(env, jcb);
srcName = GSS_C_NO_NAME;
@@ -922,7 +923,7 @@
if (GSS_ERROR(major) == GSS_S_COMPLETE) {
/* update member values if needed */
(*env)->SetLongField(env, jcontextSpi, FID_NativeGSSContext_pContext,
- (jlong) contextHdl);
+ ptr_to_jlong(contextHdl));
sprintf(debugBuf, "[GSSLibStub_acceptContext] set pContext=%ld",
(long)contextHdl);
debug(env, debugBuf);
@@ -940,7 +941,7 @@
NULL, NULL);
jtargetName = (*env)->NewObject(env, CLS_GSSNameElement,
MID_GSSNameElement_ctor,
- (jlong) targetName, jobj);
+ ptr_to_jlong(targetName), jobj);
/* return immediately if an exception has occurred */
if ((*env)->ExceptionCheck(env)) {
@@ -955,7 +956,7 @@
if (srcName != GSS_C_NO_NAME) {
jsrcName = (*env)->NewObject(env, CLS_GSSNameElement,
MID_GSSNameElement_ctor,
- (jlong) srcName, jobj);
+ ptr_to_jlong(srcName), jobj);
/* return immediately if an exception has occurred */
if ((*env)->ExceptionCheck(env)) {
return NULL;
@@ -981,7 +982,7 @@
if (delCred != GSS_C_NO_CREDENTIAL) {
jdelCred = (*env)->NewObject(env, CLS_GSSCredElement,
MID_GSSCredElement_ctor,
- (jlong) delCred, jsrcName, jMech);
+ ptr_to_jlong(delCred), jsrcName, jMech);
/* return immediately if an exception has occurred */
if ((*env)->ExceptionCheck(env)) {
return NULL;
@@ -1031,7 +1032,7 @@
jlong result[6];
jlongArray jresult;
- contextHdl = (gss_ctx_id_t) pContext;
+ contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_inquireContext] %ld", (long)contextHdl);
debug(env, debugBuf);
@@ -1051,8 +1052,8 @@
(long)targetName);
debug(env, debugBuf);
- result[0] = (jlong) srcName;
- result[1] = (jlong) targetName;
+ result[0] = ptr_to_jlong(srcName);
+ result[1] = ptr_to_jlong(targetName);
result[2] = (jlong) isInitiator;
result[3] = (jlong) isEstablished;
result[4] = (jlong) flags;
@@ -1081,9 +1082,9 @@
gss_OID mech;
gss_ctx_id_t contextHdl;
- contextHdl = (gss_ctx_id_t) pContext;
+ contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
- sprintf(debugBuf, "[GSSLibStub_getContextMech] %ld", pContext);
+ sprintf(debugBuf, "[GSSLibStub_getContextMech] %ld", (long int)pContext);
debug(env, debugBuf);
major = (*ftab->inquireContext)(&minor, contextHdl, NULL, NULL,
@@ -1111,7 +1112,7 @@
gss_name_t nameHdl;
gss_ctx_id_t contextHdl;
- contextHdl = (gss_ctx_id_t) pContext;
+ contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_getContextName] %ld, isSrc=%d",
(long)contextHdl, isSrc);
@@ -1129,13 +1130,13 @@
checkStatus(env, jobj, major, minor, "[GSSLibStub_inquireContextAll]");
/* return immediately if an exception has occurred */
if ((*env)->ExceptionCheck(env)) {
- return (long)NULL;
+ return ptr_to_jlong(NULL);
}
sprintf(debugBuf, "[GSSLibStub_getContextName] pName=%ld", (long) nameHdl);
debug(env, debugBuf);
- return (jlong) nameHdl;
+ return ptr_to_jlong(nameHdl);
}
/*
@@ -1151,7 +1152,7 @@
gss_ctx_id_t contextHdl;
OM_uint32 time;
- contextHdl = (gss_ctx_id_t) pContext;
+ contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_getContextTime] %ld", (long)contextHdl);
debug(env, debugBuf);
@@ -1180,17 +1181,17 @@
OM_uint32 minor, major;
gss_ctx_id_t contextHdl;
- contextHdl = (gss_ctx_id_t) pContext;
+ contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_deleteContext] %ld", (long)contextHdl);
debug(env, debugBuf);
- if (contextHdl == GSS_C_NO_CONTEXT) return GSS_C_NO_CONTEXT;
+ if (contextHdl == GSS_C_NO_CONTEXT) return ptr_to_jlong(GSS_C_NO_CONTEXT);
/* gss_delete_sec_context(...) => GSS_S_NO_CONTEXT(!) */
major = (*ftab->deleteSecContext)(&minor, &contextHdl, GSS_C_NO_BUFFER);
checkStatus(env, jobj, major, minor, "[GSSLibStub_deleteContext]");
- return (jlong) contextHdl;
+ return (jlong) ptr_to_jlong(contextHdl);
}
/*
@@ -1211,7 +1212,7 @@
OM_uint32 outSize, maxInSize;
gss_qop_t qop;
- contextHdl = (gss_ctx_id_t) pContext;
+ contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_wrapSizeLimit] %ld", (long)contextHdl);
debug(env, debugBuf);
@@ -1244,7 +1245,7 @@
gss_buffer_desc interProcToken;
jbyteArray jresult;
- contextHdl = (gss_ctx_id_t) pContext;
+ contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_exportContext] %ld", (long)contextHdl);
debug(env, debugBuf);
@@ -1281,7 +1282,7 @@
gss_buffer_desc msgToken;
jbyteArray jresult;
- contextHdl = (gss_ctx_id_t) pContext;
+ contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_getMic] %ld", (long)contextHdl);
debug(env, debugBuf);
@@ -1290,7 +1291,7 @@
checkStatus(env, jobj, GSS_S_CONTEXT_EXPIRED, 0, "[GSSLibStub_getMic]");
return NULL;
}
- contextHdl = (gss_ctx_id_t) pContext;
+ contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
qop = (gss_qop_t) jqop;
initGSSBuffer(env, jmsg, &msg);
@@ -1326,7 +1327,7 @@
gss_buffer_desc msgToken;
gss_qop_t qop;
- contextHdl = (gss_ctx_id_t) pContext;
+ contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_verifyMic] %ld", (long)contextHdl);
debug(env, debugBuf);
@@ -1376,7 +1377,7 @@
gss_ctx_id_t contextHdl;
jbyteArray jresult;
- contextHdl = (gss_ctx_id_t) pContext;
+ contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_wrap] %ld", (long)contextHdl);
debug(env, debugBuf);
@@ -1427,7 +1428,7 @@
gss_qop_t qop;
jbyteArray jresult;
- contextHdl = (gss_ctx_id_t) pContext;
+ contextHdl = (gss_ctx_id_t) jlong_to_ptr(pContext);
sprintf(debugBuf, "[GSSLibStub_unwrap] %ld", (long)contextHdl);
debug(env, debugBuf);
diff --git a/src/share/native/sun/security/jgss/wrapper/NativeUtil.c b/src/share/native/sun/security/jgss/wrapper/NativeUtil.c
index e1cb403..7c15ed6 100644
--- a/src/share/native/sun/security/jgss/wrapper/NativeUtil.c
+++ b/src/share/native/sun/security/jgss/wrapper/NativeUtil.c
@@ -25,6 +25,7 @@
#include "NativeUtil.h"
#include "NativeFunc.h"
+#include "jlong.h"
const int JAVA_DUPLICATE_TOKEN_CODE = 19; /* DUPLICATE_TOKEN */
const int JAVA_OLD_TOKEN_CODE = 20; /* OLD_TOKEN */
@@ -412,7 +413,7 @@
OM_uint32 result;
/* special handle values equal to JAVA_MAX */
- if (jtime == JAVA_MAX) {
+ if (jtime == (jint)JAVA_MAX) {
result = GSS_C_INDEFINITE;
} else {
result = jtime;
@@ -482,7 +483,7 @@
messageContext = 0;
if (jstub != NULL) {
- mech = (gss_OID) (*env)->GetLongField(env, jstub, FID_GSSLibStub_pMech);
+ mech = (gss_OID) jlong_to_ptr((*env)->GetLongField(env, jstub, FID_GSSLibStub_pMech));
} else {
mech = GSS_C_NO_OID;
}
diff --git a/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c b/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c
index 82cb5af..bd0eab3 100644
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_convert.c
@@ -422,6 +422,7 @@
jfieldID jFieldID;
jlong jType;
jobject jPValue;
+ memset(&ckAttribute, 0, sizeof(CK_ATTRIBUTE));
// TBD: what if jAttribute == NULL?!
@@ -1577,6 +1578,7 @@
CK_RSA_PKCS_PSS_PARAMS ckParam;
jfieldID fieldID;
jlong jHashAlg, jMgf, jSLen;
+ memset(&ckParam, 0, sizeof(CK_RSA_PKCS_PSS_PARAMS));
/* get hashAlg */
jRsaPkcsPssParamsClass = (*env)->FindClass(env, CLASS_RSA_PKCS_PSS_PARAMS);
@@ -1617,6 +1619,7 @@
jfieldID fieldID;
jlong jLong;
jobject jSharedData, jPublicData;
+ memset(&ckParam, 0, sizeof(CK_ECDH1_DERIVE_PARAMS));
/* get kdf */
jEcdh1DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH1_DERIVE_PARAMS);
@@ -1663,6 +1666,7 @@
jfieldID fieldID;
jlong jKdf, jPrivateDataLen, jPrivateData;
jobject jSharedData, jPublicData, jPublicData2;
+ memset(&ckParam, 0, sizeof(CK_ECDH2_DERIVE_PARAMS));
/* get kdf */
jEcdh2DeriveParamsClass = (*env)->FindClass(env, CLASS_ECDH2_DERIVE_PARAMS);
diff --git a/src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c b/src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c
index dc8f65f..41a0b28 100644
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_crypt.c
@@ -180,14 +180,14 @@
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directIn != 0) {
- inBufP = (CK_BYTE_PTR) directIn;
+ inBufP = (CK_BYTE_PTR) jlong_to_ptr(directIn);
} else {
inBufP = (*env)->GetPrimitiveArrayCritical(env, jIn, NULL);
if (inBufP == NULL) { return 0; }
}
if (directOut != 0) {
- outBufP = (CK_BYTE_PTR) directOut;
+ outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
} else {
outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
if (outBufP == NULL) {
@@ -249,7 +249,7 @@
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directOut != 0) {
- outBufP = (CK_BYTE_PTR) directOut;
+ outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
} else {
outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
if (outBufP == NULL) { return 0; }
@@ -401,14 +401,14 @@
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directIn != 0) {
- inBufP = (CK_BYTE_PTR) directIn;
+ inBufP = (CK_BYTE_PTR) jlong_to_ptr(directIn);
} else {
inBufP = (*env)->GetPrimitiveArrayCritical(env, jIn, NULL);
if (inBufP == NULL) { return 0; }
}
if (directOut != 0) {
- outBufP = (CK_BYTE_PTR) directOut;
+ outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
} else {
outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
if (outBufP == NULL) {
@@ -465,7 +465,7 @@
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directOut != 0) {
- outBufP = (CK_BYTE_PTR) directOut;
+ outBufP = (CK_BYTE_PTR) jlong_to_ptr(directOut);
} else {
outBufP = (*env)->GetPrimitiveArrayCritical(env, jOut, NULL);
if (outBufP == NULL) { return 0; }
diff --git a/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c b/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c
index 592720d..0119c4e 100644
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_digest.c
@@ -51,6 +51,7 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
+#include "jlong.h"
#include "sun_security_pkcs11_wrapper_PKCS11.h"
@@ -178,7 +179,7 @@
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directIn != 0) {
- rv = (*ckpFunctions->C_DigestUpdate)(ckSessionHandle, (CK_BYTE_PTR)directIn, jInLen);
+ rv = (*ckpFunctions->C_DigestUpdate)(ckSessionHandle, (CK_BYTE_PTR)jlong_to_ptr(directIn), jInLen);
ckAssertReturnValueOK(env, rv);
return;
}
diff --git a/src/share/native/sun/security/pkcs11/wrapper/p11_general.c b/src/share/native/sun/security/pkcs11/wrapper/p11_general.c
index 4a4ac43..b607b1f 100644
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_general.c
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_general.c
@@ -253,10 +253,12 @@
(JNIEnv *env, jobject obj)
{
CK_INFO ckLibInfo;
- jobject jInfoObject;
+ jobject jInfoObject=NULL;
CK_RV rv;
+ CK_FUNCTION_LIST_PTR ckpFunctions;
+ memset(&ckLibInfo, 0, sizeof(CK_INFO));
- CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
+ ckpFunctions = getFunctionList(env, obj);
if (ckpFunctions == NULL) { return NULL; }
rv = (*ckpFunctions->C_GetInfo)(&ckLibInfo);
@@ -384,7 +386,7 @@
{
CK_SLOT_ID ckSlotID;
CK_SLOT_INFO ckSlotInfo;
- jobject jSlotInfoObject;
+ jobject jSlotInfoObject=NULL;
CK_RV rv;
CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
@@ -396,7 +398,7 @@
if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
jSlotInfoObject = ckSlotInfoPtrToJSlotInfo(env, &ckSlotInfo);
}
- return jSlotInfoObject ;
+ return jSlotInfoObject;
}
/*
diff --git a/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c b/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c
index abf3c85..79b3963 100644
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_sessmgmt.c
@@ -256,7 +256,7 @@
{
CK_SESSION_HANDLE ckSessionHandle;
CK_SESSION_INFO ckSessionInfo;
- jobject jSessionInfo;
+ jobject jSessionInfo=NULL;
CK_RV rv;
CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
diff --git a/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c b/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c
index 07e7e9b..ed8424b 100644
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_sign.c
@@ -51,6 +51,7 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
+#include "jlong.h"
#include "sun_security_pkcs11_wrapper_PKCS11.h"
@@ -198,7 +199,7 @@
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directIn != 0) {
- rv = (*ckpFunctions->C_SignUpdate)(ckSessionHandle, (CK_BYTE_PTR)directIn, jInLen);
+ rv = (*ckpFunctions->C_SignUpdate)(ckSessionHandle, (CK_BYTE_PTR) jlong_to_ptr(directIn), jInLen);
ckAssertReturnValueOK(env, rv);
return;
}
@@ -262,7 +263,7 @@
ckSessionHandle = jLongToCKULong(jSessionHandle);
- if ((jExpectedLength > 0) && (jExpectedLength < ckSignatureLength)) {
+ if ((jExpectedLength > 0) && ((CK_ULONG)jExpectedLength < ckSignatureLength)) {
ckSignatureLength = jExpectedLength;
}
@@ -496,7 +497,7 @@
ckSessionHandle = jLongToCKULong(jSessionHandle);
if (directIn != 0) {
- rv = (*ckpFunctions->C_VerifyUpdate)(ckSessionHandle, (CK_BYTE_PTR)directIn, jInLen);
+ rv = (*ckpFunctions->C_VerifyUpdate)(ckSessionHandle, (CK_BYTE_PTR)jlong_to_ptr(directIn), jInLen);
ckAssertReturnValueOK(env, rv);
return;
}
diff --git a/src/share/native/sun/security/pkcs11/wrapper/p11_util.c b/src/share/native/sun/security/pkcs11/wrapper/p11_util.c
index bfef4e7..8889f74 100644
--- a/src/share/native/sun/security/pkcs11/wrapper/p11_util.c
+++ b/src/share/native/sun/security/pkcs11/wrapper/p11_util.c
@@ -106,7 +106,7 @@
if (moduleData == NULL) {
return ;
}
- (*env)->SetLongField(env, pkcs11Implementation, pNativeDataID, (jlong)moduleData);
+ (*env)->SetLongField(env, pkcs11Implementation, pNativeDataID, ptr_to_jlong(moduleData));
}
@@ -120,7 +120,7 @@
return NULL;
}
jData = (*env)->GetLongField(env, pkcs11Implementation, pNativeDataID);
- return (ModuleData*)jData;
+ return (ModuleData*)jlong_to_ptr(jData);
}
CK_FUNCTION_LIST_PTR getFunctionList(JNIEnv *env, jobject pkcs11Implementation) {
diff --git a/src/solaris/native/sun/security/pkcs11/j2secmod_md.c b/src/solaris/native/sun/security/pkcs11/j2secmod_md.c
index 2aca46c..f509c42 100644
--- a/src/solaris/native/sun/security/pkcs11/j2secmod_md.c
+++ b/src/solaris/native/sun/security/pkcs11/j2secmod_md.c
@@ -34,7 +34,7 @@
#include "j2secmod.h"
void *findFunction(JNIEnv *env, jlong jHandle, const char *functionName) {
- void *hModule = (void*)jHandle;
+ void *hModule = (void*)jlong_to_ptr(jHandle);
void *fAddress = dlsym(hModule, functionName);
if (fAddress == NULL) {
char errorMessage[256];
@@ -53,7 +53,7 @@
void *hModule = dlopen(libName, RTLD_NOLOAD);
dprintf2("-handle for %s: %u\n", libName, hModule);
(*env)->ReleaseStringUTFChars(env, jLibName, libName);
- return (jlong)hModule;
+ return ptr_to_jlong(hModule);
}
JNIEXPORT jlong JNICALL Java_sun_security_pkcs11_Secmod_nssLoadLibrary
@@ -72,5 +72,5 @@
return 0;
}
- return (jlong)hModule;
+ return ptr_to_jlong(hModule);
}
diff --git a/src/solaris/native/sun/security/pkcs11/wrapper/p11_md.c b/src/solaris/native/sun/security/pkcs11/wrapper/p11_md.c
index 042cf23..12a4f24 100644
--- a/src/solaris/native/sun/security/pkcs11/wrapper/p11_md.c
+++ b/src/solaris/native/sun/security/pkcs11/wrapper/p11_md.c
@@ -79,7 +79,7 @@
{
void *hModule;
char *error;
- CK_C_GetFunctionList C_GetFunctionList;
+ CK_C_GetFunctionList C_GetFunctionList=NULL;
CK_RV rv;
ModuleData *moduleData;
jobject globalPKCS11ImplementationReference;
diff --git a/test/ProblemList.txt b/test/ProblemList.txt
index 8fd42d5..80fc546 100644
--- a/test/ProblemList.txt
+++ b/test/ProblemList.txt
@@ -137,11 +137,6 @@
# 7196801
java/lang/management/MemoryMXBean/LowMemoryTest2.sh generic-all
-# Exclude until hotspot/jdk repos are sync'd w.r.t. JAVA_MAX_SUPPORTED_VERSION
-# Needed when hotspot fix 7054345 is present. Remove when the JDK source is
-# updated accordingly.
-java/lang/System/Versions.java generic-all
-
############################################################################
# jdk_management
diff --git a/test/com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java b/test/com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java
index 939ee4f..3be7ecd 100644
--- a/test/com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PBEInvalidParamsTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 6209660
+ * @bug 6209660 6383200
* @summary Ensure that InvalidAlgorithmParameterException is
* thrown as javadoc specified when parameters of the wrong
* type are used.
@@ -38,9 +38,21 @@
private static final char[] PASSWORD = { 'p', 'a', 's', 's' };
private static final String[] PBE_ALGOS = {
- "PBEWithMD5AndDES", "PBEWithSHA1AndDESede", "PBEWithSHA1AndRC2_40"
+ "PBEWithMD5AndDES",
+ "PBEWithSHA1AndDESede",
+ "PBEWithSHA1AndRC2_40",
+ "PBEWithSHA1AndRC2_128",
+ "PBEWithSHA1AndRC4_40",
+ "PBEWithSHA1AndRC4_128",
// skip "PBEWithMD5AndTripleDES" since it requires Unlimited
// version of JCE jurisdiction policy files.
+ "PBEWithHmacSHA1AndAES_128",
+ "PBEWithHmacSHA224AndAES_128",
+ "PBEWithHmacSHA256AndAES_128",
+ "PBEWithHmacSHA384AndAES_128",
+ "PBEWithHmacSHA512AndAES_128"
+ // skip "PBEWithHmacSHAxxxAndAES_256" since they require Unlimited
+ // version of JCE jurisdiction policy files.
};
private static final IvParameterSpec INVALID_PARAMS =
diff --git a/test/com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java b/test/com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java
index 12bbdf3..3522170 100644
--- a/test/com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PBEKeysAlgorithmNames.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 6341599
+ * @bug 6341599 6383200
* @summary JCE Reference Guide has recommendations, not requirements,
* for algorithm names
* @author Brad R. Wetmore
@@ -38,8 +38,15 @@
"PBEWithMD5AndDES",
"PBEWithSHA1AndDESede",
"PBEWithSHA1AndRC2_40",
+ "PBEWithSHA1AndRC2_128",
+ "PBEWithMD5AndTripleDES",
+ "PBEWithSHA1AndRC4_40",
+ "PBEWithSHA1AndRC4_128",
"PBKDF2WithHmacSHA1",
- "PBEWithMD5AndTripleDES"
+ "PBKDF2WithHmacSHA224",
+ "PBKDF2WithHmacSHA256",
+ "PBKDF2WithHmacSHA384",
+ "PBKDF2WithHmacSHA512"
};
public static void main(String[] argv) throws Exception {
diff --git a/test/com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java b/test/com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java
index 20929b8..7afc354 100644
--- a/test/com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PBEParametersTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 4944783
+ * @bug 4944783 6383200
* @summary ensure that the AlgorithmParameters object returned by
* PBE ciphers have the matching algorithm name.
* @author Valerie Peng
@@ -37,9 +37,21 @@
private static final char[] PASSWORD = { 'p', 'a', 's', 's' };
private static final String[] PBE_ALGOS = {
- "PBEWithMD5AndDES", "PBEWithSHA1AndDESede", "PBEWithSHA1AndRC2_40"
+ "PBEWithMD5AndDES",
+ "PBEWithSHA1AndDESede",
+ "PBEWithSHA1AndRC2_40",
+ "PBEWithSHA1AndRC2_128",
+ "PBEWithSHA1AndRC4_40",
+ "PBEWithSHA1AndRC4_128",
// skip "PBEWithMD5AndTripleDES" since it requires Unlimited
// version of JCE jurisdiction policy files.
+ "PBEWithHmacSHA1AndAES_128",
+ "PBEWithHmacSHA224AndAES_128",
+ "PBEWithHmacSHA256AndAES_128",
+ "PBEWithHmacSHA384AndAES_128",
+ "PBEWithHmacSHA512AndAES_128"
+ // skip "PBEWithHmacSHAxxxAndAES_256" since they require Unlimited
+ // version of JCE jurisdiction policy files.
};
public static void main(String[] args) throws Exception {
PBEKeySpec ks = new PBEKeySpec(PASSWORD);
diff --git a/test/com/sun/crypto/provider/Cipher/PBE/PBES2Test.java b/test/com/sun/crypto/provider/Cipher/PBE/PBES2Test.java
new file mode 100644
index 0000000..1df3a3c
--- /dev/null
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PBES2Test.java
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6383200
+ * @summary PBE: need new algorithm support in password based encryption
+ */
+import java.security.*;
+import java.util.Arrays;
+import javax.crypto.*;
+import javax.crypto.spec.*;
+
+public class PBES2Test {
+
+ private static final String[] algos = {
+ "PBEWithHmacSHA1AndAES_128",
+ "PBEWithHmacSHA224AndAES_128",
+ "PBEWithHmacSHA256AndAES_128",
+ "PBEWithHmacSHA384AndAES_128",
+ "PBEWithHmacSHA512AndAES_128"
+ };
+ private static final byte[] ivBytes = {
+ 0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,
+ 0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,
+ };
+
+ public static final void main(String[] args) throws Exception {
+ for (String algo : algos) {
+ test(algo, true); // salt, ic, IV supplied by the application
+ test(algo, false); // salt, ic, IV generated by the implementation
+ }
+ }
+
+ private static final void test(String algo, boolean suppliedParams)
+ throws Exception {
+
+ System.out.println("***********************************************");
+ System.out.println(algo +
+ (suppliedParams ? " [algorithm parameters are supplied]\n"
+ : " [algorithm parameters are generated]\n"));
+ int iterationCount = 1000;
+ byte[] salt = new byte[]{ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 };
+
+ // Create PBE key
+ PBEKeySpec pbeKeySpec = new PBEKeySpec("mypassword".toCharArray());
+ SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(algo);
+ SecretKey pbeKey = keyFactory.generateSecret(pbeKeySpec);
+ byte[] pbeKeyBytes = pbeKey.getEncoded();
+ System.out.println(" key[" + pbeKeyBytes.length + "]: " +
+ String.format("0x%0" + (pbeKeyBytes.length * 2) + "x",
+ new java.math.BigInteger(1, pbeKeyBytes)));
+
+ // Create PBE cipher
+ System.out.println("Encrypting...");
+ Cipher pbeCipher = Cipher.getInstance(algo);
+ if (suppliedParams) {
+ pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey,
+ new PBEParameterSpec(salt, iterationCount,
+ new IvParameterSpec(ivBytes)));
+ } else {
+ pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey);
+ }
+
+ // Encrypt
+ byte[] cleartext = "This is just an example".getBytes();
+ System.out.println(" text[" + cleartext.length + "]: " +
+ String.format("0x%0" + (cleartext.length * 2) + "x",
+ new java.math.BigInteger(1, cleartext)));
+
+ byte[] ciphertext = pbeCipher.doFinal(cleartext);
+ System.out.println("c'text[" + ciphertext.length + "]: " +
+ String.format("0x%0" + (ciphertext.length * 2) + "x",
+ new java.math.BigInteger(1, ciphertext)));
+
+ AlgorithmParameters aps = pbeCipher.getParameters();
+
+ byte[] iv;
+ if (suppliedParams) {
+ iv = ivBytes;
+ } else {
+ PBEParameterSpec pbeSpec =
+ aps.getParameterSpec(PBEParameterSpec.class);
+ salt = pbeSpec.getSalt();
+ iterationCount = pbeSpec.getIterationCount();
+ IvParameterSpec ivSpec =
+ (IvParameterSpec) pbeSpec.getParameterSpec();
+ iv = ivSpec.getIV();
+ }
+ System.out.println(" salt[" + salt.length + "]: " +
+ String.format("0x%0" + (salt.length * 2) + "x",
+ new java.math.BigInteger(1, salt)));
+ System.out.println("iterationCount=" + iterationCount);
+ System.out.println(" iv[" + iv.length + "]: " +
+ String.format("0x%0" + (iv.length * 2) + "x",
+ new java.math.BigInteger(1, iv)));
+
+ // Decrypt
+ System.out.println("Decrypting...");
+ Cipher pbeCipher2 = Cipher.getInstance(algo);
+ pbeCipher2.init(Cipher.DECRYPT_MODE, pbeKey, aps);
+ byte[] cleartext2 = pbeCipher2.doFinal(ciphertext);
+ System.out.println(" text[" + cleartext2.length + "]: " +
+ String.format("0x%0" + (cleartext2.length * 2) + "x",
+ new java.math.BigInteger(1, cleartext2)));
+
+ if (Arrays.equals(cleartext, cleartext2)) {
+ System.out.println(
+ "\nPass: decrypted ciphertext matches the original text\n");
+ } else {
+ throw new Exception(
+ "Fail: decrypted ciphertext does NOT match the original text");
+ }
+ }
+}
diff --git a/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java b/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java
index 173564f..4995a9a 100644
--- a/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Cipher.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,9 +23,9 @@
/**
* @test
- * @bug 4893959
- * @summary basic test for PBEWithSHA1AndDESede and
- * PBEWithSHA1AndRC2_40
+ * @bug 4893959 6383200
+ * @summary basic test for PBEWithSHA1AndDESede, PBEWithSHA1AndRC2_40/128
+ * and PBEWithSHA1AndRC4_40/128
* @author Valerie Peng
*/
@@ -87,6 +87,9 @@
System.out.println("Testing provider " + p.getName() + "...");
runTest("PBEWithSHA1AndDESede", input, PASSWD, p);
runTest("PBEWithSHA1AndRC2_40", input, PASSWD, p);
+ runTest("PBEWithSHA1AndRC2_128", input, PASSWD, p);
+ runTest("PBEWithSHA1AndRC4_40", input, PASSWD, p);
+ runTest("PBEWithSHA1AndRC4_128", input, PASSWD, p);
System.out.println("All tests passed");
long stop = System.currentTimeMillis();
System.out.println("Done (" + (stop - start) + " ms).");
diff --git a/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java b/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java
index 69e2b19..9f78c2b 100644
--- a/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PKCS12Oid.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,9 +23,9 @@
/**
* @test
- * @bug 4898810
- * @summary ensure PBEWithSHA1AndDESede and PBEWithSHA1AndRC2_40
- * is registered under correct OID.
+ * @bug 4898810 6383200
+ * @summary ensure PBEWithSHA1AndDESede, PBEWithSHA1AndRC2_40/128
+ * and PBEWithSHA1AndRC4_40/128 are registered under correct OID.
* @author Valerie Peng
*/
@@ -37,12 +37,20 @@
import javax.crypto.interfaces.PBEKey;
public class PKCS12Oid {
- private static String OID_PBEWithSHAAnd40BitRC2CBC = "1.2.840.113549.1.12.1.6";
- private static String OID_PBEWithSHAAnd3KeyTripleDESCBC = "1.2.840.113549.1.12.1.3";
+ private static String OID_PKCS12 = "1.2.840.113549.1.12.1.";
+ private static String OID_PBEWithSHAAnd128BitRC4 = OID_PKCS12 + "1";
+ private static String OID_PBEWithSHAAnd40BitRC4 = OID_PKCS12 + "2";
+ private static String OID_PBEWithSHAAnd3KeyTripleDESCBC = OID_PKCS12 + "3";
+ private static String OID_PBEWithSHAAnd128BitRC2CBC = OID_PKCS12 + "5";
+ private static String OID_PBEWithSHAAnd40BitRC2CBC = OID_PKCS12 + "6";
public static void main(String[] argv) throws Exception {
Cipher c = Cipher.getInstance(OID_PBEWithSHAAnd40BitRC2CBC, "SunJCE");
c = Cipher.getInstance(OID_PBEWithSHAAnd3KeyTripleDESCBC, "SunJCE");
+
+ c = Cipher.getInstance(OID_PBEWithSHAAnd128BitRC4, "SunJCE");
+ c = Cipher.getInstance(OID_PBEWithSHAAnd40BitRC4, "SunJCE");
+ c = Cipher.getInstance(OID_PBEWithSHAAnd128BitRC2CBC, "SunJCE");
System.out.println("All tests passed");
}
}
diff --git a/test/com/sun/crypto/provider/Mac/HmacPBESHA1.java b/test/com/sun/crypto/provider/Mac/HmacPBESHA1.java
index f28df13..601a766 100644
--- a/test/com/sun/crypto/provider/Mac/HmacPBESHA1.java
+++ b/test/com/sun/crypto/provider/Mac/HmacPBESHA1.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,34 +36,45 @@
import javax.crypto.spec.*;
public class HmacPBESHA1 {
- private static final String MAC_ALGO = "HmacPBESHA1";
+ private static final String[] MAC_ALGOS = {
+ "HmacPBESHA1",
+ "PBEWithHmacSHA1",
+ "PBEWithHmacSHA224",
+ "PBEWithHmacSHA256",
+ "PBEWithHmacSHA384",
+ "PBEWithHmacSHA512"
+ };
+ private static final int[] MAC_LENGTHS = { 20, 20, 28, 32, 48, 64 };
private static final String KEY_ALGO = "PBE";
private static final String PROVIDER = "SunJCE";
- private SecretKey key = null;
+ private static SecretKey key = null;
public static void main(String argv[]) throws Exception {
- HmacPBESHA1 test = new HmacPBESHA1();
- test.run();
- System.out.println("Test Passed");
+ for (int i = 0; i < MAC_ALGOS.length; i++) {
+ runtest(MAC_ALGOS[i], MAC_LENGTHS[i]);
+ }
+ System.out.println("\nTest Passed");
}
- public void run() throws Exception {
+ private static void runtest(String algo, int length) throws Exception {
+ System.out.println("Testing: " + algo);
if (key == null) {
char[] password = { 't', 'e', 's', 't' };
PBEKeySpec keySpec = new PBEKeySpec(password);
- SecretKeyFactory kf = SecretKeyFactory.getInstance(KEY_ALGO, PROVIDER);
+ SecretKeyFactory kf =
+ SecretKeyFactory.getInstance(KEY_ALGO, PROVIDER);
key = kf.generateSecret(keySpec);
}
- Mac mac = Mac.getInstance(MAC_ALGO, PROVIDER);
+ Mac mac = Mac.getInstance(algo, PROVIDER);
byte[] plainText = new byte[30];
mac.init(key);
mac.update(plainText);
byte[] value1 = mac.doFinal();
- if (value1.length != 20) {
- throw new Exception("incorrect MAC output length, " +
- "expected 20, got " + value1.length);
+ if (value1.length != length) {
+ throw new Exception("incorrect MAC output length, expected " +
+ length + ", got " + value1.length);
}
mac.update(plainText);
byte[] value2 = mac.doFinal();
diff --git a/test/com/sun/crypto/provider/Mac/HmacSaltLengths.java b/test/com/sun/crypto/provider/Mac/HmacSaltLengths.java
index 9cee588..1744739 100644
--- a/test/com/sun/crypto/provider/Mac/HmacSaltLengths.java
+++ b/test/com/sun/crypto/provider/Mac/HmacSaltLengths.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -38,6 +38,15 @@
public class HmacSaltLengths {
+ private static final String[] ALGOS = {
+ "HmacPBESHA1",
+ "PBEWithHmacSHA1",
+ "PBEWithHmacSHA224",
+ "PBEWithHmacSHA256",
+ "PBEWithHmacSHA384",
+ "PBEWithHmacSHA512"
+ };
+
private static void runTest(String alg, byte[] plaintext,
char[] password, Provider p)
throws Exception {
@@ -81,7 +90,9 @@
long start = System.currentTimeMillis();
Provider p = Security.getProvider("SunJCE");
System.out.println("Testing provider " + p.getName() + "...");
- runTest("HmacPBESHA1", input, PASSWD, p);
+ for (String algo : ALGOS) {
+ runTest(algo, input, PASSWD, p);
+ }
System.out.println("All tests passed");
long stop = System.currentTimeMillis();
System.out.println("Done (" + (stop - start) + " ms).");
diff --git a/test/java/lang/Character/CheckProp.java b/test/java/lang/Character/CheckProp.java
index ee1b649..c460d42 100644
--- a/test/java/lang/Character/CheckProp.java
+++ b/test/java/lang/Character/CheckProp.java
@@ -24,7 +24,7 @@
/**
* @test
- * @bug 7037261 7070436
+ * @bug 7037261 7070436 7198195
* @summary Check j.l.Character.isLowerCase/isUppercase/isAlphabetic/isIdeographic
*/
diff --git a/test/java/lang/Character/CheckScript.java b/test/java/lang/Character/CheckScript.java
index 147f931..713e3c8 100644
--- a/test/java/lang/Character/CheckScript.java
+++ b/test/java/lang/Character/CheckScript.java
@@ -24,7 +24,7 @@
/**
* @test
- * @bug 6945564 6959267 7033561 7070436
+ * @bug 6945564 6959267 7033561 7070436 7198195
* @summary Check that the j.l.Character.UnicodeScript
*/
diff --git a/test/java/lang/Character/PropList.txt b/test/java/lang/Character/PropList.txt
index f9dcb2a..9ce7eec 100644
--- a/test/java/lang/Character/PropList.txt
+++ b/test/java/lang/Character/PropList.txt
@@ -1,8 +1,8 @@
-# PropList-6.1.0.txt
-# Date: 2011-11-30, 01:49:54 GMT [MD]
+# PropList-6.2.0.txt
+# Date: 2012-05-23, 20:34:59 GMT [MD]
#
# Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
# For terms of use, see http://www.unicode.org/terms_of_use.html
# For documentation, see http://www.unicode.org/reports/tr44/
diff --git a/test/java/lang/Character/PropertyValueAliases.txt b/test/java/lang/Character/PropertyValueAliases.txt
index 2f7bde2..d9048fb 100644
--- a/test/java/lang/Character/PropertyValueAliases.txt
+++ b/test/java/lang/Character/PropertyValueAliases.txt
@@ -1,8 +1,8 @@
-# PropertyValueAliases-6.1.0.txt
-# Date: 2011-12-07, 23:40:57 GMT [MD]
+# PropertyValueAliases-6.2.0.txt
+# Date: 2012-08-14, 16:05:11 GMT [MD]
#
# Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
# For terms of use, see http://www.unicode.org/terms_of_use.html
# For documentation, see http://www.unicode.org/reports/tr44/
#
@@ -73,6 +73,7 @@
age; 5.2 ; V5_2
age; 6.0 ; V6_0
age; 6.1 ; V6_1
+age; 6.2 ; V6_2
age; NA ; Unassigned
# Alphabetic (Alpha)
@@ -382,7 +383,8 @@
ccc; 122; CCC122 ; CCC122
ccc; 129; CCC129 ; CCC129
ccc; 130; CCC130 ; CCC130
-ccc; 132; CCC133 ; CCC133
+ccc; 132; CCC132 ; CCC132
+ccc; 133; CCC133 ; CCC133 # RESERVED
ccc; 200; ATBL ; Attached_Below_Left
ccc; 202; ATB ; Attached_Below
ccc; 214; ATA ; Attached_Above
@@ -592,6 +594,7 @@
GCB; LV ; LV
GCB; LVT ; LVT
GCB; PP ; Prepend
+GCB; RI ; Regional_Indicator
GCB; SM ; SpacingMark
GCB; T ; T
GCB; V ; V
@@ -862,6 +865,7 @@
lb ; PO ; Postfix_Numeric
lb ; PR ; Prefix_Numeric
lb ; QU ; Quotation
+lb ; RI ; Regional_Indicator
lb ; SA ; Complex_Context
lb ; SG ; Surrogate
lb ; SP ; Space
@@ -880,10 +884,6 @@
Lower; N ; No ; F ; False
Lower; Y ; Yes ; T ; True
-# Lowercase_Mapping (lc)
-
-# @missing: 0000..10FFFF; Lowercase_Mapping; <code point>
-
# Math (Math)
Math; N ; No ; F ; False
@@ -1159,10 +1159,6 @@
Term; N ; No ; F ; False
Term; Y ; Yes ; T ; True
-# Titlecase_Mapping (tc)
-
-# @missing: 0000..10FFFF; Titlecase_Mapping; <code point>
-
# Unicode_1_Name (na1)
# @missing: 0000..10FFFF; Unicode_1_Name; <none>
@@ -1177,10 +1173,6 @@
Upper; N ; No ; F ; False
Upper; Y ; Yes ; T ; True
-# Uppercase_Mapping (uc)
-
-# @missing: 0000..10FFFF; Uppercase_Mapping; <code point>
-
# Variation_Selector (VS)
VS ; N ; No ; F ; False
@@ -1205,6 +1197,7 @@
WB ; MN ; MidNum
WB ; NL ; Newline
WB ; NU ; Numeric
+WB ; RI ; Regional_Indicator
WB ; XX ; Other
# XID_Continue (XIDC)
diff --git a/test/java/lang/Character/Scripts.txt b/test/java/lang/Character/Scripts.txt
index 2516f88..1a8e722 100644
--- a/test/java/lang/Character/Scripts.txt
+++ b/test/java/lang/Character/Scripts.txt
@@ -1,8 +1,8 @@
-# Scripts-6.1.0.txt
-# Date: 2011-11-27, 05:10:50 GMT [MD]
+# Scripts-6.2.0.txt
+# Date: 2012-06-04, 17:21:29 GMT [MD]
#
# Unicode Character Database
-# Copyright (c) 1991-2011 Unicode, Inc.
+# Copyright (c) 1991-2012 Unicode, Inc.
# For terms of use, see http://www.unicode.org/terms_of_use.html
# For documentation, see http://www.unicode.org/reports/tr44/
@@ -146,7 +146,7 @@
208A..208C ; Common # Sm [3] SUBSCRIPT PLUS SIGN..SUBSCRIPT EQUALS SIGN
208D ; Common # Ps SUBSCRIPT LEFT PARENTHESIS
208E ; Common # Pe SUBSCRIPT RIGHT PARENTHESIS
-20A0..20B9 ; Common # Sc [26] EURO-CURRENCY SIGN..INDIAN RUPEE SIGN
+20A0..20BA ; Common # Sc [27] EURO-CURRENCY SIGN..TURKISH LIRA SIGN
2100..2101 ; Common # So [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT
2102 ; Common # L& DOUBLE-STRUCK CAPITAL C
2103..2106 ; Common # So [4] DEGREE CELSIUS..CADA UNA
@@ -576,7 +576,7 @@
E0001 ; Common # Cf LANGUAGE TAG
E0020..E007F ; Common # Cf [96] TAG SPACE..CANCEL TAG
-# Total code points: 6412
+# Total code points: 6413
# ================================================
@@ -760,7 +760,7 @@
061E ; Arabic # Po ARABIC TRIPLE DOT PUNCTUATION MARK
0620..063F ; Arabic # Lo [32] ARABIC LETTER KASHMIRI YEH..ARABIC LETTER FARSI YEH WITH THREE DOTS ABOVE
0641..064A ; Arabic # Lo [10] ARABIC LETTER FEH..ARABIC LETTER YEH
-0656..065E ; Arabic # Mn [9] ARABIC SUBSCRIPT ALEF..ARABIC FATHA WITH TWO DOTS
+0656..065F ; Arabic # Mn [10] ARABIC SUBSCRIPT ALEF..ARABIC WAVY HAMZA BELOW
066A..066D ; Arabic # Po [4] ARABIC PERCENT SIGN..ARABIC FIVE POINTED STAR
066E..066F ; Arabic # Lo [2] ARABIC LETTER DOTLESS BEH..ARABIC LETTER DOTLESS QAF
0671..06D3 ; Arabic # Lo [99] ARABIC LETTER ALEF WASLA..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE
@@ -827,7 +827,7 @@
1EEAB..1EEBB ; Arabic # Lo [17] ARABIC MATHEMATICAL DOUBLE-STRUCK LAM..ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
1EEF0..1EEF1 ; Arabic # Sm [2] ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL..ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
-# Total code points: 1234
+# Total code points: 1235
# ================================================
@@ -1477,7 +1477,6 @@
0300..036F ; Inherited # Mn [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
0485..0486 ; Inherited # Mn [2] COMBINING CYRILLIC DASIA PNEUMATA..COMBINING CYRILLIC PSILI PNEUMATA
064B..0655 ; Inherited # Mn [11] ARABIC FATHATAN..ARABIC HAMZA BELOW
-065F ; Inherited # Mn ARABIC WAVY HAMZA BELOW
0670 ; Inherited # Mn ARABIC LETTER SUPERSCRIPT ALEF
0951..0952 ; Inherited # Mn [2] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI STRESS SIGN ANUDATTA
1CD0..1CD2 ; Inherited # Mn [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
@@ -1504,7 +1503,7 @@
1D1AA..1D1AD ; Inherited # Mn [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
E0100..E01EF ; Inherited # Mn [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
-# Total code points: 524
+# Total code points: 523
# ================================================
diff --git a/test/java/lang/Math/DivModTests.java b/test/java/lang/Math/DivModTests.java
new file mode 100644
index 0000000..43e88bd
--- /dev/null
+++ b/test/java/lang/Math/DivModTests.java
@@ -0,0 +1,395 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.math.BigDecimal;
+import java.math.RoundingMode;
+
+/**
+ * @test Test Math and StrictMath Floor Div / Modulo operations.
+ * @bug 6282196
+ * @summary Basic tests for Floor division and modulo methods for both Math
+ * and StrictMath for int and long datatypes.
+ */
+public class DivModTests {
+
+ /**
+ * The count of test errors.
+ */
+ private static int errors = 0;
+
+ /**
+ * @param args the command line arguments are unused
+ */
+ public static void main(String[] args) {
+ errors = 0;
+ testIntFloorDivMod();
+ testLongFloorDivMod();
+
+ if (errors > 0) {
+ throw new RuntimeException(errors + " errors found in DivMod methods.");
+ }
+ }
+
+ /**
+ * Report a test failure and increment the error count.
+ * @param message the formatting string
+ * @param args the variable number of arguments for the message.
+ */
+ static void fail(String message, Object... args) {
+ errors++;
+ System.out.printf(message, args);
+ }
+
+ /**
+ * Test the integer floorDiv and floorMod methods.
+ * Math and StrictMath tested and the same results are expected for both.
+ */
+ static void testIntFloorDivMod() {
+ testIntFloorDivMod(4, 0, new ArithmeticException("/ by zero"), new ArithmeticException("/ by zero")); // Should throw ArithmeticException
+ testIntFloorDivMod(4, 3, 1, 1);
+ testIntFloorDivMod(3, 3, 1, 0);
+ testIntFloorDivMod(2, 3, 0, 2);
+ testIntFloorDivMod(1, 3, 0, 1);
+ testIntFloorDivMod(0, 3, 0, 0);
+ testIntFloorDivMod(4, -3, -2, -2);
+ testIntFloorDivMod(3, -3, -1, 0);
+ testIntFloorDivMod(2, -3, -1, -1);
+ testIntFloorDivMod(1, -3, -1, -2);
+ testIntFloorDivMod(0, -3, 0, 0);
+ testIntFloorDivMod(-1, 3, -1, 2);
+ testIntFloorDivMod(-2, 3, -1, 1);
+ testIntFloorDivMod(-3, 3, -1, 0);
+ testIntFloorDivMod(-4, 3, -2, 2);
+ testIntFloorDivMod(-1, -3, 0, -1);
+ testIntFloorDivMod(-2, -3, 0, -2);
+ testIntFloorDivMod(-3, -3, 1, 0);
+ testIntFloorDivMod(-4, -3, 1, -1);
+ testIntFloorDivMod(Integer.MAX_VALUE, 1, Integer.MAX_VALUE, 0);
+ testIntFloorDivMod(Integer.MAX_VALUE, -1, -Integer.MAX_VALUE, 0);
+ testIntFloorDivMod(Integer.MAX_VALUE, 3, 715827882, 1);
+ testIntFloorDivMod(Integer.MAX_VALUE - 1, 3, 715827882, 0);
+ testIntFloorDivMod(Integer.MIN_VALUE, 3, -715827883, 1);
+ testIntFloorDivMod(Integer.MIN_VALUE + 1, 3, -715827883, 2);
+ testIntFloorDivMod(Integer.MIN_VALUE + 1, -1, Integer.MAX_VALUE, 0);
+ // Special case of integer overflow
+ testIntFloorDivMod(Integer.MIN_VALUE, -1, Integer.MIN_VALUE, 0);
+ }
+
+ /**
+ * Test FloorDiv and then FloorMod with int data.
+ */
+ static void testIntFloorDivMod(int x, int y, Object divExpected, Object modExpected) {
+ testIntFloorDiv(x, y, divExpected);
+ testIntFloorMod(x, y, modExpected);
+ }
+
+ /**
+ * Test FloorDiv with int data.
+ */
+ static void testIntFloorDiv(int x, int y, Object expected) {
+ Object result = doFloorDiv(x, y);
+ if (!resultEquals(result, expected)) {
+ fail("FAIL: Math.floorDiv(%d, %d) = %s; expected %s%n", x, y, result, expected);
+ }
+
+ Object strict_result = doStrictFloorDiv(x, y);
+ if (!resultEquals(strict_result, expected)) {
+ fail("FAIL: StrictMath.floorDiv(%d, %d) = %s; expected %s%n", x, y, strict_result, expected);
+ }
+ }
+
+ /**
+ * Test FloorMod with int data.
+ */
+ static void testIntFloorMod(int x, int y, Object expected) {
+ Object result = doFloorMod(x, y);
+ if (!resultEquals(result, expected)) {
+ fail("FAIL: Math.floorMod(%d, %d) = %s; expected %s%n", x, y, result, expected);
+ }
+
+ Object strict_result = doStrictFloorMod(x, y);
+ if (!resultEquals(strict_result, expected)) {
+ fail("FAIL: StrictMath.floorMod(%d, %d) = %s; expected %s%n", x, y, strict_result, expected);
+ }
+
+ try {
+ // Verify result against double precision floor function
+ int tmp = x / y; // Force ArithmeticException for divide by zero
+ double ff = x - Math.floor((double)x / (double)y) * y;
+ int fr = (int)ff;
+ if (fr != result) {
+ fail("FAIL: Math.floorMod(%d, %d) = %s differs from Math.floor(x, y): %d%n", x, y, result, fr);
+ }
+ } catch (ArithmeticException ae) {
+ if (y != 0) {
+ fail("FAIL: Math.floorMod(%d, %d); unexpected %s%n", x, y, ae);
+ }
+ }
+ }
+
+ /**
+ * Test the floorDiv and floorMod methods for primitive long.
+ */
+ static void testLongFloorDivMod() {
+ testLongFloorDivMod(4L, 0L, new ArithmeticException("/ by zero"), new ArithmeticException("/ by zero")); // Should throw ArithmeticException
+ testLongFloorDivMod(4L, 3L, 1L, 1L);
+ testLongFloorDivMod(3L, 3L, 1L, 0L);
+ testLongFloorDivMod(2L, 3L, 0L, 2L);
+ testLongFloorDivMod(1L, 3L, 0L, 1L);
+ testLongFloorDivMod(0L, 3L, 0L, 0L);
+ testLongFloorDivMod(4L, -3L, -2L, -2L);
+ testLongFloorDivMod(3L, -3L, -1L, 0l);
+ testLongFloorDivMod(2L, -3L, -1L, -1L);
+ testLongFloorDivMod(1L, -3L, -1L, -2L);
+ testLongFloorDivMod(0L, -3L, 0L, 0L);
+ testLongFloorDivMod(-1L, 3L, -1L, 2L);
+ testLongFloorDivMod(-2L, 3L, -1L, 1L);
+ testLongFloorDivMod(-3L, 3L, -1L, 0L);
+ testLongFloorDivMod(-4L, 3L, -2L, 2L);
+ testLongFloorDivMod(-1L, -3L, 0L, -1L);
+ testLongFloorDivMod(-2L, -3L, 0L, -2L);
+ testLongFloorDivMod(-3L, -3L, 1L, 0L);
+ testLongFloorDivMod(-4L, -3L, 1L, -1L);
+
+ testLongFloorDivMod(Long.MAX_VALUE, 1, Long.MAX_VALUE, 0L);
+ testLongFloorDivMod(Long.MAX_VALUE, -1, -Long.MAX_VALUE, 0L);
+ testLongFloorDivMod(Long.MAX_VALUE, 3L, Long.MAX_VALUE / 3L, 1L);
+ testLongFloorDivMod(Long.MAX_VALUE - 1L, 3L, (Long.MAX_VALUE - 1L) / 3L, 0L);
+ testLongFloorDivMod(Long.MIN_VALUE, 3L, Long.MIN_VALUE / 3L - 1L, 1L);
+ testLongFloorDivMod(Long.MIN_VALUE + 1L, 3L, Long.MIN_VALUE / 3L - 1L, 2L);
+ testLongFloorDivMod(Long.MIN_VALUE + 1, -1, Long.MAX_VALUE, 0L);
+ // Special case of integer overflow
+ testLongFloorDivMod(Long.MIN_VALUE, -1, Long.MIN_VALUE, 0L);
+ }
+
+ /**
+ * Test the integer floorDiv and floorMod methods.
+ * Math and StrictMath are tested and the same results are expected for both.
+ */
+ static void testLongFloorDivMod(long x, long y, Object divExpected, Object modExpected) {
+ testLongFloorDiv(x, y, divExpected);
+ testLongFloorMod(x, y, modExpected);
+ }
+
+ /**
+ * Test FloorDiv with long arguments against expected value.
+ * The expected value is usually a Long but in some cases is
+ * an ArithmeticException.
+ *
+ * @param x dividend
+ * @param y modulus
+ * @param expected expected value,
+ */
+ static void testLongFloorDiv(long x, long y, Object expected) {
+ Object result = doFloorDiv(x, y);
+ if (!resultEquals(result, expected)) {
+ fail("FAIL: long Math.floorDiv(%d, %d) = %s; expected %s%n", x, y, result, expected);
+ }
+
+ Object strict_result = doStrictFloorDiv(x, y);
+ if (!resultEquals(strict_result, expected)) {
+ fail("FAIL: long StrictMath.floorDiv(%d, %d) = %s; expected %s%n", x, y, strict_result, expected);
+ }
+ }
+
+ /**
+ * Test FloorMod of long arguments against expected value.
+ * The expected value is usually a Long but in some cases is
+ * an ArithmeticException.
+ *
+ * @param x dividend
+ * @param y modulus
+ * @param expected expected value
+ */
+ static void testLongFloorMod(long x, long y, Object expected) {
+ Object result = doFloorMod(x, y);
+ if (!resultEquals(result, expected)) {
+ fail("FAIL: long Math.floorMod(%d, %d) = %s; expected %s%n", x, y, result, expected);
+ }
+
+ Object strict_result = doStrictFloorMod(x, y);
+ if (!resultEquals(strict_result, expected)) {
+ fail("FAIL: long StrictMath.floorMod(%d, %d) = %s; expected %s%n", x, y, strict_result, expected);
+ }
+
+ try {
+ // Verify the result against BigDecimal rounding mode.
+ BigDecimal xD = new BigDecimal(x);
+ BigDecimal yD = new BigDecimal(y);
+ BigDecimal resultD = xD.divide(yD, RoundingMode.FLOOR);
+ resultD = resultD.multiply(yD);
+ resultD = xD.subtract(resultD);
+ long fr = resultD.longValue();
+ if (fr != result) {
+ fail("FAIL: Long.floorMod(%d, %d) = %d is different than BigDecimal result: %d%n",x, y, result, fr);
+
+ }
+ } catch (ArithmeticException ae) {
+ if (y != 0) {
+ fail("FAIL: long Math.floorMod(%d, %d); unexpected ArithmeticException from bigdecimal");
+ }
+ }
+ }
+
+ /**
+ * Invoke floorDiv and return the result or any exception.
+ * @param x the x value
+ * @param y the y value
+ * @return the result Integer or an exception.
+ */
+ static Object doFloorDiv(int x, int y) {
+ try {
+ return Math.floorDiv(x, y);
+ } catch (ArithmeticException ae) {
+ return ae;
+ }
+ }
+
+ /**
+ * Invoke floorDiv and return the result or any exception.
+ * @param x the x value
+ * @param y the y value
+ * @return the result Integer or an exception.
+ */
+ static Object doFloorDiv(long x, long y) {
+ try {
+ return Math.floorDiv(x, y);
+ } catch (ArithmeticException ae) {
+ return ae;
+ }
+ }
+
+ /**
+ * Invoke floorDiv and return the result or any exception.
+ * @param x the x value
+ * @param y the y value
+ * @return the result Integer or an exception.
+ */
+ static Object doFloorMod(int x, int y) {
+ try {
+ return Math.floorMod(x, y);
+ } catch (ArithmeticException ae) {
+ return ae;
+ }
+ }
+
+ /**
+ * Invoke floorDiv and return the result or any exception.
+ * @param x the x value
+ * @param y the y value
+ * @return the result Integer or an exception.
+ */
+ static Object doFloorMod(long x, long y) {
+ try {
+ return Math.floorMod(x, y);
+ } catch (ArithmeticException ae) {
+ return ae;
+ }
+ }
+
+ /**
+ * Invoke floorDiv and return the result or any exception.
+ * @param x the x value
+ * @param y the y value
+ * @return the result Integer or an exception.
+ */
+ static Object doStrictFloorDiv(int x, int y) {
+ try {
+ return StrictMath.floorDiv(x, y);
+ } catch (ArithmeticException ae) {
+ return ae;
+ }
+ }
+
+ /**
+ * Invoke floorDiv and return the result or any exception.
+ * @param x the x value
+ * @param y the y value
+ * @return the result Integer or an exception.
+ */
+ static Object doStrictFloorDiv(long x, long y) {
+ try {
+ return StrictMath.floorDiv(x, y);
+ } catch (ArithmeticException ae) {
+ return ae;
+ }
+ }
+
+ /**
+ * Invoke floorDiv and return the result or any exception.
+ * @param x the x value
+ * @param y the y value
+ * @return the result Integer or an exception.
+ */
+ static Object doStrictFloorMod(int x, int y) {
+ try {
+ return StrictMath.floorMod(x, y);
+ } catch (ArithmeticException ae) {
+ return ae;
+ }
+ }
+
+ /**
+ * Invoke floorDiv and return the result or any exception.
+ * @param x the x value
+ * @param y the y value
+ * @return the result Integer or an exception.
+ */
+ static Object doStrictFloorMod(long x, long y) {
+ try {
+ return StrictMath.floorMod(x, y);
+ } catch (ArithmeticException ae) {
+ return ae;
+ }
+ }
+
+ /**
+ * Returns a boolean by comparing the result and the expected value.
+ * The equals method is not defined for ArithmeticException but it is
+ * desirable to have equals return true if the expected and the result
+ * both threw the same exception (class and message.)
+ *
+ * @param result the result from testing the method
+ * @param expected the expected value
+ * @return true if the result is equal to the expected values; false otherwise.
+ */
+ static boolean resultEquals(Object result, Object expected) {
+ if (result.getClass() != expected.getClass()) {
+ fail("FAIL: Result type mismatch, %s; expected: %s%n",
+ result.getClass().getName(), expected.getClass().getName());
+ return false;
+ }
+
+ if (result.equals(expected)) {
+ return true;
+ }
+ // Handle special case to compare ArithmeticExceptions
+ if (result instanceof ArithmeticException && expected instanceof ArithmeticException) {
+ ArithmeticException ae1 = (ArithmeticException)result;
+ ArithmeticException ae2 = (ArithmeticException)expected;
+ return ae1.getMessage().equals(ae2.getMessage());
+ }
+ return false;
+ }
+
+}
diff --git a/test/java/lang/invoke/BigArityTest.java b/test/java/lang/invoke/BigArityTest.java
index fa4d597..d9584dd 100644
--- a/test/java/lang/invoke/BigArityTest.java
+++ b/test/java/lang/invoke/BigArityTest.java
@@ -26,7 +26,7 @@
/* @test
* @summary High arity invocations, up to the maximum of 255 arguments
* @compile BigArityTest.java
- * @run junit/othervm -DBigArityTest.ITERATION_COUNT=1 test.java.lang.invoke.BigArityTest
+ * @run junit/othervm/timeout=2500 -XX:+IgnoreUnrecognizedVMOptions -XX:-VerifyDependencies -esa -DBigArityTest.ITERATION_COUNT=1 test.java.lang.invoke.BigArityTest
*/
package test.java.lang.invoke;
diff --git a/test/java/lang/invoke/CallSiteTest.java b/test/java/lang/invoke/CallSiteTest.java
index 3e9d7d7..fe2702c 100644
--- a/test/java/lang/invoke/CallSiteTest.java
+++ b/test/java/lang/invoke/CallSiteTest.java
@@ -28,7 +28,7 @@
*
* @build indify.Indify
* @compile CallSiteTest.java
- * @run main/othervm
+ * @run main/othervm/timeout=3600 -XX:+IgnoreUnrecognizedVMOptions -XX:-VerifyDependencies
* indify.Indify
* --expand-properties --classpath ${test.classes}
* --java test.java.lang.invoke.CallSiteTest
diff --git a/test/java/lang/invoke/MethodHandlesTest.java b/test/java/lang/invoke/MethodHandlesTest.java
index 770cdc6..d7e3626 100644
--- a/test/java/lang/invoke/MethodHandlesTest.java
+++ b/test/java/lang/invoke/MethodHandlesTest.java
@@ -26,7 +26,7 @@
/* @test
* @summary unit tests for java.lang.invoke.MethodHandles
* @compile MethodHandlesTest.java remote/RemoteExample.java
- * @run junit/othervm test.java.lang.invoke.MethodHandlesTest
+ * @run junit/othervm/timeout=2500 -XX:+IgnoreUnrecognizedVMOptions -XX:-VerifyDependencies -esa test.java.lang.invoke.MethodHandlesTest
*/
package test.java.lang.invoke;
diff --git a/test/java/lang/invoke/RicochetTest.java b/test/java/lang/invoke/RicochetTest.java
index 6451fb4..8f9ed66 100644
--- a/test/java/lang/invoke/RicochetTest.java
+++ b/test/java/lang/invoke/RicochetTest.java
@@ -25,7 +25,7 @@
/* @test
* @summary unit tests for recursive method handles
- * @run junit/othervm -DRicochetTest.MAX_ARITY=50 test.java.lang.invoke.RicochetTest
+ * @run junit/othervm/timeout=3600 -XX:+IgnoreUnrecognizedVMOptions -XX:-VerifyDependencies -DRicochetTest.MAX_ARITY=10 test.java.lang.invoke.RicochetTest
*/
/*
* @ignore The following test creates an unreasonable number of adapters in -Xcomp mode (7049122)
diff --git a/test/java/nio/channels/DatagramChannel/AdaptDatagramSocket.java b/test/java/nio/channels/DatagramChannel/AdaptDatagramSocket.java
index 022455f..1763ef3 100644
--- a/test/java/nio/channels/DatagramChannel/AdaptDatagramSocket.java
+++ b/test/java/nio/channels/DatagramChannel/AdaptDatagramSocket.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,29 +27,16 @@
* @library ..
*/
-import java.io.*;
import java.net.*;
-import java.nio.*;
import java.nio.channels.*;
-import java.nio.charset.*;
import java.util.*;
public class AdaptDatagramSocket {
static java.io.PrintStream out = System.out;
-
static Random rand = new Random();
- static final int ECHO_PORT = 7;
- static final int DISCARD_PORT = 9;
- static final String REMOTE_HOST = TestUtil.HOST;
-
- static final InetSocketAddress echoAddress
- = new InetSocketAddress(REMOTE_HOST, ECHO_PORT);
- static final InetSocketAddress discardAddress
- = new InetSocketAddress(REMOTE_HOST, DISCARD_PORT);
-
static String toString(DatagramPacket dp) {
return ("DatagramPacket[off=" + dp.getOffset()
+ ", len=" + dp.getLength()
@@ -88,10 +75,11 @@
out.println("rtt: " + (System.currentTimeMillis() - start));
out.println("post op: " + toString(op) + " ip: " + toString(ip));
- for (int i = 0; i < ip.getLength(); i++)
+ for (int i = 0; i < ip.getLength(); i++) {
if (ip.getData()[ip.getOffset() + i]
!= op.getData()[op.getOffset() + i])
throw new Exception("Incorrect data received");
+ }
if (!(ip.getSocketAddress().equals(dst))) {
throw new Exception("Incorrect sender address, expected: " + dst
@@ -130,8 +118,9 @@
ds.setSoTimeout(timeout);
out.println("timeout: " + ds.getSoTimeout());
- for (int i = 0; i < 5; i++)
+ for (int i = 0; i < 5; i++) {
test(ds, dst, shouldTimeout);
+ }
// Leave the socket open so that we don't reuse the old src address
//ds.close();
@@ -139,10 +128,23 @@
}
public static void main(String[] args) throws Exception {
- test(echoAddress, 0, false, false);
- test(echoAddress, 0, false, true);
- test(echoAddress, 5000, false, false);
- test(discardAddress, 10, true, false);
+ // need an UDP echo server
+ try (TestServers.UdpEchoServer echoServer
+ = TestServers.UdpEchoServer.startNewServer(100)) {
+ final InetSocketAddress address
+ = new InetSocketAddress(echoServer.getAddress(),
+ echoServer.getPort());
+ test(address, 0, false, false);
+ test(address, 0, false, true);
+ test(address, 5000, false, false);
+ }
+ try (TestServers.UdpDiscardServer discardServer
+ = TestServers.UdpDiscardServer.startNewServer()) {
+ final InetSocketAddress address
+ = new InetSocketAddress(discardServer.getAddress(),
+ discardServer.getPort());
+ test(address, 10, true, false);
+ }
}
}
diff --git a/test/java/nio/channels/DatagramChannel/IsBound.java b/test/java/nio/channels/DatagramChannel/IsBound.java
index 6fae668..7a028ec 100644
--- a/test/java/nio/channels/DatagramChannel/IsBound.java
+++ b/test/java/nio/channels/DatagramChannel/IsBound.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -34,21 +34,25 @@
public class IsBound {
public static void main(String argv[]) throws Exception {
- InetSocketAddress isa = new InetSocketAddress(
- InetAddress.getByName(TestUtil.HOST), 13);
- ByteBuffer bb = ByteBuffer.allocateDirect(256);
- bb.put("hello".getBytes());
- bb.flip();
+ try (TestServers.UdpDayTimeServer daytimeServer
+ = TestServers.UdpDayTimeServer.startNewServer(100)) {
+ InetSocketAddress isa = new InetSocketAddress(
+ daytimeServer.getAddress(),
+ daytimeServer.getPort());
+ ByteBuffer bb = ByteBuffer.allocateDirect(256);
+ bb.put("hello".getBytes());
+ bb.flip();
- DatagramChannel dc = DatagramChannel.open();
- dc.send(bb, isa);
- if(!dc.socket().isBound())
- throw new Exception("Test failed");
- dc.close();
+ DatagramChannel dc = DatagramChannel.open();
+ dc.send(bb, isa);
+ if(!dc.socket().isBound())
+ throw new Exception("Test failed");
+ dc.close();
- dc = DatagramChannel.open();
- if(dc.socket().isBound())
- throw new Exception("Test failed");
- dc.close();
+ dc = DatagramChannel.open();
+ if(dc.socket().isBound())
+ throw new Exception("Test failed");
+ dc.close();
+ }
}
}
diff --git a/test/java/nio/channels/DatagramChannel/IsConnected.java b/test/java/nio/channels/DatagramChannel/IsConnected.java
index f71d869..db4cb89 100644
--- a/test/java/nio/channels/DatagramChannel/IsConnected.java
+++ b/test/java/nio/channels/DatagramChannel/IsConnected.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,21 +28,23 @@
*/
import java.net.*;
-import java.nio.*;
import java.nio.channels.*;
public class IsConnected {
public static void main(String argv[]) throws Exception {
- InetSocketAddress isa = new InetSocketAddress(
- InetAddress.getByName(TestUtil.HOST), 13);
- DatagramChannel dc = DatagramChannel.open();
- dc.configureBlocking(true);
- dc.connect(isa);
- if (!dc.isConnected())
- throw new RuntimeException("channel.isConnected inconsistent");
- if (!dc.socket().isConnected())
- throw new RuntimeException("socket.isConnected inconsistent");
- dc.close();
+ try (TestServers.UdpDayTimeServer daytimeServer
+ = TestServers.UdpDayTimeServer.startNewServer(100)) {
+ InetSocketAddress isa = new InetSocketAddress(
+ daytimeServer.getAddress(), daytimeServer.getPort());
+ DatagramChannel dc = DatagramChannel.open();
+ dc.configureBlocking(true);
+ dc.connect(isa);
+ if (!dc.isConnected())
+ throw new RuntimeException("channel.isConnected inconsistent");
+ if (!dc.socket().isConnected())
+ throw new RuntimeException("socket.isConnected inconsistent");
+ dc.close();
+ }
}
}
diff --git a/test/java/nio/channels/FileChannel/MapTest.java b/test/java/nio/channels/FileChannel/MapTest.java
index 42df55c..066d609 100644
--- a/test/java/nio/channels/FileChannel/MapTest.java
+++ b/test/java/nio/channels/FileChannel/MapTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -22,6 +22,7 @@
*/
/* @test
+ * @bug 4429043 8002180
* @summary Test file mapping with FileChannel
* @run main/othervm MapTest
*/
@@ -29,7 +30,10 @@
import java.io.*;
import java.nio.MappedByteBuffer;
import java.nio.channels.*;
-import java.nio.channels.FileChannel;
+import java.nio.channels.FileChannel.MapMode;
+import java.nio.file.Files;
+import static java.nio.file.StandardOpenOption.*;
+import static java.nio.charset.StandardCharsets.*;
import java.util.Random;
@@ -39,6 +43,7 @@
public class MapTest {
+ private static PrintStream out = System.out;
private static PrintStream err = System.err;
private static Random generator = new Random();
@@ -51,15 +56,21 @@
blah = File.createTempFile("blah", null);
blah.deleteOnExit();
initTestFile(blah);
- err.println("Test file " + blah + " initialized");
- testZero();
- err.println("Zero size: OK");
- testRead();
- err.println("Read: OK");
- testWrite();
- err.println("Write: OK");
- testHighOffset();
- err.println("High offset: OK");
+ try {
+ out.println("Test file " + blah + " initialized");
+ testZero();
+ out.println("Zero size: OK");
+ testRead();
+ out.println("Read: OK");
+ testWrite();
+ out.println("Write: OK");
+ testHighOffset();
+ out.println("High offset: OK");
+ testExceptions();
+ out.println("Exceptions: OK");
+ } finally {
+ blah.delete();
+ }
}
/**
@@ -77,30 +88,25 @@
* ability to index into a file of multiple pages is tested.
*/
private static void initTestFile(File blah) throws Exception {
- FileOutputStream fos = new FileOutputStream(blah);
- BufferedWriter awriter
- = new BufferedWriter(new OutputStreamWriter(fos, "8859_1"));
-
- for(int i=0; i<4000; i++) {
- String number = new Integer(i).toString();
- for (int h=0; h<4-number.length(); h++)
- awriter.write("0");
- awriter.write(""+i);
- awriter.newLine();
+ try (BufferedWriter writer = Files.newBufferedWriter(blah.toPath(), ISO_8859_1)) {
+ for (int i=0; i<4000; i++) {
+ String number = new Integer(i).toString();
+ for (int h=0; h<4-number.length(); h++)
+ writer.write("0");
+ writer.write(""+i);
+ writer.newLine();
+ }
}
- awriter.flush();
- awriter.close();
}
/**
* Tests zero size file mapping
*/
private static void testZero() throws Exception {
- FileInputStream fis = new FileInputStream(blah);
- FileChannel c = fis.getChannel();
- MappedByteBuffer b = c.map(FileChannel.MapMode.READ_ONLY, 0, 0);
- c.close();
- fis.close();
+ try (FileInputStream fis = new FileInputStream(blah)) {
+ FileChannel fc = fis.getChannel();
+ MappedByteBuffer b = fc.map(MapMode.READ_ONLY, 0, 0);
+ }
}
/**
@@ -108,33 +114,32 @@
* from the ByteBuffer gets the right line number
*/
private static void testRead() throws Exception {
- StringBuffer sb = new StringBuffer();
+ StringBuilder sb = new StringBuilder();
sb.setLength(4);
for (int x=0; x<1000; x++) {
- FileInputStream fis = new FileInputStream(blah);
- FileChannel c = fis.getChannel();
+ try (FileInputStream fis = new FileInputStream(blah)) {
+ FileChannel fc = fis.getChannel();
- long offset = generator.nextInt(10000);
- long expectedResult = offset / CHARS_PER_LINE;
- offset = expectedResult * CHARS_PER_LINE;
+ long offset = generator.nextInt(10000);
+ long expectedResult = offset / CHARS_PER_LINE;
+ offset = expectedResult * CHARS_PER_LINE;
- MappedByteBuffer b = c.map(FileChannel.MapMode.READ_ONLY,
- offset, 100);
+ MappedByteBuffer b = fc.map(MapMode.READ_ONLY,
+ offset, 100);
- for (int i=0; i<4; i++) {
- byte aByte = b.get(i);
- sb.setCharAt(i, (char)aByte);
+ for (int i=0; i<4; i++) {
+ byte aByte = b.get(i);
+ sb.setCharAt(i, (char)aByte);
+ }
+
+ int result = Integer.parseInt(sb.toString());
+ if (result != expectedResult) {
+ err.println("I expected "+expectedResult);
+ err.println("I got "+result);
+ throw new Exception("Read test failed");
+ }
}
-
- int result = Integer.parseInt(sb.toString());
- if (result != expectedResult) {
- err.println("I expected "+expectedResult);
- err.println("I got "+result);
- throw new Exception("Read test failed");
- }
- c.close();
- fis.close();
}
}
@@ -143,46 +148,159 @@
* written out to the file can be read back in
*/
private static void testWrite() throws Exception {
- StringBuffer sb = new StringBuffer();
+ StringBuilder sb = new StringBuilder();
sb.setLength(4);
for (int x=0; x<1000; x++) {
- RandomAccessFile raf = new RandomAccessFile(blah, "rw");
- FileChannel c = raf.getChannel();
+ try (RandomAccessFile raf = new RandomAccessFile(blah, "rw")) {
+ FileChannel fc = raf.getChannel();
- long offset = generator.nextInt(1000);
- MappedByteBuffer b = c.map(FileChannel.MapMode.READ_WRITE,
- offset, 100);
+ long offset = generator.nextInt(1000);
+ MappedByteBuffer b = fc.map(MapMode.READ_WRITE,
+ offset, 100);
- for (int i=0; i<4; i++) {
- b.put(i, (byte)('0' + i));
+ for (int i=0; i<4; i++) {
+ b.put(i, (byte)('0' + i));
+ }
+
+ for (int i=0; i<4; i++) {
+ byte aByte = b.get(i);
+ sb.setCharAt(i, (char)aByte);
+ }
+ if (!sb.toString().equals("0123"))
+ throw new Exception("Write test failed");
}
-
- for (int i=0; i<4; i++) {
- byte aByte = b.get(i);
- sb.setCharAt(i, (char)aByte);
- }
- if (!sb.toString().equals("0123"))
- throw new Exception("Write test failed");
- c.close();
- raf.close();
}
}
private static void testHighOffset() throws Exception {
- StringBuffer sb = new StringBuffer();
+ StringBuilder sb = new StringBuilder();
sb.setLength(4);
for (int x=0; x<1000; x++) {
- RandomAccessFile raf = new RandomAccessFile(blah, "rw");
- FileChannel fc = raf.getChannel();
- long offset = 66000;
- MappedByteBuffer b = fc.map(FileChannel.MapMode.READ_WRITE,
- offset, 100);
-
- fc.close();
- raf.close();
+ try (RandomAccessFile raf = new RandomAccessFile(blah, "rw")) {
+ FileChannel fc = raf.getChannel();
+ long offset = 66000;
+ MappedByteBuffer b = fc.map(MapMode.READ_WRITE,
+ offset, 100);
+ }
}
}
+ /**
+ * Test exceptions specified by map method
+ */
+ private static void testExceptions() throws Exception {
+ // check exceptions when channel opened for read access
+ try (FileChannel fc = FileChannel.open(blah.toPath(), READ)) {
+ testExceptions(fc);
+
+ checkException(fc, MapMode.READ_WRITE, 0L, fc.size(),
+ NonWritableChannelException.class);
+
+ checkException(fc, MapMode.READ_WRITE, -1L, fc.size(),
+ NonWritableChannelException.class, IllegalArgumentException.class);
+
+ checkException(fc, MapMode.READ_WRITE, 0L, -1L,
+ NonWritableChannelException.class, IllegalArgumentException.class);
+
+ checkException(fc, MapMode.PRIVATE, 0L, fc.size(),
+ NonWritableChannelException.class);
+
+ checkException(fc, MapMode.PRIVATE, -1L, fc.size(),
+ NonWritableChannelException.class, IllegalArgumentException.class);
+
+ checkException(fc, MapMode.PRIVATE, 0L, -1L,
+ NonWritableChannelException.class, IllegalArgumentException.class);
+ }
+
+ // check exceptions when channel opened for write access
+ try (FileChannel fc = FileChannel.open(blah.toPath(), WRITE)) {
+ testExceptions(fc);
+
+ checkException(fc, MapMode.READ_ONLY, 0L, fc.size(),
+ NonReadableChannelException.class);
+
+ checkException(fc, MapMode.READ_ONLY, -1L, fc.size(),
+ NonReadableChannelException.class, IllegalArgumentException.class);
+
+ /*
+ * implementation/spec mismatch, these tests disabled for now
+ */
+ //checkException(fc, MapMode.READ_WRITE, 0L, fc.size(),
+ // NonWritableChannelException.class);
+ //checkException(fc, MapMode.PRIVATE, 0L, fc.size(),
+ // NonWritableChannelException.class);
+ }
+
+ // check exceptions when channel opened for read and write access
+ try (FileChannel fc = FileChannel.open(blah.toPath(), READ, WRITE)) {
+ testExceptions(fc);
+ }
+ }
+
+ private static void testExceptions(FileChannel fc) throws IOException {
+ checkException(fc, null, 0L, fc.size(),
+ NullPointerException.class);
+
+ checkException(fc, MapMode.READ_ONLY, -1L, fc.size(),
+ IllegalArgumentException.class);
+
+ checkException(fc, null, -1L, fc.size(),
+ IllegalArgumentException.class, NullPointerException.class);
+
+ checkException(fc, MapMode.READ_ONLY, 0L, -1L,
+ IllegalArgumentException.class);
+
+ checkException(fc, null, 0L, -1L,
+ IllegalArgumentException.class, NullPointerException.class);
+
+ checkException(fc, MapMode.READ_ONLY, 0L, Integer.MAX_VALUE + 1L,
+ IllegalArgumentException.class);
+
+ checkException(fc, null, 0L, Integer.MAX_VALUE + 1L,
+ IllegalArgumentException.class, NullPointerException.class);
+
+ checkException(fc, MapMode.READ_ONLY, Long.MAX_VALUE, 1L,
+ IllegalArgumentException.class);
+
+ checkException(fc, null, Long.MAX_VALUE, 1L,
+ IllegalArgumentException.class, NullPointerException.class);
+
+ }
+
+ /**
+ * Checks that FileChannel map throws one of the expected exceptions
+ * when invoked with the given inputs.
+ */
+ private static void checkException(FileChannel fc,
+ MapMode mode,
+ long position,
+ long size,
+ Class<?>... expected)
+ throws IOException
+ {
+ Exception exc = null;
+ try {
+ fc.map(mode, position, size);
+ } catch (Exception actual) {
+ exc = actual;
+ }
+ if (exc != null) {
+ for (Class<?> clazz: expected) {
+ if (clazz.isInstance(exc)) {
+ return;
+ }
+ }
+ }
+ System.err.println("Expected one of");
+ for (Class<?> clazz: expected) {
+ System.out.println(clazz);
+ }
+ if (exc == null) {
+ throw new RuntimeException("No expection thrown");
+ } else {
+ throw new RuntimeException("Unexpected exception thrown", exc);
+ }
+ }
}
diff --git a/test/java/nio/channels/FileChannel/Truncate.java b/test/java/nio/channels/FileChannel/Truncate.java
index bc81ffb..ff62d72 100644
--- a/test/java/nio/channels/FileChannel/Truncate.java
+++ b/test/java/nio/channels/FileChannel/Truncate.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -22,14 +22,16 @@
*/
/* @test
- * @bug 6191269 6709457
+ * @bug 6191269 6709457 8000330
* @summary Test truncate method of FileChannel
*/
import java.io.*;
import java.nio.ByteBuffer;
-import java.nio.channels.FileChannel;
+import java.nio.channels.*;
+import java.nio.file.Files;
import static java.nio.file.StandardOpenOption.*;
+import static java.nio.charset.StandardCharsets.*;
import java.util.Random;
@@ -46,6 +48,7 @@
try {
basicTest(blah);
appendTest(blah);
+ exceptionTests(blah);
} finally {
blah.delete();
}
@@ -66,15 +69,22 @@
if (fc.size() != testSize)
throw new RuntimeException("Size failed");
- long position = generator.nextInt((int)testSize);
+ long position = generator.nextInt((int)testSize*2);
fc.position(position);
- long newSize = generator.nextInt((int)testSize);
+ long newSize = generator.nextInt((int)testSize*2);
fc.truncate(newSize);
- if (fc.size() != newSize)
- throw new RuntimeException("Truncate failed");
+ // check new size
+ if (newSize > testSize) {
+ if (fc.size() != testSize)
+ throw new RuntimeException("Attempt to expand file changed size");
+ } else {
+ if (fc.size() != newSize)
+ throw new RuntimeException("Unexpected size after truncate");
+ }
+ // check new position
if (position > newSize) {
if (fc.position() != newSize)
throw new RuntimeException("Position greater than size");
@@ -115,20 +125,90 @@
}
/**
+ * Test exceptions specified by truncate method
+ */
+ static void exceptionTests(File blah) throws Exception {
+ // check exceptions when channel opened for read access
+ try (FileChannel fc = FileChannel.open(blah.toPath(), READ)) {
+ long size = fc.size();
+
+ // open channel
+ checkException(fc, 0L, NonWritableChannelException.class);
+
+ checkException(fc, -1L, NonWritableChannelException.class,
+ IllegalArgumentException.class);
+
+ checkException(fc, size+1L, NonWritableChannelException.class);
+
+ // closed channel
+ fc.close();
+
+ checkException(fc, 0L, ClosedChannelException.class);
+
+ checkException(fc, -1L, ClosedChannelException.class,
+ IllegalArgumentException.class);
+
+ checkException(fc, size+1L, ClosedChannelException.class);
+ }
+
+ // check exceptions when channel opened for write access
+ try (FileChannel fc = FileChannel.open(blah.toPath(), WRITE)) {
+ long size = fc.size();
+
+ // open channel
+ checkException(fc, -1L, IllegalArgumentException.class);
+
+ // closed channel
+ fc.close();
+
+ checkException(fc, 0L, ClosedChannelException.class);
+
+ checkException(fc, -1L, ClosedChannelException.class,
+ IllegalArgumentException.class);
+
+ checkException(fc, size+1L, ClosedChannelException.class);
+ }
+ }
+
+ /**
+ * Checks that FileChannel truncate throws one of the expected exceptions
+ * when invoked with the given size.
+ */
+ private static void checkException(FileChannel fc, long size, Class<?>... expected)
+ throws IOException
+ {
+ Exception exc = null;
+ try {
+ fc.truncate(size);
+ } catch (Exception actual) {
+ exc = actual;
+ }
+ if (exc != null) {
+ for (Class<?> clazz: expected) {
+ if (clazz.isInstance(exc)) {
+ return;
+ }
+ }
+ }
+ System.err.println("Expected one of");
+ for (Class<?> clazz: expected) {
+ System.err.println(clazz);
+ }
+ if (exc == null) {
+ throw new RuntimeException("No expection thrown");
+ } else {
+ throw new RuntimeException("Unexpected exception thrown", exc);
+ }
+ }
+
+ /**
* Creates file blah of specified size in bytes.
- *
*/
private static void initTestFile(File blah, long size) throws Exception {
- if (blah.exists())
- blah.delete();
- FileOutputStream fos = new FileOutputStream(blah);
- BufferedWriter awriter
- = new BufferedWriter(new OutputStreamWriter(fos, "8859_1"));
-
- for(int i=0; i<size; i++) {
- awriter.write("e");
+ try (BufferedWriter writer = Files.newBufferedWriter(blah.toPath(), ISO_8859_1)) {
+ for(int i=0; i<size; i++) {
+ writer.write("e");
+ }
}
- awriter.flush();
- awriter.close();
}
}
diff --git a/test/java/nio/channels/Selector/Alias.java b/test/java/nio/channels/Selector/Alias.java
index c3554b9..731703b 100644
--- a/test/java/nio/channels/Selector/Alias.java
+++ b/test/java/nio/channels/Selector/Alias.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,12 +27,11 @@
* @library ..
*/
-import java.io.*;
import java.net.*;
import java.nio.*;
import java.nio.channels.*;
-import java.util.*;
import java.nio.channels.spi.SelectorProvider;
+import java.util.*;
public class Alias {
@@ -40,18 +39,26 @@
static int LIMIT = 20; // Hangs after just 1 if problem is present
public static void main(String[] args) throws Exception {
- test1();
+ try (TestServers.DayTimeServer daytimeServer
+ = TestServers.DayTimeServer.startNewServer(100)) {
+ test1(daytimeServer);
+ }
}
- public static void test1() throws Exception {
+ static void test1(TestServers.DayTimeServer daytimeServer) throws Exception {
Selector selector = SelectorProvider.provider().openSelector();
- InetAddress myAddress=InetAddress.getByName(TestUtil.HOST);
- InetSocketAddress isa = new InetSocketAddress(myAddress,13);
+ InetAddress myAddress = daytimeServer.getAddress();
+ InetSocketAddress isa
+ = new InetSocketAddress(myAddress,
+ daytimeServer.getPort());
for (int j=0; j<LIMIT; j++) {
SocketChannel sc = SocketChannel.open();
sc.configureBlocking(false);
boolean result = sc.connect(isa);
+
+ // On some platforms - given that we're using a local server,
+ // we may not enter into the if () { } statement below...
if (!result) {
SelectionKey key = sc.register(selector,
SelectionKey.OP_CONNECT);
diff --git a/test/java/nio/channels/Selector/BasicConnect.java b/test/java/nio/channels/Selector/BasicConnect.java
index 61575b1..e440fe7 100644
--- a/test/java/nio/channels/Selector/BasicConnect.java
+++ b/test/java/nio/channels/Selector/BasicConnect.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,12 +27,10 @@
* @library ..
*/
-import java.io.*;
import java.net.*;
import java.nio.*;
import java.nio.channels.*;
import java.nio.channels.spi.SelectorProvider;
-import java.nio.charset.*;
import java.util.*;
@@ -44,52 +42,57 @@
public class BasicConnect {
- static final int PORT = 7; // echo
- static final String HOST = TestUtil.HOST;
-
public static void main(String[] args) throws Exception {
Selector connectSelector =
SelectorProvider.provider().openSelector();
- InetSocketAddress isa
- = new InetSocketAddress(InetAddress.getByName(HOST), PORT);
- SocketChannel sc = SocketChannel.open();
- sc.configureBlocking(false);
- boolean result = sc.connect(isa);
- while (!result) {
- SelectionKey connectKey = sc.register(connectSelector,
- SelectionKey.OP_CONNECT);
- int keysAdded = connectSelector.select();
- if (keysAdded > 0) {
- Set readyKeys = connectSelector.selectedKeys();
- Iterator i = readyKeys.iterator();
- while (i.hasNext()) {
- SelectionKey sk = (SelectionKey)i.next();
- i.remove();
- SocketChannel nextReady = (SocketChannel)sk.channel();
- result = nextReady.finishConnect();
- if (result)
- sk.cancel();
+ try (TestServers.EchoServer echoServer
+ = TestServers.EchoServer.startNewServer(100)) {
+ InetSocketAddress isa
+ = new InetSocketAddress(echoServer.getAddress(),
+ echoServer.getPort());
+ SocketChannel sc = SocketChannel.open();
+ sc.configureBlocking(false);
+ boolean result = sc.connect(isa);
+ if (result) {
+ System.out.println("Socket immediately connected on "
+ + System.getProperty("os.name")
+ + ": " + sc);
+ }
+ while (!result) {
+ SelectionKey connectKey = sc.register(connectSelector,
+ SelectionKey.OP_CONNECT);
+ int keysAdded = connectSelector.select();
+ if (keysAdded > 0) {
+ Set readyKeys = connectSelector.selectedKeys();
+ Iterator i = readyKeys.iterator();
+ while (i.hasNext()) {
+ SelectionKey sk = (SelectionKey)i.next();
+ i.remove();
+ SocketChannel nextReady = (SocketChannel)sk.channel();
+ result = nextReady.finishConnect();
+ if (result)
+ sk.cancel();
+ }
}
}
+
+ byte[] bs = new byte[] { (byte)0xca, (byte)0xfe,
+ (byte)0xba, (byte)0xbe };
+ ByteBuffer bb = ByteBuffer.wrap(bs);
+ sc.configureBlocking(true);
+ sc.write(bb);
+ bb.rewind();
+
+ ByteBuffer bb2 = ByteBuffer.allocateDirect(100);
+ int n = sc.read(bb2);
+ bb2.flip();
+
+ sc.close();
+ connectSelector.close();
+
+ if (!bb.equals(bb2))
+ throw new Exception("Echoed bytes incorrect: Sent "
+ + bb + ", got " + bb2);
}
-
- byte[] bs = new byte[] { (byte)0xca, (byte)0xfe,
- (byte)0xba, (byte)0xbe };
- ByteBuffer bb = ByteBuffer.wrap(bs);
- sc.configureBlocking(true);
- sc.write(bb);
- bb.rewind();
-
- ByteBuffer bb2 = ByteBuffer.allocateDirect(100);
- int n = sc.read(bb2);
- bb2.flip();
-
- sc.close();
- connectSelector.close();
-
- if (!bb.equals(bb2))
- throw new Exception("Echoed bytes incorrect: Sent "
- + bb + ", got " + bb2);
}
-
}
diff --git a/test/java/nio/channels/Selector/Connect.java b/test/java/nio/channels/Selector/Connect.java
index af1ce98..67f48d8 100644
--- a/test/java/nio/channels/Selector/Connect.java
+++ b/test/java/nio/channels/Selector/Connect.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,12 +27,11 @@
* @library ..
*/
-import java.io.*;
import java.net.*;
import java.nio.*;
import java.nio.channels.*;
-import java.util.*;
import java.nio.channels.spi.SelectorProvider;
+import java.util.*;
public class Connect {
@@ -40,12 +39,18 @@
static int LIMIT = 100;
public static void main(String[] args) throws Exception {
- scaleTest();
+ try (TestServers.DayTimeServer daytimeServer
+ = TestServers.DayTimeServer.startNewServer(50)) {
+ scaleTest(daytimeServer);
+ }
}
- public static void scaleTest() throws Exception {
- InetAddress myAddress=InetAddress.getByName(TestUtil.HOST);
- InetSocketAddress isa = new InetSocketAddress(myAddress,13);
+ static void scaleTest(TestServers.DayTimeServer daytimeServer)
+ throws Exception
+ {
+ InetAddress myAddress = daytimeServer.getAddress();
+ InetSocketAddress isa
+ = new InetSocketAddress(myAddress, daytimeServer.getPort());
for (int j=0; j<LIMIT; j++) {
SocketChannel sc = SocketChannel.open();
diff --git a/test/java/nio/channels/Selector/ConnectWrite.java b/test/java/nio/channels/Selector/ConnectWrite.java
index 904f3a6..f1ce975 100644
--- a/test/java/nio/channels/Selector/ConnectWrite.java
+++ b/test/java/nio/channels/Selector/ConnectWrite.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,23 +27,25 @@
* @library ..
*/
-import java.io.*;
import java.net.*;
-import java.nio.*;
import java.nio.channels.*;
-import java.util.*;
import java.nio.channels.spi.SelectorProvider;
+import java.util.*;
public class ConnectWrite {
public static void main(String[] args) throws Exception {
- test1(13);
+ try (TestServers.DayTimeServer daytimeServer
+ = TestServers.DayTimeServer.startNewServer(25)) {
+ test1(daytimeServer);
+ }
}
- public static void test1(int port) throws Exception {
+ static void test1(TestServers.DayTimeServer daytimeServer) throws Exception {
Selector selector = SelectorProvider.provider().openSelector();
- InetAddress myAddress=InetAddress.getByName(TestUtil.HOST);
- InetSocketAddress isa = new InetSocketAddress(myAddress, port);
+ InetAddress myAddress = daytimeServer.getAddress();
+ InetSocketAddress isa
+ = new InetSocketAddress(myAddress, daytimeServer.getPort());
SocketChannel sc = SocketChannel.open();
try {
sc.configureBlocking(false);
diff --git a/test/java/nio/channels/Selector/KeysReady.java b/test/java/nio/channels/Selector/KeysReady.java
index ba09a4c..de27aa4 100644
--- a/test/java/nio/channels/Selector/KeysReady.java
+++ b/test/java/nio/channels/Selector/KeysReady.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,21 +28,15 @@
*/
import java.net.*;
-import java.io.*;
-import java.nio.*;
import java.nio.channels.*;
-import java.nio.charset.*;
import java.nio.channels.spi.SelectorProvider;
public class KeysReady {
- static final int DAYTIME_PORT = 13;
- static final String DAYTIME_HOST = TestUtil.HOST;
-
- static void test() throws Exception {
+ static void test(TestServers.DayTimeServer dayTimeServer) throws Exception {
InetSocketAddress isa
- = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
- DAYTIME_PORT);
+ = new InetSocketAddress(dayTimeServer.getAddress(),
+ dayTimeServer.getPort());
SocketChannel sc = SocketChannel.open();
sc.configureBlocking(false);
sc.connect(isa);
@@ -64,7 +58,10 @@
}
public static void main(String[] args) throws Exception {
- test();
+ try (TestServers.DayTimeServer daytimeServer
+ = TestServers.DayTimeServer.startNewServer(50)) {
+ test(daytimeServer);
+ }
}
}
diff --git a/test/java/nio/channels/SocketChannel/AdaptSocket.java b/test/java/nio/channels/SocketChannel/AdaptSocket.java
index d479b49..1e1fdee 100644
--- a/test/java/nio/channels/SocketChannel/AdaptSocket.java
+++ b/test/java/nio/channels/SocketChannel/AdaptSocket.java
@@ -35,19 +35,16 @@
static java.io.PrintStream out = System.out;
- static final int ECHO_PORT = 7;
- static final int DAYTIME_PORT = 13;
- static final String REMOTE_HOST = TestUtil.HOST;
- static final String VERY_REMOTE_HOST = TestUtil.FAR_HOST;
-
- static void test(String hn, int timeout, boolean shouldTimeout)
+ static void test(TestServers.DayTimeServer dayTimeServer,
+ int timeout,
+ boolean shouldTimeout)
throws Exception
{
out.println();
InetSocketAddress isa
- = new InetSocketAddress(InetAddress.getByName(hn),
- DAYTIME_PORT);
+ = new InetSocketAddress(dayTimeServer.getAddress(),
+ dayTimeServer.getPort());
SocketChannel sc = SocketChannel.open();
Socket so = sc.socket();
out.println("opened: " + so);
@@ -116,13 +113,16 @@
}
}
- static void testRead(String hn, int timeout, boolean shouldTimeout)
+ static void testRead(TestServers.EchoServer echoServer,
+ int timeout,
+ boolean shouldTimeout)
throws Exception
{
out.println();
InetSocketAddress isa
- = new InetSocketAddress(InetAddress.getByName(hn), ECHO_PORT);
+ = new InetSocketAddress(echoServer.getAddress(),
+ echoServer.getPort());
SocketChannel sc = SocketChannel.open();
sc.connect(isa);
Socket so = sc.socket();
@@ -134,22 +134,38 @@
out.println("timeout: " + so.getSoTimeout());
testRead(so, shouldTimeout);
- for (int i = 0; i < 4; i++)
+ for (int i = 0; i < 4; i++) {
testRead(so, shouldTimeout);
+ }
sc.close();
}
public static void main(String[] args) throws Exception {
- test(REMOTE_HOST, 0, false);
- test(REMOTE_HOST, 1000, false);
- test(VERY_REMOTE_HOST, 10, true);
+ try (TestServers.DayTimeServer dayTimeServer
+ = TestServers.DayTimeServer.startNewServer()) {
+ test(dayTimeServer, 0, false);
+ test(dayTimeServer, 1000, false);
+ }
- testRead(REMOTE_HOST, 0, false);
- testRead(REMOTE_HOST, 8000, false);
- testRead(VERY_REMOTE_HOST, 10, true);
+ try (TestServers.DayTimeServer lingerDayTimeServer
+ = TestServers.DayTimeServer.startNewServer(100)) {
+ // this test no longer really test the connection timeout
+ // since there is no way to prevent the server from eagerly
+ // accepting connection...
+ test(lingerDayTimeServer, 10, true);
+ }
+ try (TestServers.EchoServer echoServer
+ = TestServers.EchoServer.startNewServer()) {
+ testRead(echoServer, 0, false);
+ testRead(echoServer, 8000, false);
+ }
+
+ try (TestServers.EchoServer lingerEchoServer
+ = TestServers.EchoServer.startNewServer(100)) {
+ testRead(lingerEchoServer, 10, true);
+ }
}
-
}
diff --git a/test/java/nio/channels/SocketChannel/Basic.java b/test/java/nio/channels/SocketChannel/Basic.java
index 79ea9ce..9cf789f 100644
--- a/test/java/nio/channels/SocketChannel/Basic.java
+++ b/test/java/nio/channels/SocketChannel/Basic.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,13 +36,10 @@
static java.io.PrintStream out = System.out;
- static final int DAYTIME_PORT = 13;
- static final String DAYTIME_HOST = TestUtil.HOST;
-
- static void test() throws Exception {
+ static void test(TestServers.DayTimeServer daytimeServer) throws Exception {
InetSocketAddress isa
- = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
- DAYTIME_PORT);
+ = new InetSocketAddress(daytimeServer.getAddress(),
+ daytimeServer.getPort());
SocketChannel sc = SocketChannel.open(isa);
out.println("opened: " + sc);
/*
@@ -76,7 +73,10 @@
}
public static void main(String[] args) throws Exception {
- test();
+ try (TestServers.DayTimeServer dayTimeServer
+ = TestServers.DayTimeServer.startNewServer(100)) {
+ test(dayTimeServer);
+ }
}
}
diff --git a/test/java/nio/channels/SocketChannel/BufferSize.java b/test/java/nio/channels/SocketChannel/BufferSize.java
index f7d84bb..736d0e1 100644
--- a/test/java/nio/channels/SocketChannel/BufferSize.java
+++ b/test/java/nio/channels/SocketChannel/BufferSize.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,17 +28,10 @@
*/
import java.nio.channels.*;
-import java.net.*;
public class BufferSize {
- static final int DAYTIME_PORT = 13;
- static final String DAYTIME_HOST = TestUtil.HOST;
-
public static void main(String[] args) throws Exception {
- InetSocketAddress isa
- = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
- DAYTIME_PORT);
ServerSocketChannel sc = ServerSocketChannel.open();
try {
sc.socket().setReceiveBufferSize(-1);
diff --git a/test/java/nio/channels/SocketChannel/Connect.java b/test/java/nio/channels/SocketChannel/Connect.java
index 260bf53..76a32e7 100644
--- a/test/java/nio/channels/SocketChannel/Connect.java
+++ b/test/java/nio/channels/SocketChannel/Connect.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,9 +27,9 @@
* @library ..
*/
+import java.net.*;
import java.nio.*;
import java.nio.channels.*;
-import java.net.*;
import java.util.*;
public class Connect {
@@ -37,21 +37,26 @@
private static final long INCREMENTAL_DELAY = 30L * 1000L;
public static void main(String args[]) throws Exception {
- test1(TestUtil.HOST);
+ try (TestServers.EchoServer echoServer
+ = TestServers.EchoServer.startNewServer(1000)) {
+ test1(echoServer);
+ }
try {
- test1(TestUtil.REFUSING_HOST);
+ TestServers.RefusingServer refusingServer
+ = TestServers.RefusingServer.startNewServer();
+ test1(refusingServer);
throw new Exception("Refused connection throws no exception");
} catch (ConnectException ce) {
// Correct result
}
}
- static void test1(String hostname) throws Exception {
+ static void test1(TestServers.AbstractServer server) throws Exception {
Selector selector;
SocketChannel sc;
SelectionKey sk;
InetSocketAddress isa = new InetSocketAddress(
- InetAddress.getByName (hostname), 80);
+ server.getAddress(), server.getPort());
sc = SocketChannel.open();
sc.configureBlocking(false);
diff --git a/test/java/nio/channels/SocketChannel/ConnectState.java b/test/java/nio/channels/SocketChannel/ConnectState.java
index 9c86d96..df7d0cd 100644
--- a/test/java/nio/channels/SocketChannel/ConnectState.java
+++ b/test/java/nio/channels/SocketChannel/ConnectState.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,20 +30,39 @@
import java.net.*;
import java.nio.*;
import java.nio.channels.*;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
public class ConnectState {
static PrintStream log = System.err;
- static String REMOTE_HOST = TestUtil.HOST;
- static int REMOTE_PORT = 7; // echo
static InetSocketAddress remote;
final static int ST_UNCONNECTED = 0;
final static int ST_PENDING = 1;
final static int ST_CONNECTED = 2;
final static int ST_CLOSED = 3;
+ final static int ST_PENDING_OR_CONNECTED = 4;
+ // NO exceptions expected
+ final static Collection<Class<?>> NONE = Collections.emptySet();
+
+ // make a set of expected exception.
+ static Collection<Class<?>> expectedExceptions(Class<?>... expected) {
+ final Collection<Class<?>> exceptions;
+ if (expected.length == 0) {
+ exceptions = NONE;
+ } else if (expected.length == 1) {
+ assert expected[0] != null;
+ exceptions = Collections.<Class<?>>singleton(expected[0]);
+ } else {
+ exceptions = new HashSet<>(Arrays.asList(expected));
+ }
+ return exceptions;
+ }
static abstract class Test {
@@ -76,37 +95,65 @@
check(!sc.isConnectionPending(), "!isConnectionPending");
check(sc.isOpen(), "isOpen");
break;
+ case ST_PENDING_OR_CONNECTED:
+ check(sc.isConnected() || sc.isConnectionPending(),
+ "isConnected || isConnectionPending");
+ check(sc.isOpen(), "isOpen");
+ break;
}
}
- Test(String name, Class exception, int state) throws Exception {
+ Test(String name, Class<?> exception, int state) throws Exception {
+ this(name, expectedExceptions(exception), state);
+ }
+
+ // On some architecture we may need to accept several exceptions.
+ // For instance on Solaris, when using a server colocated on the
+ // machine we cannot guarantee that we will get a
+ // ConnectionPendingException when connecting twice on the same
+ // non-blocking socket. We may instead get a an
+ // AlreadyConnectedException, which is also valid: it simply means
+ // that the first connection has been immediately accepted.
+ Test(String name, Collection<Class<?>> exceptions, int state)
+ throws Exception {
SocketChannel sc = SocketChannel.open();
- String note = null;
+ String note;
try {
try {
note = go(sc);
} catch (Exception x) {
- if (exception != null) {
+ Class<?> expectedExceptionClass = null;
+ for (Class<?> exception : exceptions) {
if (exception.isInstance(x)) {
log.println(name + ": As expected: "
+ x);
+ expectedExceptionClass = exception;
check(sc, state);
- return;
- } else {
- throw new Exception(name
+ break;
+ }
+ }
+ if (expectedExceptionClass == null
+ && !exceptions.isEmpty()) {
+ // we had an exception, but it's not of the set of
+ // exceptions we expected.
+ throw new Exception(name
+ ": Incorrect exception",
x);
- }
- } else {
+ } else if (exceptions.isEmpty()) {
+ // we didn't expect any exception
throw new Exception(name
+ ": Unexpected exception",
x);
}
+ // if we reach here, we have our expected exception
+ assert expectedExceptionClass != null;
+ return;
}
- if (exception != null)
+ if (!exceptions.isEmpty()) {
throw new Exception(name
+ ": Expected exception not thrown: "
- + exception);
+ + exceptions.iterator().next());
+ }
check(sc, state);
log.println(name + ": Returned normally"
+ ((note != null) ? ": " + note : ""));
@@ -123,6 +170,7 @@
new Test("Read unconnected", NotYetConnectedException.class,
ST_UNCONNECTED) {
+ @Override
String go(SocketChannel sc) throws Exception {
ByteBuffer b = ByteBuffer.allocateDirect(1024);
sc.read(b);
@@ -131,19 +179,22 @@
new Test("Write unconnected", NotYetConnectedException.class,
ST_UNCONNECTED) {
+ @Override
String go(SocketChannel sc) throws Exception {
ByteBuffer b = ByteBuffer.allocateDirect(1024);
sc.write(b);
return null;
}};
- new Test("Simple connect", null, ST_CONNECTED) {
+ new Test("Simple connect", NONE, ST_CONNECTED) {
+ @Override
String go(SocketChannel sc) throws Exception {
sc.connect(remote);
return null;
}};
- new Test("Simple connect & finish", null, ST_CONNECTED) {
+ new Test("Simple connect & finish", NONE, ST_CONNECTED) {
+ @Override
String go(SocketChannel sc) throws Exception {
sc.connect(remote);
if (!sc.finishConnect())
@@ -153,6 +204,7 @@
new Test("Double connect",
AlreadyConnectedException.class, ST_CONNECTED) {
+ @Override
String go(SocketChannel sc) throws Exception {
sc.connect(remote);
sc.connect(remote);
@@ -161,12 +213,16 @@
new Test("Finish w/o start",
NoConnectionPendingException.class, ST_UNCONNECTED) {
+ @Override
String go(SocketChannel sc) throws Exception {
sc.finishConnect();
return null;
}};
- new Test("NB simple connect", null, ST_CONNECTED) {
+ // Note: using our local EchoServer rather than echo on a distant
+ // host - we see that Tries to finish = 0 (instead of ~ 18).
+ new Test("NB simple connect", NONE, ST_CONNECTED) {
+ @Override
String go(SocketChannel sc) throws Exception {
sc.configureBlocking(false);
sc.connect(remote);
@@ -179,8 +235,15 @@
return ("Tries to finish = " + n);
}};
+ // Note: using our local EchoServer rather than echo on a distant
+ // host - we cannot guarantee that this test will get a
+ // a ConnectionPendingException: it may get an
+ // AlreadyConnectedException, so we should allow for both.
new Test("NB double connect",
- ConnectionPendingException.class, ST_PENDING) {
+ expectedExceptions(ConnectionPendingException.class,
+ AlreadyConnectedException.class),
+ ST_PENDING_OR_CONNECTED) {
+ @Override
String go(SocketChannel sc) throws Exception {
sc.configureBlocking(false);
sc.connect(remote);
@@ -190,13 +253,15 @@
new Test("NB finish w/o start",
NoConnectionPendingException.class, ST_UNCONNECTED) {
+ @Override
String go(SocketChannel sc) throws Exception {
sc.configureBlocking(false);
sc.finishConnect();
return null;
}};
- new Test("NB connect, B finish", null, ST_CONNECTED) {
+ new Test("NB connect, B finish", NONE, ST_CONNECTED) {
+ @Override
String go(SocketChannel sc) throws Exception {
sc.configureBlocking(false);
sc.connect(remote);
@@ -208,9 +273,12 @@
}
public static void main(String[] args) throws Exception {
- remote = new InetSocketAddress(InetAddress.getByName(REMOTE_HOST),
- REMOTE_PORT);
- tests();
+ try (TestServers.EchoServer echoServer
+ = TestServers.EchoServer.startNewServer(500)) {
+ remote = new InetSocketAddress(echoServer.getAddress(),
+ echoServer.getPort());
+ tests();
+ }
}
}
diff --git a/test/java/nio/channels/SocketChannel/FinishConnect.java b/test/java/nio/channels/SocketChannel/FinishConnect.java
index 3d53c98..efcf38a 100644
--- a/test/java/nio/channels/SocketChannel/FinishConnect.java
+++ b/test/java/nio/channels/SocketChannel/FinishConnect.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,21 +36,25 @@
public class FinishConnect {
- static final int DAYTIME_PORT = 13;
- static final String DAYTIME_HOST = TestUtil.HOST;
-
public static void main(String[] args) throws Exception {
- test1(true, true);
- test1(true, false);
- test1(false, true);
- test1(false, false);
- test2();
+ try (TestServers.DayTimeServer dayTimeServer
+ = TestServers.DayTimeServer.startNewServer(100)) {
+ test1(dayTimeServer, true, true);
+ test1(dayTimeServer, true, false);
+ test1(dayTimeServer, false, true);
+ test1(dayTimeServer, false, false);
+ test2(dayTimeServer);
+ }
}
- static void test1(boolean select, boolean setBlocking) throws Exception {
+ static void test1(TestServers.DayTimeServer daytimeServer,
+ boolean select,
+ boolean setBlocking)
+ throws Exception
+ {
InetSocketAddress isa
- = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
- DAYTIME_PORT);
+ = new InetSocketAddress(daytimeServer.getAddress(),
+ daytimeServer.getPort());
SocketChannel sc = SocketChannel.open();
sc.configureBlocking(false);
boolean connected = sc.connect(isa);
@@ -109,15 +113,27 @@
sc.close();
}
- static void test2() throws Exception {
+ static void test2(TestServers.DayTimeServer daytimeServer) throws Exception {
InetSocketAddress isa
- = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
- DAYTIME_PORT);
+ = new InetSocketAddress(daytimeServer.getAddress(),
+ daytimeServer.getPort());
boolean done = false;
int globalAttempts = 0;
+ int connectSuccess = 0;
while (!done) {
- if (globalAttempts++ > 50)
+ // When using a local daytime server it is not always possible
+ // to get a pending connection, as sc.connect(isa) may always
+ // return true.
+ // So we're going to throw the exception only if there was
+ // at least 1 case where we did not manage to connect.
+ if (globalAttempts++ > 50) {
+ if (globalAttempts == connectSuccess + 1) {
+ System.out.println("Can't fully test on "
+ + System.getProperty("os.name"));
+ break;
+ }
throw new RuntimeException("Failed to connect");
+ }
SocketChannel sc = SocketChannel.open();
sc.configureBlocking(false);
boolean connected = sc.connect(isa);
@@ -132,6 +148,9 @@
}
Thread.sleep(10);
}
+ if (connected) {
+ connectSuccess++;
+ }
sc.close();
}
}
diff --git a/test/java/nio/channels/SocketChannel/IsConnectable.java b/test/java/nio/channels/SocketChannel/IsConnectable.java
index d646d19..21bdd80 100644
--- a/test/java/nio/channels/SocketChannel/IsConnectable.java
+++ b/test/java/nio/channels/SocketChannel/IsConnectable.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,24 +28,19 @@
*/
import java.net.*;
-import java.io.*;
-import java.nio.*;
import java.nio.channels.*;
import java.nio.channels.spi.SelectorProvider;
import java.util.*;
public class IsConnectable {
- static final int DAYTIME_PORT = 13;
- static final String DAYTIME_HOST = TestUtil.HOST;
-
- static void test() throws Exception {
+ static void test(TestServers.DayTimeServer daytimeServer) throws Exception {
InetSocketAddress isa
- = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
- DAYTIME_PORT);
+ = new InetSocketAddress(daytimeServer.getAddress(),
+ daytimeServer.getPort());
SocketChannel sc = SocketChannel.open();
sc.configureBlocking(false);
- sc.connect(isa);
+ final boolean immediatelyConnected = sc.connect(isa);
Selector selector = SelectorProvider.provider().openSelector();
try {
@@ -67,7 +62,12 @@
throw new Exception("Test failed: 4737146 detected");
}
} else {
- throw new Exception("Select failed");
+ if (!immediatelyConnected) {
+ throw new Exception("Select failed");
+ } else {
+ System.out.println("IsConnectable couldn't be fully tested for "
+ + System.getProperty("os.name"));
+ }
}
} finally {
sc.close();
@@ -76,7 +76,10 @@
}
public static void main(String[] args) throws Exception {
- test();
+ try (TestServers.DayTimeServer daytimeServer
+ = TestServers.DayTimeServer.startNewServer(100)) {
+ test(daytimeServer);
+ }
}
}
diff --git a/test/java/nio/channels/SocketChannel/LocalAddress.java b/test/java/nio/channels/SocketChannel/LocalAddress.java
index 1bcd0a1..03a0382 100644
--- a/test/java/nio/channels/SocketChannel/LocalAddress.java
+++ b/test/java/nio/channels/SocketChannel/LocalAddress.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,18 +28,20 @@
*/
import java.net.*;
-import java.nio.*;
import java.nio.channels.*;
public class LocalAddress {
public static void main(String[] args) throws Exception {
- test1();
+ try (TestServers.EchoServer echoServer
+ = TestServers.EchoServer.startNewServer()) {
+ test1(echoServer);
+ }
}
- static void test1() throws Exception {
+ static void test1(TestServers.AbstractServer server) throws Exception {
InetAddress bogus = InetAddress.getByName("0.0.0.0");
InetSocketAddress saddr = new InetSocketAddress(
- InetAddress.getByName(TestUtil.HOST), 23);
+ server.getAddress(), server.getPort());
//Test1: connect only
SocketChannel sc = SocketChannel.open();
diff --git a/test/java/nio/channels/SocketChannel/Stream.java b/test/java/nio/channels/SocketChannel/Stream.java
index 456363f..fadf0dc 100644
--- a/test/java/nio/channels/SocketChannel/Stream.java
+++ b/test/java/nio/channels/SocketChannel/Stream.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,22 +27,17 @@
* @library ..
*/
-import java.net.*;
import java.io.*;
-import java.nio.*;
+import java.net.*;
import java.nio.channels.*;
-import java.nio.charset.*;
public class Stream {
- static final int DAYTIME_PORT = 13;
- static final String DAYTIME_HOST = TestUtil.HOST;
-
- static void test() throws Exception {
+ static void test(TestServers.DayTimeServer daytimeServer) throws Exception {
InetSocketAddress isa
- = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
- DAYTIME_PORT);
+ = new InetSocketAddress(daytimeServer.getAddress(),
+ daytimeServer.getPort());
SocketChannel sc = SocketChannel.open();
sc.connect(isa);
sc.configureBlocking(false);
@@ -58,7 +53,9 @@
}
public static void main(String[] args) throws Exception {
- test();
+ try (TestServers.DayTimeServer dayTimeServer
+ = TestServers.DayTimeServer.startNewServer(100)) {
+ test(dayTimeServer);
+ }
}
-
}
diff --git a/test/java/nio/channels/SocketChannel/VectorParams.java b/test/java/nio/channels/SocketChannel/VectorParams.java
index 9696927..f90867f 100644
--- a/test/java/nio/channels/SocketChannel/VectorParams.java
+++ b/test/java/nio/channels/SocketChannel/VectorParams.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,31 +27,31 @@
* @library ..
*/
-import java.net.*;
import java.io.*;
+import java.net.*;
import java.nio.*;
import java.nio.channels.*;
-import java.nio.charset.*;
public class VectorParams {
static java.io.PrintStream out = System.out;
- static final int DAYTIME_PORT = 13;
- static final String DAYTIME_HOST = TestUtil.HOST;
static final int testSize = 10;
static ByteBuffer[] bufs = null;
static InetSocketAddress isa = null;
public static void main(String[] args) throws Exception {
- initBufs();
- testSocketChannelVectorParams();
- testDatagramChannelVectorParams();
- testPipeVectorParams();
- testFileVectorParams();
+ try (TestServers.DayTimeServer daytimeServer
+ = TestServers.DayTimeServer.startNewServer(100)) {
+ initBufs(daytimeServer);
+ testSocketChannelVectorParams();
+ testDatagramChannelVectorParams();
+ testPipeVectorParams();
+ testFileVectorParams();
+ }
}
- static void initBufs() throws Exception {
+ static void initBufs(TestServers.DayTimeServer daytimeServer) throws Exception {
bufs = new ByteBuffer[testSize];
for(int i=0; i<testSize; i++) {
String source = "buffer" + i;
@@ -59,8 +59,8 @@
bufs[i].put(source.getBytes("8859_1"));
bufs[i].flip();
}
- isa = new InetSocketAddress(InetAddress.getByName(DAYTIME_HOST),
- DAYTIME_PORT);
+ isa = new InetSocketAddress(daytimeServer.getAddress(),
+ daytimeServer.getPort());
}
static void testSocketChannelVectorParams() throws Exception {
diff --git a/test/java/nio/channels/TestServers.java b/test/java/nio/channels/TestServers.java
new file mode 100644
index 0000000..22d4523
--- /dev/null
+++ b/test/java/nio/channels/TestServers.java
@@ -0,0 +1,849 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* Test utility classes
+ *
+ */
+
+import java.io.*;
+import java.net.*;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+
+public class TestServers {
+
+ private TestServers() { }
+
+ /**
+ * An abstract server identifies a server which listens on a port on on a
+ * given machine.
+ */
+ static abstract class AbstractServer {
+
+ private AbstractServer() {
+ }
+
+ public abstract int getPort();
+
+ public abstract InetAddress getAddress();
+ }
+
+ /**
+ * A downgraded type of AbstractServer which will refuse connections. Note:
+ * use it once and throw it away - this implementation opens an anonymous
+ * socket and closes it, returning the address of the closed socket. If
+ * other servers are started afterwards, the address/port might get reused
+ * and become connectable again - so it's not a good idea to assume that
+ * connections using this address/port will always be refused. Connections
+ * will be refused as long as the address/port of the refusing server has
+ * not been reused.
+ */
+ static class RefusingServer extends AbstractServer {
+
+ final InetAddress address;
+ final int port;
+
+ private RefusingServer(InetAddress address, int port) {
+ this.address = address;
+ this.port = port;
+ }
+
+ @Override
+ public int getPort() {
+ return port;
+ }
+
+ @Override
+ public InetAddress getAddress() {
+ return address;
+ }
+
+ public static RefusingServer startNewServer() throws IOException {
+ ServerSocket socket = new ServerSocket(0, 100,
+ InetAddress.getLocalHost());
+ RefusingServer server = new RefusingServer(socket.getInetAddress(),
+ socket.getLocalPort());
+ socket.close();
+ return server;
+ }
+ }
+
+ /**
+ * An abstract class for implementing small TCP servers for the nio tests
+ * purposes. Disclaimer: This is a naive implementation that uses the old
+ * networking APIs (not those from {@code java.nio.*}) and shamelessly
+ * extends/creates Threads instead of using an executor service.
+ */
+ static abstract class AbstractTcpServer extends AbstractServer
+ implements Runnable, Closeable {
+
+ protected final long linger; // #of ms to wait before responding
+ private Thread acceptThread; // thread waiting for accept
+ // list of opened connections that should be closed on close.
+ private List<TcpConnectionThread> connections = new ArrayList<>();
+ private ServerSocket serverSocket; // the server socket
+ private boolean started = false; // whether the server is started
+ Throwable error = null;
+
+ /**
+ * Creates a new abstract TCP server.
+ *
+ * @param linger the amount of time the server should wait before
+ * responding to requests.
+ */
+ protected AbstractTcpServer(long linger) {
+ this.linger = linger;
+ }
+
+ /**
+ * The local port to which the server is bound.
+ *
+ * @return The local port to which the server is bound.
+ * @exception IllegalStateException is thrown if the server is not
+ * started.
+ */
+ @Override
+ public final synchronized int getPort() {
+ if (!started) {
+ throw new IllegalStateException("Not started");
+ }
+ return serverSocket.getLocalPort();
+ }
+
+ /**
+ * The local address to which the server is bound.
+ *
+ * @return The local address to which the server is bound.
+ * @exception IllegalStateException is thrown if the server is not
+ * started.
+ */
+ @Override
+ public final synchronized InetAddress getAddress() {
+ if (!started) {
+ throw new IllegalStateException("Not started");
+ }
+ return serverSocket.getInetAddress();
+ }
+
+ /**
+ * Tells whether the server is started.
+ *
+ * @return true if the server is started.
+ */
+ public final synchronized boolean isStarted() {
+ return started;
+ }
+
+ /**
+ * Creates a new server socket.
+ *
+ * @param port local port to bind to.
+ * @param backlog requested maximum length of the queue of incoming
+ * connections.
+ * @param address local address to bind to.
+ * @return a new bound server socket ready to accept connections.
+ * @throws IOException if the socket cannot be created or bound.
+ */
+ protected ServerSocket newServerSocket(int port, int backlog,
+ InetAddress address)
+ throws IOException {
+ return new ServerSocket(port, backlog, address);
+ }
+
+ /**
+ * Starts listening for connections.
+ *
+ * @throws IOException if the server socket cannot be created or bound.
+ */
+ public final synchronized void start() throws IOException {
+ if (started) {
+ return;
+ }
+ final ServerSocket socket =
+ newServerSocket(0, 100, InetAddress.getLocalHost());
+ serverSocket = socket;
+ acceptThread = new Thread(this);
+ acceptThread.setDaemon(true);
+ acceptThread.start();
+ started = true;
+ }
+
+ /**
+ * Calls {@code Thread.sleep(linger);}
+ */
+ protected final void lingerIfRequired() {
+ if (linger > 0) {
+ try {
+ Thread.sleep(linger);
+ } catch (InterruptedException x) {
+ Thread.interrupted();
+ final ServerSocket socket = serverSocket();
+ if (socket != null && !socket.isClosed()) {
+ System.err.println("Thread interrupted...");
+ }
+ }
+ }
+ }
+
+ final synchronized ServerSocket serverSocket() {
+ return this.serverSocket;
+ }
+
+ /**
+ * The main accept loop.
+ */
+ @Override
+ public final void run() {
+ final ServerSocket sSocket = serverSocket();
+ try {
+ Socket s;
+ while (isStarted() && !Thread.interrupted()
+ && (s = sSocket.accept()) != null) {
+ lingerIfRequired();
+ listen(s);
+ }
+ } catch (Exception x) {
+ error = x;
+ } finally {
+ synchronized (this) {
+ if (!sSocket.isClosed()) {
+ try {
+ sSocket.close();
+ } catch (IOException x) {
+ System.err.println("Failed to close server socket");
+ }
+ }
+ if (started && this.serverSocket == sSocket) {
+ started = false;
+ this.serverSocket = null;
+ this.acceptThread = null;
+ }
+ }
+ }
+ }
+
+ /**
+ * Represents a connection accepted by the server.
+ */
+ protected abstract class TcpConnectionThread extends Thread {
+
+ protected final Socket socket;
+
+ protected TcpConnectionThread(Socket socket) {
+ this.socket = socket;
+ this.setDaemon(true);
+ }
+
+ public void close() throws IOException {
+ socket.close();
+ interrupt();
+ }
+ }
+
+ /**
+ * Creates a new TcpConnnectionThread to handle the connection through
+ * an accepted socket.
+ *
+ * @param s the socket returned by {@code serverSocket.accept()}.
+ * @return a new TcpConnnectionThread to handle the connection through
+ * an accepted socket.
+ */
+ protected abstract TcpConnectionThread createConnection(Socket s);
+
+ /**
+ * Creates and starts a new TcpConnectionThread to handle the accepted
+ * socket.
+ *
+ * @param s the socket returned by {@code serverSocket.accept()}.
+ */
+ private synchronized void listen(Socket s) {
+ TcpConnectionThread c = createConnection(s);
+ c.start();
+ addConnection(c);
+ }
+
+ /**
+ * Add the connection to the list of accepted connections.
+ *
+ * @param connection an accepted connection.
+ */
+ protected synchronized void addConnection(
+ TcpConnectionThread connection) {
+ connections.add(connection);
+ }
+
+ /**
+ * Remove the connection from the list of accepted connections.
+ *
+ * @param connection an accepted connection.
+ */
+ protected synchronized void removeConnection(
+ TcpConnectionThread connection) {
+ connections.remove(connection);
+ }
+
+ /**
+ * Close the server socket and all the connections present in the list
+ * of accepted connections.
+ *
+ * @throws IOException
+ */
+ @Override
+ public synchronized void close() throws IOException {
+ if (serverSocket != null && !serverSocket.isClosed()) {
+ serverSocket.close();
+ }
+ if (acceptThread != null) {
+ acceptThread.interrupt();
+ }
+ int failed = 0;
+ for (TcpConnectionThread c : connections) {
+ try {
+ c.close();
+ } catch (IOException x) {
+ // no matter - we're closing.
+ failed++;
+ }
+ }
+ connections.clear();
+ if (failed > 0) {
+ throw new IOException("Failed to close some connections");
+ }
+ }
+ }
+
+ /**
+ * A small TCP Server that emulates the echo service for tests purposes. See
+ * http://en.wikipedia.org/wiki/Echo_Protocol This server uses an anonymous
+ * port - NOT the standard port 7. We don't guarantee that its behavior
+ * exactly matches the RFC - the only purpose of this server is to have
+ * something that responds to nio tests...
+ */
+ static final class EchoServer extends AbstractTcpServer {
+
+ public EchoServer() {
+ this(0L);
+ }
+
+ public EchoServer(long linger) {
+ super(linger);
+ }
+
+ @Override
+ protected TcpConnectionThread createConnection(Socket s) {
+ return new EchoConnection(s);
+ }
+
+ private final class EchoConnection extends TcpConnectionThread {
+
+ public EchoConnection(Socket socket) {
+ super(socket);
+ }
+
+ @Override
+ public void run() {
+ try {
+ final InputStream is = socket.getInputStream();
+ final OutputStream out = socket.getOutputStream();
+ byte[] b = new byte[255];
+ int n;
+ while ((n = is.read(b)) > 0) {
+ lingerIfRequired();
+ out.write(b, 0, n);
+ }
+ } catch (IOException io) {
+ // fall through to finally
+ } finally {
+ if (!socket.isClosed()) {
+ try {
+ socket.close();
+ } catch (IOException x) {
+ System.err.println(
+ "Failed to close echo connection socket");
+ }
+ }
+ removeConnection(this);
+ }
+ }
+ }
+
+ public static EchoServer startNewServer() throws IOException {
+ return startNewServer(0);
+ }
+
+ public static EchoServer startNewServer(long linger) throws IOException {
+ final EchoServer echoServer = new EchoServer(linger);
+ echoServer.start();
+ return echoServer;
+ }
+ }
+
+ /**
+ * A small TCP server that emulates the Day & Time service for tests
+ * purposes. See http://en.wikipedia.org/wiki/Daytime_Protocol This server
+ * uses an anonymous port - NOT the standard port 13. We don't guarantee
+ * that its behavior exactly matches the RFC - the only purpose of this
+ * server is to have something that responds to nio tests...
+ */
+ static final class DayTimeServer extends AbstractTcpServer {
+
+ public DayTimeServer() {
+ this(0L);
+ }
+
+ public DayTimeServer(long linger) {
+ super(linger);
+ }
+
+ @Override
+ protected TcpConnectionThread createConnection(Socket s) {
+ return new DayTimeServerConnection(s);
+ }
+
+ @Override
+ protected void addConnection(TcpConnectionThread connection) {
+ // do nothing - the connection just write the date and terminates.
+ }
+
+ @Override
+ protected void removeConnection(TcpConnectionThread connection) {
+ // do nothing - we're not adding connections to the list...
+ }
+
+ private final class DayTimeServerConnection extends TcpConnectionThread {
+
+ public DayTimeServerConnection(Socket socket) {
+ super(socket);
+ }
+
+ @Override
+ public void run() {
+ try {
+ final OutputStream out = socket.getOutputStream();
+ lingerIfRequired();
+ out.write(new Date(System.currentTimeMillis())
+ .toString().getBytes("US-ASCII"));
+ out.flush();
+ } catch (IOException io) {
+ // fall through to finally
+ } finally {
+ if (!socket.isClosed()) {
+ try {
+ socket.close();
+ } catch (IOException x) {
+ System.err.println(
+ "Failed to close echo connection socket");
+ }
+ }
+ }
+ }
+ }
+
+ public static DayTimeServer startNewServer()
+ throws IOException {
+ return startNewServer(0);
+ }
+
+ public static DayTimeServer startNewServer(long linger)
+ throws IOException {
+ final DayTimeServer daytimeServer = new DayTimeServer(linger);
+ daytimeServer.start();
+ return daytimeServer;
+ }
+ }
+
+ /**
+ * An abstract class for implementing small UDP Servers for the nio tests
+ * purposes. Disclaimer: This is a naive implementation that uses the old
+ * networking APIs (not those from {@code java.nio.*}) and shamelessly
+ * extends/creates Threads instead of using an executor service.
+ */
+ static abstract class AbstractUdpServer extends AbstractServer
+ implements Runnable, Closeable {
+
+ protected final long linger; // #of ms to wait before responding
+ private Thread acceptThread; // thread waiting for packets
+ private DatagramSocket serverSocket; // the server socket
+ private boolean started = false; // whether the server is started
+ Throwable error = null;
+
+ /**
+ * Creates a new abstract UDP server.
+ *
+ * @param linger the amount of time the server should wait before
+ * responding to requests.
+ */
+ protected AbstractUdpServer(long linger) {
+ this.linger = linger;
+ }
+
+ /**
+ * The local port to which the server is bound.
+ *
+ * @return The local port to which the server is bound.
+ * @exception IllegalStateException is thrown if the server is not
+ * started.
+ */
+ @Override
+ public final synchronized int getPort() {
+ if (!started) {
+ throw new IllegalStateException("Not started");
+ }
+ return serverSocket.getLocalPort();
+ }
+
+ /**
+ * The local address to which the server is bound.
+ *
+ * @return The local address to which the server is bound.
+ * @exception IllegalStateException is thrown if the server is not
+ * started.
+ */
+ @Override
+ public final synchronized InetAddress getAddress() {
+ if (!started) {
+ throw new IllegalStateException("Not started");
+ }
+ return serverSocket.getLocalAddress();
+ }
+
+ /**
+ * Tells whether the server is started.
+ *
+ * @return true if the server is started.
+ */
+ public final synchronized boolean isStarted() {
+ return started;
+ }
+
+ /**
+ * Creates a new datagram socket.
+ *
+ * @param port local port to bind to.
+ * @param address local address to bind to.
+ * @return a new bound server socket ready to listen for packets.
+ * @throws IOException if the socket cannot be created or bound.
+ */
+ protected DatagramSocket newDatagramSocket(int port,
+ InetAddress address)
+ throws IOException {
+ return new DatagramSocket(port, address);
+ }
+
+ /**
+ * Starts listening for connections.
+ *
+ * @throws IOException if the server socket cannot be created or bound.
+ */
+ public final synchronized void start() throws IOException {
+ if (started) {
+ return;
+ }
+ final DatagramSocket socket =
+ newDatagramSocket(0, InetAddress.getLocalHost());
+ serverSocket = socket;
+ acceptThread = new Thread(this);
+ acceptThread.setDaemon(true);
+ acceptThread.start();
+ started = true;
+ }
+
+ /**
+ * Calls {@code Thread.sleep(linger);}
+ */
+ protected final void lingerIfRequired() {
+ if (linger > 0) {
+ try {
+ Thread.sleep(linger);
+ } catch (InterruptedException x) {
+ Thread.interrupted();
+ final DatagramSocket socket = serverSocket();
+ if (socket != null && !socket.isClosed()) {
+ System.err.println("Thread interrupted...");
+ }
+ }
+ }
+ }
+
+ final synchronized DatagramSocket serverSocket() {
+ return this.serverSocket;
+ }
+
+ final synchronized boolean send(DatagramSocket socket,
+ DatagramPacket response) throws IOException {
+ if (!socket.isClosed()) {
+ socket.send(response);
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ /**
+ * The main receive loop.
+ */
+ @Override
+ public final void run() {
+ final DatagramSocket sSocket = serverSocket();
+ try {
+ final int size = Math.max(1024, sSocket.getReceiveBufferSize());
+ if (size > sSocket.getReceiveBufferSize()) {
+ sSocket.setReceiveBufferSize(size);
+ }
+ while (isStarted() && !Thread.interrupted() && !sSocket.isClosed()) {
+ final byte[] buf = new byte[size];
+ final DatagramPacket packet =
+ new DatagramPacket(buf, buf.length);
+ lingerIfRequired();
+ sSocket.receive(packet);
+ //System.out.println("Received packet from: "
+ // + packet.getAddress()+":"+packet.getPort());
+ handle(sSocket, packet);
+ }
+ } catch (Exception x) {
+ error = x;
+ } finally {
+ synchronized (this) {
+ if (!sSocket.isClosed()) {
+ sSocket.close();
+ }
+ if (started && this.serverSocket == sSocket) {
+ started = false;
+ this.serverSocket = null;
+ this.acceptThread = null;
+ }
+ }
+ }
+ }
+
+ /**
+ * Represents an UDP request received by the server.
+ */
+ protected abstract class UdpRequestThread extends Thread {
+
+ protected final DatagramPacket request;
+ protected final DatagramSocket socket;
+
+ protected UdpRequestThread(DatagramSocket socket, DatagramPacket request) {
+ this.socket = socket;
+ this.request = request;
+ this.setDaemon(true);
+ }
+ }
+
+ /**
+ * Creates a new UdpRequestThread to handle a DatagramPacket received
+ * through a DatagramSocket.
+ *
+ * @param socket the socket through which the request was received.
+ * @param request the datagram packet received through the socket.
+ * @return a new UdpRequestThread to handle the request received through
+ * a DatagramSocket.
+ */
+ protected abstract UdpRequestThread createConnection(DatagramSocket socket,
+ DatagramPacket request);
+
+ /**
+ * Creates and starts a new UdpRequestThread to handle the received
+ * datagram packet.
+ *
+ * @param socket the socket through which the request was received.
+ * @param request the datagram packet received through the socket.
+ */
+ private synchronized void handle(DatagramSocket socket,
+ DatagramPacket request) {
+ UdpRequestThread c = createConnection(socket, request);
+ // c can be null if the request requires no response.
+ if (c != null) {
+ c.start();
+ }
+ }
+
+ /**
+ * Close the server socket.
+ *
+ * @throws IOException
+ */
+ @Override
+ public synchronized void close() throws IOException {
+ if (serverSocket != null && !serverSocket.isClosed()) {
+ serverSocket.close();
+ }
+ if (acceptThread != null) {
+ acceptThread.interrupt();
+ }
+ }
+ }
+
+ /**
+ * A small UDP Server that emulates the discard service for tests purposes.
+ * See http://en.wikipedia.org/wiki/Discard_Protocol This server uses an
+ * anonymous port - NOT the standard port 9. We don't guarantee that its
+ * behavior exactly matches the RFC - the only purpose of this server is to
+ * have something that responds to nio tests...
+ */
+ static final class UdpDiscardServer extends AbstractUdpServer {
+
+ public UdpDiscardServer() {
+ this(0L);
+ }
+
+ public UdpDiscardServer(long linger) {
+ super(linger);
+ }
+
+ @Override
+ protected UdpRequestThread createConnection(DatagramSocket socket,
+ DatagramPacket request) {
+ // no response required
+ return null;
+ }
+
+ public static UdpDiscardServer startNewServer() throws IOException {
+ return startNewServer(0);
+ }
+
+ public static UdpDiscardServer startNewServer(long linger) throws IOException {
+ final UdpDiscardServer discardServer = new UdpDiscardServer(linger);
+ discardServer.start();
+ return discardServer;
+ }
+ }
+
+ /**
+ * A small UDP Server that emulates the echo service for tests purposes. See
+ * http://en.wikipedia.org/wiki/Echo_Protocol This server uses an anonymous
+ * port - NOT the standard port 7. We don't guarantee that its behavior
+ * exactly matches the RFC - the only purpose of this server is to have
+ * something that responds to nio tests...
+ */
+ static final class UdpEchoServer extends AbstractUdpServer {
+
+ public UdpEchoServer() {
+ this(0L);
+ }
+
+ public UdpEchoServer(long linger) {
+ super(linger);
+ }
+
+ @Override
+ protected UdpEchoRequest createConnection(DatagramSocket socket,
+ DatagramPacket request) {
+ return new UdpEchoRequest(socket, request);
+ }
+
+ private final class UdpEchoRequest extends UdpRequestThread {
+
+ public UdpEchoRequest(DatagramSocket socket, DatagramPacket request) {
+ super(socket, request);
+ }
+
+ @Override
+ public void run() {
+ try {
+ lingerIfRequired();
+ final DatagramPacket response =
+ new DatagramPacket(request.getData(),
+ request.getOffset(), request.getLength(),
+ request.getAddress(), request.getPort());
+ send(socket, response);
+ } catch (IOException io) {
+ System.err.println("Failed to send response: " + io);
+ io.printStackTrace(System.err);
+ }
+ }
+ }
+
+ public static UdpEchoServer startNewServer() throws IOException {
+ return startNewServer(0);
+ }
+
+ public static UdpEchoServer startNewServer(long linger) throws IOException {
+ final UdpEchoServer echoServer = new UdpEchoServer(linger);
+ echoServer.start();
+ return echoServer;
+ }
+ }
+
+ /**
+ * A small UDP server that emulates the Day & Time service for tests
+ * purposes. See http://en.wikipedia.org/wiki/Daytime_Protocol This server
+ * uses an anonymous port - NOT the standard port 13. We don't guarantee
+ * that its behavior exactly matches the RFC - the only purpose of this
+ * server is to have something that responds to nio tests...
+ */
+ static final class UdpDayTimeServer extends AbstractUdpServer {
+
+ public UdpDayTimeServer() {
+ this(0L);
+ }
+
+ public UdpDayTimeServer(long linger) {
+ super(linger);
+ }
+
+ @Override
+ protected UdpDayTimeRequestThread createConnection(DatagramSocket socket,
+ DatagramPacket request) {
+ return new UdpDayTimeRequestThread(socket, request);
+ }
+
+ private final class UdpDayTimeRequestThread extends UdpRequestThread {
+
+ public UdpDayTimeRequestThread(DatagramSocket socket,
+ DatagramPacket request) {
+ super(socket, request);
+ }
+
+ @Override
+ public void run() {
+ try {
+ lingerIfRequired();
+ final byte[] data = new Date(System.currentTimeMillis())
+ .toString().getBytes("US-ASCII");
+ final DatagramPacket response =
+ new DatagramPacket(data, 0, data.length,
+ request.getAddress(), request.getPort());
+ send(socket, response);
+ } catch (IOException io) {
+ System.err.println("Failed to send response: " + io);
+ io.printStackTrace(System.err);
+ }
+ }
+ }
+
+ public static UdpDayTimeServer startNewServer() throws IOException {
+ return startNewServer(0);
+ }
+
+ public static UdpDayTimeServer startNewServer(long linger)
+ throws IOException {
+ final UdpDayTimeServer echoServer = new UdpDayTimeServer(linger);
+ echoServer.start();
+ return echoServer;
+ }
+ }
+}
diff --git a/test/java/nio/channels/TestUtil.java b/test/java/nio/channels/TestUtil.java
index f06ffc4..5fbdf9c 100644
--- a/test/java/nio/channels/TestUtil.java
+++ b/test/java/nio/channels/TestUtil.java
@@ -27,7 +27,6 @@
import java.io.*;
import java.net.*;
-import java.nio.*;
import java.nio.channels.*;
import java.util.Random;
@@ -36,9 +35,6 @@
// Test hosts used by the channels tests - change these when
// executing in a different network.
- public static final String HOST = "javaweb.sfbay.sun.com";
- public static final String REFUSING_HOST = "jano1.sfbay.sun.com";
- public static final String FAR_HOST = "irejano.ireland.sun.com";
public static final String UNRESOLVABLE_HOST = "blah-blah.blah-blah.blah";
private TestUtil() { }
diff --git a/test/java/security/cert/PKIXRevocationChecker/UnitTest.java b/test/java/security/cert/PKIXRevocationChecker/UnitTest.java
index 8accf9e..27fd162 100644
--- a/test/java/security/cert/PKIXRevocationChecker/UnitTest.java
+++ b/test/java/security/cert/PKIXRevocationChecker/UnitTest.java
@@ -23,7 +23,7 @@
/**
* @test
- * @bug 6854712
+ * @bug 6854712 7171570
* @summary Basic unit test for PKIXRevocationChecker
*/
@@ -33,6 +33,7 @@
import java.io.OutputStream;
import java.net.URI;
import java.security.cert.CertificateFactory;
+import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathChecker;
import java.security.cert.CertPathValidator;
import java.security.cert.Extension;
@@ -58,8 +59,7 @@
requireNull(prc.getOCSPResponder(), "getOCSPResponder()");
requireNull(prc.getOCSPResponderCert(), "getOCSPResponderCert()");
requireEmpty(prc.getOCSPExtensions(), "getOCSPExtensions()");
- requireEmpty(prc.getOCSPStapledResponses(),
- "getOCSPStapledResponses()");
+ requireEmpty(prc.getOCSPResponses(), "getOCSPResponses()");
requireEmpty(prc.getOptions(), "getOptions()");
System.out.println("Testing that get methods return same parameters " +
@@ -94,11 +94,24 @@
requireNull(prc.getOCSPResponderCert(), "getOCSPResponderCert()");
prc.setOCSPExtensions(null);
requireEmpty(prc.getOCSPExtensions(), "getOCSPExtensions()");
- prc.setOCSPStapledResponses(null);
- requireEmpty(prc.getOCSPStapledResponses(),
- "getOCSPStapledResponses()");
+ prc.setOCSPResponses(null);
+ requireEmpty(prc.getOCSPResponses(), "getOCSPResponses()");
prc.setOptions(null);
requireEmpty(prc.getOptions(), "getOptions()");
+
+ System.out.println("Testing that getRevocationChecker returns new " +
+ "instance each time");
+ CertPathChecker first = cpv.getRevocationChecker();
+ CertPathChecker second = cpv.getRevocationChecker();
+ if (first == second) {
+ throw new Exception("FAILED: CertPathCheckers not new instances");
+ }
+ CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX");
+ first = cpb.getRevocationChecker();
+ second = cpb.getRevocationChecker();
+ if (first == second) {
+ throw new Exception("FAILED: CertPathCheckers not new instances");
+ }
}
static void requireNull(Object o, String msg) throws Exception {
diff --git a/test/java/util/Locale/Bug8001562.java b/test/java/util/Locale/Bug8001562.java
new file mode 100644
index 0000000..1ff1b50
--- /dev/null
+++ b/test/java/util/Locale/Bug8001562.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8001562
+ * @summary Verify that getAvailableLocales() in locale sensitive services
+ * classes return compatible set of locales as in JDK7.
+ * @run main Bug8001562
+ */
+
+import java.text.*;
+import java.util.*;
+
+public class Bug8001562 {
+
+ static final String[] jdk7availTags = {
+ "ar", "ar-AE", "ar-BH", "ar-DZ", "ar-EG", "ar-IQ", "ar-JO", "ar-KW",
+ "ar-LB", "ar-LY", "ar-MA", "ar-OM", "ar-QA", "ar-SA", "ar-SD", "ar-SY",
+ "ar-TN", "ar-YE", "be", "be-BY", "bg", "bg-BG", "ca", "ca-ES", "cs",
+ "cs-CZ", "da", "da-DK", "de", "de-AT", "de-CH", "de-DE", "de-LU", "el",
+ "el-CY", "el-GR", "en", "en-AU", "en-CA", "en-GB", "en-IE", "en-IN",
+ "en-MT", "en-NZ", "en-PH", "en-SG", "en-US", "en-ZA", "es", "es-AR",
+ "es-BO", "es-CL", "es-CO", "es-CR", "es-DO", "es-EC", "es-ES", "es-GT",
+ "es-HN", "es-MX", "es-NI", "es-PA", "es-PE", "es-PR", "es-PY", "es-SV",
+ "es-US", "es-UY", "es-VE", "et", "et-EE", "fi", "fi-FI", "fr", "fr-BE",
+ "fr-CA", "fr-CH", "fr-FR", "fr-LU", "ga", "ga-IE", "he", "he-IL",
+ "hi-IN", "hr", "hr-HR", "hu", "hu-HU", "id", "id-ID", "is", "is-IS",
+ "it", "it-CH", "it-IT", "ja", "ja-JP",
+ "ja-JP-u-ca-japanese-x-lvariant-JP", "ko", "ko-KR", "lt", "lt-LT", "lv",
+ "lv-LV", "mk", "mk-MK", "ms", "ms-MY", "mt", "mt-MT", "nl", "nl-BE",
+ "nl-NL", "no", "no-NO", "no-NO-x-lvariant-NY", "pl", "pl-PL", "pt",
+ "pt-BR", "pt-PT", "ro", "ro-RO", "ru", "ru-RU", "sk", "sk-SK", "sl",
+ "sl-SI", "sq", "sq-AL", "sr", "sr-BA", "sr-CS", "sr-Latn", "sr-Latn-BA",
+ "sr-Latn-ME", "sr-Latn-RS", "sr-ME", "sr-RS", "sv", "sv-SE", "th",
+ "th-TH", "th-TH-u-nu-thai-x-lvariant-TH", "tr", "tr-TR", "uk", "uk-UA",
+ "vi", "vi-VN", "zh", "zh-CN", "zh-HK", "zh-SG", "zh-TW", };
+ static List<Locale> jdk7availLocs = new ArrayList<>();
+ static {
+ for (String locStr : jdk7availTags) {
+ jdk7availLocs.add(Locale.forLanguageTag(locStr));
+ }
+ }
+
+ public static void main(String[] args) {
+ List<Locale> avail = Arrays.asList(BreakIterator.getAvailableLocales());
+ diffLocale(BreakIterator.class, avail);
+
+ avail = Arrays.asList(Collator.getAvailableLocales());
+ diffLocale(Collator.class, avail);
+
+ avail = Arrays.asList(DateFormat.getAvailableLocales());
+ diffLocale(DateFormat.class, avail);
+
+ avail = Arrays.asList(DateFormatSymbols.getAvailableLocales());
+ diffLocale(DateFormatSymbols.class, avail);
+
+ avail = Arrays.asList(DecimalFormatSymbols.getAvailableLocales());
+ diffLocale(DecimalFormatSymbols.class, avail);
+
+ avail = Arrays.asList(NumberFormat.getAvailableLocales());
+ diffLocale(NumberFormat.class, avail);
+
+ avail = Arrays.asList(Locale.getAvailableLocales());
+ diffLocale(Locale.class, avail);
+ }
+
+ static void diffLocale(Class c, List<Locale> locs) {
+ String diff = "";
+
+ System.out.printf("Only in target locales (%s.getAvailableLocales()): ", c.getSimpleName());
+ for (Locale l : locs) {
+ if (!jdk7availLocs.contains(l)) {
+ diff += "\""+l.toLanguageTag()+"\", ";
+ }
+ }
+ System.out.println(diff);
+ diff = "";
+
+ System.out.printf("Only in JDK7 (%s.getAvailableLocales()): ", c.getSimpleName());
+ for (Locale l : jdk7availLocs) {
+ if (!locs.contains(l)) {
+ diff += "\""+l.toLanguageTag()+"\", ";
+ }
+ }
+ System.out.println(diff);
+
+ if (diff.length() > 0) {
+ throw new RuntimeException("Above locale(s) were not included in the target available locales");
+ }
+ }
+}
diff --git a/test/java/util/PluggableLocale/BreakIteratorProviderTest.java b/test/java/util/PluggableLocale/BreakIteratorProviderTest.java
index 2afd263..160f9fb 100644
--- a/test/java/util/PluggableLocale/BreakIteratorProviderTest.java
+++ b/test/java/util/PluggableLocale/BreakIteratorProviderTest.java
@@ -53,9 +53,8 @@
}
void availableLocalesTest() {
- Set<Locale> localesFromAPI = new HashSet<Locale>(availloc);
- Set<Locale> localesExpected = new HashSet<Locale>(jreimplloc);
- localesExpected.remove(Locale.ROOT);
+ Set<Locale> localesFromAPI = new HashSet<>(availloc);
+ Set<Locale> localesExpected = new HashSet<>(jreloc);
localesExpected.addAll(providerloc);
if (localesFromAPI.equals(localesExpected)) {
System.out.println("availableLocalesTest passed.");
diff --git a/test/java/util/PluggableLocale/CollatorProviderTest.java b/test/java/util/PluggableLocale/CollatorProviderTest.java
index 234bdb1..718f165 100644
--- a/test/java/util/PluggableLocale/CollatorProviderTest.java
+++ b/test/java/util/PluggableLocale/CollatorProviderTest.java
@@ -47,9 +47,8 @@
}
void availableLocalesTest() {
- Set<Locale> localesFromAPI = new HashSet<Locale>(availloc);
- Set<Locale> localesExpected = new HashSet<Locale>(jreimplloc);
- localesExpected.remove(Locale.ROOT);
+ Set<Locale> localesFromAPI = new HashSet<>(availloc);
+ Set<Locale> localesExpected = new HashSet<>(jreloc);
localesExpected.addAll(providerloc);
if (localesFromAPI.equals(localesExpected)) {
System.out.println("availableLocalesTest passed.");
diff --git a/test/java/util/PluggableLocale/DateFormatProviderTest.java b/test/java/util/PluggableLocale/DateFormatProviderTest.java
index e17f8fe..d49b25b 100644
--- a/test/java/util/PluggableLocale/DateFormatProviderTest.java
+++ b/test/java/util/PluggableLocale/DateFormatProviderTest.java
@@ -34,6 +34,7 @@
com.foo.DateFormatProviderImpl dfp = new com.foo.DateFormatProviderImpl();
List<Locale> availloc = Arrays.asList(DateFormat.getAvailableLocales());
List<Locale> providerloc = Arrays.asList(dfp.getAvailableLocales());
+ List<Locale> jreloc = Arrays.asList(LocaleProviderAdapter.forJRE().getAvailableLocales());
List<Locale> jreimplloc = Arrays.asList(LocaleProviderAdapter.forJRE().getDateFormatProvider().getAvailableLocales());
public static void main(String[] s) {
@@ -41,11 +42,23 @@
}
DateFormatProviderTest() {
+ availableLocalesTest();
objectValidityTest();
extendedVariantTest();
messageFormatTest();
}
+ void availableLocalesTest() {
+ Set<Locale> localesFromAPI = new HashSet<>(availloc);
+ Set<Locale> localesExpected = new HashSet<>(jreloc);
+ localesExpected.addAll(providerloc);
+ if (localesFromAPI.equals(localesExpected)) {
+ System.out.println("availableLocalesTest passed.");
+ } else {
+ throw new RuntimeException("availableLocalesTest failed");
+ }
+ }
+
void objectValidityTest() {
for (Locale target: availloc) {
diff --git a/test/java/util/PluggableLocale/DateFormatSymbolsProviderTest.java b/test/java/util/PluggableLocale/DateFormatSymbolsProviderTest.java
index 44d537b..ef07f7e 100644
--- a/test/java/util/PluggableLocale/DateFormatSymbolsProviderTest.java
+++ b/test/java/util/PluggableLocale/DateFormatSymbolsProviderTest.java
@@ -48,9 +48,8 @@
}
void availableLocalesTest() {
- Set<Locale> localesFromAPI = new HashSet<Locale>(availloc);
- Set<Locale> localesExpected = new HashSet<Locale>(jreimplloc);
- localesExpected.remove(Locale.ROOT);
+ Set<Locale> localesFromAPI = new HashSet<>(availloc);
+ Set<Locale> localesExpected = new HashSet<>(jreloc);
localesExpected.addAll(providerloc);
if (localesFromAPI.equals(localesExpected)) {
System.out.println("availableLocalesTest passed.");
diff --git a/test/java/util/PluggableLocale/DecimalFormatSymbolsProviderTest.java b/test/java/util/PluggableLocale/DecimalFormatSymbolsProviderTest.java
index 1249760..7d25542 100644
--- a/test/java/util/PluggableLocale/DecimalFormatSymbolsProviderTest.java
+++ b/test/java/util/PluggableLocale/DecimalFormatSymbolsProviderTest.java
@@ -47,9 +47,8 @@
}
void availableLocalesTest() {
- Set<Locale> localesFromAPI = new HashSet<Locale>(availloc);
- Set<Locale> localesExpected = new HashSet<Locale>(jreimplloc);
- localesExpected.remove(Locale.ROOT);
+ Set<Locale> localesFromAPI = new HashSet<>(availloc);
+ Set<Locale> localesExpected = new HashSet<>(jreloc);
localesExpected.addAll(providerloc);
if (localesFromAPI.equals(localesExpected)) {
System.out.println("availableLocalesTest passed.");
diff --git a/test/java/util/PluggableLocale/GenericTest.java b/test/java/util/PluggableLocale/GenericTest.java
index 288d7a3..29a49fb 100644
--- a/test/java/util/PluggableLocale/GenericTest.java
+++ b/test/java/util/PluggableLocale/GenericTest.java
@@ -73,7 +73,6 @@
expected.addAll(Arrays.asList(localeNP.getAvailableLocales()));
expected.addAll(Arrays.asList(tzNP.getAvailableLocales()));
expected.addAll(Arrays.asList(calDataP.getAvailableLocales()));
- expected.remove(Locale.ROOT);
if (!result.equals(expected)) {
throw new RuntimeException("Locale.getAvailableLocales() does not return the union of locales: diff="
+ getDiff(result, expected));
diff --git a/test/java/util/PluggableLocale/NumberFormatProviderTest.java b/test/java/util/PluggableLocale/NumberFormatProviderTest.java
index 6c1efd9..13f63fd 100644
--- a/test/java/util/PluggableLocale/NumberFormatProviderTest.java
+++ b/test/java/util/PluggableLocale/NumberFormatProviderTest.java
@@ -50,9 +50,8 @@
}
void availableLocalesTest() {
- Set<Locale> localesFromAPI = new HashSet<Locale>(availloc);
- Set<Locale> localesExpected = new HashSet<Locale>(jreimplloc);
- localesExpected.remove(Locale.ROOT);
+ Set<Locale> localesFromAPI = new HashSet<>(availloc);
+ Set<Locale> localesExpected = new HashSet<>(jreloc);
localesExpected.addAll(providerloc);
if (localesFromAPI.equals(localesExpected)) {
System.out.println("availableLocalesTest passed.");
diff --git a/test/sun/net/www/protocol/http/StackTraceTest.java b/test/sun/net/www/protocol/http/StackTraceTest.java
index 3b2cc3a..cd3f6a5 100644
--- a/test/sun/net/www/protocol/http/StackTraceTest.java
+++ b/test/sun/net/www/protocol/http/StackTraceTest.java
@@ -32,26 +32,28 @@
import java.io.IOException;
public class StackTraceTest {
- public static void main(String[] args) {
+ public static void main(String[] args) throws Exception {
+ URL url;
+ try (ServerSocket ss = new ServerSocket(0)) { // refusing socket
+ url = new URL("http://localhost:" + ss.getLocalPort() + "/");
+ }
+ URLConnection uc = url.openConnection();
+
+ // Trigger implicit connection by trying to retrieve bogus
+ // response header, and force remembered exception
+ uc.getHeaderFieldKey(20);
+
try {
- URL url = new URL("http://localhost:8080/");
- URLConnection uc = url.openConnection();
- System.out.println("key = "+uc.getHeaderFieldKey(20));
- uc.getInputStream();
+ uc.getInputStream(); // expect to throw
+ throw new RuntimeException("Expected getInputStream to throw");
} catch (IOException ioe) {
- ioe.printStackTrace();
-
- if (!(ioe instanceof ConnectException)) {
- throw new RuntimeException("Expect ConnectException, got "+ioe);
- }
- if (ioe.getMessage() == null) {
+ if (!(ioe instanceof ConnectException))
+ throw new RuntimeException("Expect ConnectException, got " + ioe);
+ if (ioe.getMessage() == null)
throw new RuntimeException("Exception message is null");
- }
-
- // this exception should be a chained exception
- if (ioe.getCause() == null) {
- throw new RuntimeException("Excepting a chained exception, but got: ", ioe);
- }
+ if (ioe.getCause() == null)
+ throw new RuntimeException("Excepting a chained exception, but got: ",
+ ioe);
}
}
}
diff --git a/test/sun/security/krb5/auto/Basic.java b/test/sun/security/krb5/auto/Basic.java
index 1048dc0..ef7f11d 100644
--- a/test/sun/security/krb5/auto/Basic.java
+++ b/test/sun/security/krb5/auto/Basic.java
@@ -38,11 +38,13 @@
new OneKDC(null).writeJAASConf();
- Context c, s;
+ Context c, s, s2, b;
c = Context.fromJAAS("client");
s = Context.fromJAAS("server");
+ b = Context.fromJAAS("backend");
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
+ c.x().requestCredDeleg(true);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
Context.handshake(c, s);
@@ -50,7 +52,13 @@
Context.transmit("i say high --", c, s);
Context.transmit(" you say low", s, c);
+ s2 = s.delegated();
s.dispose();
c.dispose();
+
+ s2.startAsClient(OneKDC.BACKEND, GSSUtil.GSS_KRB5_MECH_OID);
+ b.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
+
+ Context.handshake(s2, b);
}
}
diff --git a/test/sun/security/krb5/auto/Context.java b/test/sun/security/krb5/auto/Context.java
index 64ef590..7eef77c 100644
--- a/test/sun/security/krb5/auto/Context.java
+++ b/test/sun/security/krb5/auto/Context.java
@@ -42,9 +42,10 @@
import com.sun.security.jgss.ExtendedGSSContext;
import com.sun.security.jgss.InquireType;
import com.sun.security.jgss.AuthorizationDataEntry;
+import com.sun.security.jgss.ExtendedGSSCredential;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
-import javax.security.auth.kerberos.KeyTab;
+import java.security.Principal;
/**
* Context of a JGSS subject, encapsulating Subject and GSSContext.
@@ -90,7 +91,21 @@
public Context delegated() throws Exception {
Context out = new Context();
out.s = s;
- out.cred = x.getDelegCred();
+ try {
+ out.cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
+ @Override
+ public GSSCredential run() throws Exception {
+ GSSCredential cred = x.getDelegCred();
+ if (cred == null && x.getCredDelegState() ||
+ cred != null && !x.getCredDelegState()) {
+ throw new Exception("getCredDelegState not match");
+ }
+ return cred;
+ }
+ });
+ } catch (PrivilegedActionException pae) {
+ throw pae.getException();
+ }
out.name = name + " as " + out.cred.getName().toString();
return out;
}
@@ -212,28 +227,34 @@
* @throws java.lang.Exception
*/
public void startAsServer(final Oid mech) throws Exception {
- startAsServer(null, mech);
+ startAsServer(null, mech, false);
}
+ public void startAsServer(final String name, final Oid mech) throws Exception {
+ startAsServer(name, mech, false);
+ }
/**
* Starts as a server with the specified service name
* @param name the service name
* @param mech GSS mech
* @throws java.lang.Exception
*/
- public void startAsServer(final String name, final Oid mech) throws Exception {
+ public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
- me.x = (ExtendedGSSContext)m.createContext(m.createCredential(
+ me.cred = m.createCredential(
name == null ? null :
(name.indexOf('@') < 0 ?
m.createName(name, null) :
m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
GSSCredential.INDEFINITE_LIFETIME,
mech,
- GSSCredential.ACCEPT_ONLY));
+ asInitiator?
+ GSSCredential.INITIATE_AND_ACCEPT:
+ GSSCredential.ACCEPT_ONLY);
+ me.x = (ExtendedGSSContext)m.createContext(me.cred);
return null;
}
}, null);
@@ -331,27 +352,38 @@
} catch (Exception e) {
;// Don't care
}
- System.out.println("====== Private Credentials Set ======");
- for (Object o : s.getPrivateCredentials()) {
- System.out.println(" " + o.getClass());
- if (o instanceof KerberosTicket) {
- KerberosTicket kt = (KerberosTicket) o;
- System.out.println(" " + kt.getServer() + " for " + kt.getClient());
- } else if (o instanceof KerberosKey) {
- KerberosKey kk = (KerberosKey) o;
- System.out.print(" " + kk.getKeyType() + " " + kk.getVersionNumber() + " " + kk.getAlgorithm() + " ");
- for (byte b : kk.getEncoded()) {
- System.out.printf("%02X", b & 0xff);
- }
- System.out.println();
- } else if (o instanceof Map) {
- Map map = (Map) o;
- for (Object k : map.keySet()) {
- System.out.println(" " + k + ": " + map.get(k));
- }
- } else {
+ if (s != null) {
+ System.out.println("====== START SUBJECT CONTENT =====");
+ for (Principal p: s.getPrincipals()) {
+ System.out.println(" Principal: " + p);
+ }
+ for (Object o : s.getPublicCredentials()) {
+ System.out.println(" " + o.getClass());
System.out.println(" " + o);
}
+ System.out.println("====== Private Credentials Set ======");
+ for (Object o : s.getPrivateCredentials()) {
+ System.out.println(" " + o.getClass());
+ if (o instanceof KerberosTicket) {
+ KerberosTicket kt = (KerberosTicket) o;
+ System.out.println(" " + kt.getServer() + " for " + kt.getClient());
+ } else if (o instanceof KerberosKey) {
+ KerberosKey kk = (KerberosKey) o;
+ System.out.print(" " + kk.getKeyType() + " " + kk.getVersionNumber() + " " + kk.getAlgorithm() + " ");
+ for (byte b : kk.getEncoded()) {
+ System.out.printf("%02X", b & 0xff);
+ }
+ System.out.println();
+ } else if (o instanceof Map) {
+ Map map = (Map) o;
+ for (Object k : map.keySet()) {
+ System.out.println(" " + k + ": " + map.get(k));
+ }
+ } else {
+ System.out.println(" " + o);
+ }
+ }
+ System.out.println("====== END SUBJECT CONTENT =====");
}
if (x != null && x instanceof ExtendedGSSContext) {
if (x.isEstablished()) {
@@ -510,6 +542,29 @@
return sb.toString();
}
+ public Context impersonate(final String someone) throws Exception {
+ try {
+ GSSCredential creds = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
+ @Override
+ public GSSCredential run() throws Exception {
+ GSSManager m = GSSManager.getInstance();
+ GSSName other = m.createName(someone, GSSName.NT_USER_NAME);
+ if (Context.this.cred == null) {
+ Context.this.cred = m.createCredential(GSSCredential.INITIATE_ONLY);
+ }
+ return ((ExtendedGSSCredential)Context.this.cred).impersonate(other);
+ }
+ });
+ Context out = new Context();
+ out.s = s;
+ out.cred = creds;
+ out.name = name + " as " + out.cred.getName().toString();
+ return out;
+ } catch (PrivilegedActionException pae) {
+ throw pae.getException();
+ }
+ }
+
public byte[] take(final byte[] in) throws Exception {
return doAs(new Action() {
@Override
@@ -522,10 +577,11 @@
}
return null;
} else {
- System.out.println(name + " call initSecContext");
if (me.x.isInitiator()) {
+ System.out.println(name + " call initSecContext");
return me.x.initSecContext(input, 0, input.length);
} else {
+ System.out.println(name + " call acceptSecContext");
return me.x.acceptSecContext(input, 0, input.length);
}
}
diff --git a/test/sun/security/krb5/auto/CrossRealm.java b/test/sun/security/krb5/auto/CrossRealm.java
index 21927b6..ef04521 100644
--- a/test/sun/security/krb5/auto/CrossRealm.java
+++ b/test/sun/security/krb5/auto/CrossRealm.java
@@ -24,6 +24,7 @@
/*
* @test
* @bug 6706974
+ * @compile -XDignore.symbol.file CrossRealm.java
* @run main/othervm CrossRealm
* @summary Add krb5 test infrastructure
*/
diff --git a/test/sun/security/krb5/auto/KDC.java b/test/sun/security/krb5/auto/KDC.java
index 716e2fa..409f313 100644
--- a/test/sun/security/krb5/auto/KDC.java
+++ b/test/sun/security/krb5/auto/KDC.java
@@ -178,6 +178,20 @@
* What backend server can be delegated to
*/
OK_AS_DELEGATE,
+ /**
+ * Allow S4U2self, List<String> of middle servers.
+ * If not set, means KDC does not understand S4U2self at all, therefore
+ * would ignore any PA-FOR-USER request and send a ticket using the
+ * cname of teh requestor. If set, it returns FORWARDABLE tickets to
+ * a server with its name in the list
+ */
+ ALLOW_S4U2SELF,
+ /**
+ * Allow S4U2proxy, Map<String,List<String>> of middle servers to
+ * backends. If not set or a backend not in a server's list,
+ * Krb5.KDC_ERR_POLICY will be send for S4U2proxy request.
+ */
+ ALLOW_S4U2PROXY,
};
static {
@@ -618,13 +632,18 @@
int e2 = eTypes[0]; // etype for outgoing session key
int e3 = eTypes[0]; // etype for outgoing ticket
- PAData[] pas = kDCReqDotPAData(tgsReq);
+ PAData[] pas = KDCReqDotPAData(tgsReq);
Ticket tkt = null;
EncTicketPart etp = null;
+
+ PrincipalName cname = null;
+ boolean allowForwardable = true;
+
if (pas == null || pas.length == 0) {
throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
} else {
+ PrincipalName forUserCName = null;
for (PAData pa: pas) {
if (pa.getType() == Krb5.PA_TGS_REQ) {
APReq apReq = new APReq(pa.getValue());
@@ -636,8 +655,31 @@
DerInputStream derIn = new DerInputStream(bb);
DerValue der = derIn.getDerValue();
etp = new EncTicketPart(der.toByteArray());
+ // Finally, cname will be overwritten by PA-FOR-USER
+ // if it exists.
+ cname = etp.cname;
+ System.out.println(realm + "> presenting a ticket of "
+ + etp.cname + " to " + tkt.sname);
+ } else if (pa.getType() == Krb5.PA_FOR_USER) {
+ if (options.containsKey(Option.ALLOW_S4U2SELF)) {
+ PAForUserEnc p4u = new PAForUserEnc(
+ new DerValue(pa.getValue()), null);
+ forUserCName = p4u.name;
+ System.out.println(realm + "> presenting a PA_FOR_USER "
+ + " in the name of " + p4u.name);
+ }
}
}
+ if (forUserCName != null) {
+ List<String> names = (List<String>)options.get(Option.ALLOW_S4U2SELF);
+ if (!names.contains(cname.toString())) {
+ // Mimic the normal KDC behavior. When a server is not
+ // allowed to send S4U2self, do not send an error.
+ // Instead, send a ticket which is useless later.
+ allowForwardable = false;
+ }
+ cname = forUserCName;
+ }
if (tkt == null) {
throw new KrbException(Krb5.KDC_ERR_PADATA_TYPE_NOSUPP);
}
@@ -658,7 +700,8 @@
}
boolean[] bFlags = new boolean[Krb5.TKT_OPTS_MAX+1];
- if (body.kdcOptions.get(KDCOptions.FORWARDABLE)) {
+ if (body.kdcOptions.get(KDCOptions.FORWARDABLE)
+ && allowForwardable) {
bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true;
}
if (body.kdcOptions.get(KDCOptions.FORWARDED) ||
@@ -678,6 +721,37 @@
if (body.kdcOptions.get(KDCOptions.ALLOW_POSTDATE)) {
bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true;
}
+ if (body.kdcOptions.get(KDCOptions.CNAME_IN_ADDL_TKT)) {
+ if (!options.containsKey(Option.ALLOW_S4U2PROXY)) {
+ // Don't understand CNAME_IN_ADDL_TKT
+ throw new KrbException(Krb5.KDC_ERR_BADOPTION);
+ } else {
+ Map<String,List<String>> map = (Map<String,List<String>>)
+ options.get(Option.ALLOW_S4U2PROXY);
+ Ticket second = KDCReqBodyDotFirstAdditionalTicket(body);
+ EncryptionKey key2 = keyForUser(second.sname, second.encPart.getEType(), true);
+ byte[] bb = second.encPart.decrypt(key2, KeyUsage.KU_TICKET);
+ DerInputStream derIn = new DerInputStream(bb);
+ DerValue der = derIn.getDerValue();
+ EncTicketPart tktEncPart = new EncTicketPart(der.toByteArray());
+ if (!tktEncPart.flags.get(Krb5.TKT_OPTS_FORWARDABLE)) {
+ //throw new KrbException(Krb5.KDC_ERR_BADOPTION);
+ }
+ PrincipalName client = tktEncPart.cname;
+ System.out.println(realm + "> and an additional ticket of "
+ + client + " to " + second.sname);
+ if (map.containsKey(cname.toString())) {
+ if (map.get(cname.toString()).contains(service.toString())) {
+ System.out.println(realm + "> S4U2proxy OK");
+ } else {
+ throw new KrbException(Krb5.KDC_ERR_BADOPTION);
+ }
+ } else {
+ throw new KrbException(Krb5.KDC_ERR_BADOPTION);
+ }
+ cname = client;
+ }
+ }
String okAsDelegate = (String)options.get(Option.OK_AS_DELEGATE);
if (okAsDelegate != null && (
@@ -691,7 +765,7 @@
EncTicketPart enc = new EncTicketPart(
tFlags,
key,
- etp.cname,
+ cname,
new TransitedEncoding(1, new byte[0]), // TODO
new KerberosTime(new Date()),
body.from,
@@ -729,7 +803,7 @@
);
EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_TGS_REP_PART_SESSKEY);
TGSRep tgsRep = new TGSRep(null,
- etp.cname,
+ cname,
t,
edata);
System.out.println(" Return " + tgsRep.cname
@@ -942,7 +1016,7 @@
outPAs.add(new PAData(Krb5.PA_ETYPE_INFO, eid.toByteArray()));
}
- PAData[] inPAs = kDCReqDotPAData(asReq);
+ PAData[] inPAs = KDCReqDotPAData(asReq);
if (inPAs == null || inPAs.length == 0) {
Object preauth = options.get(Option.PREAUTH_REQUIRED);
if (preauth == null || preauth.equals(Boolean.TRUE)) {
@@ -1252,6 +1326,7 @@
private static final Field getEType;
private static final Constructor<EncryptedData> ctorEncryptedData;
private static final Method stringToKey;
+ private static final Field getAddlTkt;
static {
try {
@@ -1265,6 +1340,8 @@
"stringToKey",
char[].class, String.class, byte[].class, Integer.TYPE);
stringToKey.setAccessible(true);
+ getAddlTkt = KDCReqBody.class.getDeclaredField("additionalTickets");
+ getAddlTkt.setAccessible(true);
} catch (NoSuchFieldException nsfe) {
throw new AssertionError(nsfe);
} catch (NoSuchMethodException nsme) {
@@ -1278,7 +1355,7 @@
throw new AssertionError(e);
}
}
- private static PAData[] kDCReqDotPAData(KDCReq req) {
+ private static PAData[] KDCReqDotPAData(KDCReq req) {
try {
return (PAData[])getPADataField.get(req);
} catch (Exception e) {
@@ -1303,4 +1380,11 @@
throw new AssertionError(e);
}
}
+ private static Ticket KDCReqBodyDotFirstAdditionalTicket(KDCReqBody body) {
+ try {
+ return ((Ticket[])getAddlTkt.get(body))[0];
+ } catch (Exception e) {
+ throw new AssertionError(e);
+ }
+ }
}
diff --git a/test/sun/security/krb5/auto/OkAsDelegate.java b/test/sun/security/krb5/auto/OkAsDelegate.java
index 9037634..d66e242 100644
--- a/test/sun/security/krb5/auto/OkAsDelegate.java
+++ b/test/sun/security/krb5/auto/OkAsDelegate.java
@@ -91,7 +91,7 @@
Context c, s;
c = Context.fromJAAS("client");
- s = Context.fromJAAS("server");
+ s = Context.fromJAAS("com.sun.security.jgss.krb5.accept");
Oid mech = GSSUtil.GSS_KRB5_MECH_OID;
if (System.getProperty("test.spnego") != null) {
diff --git a/test/sun/security/krb5/auto/S4U2proxy.java b/test/sun/security/krb5/auto/S4U2proxy.java
new file mode 100644
index 0000000..dd7d50c
--- /dev/null
+++ b/test/sun/security/krb5/auto/S4U2proxy.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6355584
+ * @summary Introduce constrained Kerberos delegation
+ * @compile -XDignore.symbol.file S4U2proxy.java
+ * @run main/othervm S4U2proxy krb5
+ * @run main/othervm S4U2proxy spnego
+ */
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.ietf.jgss.Oid;
+import sun.security.jgss.GSSUtil;
+
+public class S4U2proxy {
+
+ public static void main(String[] args) throws Exception {
+ Oid mech;
+ if (args[0].equals("spnego")) {
+ mech = GSSUtil.GSS_SPNEGO_MECH_OID;
+ } else if (args[0].contains("krb5")) {
+ mech = GSSUtil.GSS_KRB5_MECH_OID;
+ } else {
+ throw new Exception("Unknown mech");
+ }
+
+ OneKDC kdc = new OneKDC(null);
+ kdc.writeJAASConf();
+ kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
+ Map<String,List<String>> map = new HashMap<>();
+ map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
+ new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
+ kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+
+ Context c, s, b;
+ c = Context.fromJAAS("client");
+ s = Context.fromJAAS("server");
+ b = Context.fromJAAS("backend");
+
+ c.startAsClient(OneKDC.SERVER, mech);
+ s.startAsServer(null, mech, false);
+
+ Context.handshake(c, s);
+ Context p = s.delegated();
+
+ p.startAsClient(OneKDC.BACKEND, mech);
+ b.startAsServer(mech);
+ Context.handshake(p, b);
+
+ p.startAsClient(OneKDC.BACKEND, mech);
+ b.startAsServer(mech);
+ Context.handshake(p, b);
+ }
+}
diff --git a/test/sun/security/krb5/auto/S4U2proxyGSS.java b/test/sun/security/krb5/auto/S4U2proxyGSS.java
new file mode 100644
index 0000000..f2f0b30
--- /dev/null
+++ b/test/sun/security/krb5/auto/S4U2proxyGSS.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6355584
+ * @summary Introduce constrained Kerberos delegation
+ * @compile -XDignore.symbol.file S4U2proxyGSS.java
+ * @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2proxyGSS krb5
+ * @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2proxyGSS spnego
+ */
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.security.Security;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.ietf.jgss.Oid;
+import sun.security.jgss.GSSUtil;
+
+public class S4U2proxyGSS {
+
+ public static void main(String[] args) throws Exception {
+ Oid mech;
+ if (args[0].equals("spnego")) {
+ mech = GSSUtil.GSS_SPNEGO_MECH_OID;
+ } else if (args[0].contains("krb5")) {
+ mech = GSSUtil.GSS_KRB5_MECH_OID;
+ } else {
+ throw new Exception("Unknown mech");
+ }
+
+ OneKDC kdc = new OneKDC(null);
+ kdc.writeJAASConf();
+ kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
+ Map<String,List<String>> map = new HashMap<>();
+ map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
+ new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
+ kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+
+ Context c, s, b;
+ System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+ System.setProperty("java.security.auth.login.config", OneKDC.JAAS_CONF);
+ File f = new File(OneKDC.JAAS_CONF);
+ FileOutputStream fos = new FileOutputStream(f);
+ fos.write((
+ "com.sun.security.jgss.krb5.initiate {\n" +
+ " com.sun.security.auth.module.Krb5LoginModule required;\n};\n" +
+ "com.sun.security.jgss.krb5.accept {\n" +
+ " com.sun.security.auth.module.Krb5LoginModule required\n" +
+ " principal=\"" + OneKDC.SERVER + "\"\n" +
+ " useKeyTab=true\n" +
+ " storeKey=true;\n};\n"
+ ).getBytes());
+ fos.close();
+ Security.setProperty("auth.login.defaultCallbackHandler", "OneKDC$CallbackForClient");
+ c = Context.fromThinAir();
+ s = Context.fromThinAir();
+ b = Context.fromThinAir();
+ c.startAsClient(OneKDC.SERVER, mech);
+ c.x().requestCredDeleg(false);
+ s.startAsServer(mech);
+
+ Context.handshake(c, s);
+ Context p = s.delegated();
+ p.startAsClient(OneKDC.SERVER, mech);
+ b.startAsServer(mech);
+ Context.handshake(p, b);
+
+ String n1 = p.x().getSrcName().toString().split("@")[0];
+ String n2 = b.x().getSrcName().toString().split("@")[0];
+ if (!n1.equals(OneKDC.USER) || !n2.equals(OneKDC.USER)) {
+ throw new Exception("Delegation failed");
+ }
+ }
+}
diff --git a/test/sun/security/krb5/auto/S4U2self.java b/test/sun/security/krb5/auto/S4U2self.java
new file mode 100644
index 0000000..a6c4b21
--- /dev/null
+++ b/test/sun/security/krb5/auto/S4U2self.java
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6355584
+ * @summary Introduce constrained Kerberos delegation
+ * @compile -XDignore.symbol.file S4U2self.java
+ * @run main/othervm -Dsun.security.krb5.debug=false S4U2self krb5 0
+ * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 1
+ * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 2
+ * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 3
+ * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 4
+ * @run main/othervm/fail -Dsun.security.krb5.debug=false S4U2self krb5 5
+ * @run main/othervm -Dsun.security.krb5.debug=false S4U2self spnego
+ */
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.ietf.jgss.Oid;
+import sun.security.jgss.GSSUtil;
+
+public class S4U2self {
+
+ public static void main(String[] args) throws Exception {
+ // Test case, different policy settings in KDC:
+ // | ALLOW_S4U2SELF on
+ // | USER USER2 none
+ // ALLOW_S4U2PORXY |-------------------------
+ // USER to BACKEND | 0 1 2
+ // USER2 to BACKEND | 3
+ // USER to SERVER | 4
+ // none | 5
+ //
+ // 0 should succeed, all other fail
+ int test = 0;
+ Oid mech;
+ if (args[0].equals("spnego")) {
+ mech = GSSUtil.GSS_SPNEGO_MECH_OID;
+ } else if (args[0].contains("krb5")) {
+ mech = GSSUtil.GSS_KRB5_MECH_OID;
+ test = Integer.parseInt(args[1]);
+ } else {
+ throw new Exception("Unknown mech");
+ }
+
+ OneKDC kdc = new OneKDC(null);
+ kdc.writeJAASConf();
+
+ switch (test) {
+ case 1:
+ kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
+ new String[]{OneKDC.USER2 + "@" + OneKDC.REALM}));
+ break;
+ case 2:
+ // No S4U2self
+ break;
+ default:
+ kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
+ new String[]{OneKDC.USER + "@" + OneKDC.REALM}));
+ break;
+ }
+
+ Map<String,List<String>> map = new HashMap<>();
+ switch (test) {
+ case 3:
+ map.put(OneKDC.USER2 + "@" + OneKDC.REALM, Arrays.asList(
+ new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
+ kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+ break;
+ case 4:
+ map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList(
+ new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
+ kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+ break;
+ case 5:
+ // No S4U2proxy set
+ break;
+ default:
+ map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList(
+ new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
+ kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+ break;
+ }
+
+ Context c, s;
+ c = Context.fromJAAS("client");
+
+ c = c.impersonate(OneKDC.USER2);
+ c.status();
+
+ c.startAsClient(OneKDC.BACKEND, mech);
+
+ s = Context.fromJAAS("backend");
+ s.startAsServer(mech);
+
+ Context.handshake(c, s);
+
+ Context.transmit("i say high --", c, s);
+ Context.transmit(" you say low", s, c);
+
+ c.status();
+ s.status();
+
+ String n1 = c.x().getSrcName().toString().split("@")[0];
+ String n2 = s.x().getSrcName().toString().split("@")[0];
+ if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) {
+ throw new Exception("Impersonate failed");
+ }
+
+ s.dispose();
+ c.dispose();
+ }
+}
diff --git a/test/sun/security/krb5/auto/S4U2selfAsServer.java b/test/sun/security/krb5/auto/S4U2selfAsServer.java
new file mode 100644
index 0000000..467129c
--- /dev/null
+++ b/test/sun/security/krb5/auto/S4U2selfAsServer.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6355584
+ * @summary Introduce constrained Kerberos delegation
+ * @compile -XDignore.symbol.file S4U2selfAsServer.java
+ * @run main/othervm S4U2selfAsServer krb5
+ * @run main/othervm S4U2selfAsServer spnego
+ */
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.ietf.jgss.Oid;
+import sun.security.jgss.GSSUtil;
+
+public class S4U2selfAsServer {
+
+ public static void main(String[] args) throws Exception {
+ Oid mech;
+ if (args[0].equals("spnego")) {
+ mech = GSSUtil.GSS_SPNEGO_MECH_OID;
+ } else if (args[0].contains("krb5")) {
+ mech = GSSUtil.GSS_KRB5_MECH_OID;
+ } else {
+ throw new Exception("Unknown mech");
+ }
+
+ OneKDC kdc = new OneKDC(null);
+ kdc.writeJAASConf();
+ kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
+ Map<String,List<String>> map = new HashMap<>();
+ map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
+ new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
+ kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+ kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
+ new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
+
+ Context s, b;
+ s = Context.fromJAAS("server");
+ b = Context.fromJAAS("backend");
+
+ s.startAsServer(null, mech, false);
+
+ Context p = s.impersonate(OneKDC.USER);
+
+ p.startAsClient(OneKDC.BACKEND, mech);
+ b.startAsServer(mech);
+ Context.handshake(p, b);
+
+ p.startAsClient(OneKDC.BACKEND, mech);
+ b.startAsServer(mech);
+ Context.handshake(p, b);
+ }
+}
diff --git a/test/sun/security/krb5/auto/S4U2selfAsServerGSS.java b/test/sun/security/krb5/auto/S4U2selfAsServerGSS.java
new file mode 100644
index 0000000..0ff2b7b
--- /dev/null
+++ b/test/sun/security/krb5/auto/S4U2selfAsServerGSS.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6355584
+ * @summary Introduce constrained Kerberos delegation
+ * @compile -XDignore.symbol.file S4U2selfAsServerGSS.java
+ * @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2selfAsServerGSS krb5
+ * @run main/othervm -Djavax.security.auth.useSubjectCredsOnly=false S4U2selfAsServerGSS spnego
+ */
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.security.Security;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.ietf.jgss.Oid;
+import sun.security.jgss.GSSUtil;
+
+public class S4U2selfAsServerGSS {
+
+ public static void main(String[] args) throws Exception {
+ Oid mech;
+ if (args[0].equals("spnego")) {
+ mech = GSSUtil.GSS_SPNEGO_MECH_OID;
+ } else if (args[0].contains("krb5")) {
+ mech = GSSUtil.GSS_KRB5_MECH_OID;
+ } else {
+ throw new Exception("Unknown mech");
+ }
+
+ OneKDC kdc = new OneKDC(null);
+ kdc.writeJAASConf();
+ kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
+ Map<String,List<String>> map = new HashMap<>();
+ map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
+ new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
+ kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+ kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
+ new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
+
+ Context s, b;
+ System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+ System.setProperty("java.security.auth.login.config", OneKDC.JAAS_CONF);
+ File f = new File(OneKDC.JAAS_CONF);
+ FileOutputStream fos = new FileOutputStream(f);
+ fos.write((
+ "com.sun.security.jgss.krb5.accept {\n" +
+ " com.sun.security.auth.module.Krb5LoginModule required\n" +
+ " principal=\"" + OneKDC.SERVER + "\"\n" +
+ " useKeyTab=true\n" +
+ " storeKey=true;\n};\n"
+ ).getBytes());
+ fos.close();
+ Security.setProperty("auth.login.defaultCallbackHandler", "OneKDC$CallbackForClient");
+ s = Context.fromThinAir();
+ b = Context.fromThinAir();
+ s.startAsServer(mech);
+
+ Context p = s.impersonate(OneKDC.USER);
+
+ p.startAsClient(OneKDC.SERVER, mech);
+ b.startAsServer(mech);
+ Context.handshake(p, b);
+
+ String n1 = p.x().getSrcName().toString().split("@")[0];
+ String n2 = b.x().getSrcName().toString().split("@")[0];
+ if (!n1.equals(OneKDC.USER) || !n2.equals(OneKDC.USER)) {
+ throw new Exception("Delegation failed");
+ }
+ }
+}
diff --git a/test/sun/security/krb5/auto/S4U2selfGSS.java b/test/sun/security/krb5/auto/S4U2selfGSS.java
new file mode 100644
index 0000000..f060c78
--- /dev/null
+++ b/test/sun/security/krb5/auto/S4U2selfGSS.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6355584
+ * @summary Introduce constrained Kerberos delegation
+ * @compile -XDignore.symbol.file S4U2selfGSS.java
+ * @run main/othervm -Dsun.security.krb5.debug=false S4U2selfGSS krb5
+ * @run main/othervm -Dsun.security.krb5.debug=false S4U2selfGSS spnego
+ */
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.ietf.jgss.Oid;
+import sun.security.jgss.GSSUtil;
+
+public class S4U2selfGSS {
+
+ public static void main(String[] args) throws Exception {
+ Oid mech;
+ if (args[0].equals("spnego")) {
+ mech = GSSUtil.GSS_SPNEGO_MECH_OID;
+ } else if (args[0].contains("krb5")) {
+ mech = GSSUtil.GSS_KRB5_MECH_OID;
+ } else {
+ throw new Exception("Unknown mech");
+ }
+
+ OneKDC kdc = new OneKDC(null);
+ kdc.writeJAASConf();
+ kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
+ new String[]{OneKDC.USER + "@" + OneKDC.REALM}));
+ Map<String,List<String>> map = new HashMap<>();
+ map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList(
+ new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
+ kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
+
+ Context c, s;
+ System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+ c = Context.fromThinAir();
+ s = Context.fromThinAir();
+
+ c = c.impersonate(OneKDC.USER2);
+
+ c.startAsClient(OneKDC.SERVER, mech);
+ s.startAsServer(mech);
+
+ Context.handshake(c, s);
+
+ String n1 = c.x().getSrcName().toString().split("@")[0];
+ String n2 = s.x().getSrcName().toString().split("@")[0];
+ if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) {
+ throw new Exception("Impersonate failed");
+ }
+
+ s.dispose();
+ c.dispose();
+ }
+}
diff --git a/test/sun/security/pkcs11/rsa/GenKeyStore.java b/test/sun/security/pkcs11/rsa/GenKeyStore.java
index 85904a2..629a504 100644
--- a/test/sun/security/pkcs11/rsa/GenKeyStore.java
+++ b/test/sun/security/pkcs11/rsa/GenKeyStore.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -54,8 +54,8 @@
certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1));
certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(1));
certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID));
- certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
- certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(name));
+ certInfo.set(X509CertInfo.SUBJECT, name);
+ certInfo.set(X509CertInfo.ISSUER, name);
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(date, date));
diff --git a/test/sun/security/provider/X509Factory/BigCRL.java b/test/sun/security/provider/X509Factory/BigCRL.java
index bfc6b56..c6e4e07 100644
--- a/test/sun/security/provider/X509Factory/BigCRL.java
+++ b/test/sun/security/provider/X509Factory/BigCRL.java
@@ -57,7 +57,7 @@
X509CertInfo signerCertInfo = (X509CertInfo)signerCertImpl.get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
X500Name owner = (X500Name)signerCertInfo.get(X509CertInfo.SUBJECT + "."
- + CertificateSubjectName.DN_NAME);
+ + X509CertInfo.DN_NAME);
Date date = new Date();
PrivateKey privateKey = (PrivateKey)
diff --git a/test/sun/security/rsa/GenKeyStore.java b/test/sun/security/rsa/GenKeyStore.java
index 85904a2..629a504 100644
--- a/test/sun/security/rsa/GenKeyStore.java
+++ b/test/sun/security/rsa/GenKeyStore.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -54,8 +54,8 @@
certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1));
certInfo.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(1));
certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID));
- certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
- certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(name));
+ certInfo.set(X509CertInfo.SUBJECT, name);
+ certInfo.set(X509CertInfo.ISSUER, name);
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(date, date));
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHost.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHost.java
index b14e5cf..2e4c900 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHost.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHost.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -21,13 +21,15 @@
* questions.
*/
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
/**
* @test
* @bug 4302026
* @run main/othervm GetPeerHost
- *
- * SunJSSE does not support dynamic system properties, no way to re-use
- * system properties in samevm/agentvm mode.
* @summary make sure the server side doesn't do DNS lookup.
*/
import javax.net.*;
@@ -41,7 +43,8 @@
+ "/../../../../../../../etc/truststore");
GetPeerHostServer server = new GetPeerHostServer();
server.start();
- GetPeerHostClient client = new GetPeerHostClient();
+ GetPeerHostClient client =
+ new GetPeerHostClient(server.getServerPort());
client.start();
server.join ();
if (!server.getPassStatus ()) {
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHostClient.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHostClient.java
index 3b02581..3aedfda 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHostClient.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHostClient.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -38,13 +38,13 @@
SSLSocket s;
String server;
- public GetPeerHostClient ()
+ public GetPeerHostClient (int serverPort)
{
try {
SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory
.getDefault();
server = InetAddress.getLocalHost().getHostName();
- s = (SSLSocket) factory.createSocket(server, 9999);
+ s = (SSLSocket) factory.createSocket(server, serverPort);
System.out.println("CLIENT: connected to the server- " + server);
} catch (Exception e) {
System.err.println("Unexpected exceptions: " + e);
diff --git a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHostServer.java b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHostServer.java
index 6705651..5383052 100644
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHostServer.java
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/GetPeerHostServer.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,6 +42,7 @@
private String host;
ServerSocket ss;
boolean isHostIPAddr = false;
+ int serverPort = 0;
public GetPeerHostServer ()
{
@@ -57,7 +58,8 @@
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);
ServerSocketFactory ssf = ctx.getServerSocketFactory();
- ss = ssf.createServerSocket(9999);
+ ss = ssf.createServerSocket(serverPort);
+ serverPort = ss.getLocalPort();
}catch (Exception e) {
System.err.println("Unexpected exceptions: " + e);
e.printStackTrace();
@@ -90,4 +92,8 @@
boolean getPassStatus () {
return isHostIPAddr;
}
+
+ int getServerPort() {
+ return serverPort;
+ }
}
